Tagsecurity

The Weaponization of Neuroscience

Jon Bardin wrote for The Chronicle of Higher Education on how science can be weaponized, even decades after it’s conducted. For example, this DARPA project is based on unrelated research from the 1960s:

In a small, anonymous office in the Trump Tower, 28 floors above Wall Street, a man sits in front of a computer screen sifting through satellite images of a foreign desert. The images depict a vast, sandy emptiness, marked every so often by dunes and hills. He is searching for man-made structures: houses, compounds, airfields, any sign of civilization that might be visible from the sky. The images flash at a rate of 20 per second, so fast that before he can truly perceive the details of each landscape, it is gone. He pushes no buttons, takes no notes. His performance is near perfect.

Or rather, his brain’s performance is near perfect. The man has a machine strapped to his head, an array of electrodes called an electroencephalogram, or EEG, which is recording his brain activity as each image skips by. It then sends the brain-activity data wirelessly to a large computer. The computer has learned what the man’s brain activity looks like when he sees one of the visual targets, and, based on that information, it quickly reshuffles the images. When the man sorts back through the hundreds of images—most without structures, but some with—almost all the ones with buildings in them pop to the front of the pack. His brain and the computer have done good work.

Chronicles of Higher Education: From Bench to Bunker

(Thanks Justin!)

Russia Wants Its Own DARPA

RIA Novosti reports on Putin’s plan for the Russian Foundation for Advanced Research Projects in the Defense Industry, a Russian equivalent to DARPA.

President Vladimir Putin has submitted to parliament a bill on the foundation’s establishment, which is expected to become Russia’s answer to the United States Defense Advanced Research Projects Agency (DARPA).

The foundation will be tasked with informing the country’s leadership on projects that can ensure Russian superiority in defense technology.

It will also analyze the risks of any Russian technological backwardness and technological dependence on other powers.

Full Story: RIA Novosti: Russia to Take on ‘High Risk’ Defense Research Projects

(via Wired Danger Room)

New Frontier for Cybercrime: Implanted Healthcare Devices

Chris Arkenberg on giving new meaning to “body hacking”:

In what amounts to a fairly shocking reminder of how quickly our technologies are advancing and how deeply our lives are being woven with networked computation, security researchers have recently reported successes in remotely compromising and controlling two different medical implant devices . Such implanted devices are becoming more and more common, implemented with wireless communications both across components and outward to monitors that allow doctors to non-invasively make changes to their settings. Until only recently, this technology was mostly confined to advanced labs but it is now moving steadily into our bodies. As these procedures become more common, researchers are now considering the security implications of wiring human anatomy directly into the web of ubiquitous computation and networked communications.

Barnaby Jack, a researcher at McAfee, was investigating how the wireless protocols between implants and their remote controllers opened up potential vulnerabilities to 3rd party attacks. Working with instrumented insulin pumps he found he could compromise any pump within a 300-foot range. “We can make that pump dispense its entire 300 unit reservoir of insulin and we can do that without requiring its ID number”, he noted, adding that making the device empty its entire cartridge into a host’s bloodstream would cause “deep trouble”. Previously, independent security researcher Jerome Radcliff, a diabetic and insulin pump recipient himself, showed a crowd at the 2011 Black Hat Security Conference how he could wirelessly hack into his own pump to obtain its profile, then alter it in a way that would modify his prescription when sent back to the device.

Full Story: Big Think: Inviting Machines Into Our Bodies

See also: Ubicomp Getting Under Your Skin? So Are Hackers

Lockpicker Makes Open Source Police Handcuff Keys with 3D Printer

dutch handcuff key made with 3D printer

From a 2009 post on the lockpick/encryption/RF site Blackbag:

German SSDeV member Ray is known all around the world for his impressive collection of handcuffs and his fun ways of opening most of them. On top of that he gives great presentations and always manages to add a lot of humor into them!

At HAR he pulled another stunt: He used a 3D printer to print handcuff keys. And not just any ordinary handcuff key … no, it’s the official handcuff key from the Dutch police!

