Below is the link to a memo outlining the U.S. Navy's creation of Fleet Cyber Command/Commander Tenth Fleet.
http://tinyurl.com/lwgaf7
http://tinyurl.com/lwgaf7
Jul 28, 2009
Jul 8, 2009
#Defcon 17 Session/Presenter Highlight 7
Posted by Dondi West
| Leave a comment
PLA Information Warfare Development Timeline and Nodal Analysis
Zulu Meet Analyst, Verisign iDefenseThe development timeline is consistent with the broad contours of China's current IW theory. It showed clearly the footprints of China's common war preparation patterns and People's war concept. For China, IW is a People's War, beyond simple "hacking," and is a long-term strategy that considered a necessary component for total war preparation. China has thus integrated IW units at multiple layers into the civilian and national emergency infrastructure. Also, ten years of practicing suggests that China has developed a mature understanding of IW and methodology, which it is able to quickly deploy and duplicate.
#Defcon 17 Session/Presenter Highlight 6
Posted by Dondi West
| Leave a comment
Hackerspaces: The Legal Bases
Nicolle Neulist "RogueClown"Hacker communities in many cities are becoming interested in starting hackerspaces. Getting together a core of talented, inquisitive, and creative people is an integral part of it, but it is also important to address the legal questions that arise. The goal of this presentation is to make anyone interested in hackerspaces aware of the most likely legal issues to arise, and to equip them to ask the right questions. The subjects discussed in the presentation include choosing an organizational structure, specific benefits and concerns that arise if a hackerspace is organized as a nonprofit, zoning and leasing issues that arise when finding a physical space, and managing liability in order to protect officers, directors, members, and guests alike.
Nicolle Neulist , "RogueClown", is an attorney licensed in the state of Illinois. She is a founding member of Pumping Station: One, Chicago's hackerspace, and has done their legal work from the ground up. When she is not navigating the jungle of legal bureaucracy, she is probably coding, singing karaoke, or getting that darn theremin to work.
#Decon 17 Session/Presenter Highlight 5
Posted by Dondi West
| Leave a comment
Jailbreaking and the Law of Reversing
Fred Von Lohmann Senior Staff Attorney, EFFJennifer Granick Civil Liberties Director, EFF
Using jailbreaking of the iPhone as a primary example, the presentation will be an overview of the laws relating to reverse engineering of hardware and software.
Developers who rely on reverse engineering face a thicket of potential legal obstacles, including license agreements, copyright, the Digital Millennium Copyright Act (DMCA), and the Computer Fraud and Abuse Act (CFAA). Taking iPhone jailbreaking as real-world example, we will review the legal theories Apple has asserted, shedding light on the major legal pitfalls that developers face, and what they can do to avoid them and minimize risks. We will also examine the additional legal issues raised by reverse engineering networked code, such as online video games.
The presentation stems from the presenters' experience as attorneys with EFF's "Coder's Rights Project," as well as their efforts to persuade the U.S. Copyright Office to grant a DMCA exemption for removing application locks on smartphones (including the iPhone and Android G1).
#Defcon 17 Presenter/Session Highlight 4
Posted by Dondi West
| Leave a comment
The Year In Computer Crime Cases
Jennifer Granick Civil Liberties Director, EFFIts been a booming year for computer crime cases as cops and civil litigants have pushed the envelope to go after people using fake names on social networking sites (the MySpace suicide case), researchers giving talks at DEFCON (MBTA v. Anderson), and students sending email to other students (the Calixte/Boston College case). The Electronic Frontier Foundation has been front and center in these cases, either filing amicus briefs or directly representing the coders and speakers under attack. At this presentation, Jennifer Granick and other EFF lawyers fresh from the courtroom will share war stories about these cases, thereby informing attendees about the latest developments in computer security law and giving pointers about how to protect yourselves from overbroad legal challenges.
#Defcon 17 Session/Presenter Highlight 2: Computer and Internet Security Law - A Year in Review 2008 - 2009
Posted by Dondi West
| Leave a comment
PRESENTER
Robert Clark, AttorneyABSTRACT
This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisions from criminal cases and civil lawsuits and what that means to the security professional. This presentation is strongly audience driven and it quickly becomes an open forum for questions and debate. This year the past key precedents have involved: the Fifth Amendment and passphrases to an encrypted hard drive (UPDATE- the case is in and Government wins appeal. The Defendant MUST produce an unencrypted hard drive to the grand jury!!!); Fourth Amendment searches; Pirate Bay prosecution in Sweden; use of CFAA in civil cases against departing employees and trade secrets; forensics and use of metadata; FTC injunction against CyberSpy software and its RemoteSpy; reverse engineering; Facebook and privacy rights; and, a case of forensics to support a default judgment (no actual trial) against a party that used several file deletion programs to hide and delete evidence.