Full Story: Blackbag: Printing police handcuff keys

What’s more, Ray released an STL file (the standard format for 3D printing and prototyping) of the key.

Ray ended up clarifying various points in the comments on Bruce Schneier’s blog.

(via Cat Vincent)

The Failure of the FBI’s Right-Wing Terrorist Infiltration Program

Long piece from Foreign Policy about the FBI’s attempted infiltration of the “Patriot Movement” during the 90s:

Despite the fact that PATCON was set up as an intelligence-gathering operation, no evidence has emerged to date that information from the operation came into play during the bombing investigation, despite the links between some of McVeigh’s contacts and the organizations targeted.

The dilemmas of PATCON point toward current debates over the use of infiltration, particularly in cases such as the NYPD’s monitoring of Muslim communities in New York, investigations predicated on the need to collect intelligence rather than build prosecutions on specific criminal activities. The value of the intelligence collected by PATCON is unclear in the final analysis. The only PATCON targets ever prosecuted were already under investigation by the Army, and none of the specific terrorist plots alleged in the FBI’s records ever came to fruition. Meanwhile, the perpetrator of the worst act of right-wing violence in U.S. history was in contact with several targets of the FBI’s investigation but apparently flew under the radar.

Foreign Policy: Patriot Games

(via Innovation Patterns)

See also:

The Paranoid Center

Democracy Now guests on right wing populism and Tiller

DARPA Director Taking Job at Google

Wired reports:

Darpa director Regina Dugan will soon be stepping down from her position atop the Pentagon’s premiere research shop to take a job with Google. Dugan, whose controversial tenure at the agency lasted just under three years, was “offered and accepted at senior executive position” with the internet giant, according to Darpa spokesman Eric Mazzacone. She felt she couldn’t say no to such an “innovative company,” he adds. […]

The Pentagon’s Office of Inspector General (OIG) is also actively investigating hundreds of thousands of dollars’ worth of contracts that Darpa gave out to RedX Defense — a bomb-detection firm that Dugan co-founded, and still partially owns. A separate audit is examining a sample of the 2,000 other research contracts Darpa has signed during Dugan’s tenure, to “determine the adequacy of Darpa’s selection, award, and administration of contracts and grants,” according to a military memorandum.

Results of the inspector general’s work haven’t been released. And the work had “no impact” on Dugan’s decision, according to her spokesman, Mazzacone. “The only reason” she decided to leave the Pentagon was the allure of working at Google.

Danger Room: Darpa Director Bolts Pentagon for Google

Update: She’s been cleared of charges of wrongdoing.

CloudFlare Speaks Out About Their Experience Hosting LulzSec

My colleague Kit Dotson writes:

In every statement about allowing LulzSec to use their free service, CloudFlare has been pointed about mentioning that while they had received queries from law enforcement—they had never been asked by any authority to terminate service. Of course, the company had very little information to provide about their free client because all that’s needed to sign up is an e-mail address, a username, and a password.

Prince describes the experience as causing several existential crises for his colleagues, after all, who wants to be described as the person who provided anonymity to a group of hackers? Still, in the end, they decided that it was not their job to act as censors when housing information on hacking subjects itself is not illegal.

SiliconAngle: CloudFlare Speaks Out About Their Experience Hosting LulzSec

Prince also said ““You can’t pay for pen testing like this.” No kidding!

The Atlantic: Stratfor Was Always a Joke

It’s clear now that, much like HBGary before it (see: Inside the World of Wannabe Cyberspooks for Hire) private security research firm Stratfor is a joke.

But according to The Atlantic International Editor Max Fisher, Stratfor was always a joke in the foreign policy community:

The group’s reputation among foreign policy writers, analysts, and practitioners is poor; they are considered a punchline more often than a source of valuable information or insight. As a former recipient of their “INTEL REPORTS” (I assume someone at Stratfor signed me up for a trial subscription, which appeared in my inbox unsolicited), what I found was typically some combination of publicly available information and bland “analysis” that had already appeared in the previous day’s New York Times. A friend who works in intelligence once joked that Stratfor is just The Economist a week later and several hundred times more expensive. As of 2001, a Stratfor subscription could cost up to $40,000 per year.

Fisher also chide Wikileaks for buying into Stratfor’s marketing hype:

It’s true that Stratfor employs on-the-ground researchers. They are not spies. On today’s Wikileaks release, one Middle East-based NGO worker noted on Twitter that when she met Stratfor’s man in Cairo, he spoke no Arabic, had never been to Egypt before, and had to ask her for directions to Tahrir Square. Stratfor also sometimes pays “sources” for information. Wikileaks calls this “secret cash bribes,” hints that this might violate the Foreign Corrupt Practices Act, and demands “political oversight.”

For comparison’s sake, The Atlantic often sends our agents into such dangerous locales as Iran or Syria. We call these men and women “reporters.” Much like Statfor’s agents, they collect intelligence, some of it secret, and then relay it back to us so that we may pass it on to our clients, whom we call “subscribers.” Also like Stratfor, The Atlantic sometimes issues “secret cash bribes” to on-the-ground sources, whom we call “freelance writers.” We also prefer to keep their cash bribes (“writer’s fees”) secret, and sometimes these sources are even anonymous.

The Atlantic: Stratfor Is a Joke and So Is Wikileaks for Taking It Seriously

I suppose much of that depends on whether these payments were made to, as Fisher suggests, freelance researchers/writers, or to, as Wikileaks implies, to government officials and employees. The Stratfor employee mentioned by that NGO worker may not be the only type of “informant” on the company’s pay role.

(via Alex Burns)

See also:

Inside the World of Wannabe Cyberspooks for Hire

Anonymous Publishes E-Mail Saying Stratfor CEO to Resign Over Wikileaks E-Mail Dump

Anonymous Reveals Private Intelligence Firm Stratfor Infiltrated Occupy Austin

Anonymous Publishes E-Mail Saying Stratfor CEO to Resign Over Wikileaks E-Mail Dump

From SiliconAngle:

Wikileaks has returned with an astonishing release of more than five million emails from Stratfor, a Texas-based security intelligence company that is associated with CIA type of operations. The company has been the target of hackers in recent months. Though Wikileaks has not stated how it acquired the large cache of information, Anonymous members boasted of their partnership with Wikileaks in releasing this information.

The article quotes one of the Wikileaks dumps:

“Stratfor’s use of insiders for intelligence soon turned into a money-making scheme of questionable legality. The emails show that in 2009 then-Goldman Sachs Managing Director Shea Morenz and Stratfor CEO George Friedman hatched an idea to “utilise the intelligence” it was pulling in from its insider network to start up a captive strategic investment fund. […] CEO George Friedman explained in a confidential August 2011 document, marked DO NOT SHARE OR DISCUSS: “What StratCap will do is use our Stratfor’s intelligence and analysis to trade in a range of geopolitical instruments, particularly government bonds, currencies and the like””

Anonymous has posted an e-mail purported to be Stratfor CEO George Friedman’s resignation from the company.

SiliconAngle:Stratfor CEO to resign after Wikileaks releases 5mil emails – covert operations exposed

See also:

Anonymous Reveals Private Intelligence Firm Stratfor Infiltrated Occupy Austin

The Rise of the Hactivist

From SiliconAngle:

Hacktivism is the result of mashing up the words hack and activism and was coined in 1998 by Omega, a member of the Cult of the Dead Crow hacker crew. By definition, hacktivism is the use of computers and computer networks as a means of protest to promote political ends or “the nonviolent use of legal and/or illegal digital tools in pursuit of political ends”. Hacktivism can be in the form of web site defacements, redirects, denial-of-service attacks, information theft, web site parodies,virtual sit-ins, typosquatting, and virtual sabotage. Wikipedia also defines hacktivism as “the writing of code to promote political ideology: promoting expressive politics, free speech, human rights, and information ethics through software development.”

© 2024 Technoccult

Theme by Anders NorénUp ↑