#Defcon 17 Session/Presenter Highlight 3: Your Mind: Legal Status, Rights and Securing Yourself
Posted by Dondi West
| Leave a comment
Your Mind: Legal Status, Rights and Securing Yourself
PRESENTERJames "Myrcurial" Arlen Security Researcher
Tiffany Rad President of ELCnetworks, LLC. and Adjunct Professor at University of Southern Maine's Computer Science Department
ABSTRACT
As a participant in the information economy, you no longer exclusively own material originating from your organic brain; you leave a digital trail with your portable device's transmitted communications and when your image is captured by surveillance cameras. Likewise, if you Tweet or blog, you have outsourced a large portion of your memory and some of your active cognition to inorganic systems. U.S. and International laws relating to protection of intellectual property and criminal search and seizure procedures puts into question protections of these ephemeral communications and memoranda stored on your personal computing devices, in cloud computing networks, on off-shore "subpoena proof" server/jurisdiction-hopping platforms, or on social networking sites. Although once considered to be futuristic technologies, as we move our ideas and memories onto external devices or are subjected to public surveillance with technology (Future Attribute Screening Technology) that assesses pre-crime thoughts by remotely measuring biometric data such as heart rate, body temperature, pheromone responses, and respiration, where do our personal privacy rights to our thoughts end and, instead, become public expressions with lesser legal protections? Similarly, at what state does data in-transit or stored in implantable medical devices continuously connected to the Internet become searchable? In a society in which there is little differentiation remaining between self/computer, thoughts/stored memoranda, and international boundaries, a technology lawyer/computer science professor and a security professional will recommend propositions to protect your data and yourself.
#Defcon 17 Session/Presenter Highlight 1, Preparing for Cyber War: Strategy and Force Posture in the Information-Centric World
Posted by Dondi West
| Leave a comment
Between now and the commencement of Defcon 17, and in no particular order, I will highlight those speakers and sessions that will cover topics directly related to Cyber Warfare and Cyber Law (as opposed to Cyber Security in general).
After the final conference proceedings are released, I will post the sessions that I have highlighted to Cyber, War and Law. For more information on Defcon 17, visit [www.defcon.org].
First off....we have: Preparing for Cyber War: Strategy and Force Posture in the Information-Centric World
PRESENTERS
Dmitri Alperovitch VP Threat Research, McAfee
Marcus Sachs Director, SANS Internet Storm Center
Phyllis Schneck VP Threat Intelligence, McAfee
Ed Skoudis Founder & Senior Security Consultant, InGuardians
ABSTRACT
Cyber warfare is the new hot topic of debate in political and military circles in Washington. This panel of cyber policy experts will explore the definition and reality of a cyber warfare threat, focusing on offensive capabilities and military doctrines of our potential nation-state adversaries, debate the deterrence strategies, and operational and legal frameworks guiding the use of defensive and offensive capabilities of the United States. Finally, the panel will discuss the range of options available to US policy makers for preparing for and responding to a cyber attack on this country.
After the final conference proceedings are released, I will post the sessions that I have highlighted to Cyber, War and Law. For more information on Defcon 17, visit [www.defcon.org].
First off....we have: Preparing for Cyber War: Strategy and Force Posture in the Information-Centric World
PRESENTERS
Dmitri Alperovitch VP Threat Research, McAfee
Marcus Sachs Director, SANS Internet Storm Center
Phyllis Schneck VP Threat Intelligence, McAfee
Ed Skoudis Founder & Senior Security Consultant, InGuardians
ABSTRACT
Cyber warfare is the new hot topic of debate in political and military circles in Washington. This panel of cyber policy experts will explore the definition and reality of a cyber warfare threat, focusing on offensive capabilities and military doctrines of our potential nation-state adversaries, debate the deterrence strategies, and operational and legal frameworks guiding the use of defensive and offensive capabilities of the United States. Finally, the panel will discuss the range of options available to US policy makers for preparing for and responding to a cyber attack on this country.
Frome The WSJ: Tony La Russa Drops Suit Over Fake Twitter Account
Posted by Dondi West
| Leave a comment
Score one for Twitter in the legal battle over who is responsible for stopping social media imposters.
See http://tinyurl.com/lgcnvq
Jul 1, 2009
Does Twitter Have a Negligence Case Waiting to Happen?
Posted by Dondi West
| Leave a comment
Many Cyber Warfare analysts have noted the pivotal role that Twitter played in the recent (and possibly ongoing) Cyber Warfare efforts related to the Iranian election dispute. See http://tinyurl.com/lfq5pa and also http://tinyurl.com/nl56wj. However, is Twitter exposing themselves to negligence liability, and if so, is there something they can do about it?
Cyber experts agree that Twitter was a main medium used to conduct denial of service (DoS) attacks on various Iranian websites. The 50,000 foot description of how this works is that thousands of twitterers would post a link to the website that they wish to bombard (most websites can only handle a limited number of requests at a time). The link then initiates a continuous stream of page refresh requests to the targeted Web site that will eventually overcome the site if enough people click on the link. Those thousands of users would then, not only click on the link, but would also repost the message as a tweet-- only to have even more twitterers to do the same thing-- creating a domino effect. The result is that the target website then crashes. A "close-to-home" example of this is how many websites (most notably Google) actually thought they were under attack following the announcement of Michael Jackson's death. Upon hearing the news, thousands of people tweeted the announcement, causing one of the biggest spikes of Internet traffic ever. A number of sites crashed, and Google publicly admitted to thinking this surge was a DoS attack.
The Michael Jackson surge, for all purposes, was an unintentional DoS attack, but what happens when Cyber Warriors want to use Twitter to intentionally conduct a DoS attack- exactly like the DoS attacks witnessed during the recent Iranian election protests?
As we learn early in law school, negligence requires duty, breach, causation, and harm. Instead of analyzing these individual elements, I will simply note several facts below, and let you (the reader) do the analysis yourself:
This is not a matter of if; this is a matter of when.
Twitter and similar sites should take steps to shield themselves from liability resulting from the above-described situation. For example, Twitter should examine its end-user agreement and expressly forbid the use of the site to conduct DoS attacks (not just forbid illegal acts in general). Twitter should also determine whether it is feasible to identify and flag when its site is being used to intentionally and maliciously conduct DoS attacks.
With that said... I have put it out there....
DW
Cyber experts agree that Twitter was a main medium used to conduct denial of service (DoS) attacks on various Iranian websites. The 50,000 foot description of how this works is that thousands of twitterers would post a link to the website that they wish to bombard (most websites can only handle a limited number of requests at a time). The link then initiates a continuous stream of page refresh requests to the targeted Web site that will eventually overcome the site if enough people click on the link. Those thousands of users would then, not only click on the link, but would also repost the message as a tweet-- only to have even more twitterers to do the same thing-- creating a domino effect. The result is that the target website then crashes. A "close-to-home" example of this is how many websites (most notably Google) actually thought they were under attack following the announcement of Michael Jackson's death. Upon hearing the news, thousands of people tweeted the announcement, causing one of the biggest spikes of Internet traffic ever. A number of sites crashed, and Google publicly admitted to thinking this surge was a DoS attack.
The Michael Jackson surge, for all purposes, was an unintentional DoS attack, but what happens when Cyber Warriors want to use Twitter to intentionally conduct a DoS attack- exactly like the DoS attacks witnessed during the recent Iranian election protests?
As we learn early in law school, negligence requires duty, breach, causation, and harm. Instead of analyzing these individual elements, I will simply note several facts below, and let you (the reader) do the analysis yourself:
- It is no secret that Twitter is likely to be used for future DoS attacks. For example, the Iranian war situation and the resulting DoS attacks on various Iranian websites.
- Technologies exist that may allow twitter to flag and possibly block "hostile" posts. (Of course this may raise freedom of speech issues, but if the message is clearly intended to carry out illegal activities then....)
- "But for" Twitter and other similar social networking sites, the spike in Internet traffic (causing the DoS) might not be possible.
This is not a matter of if; this is a matter of when.
Twitter and similar sites should take steps to shield themselves from liability resulting from the above-described situation. For example, Twitter should examine its end-user agreement and expressly forbid the use of the site to conduct DoS attacks (not just forbid illegal acts in general). Twitter should also determine whether it is feasible to identify and flag when its site is being used to intentionally and maliciously conduct DoS attacks.
With that said... I have put it out there....
DW
Subscribe to:
Posts (Atom)
