US army discloses budget for cyber operations

It’s not a mystery, every state despite the spending review on the military budget is continuing to reserve consistent investment in cyber security, in particular majority of states is pushing research and development activities on both defense and offense cyber capabilities.

US is one of the most advanced country in cyber warfare, the US Government was one of the first to recognize the importance of operations in the cyberspace and the necessity to consider it as the fifth domain of warfare.

Since now the estimations on US expenses in cyber operations were estimates of the leading experts in the field but for the first time The Pentagon has detailed $30 million in spending on Air Force cyber attack operations and new Army funding.

With the public disclosure of the budget for cyber operations US, in particular the Defense Department, desires to provide to national taxpayer’s evidence of effort spent in what is being considered a critical component of the modern military.

The public opinion is dedicating even more wide space to news related cyber security and to the risks related to a cyber attack against critical infrastructures of a country, the government with the announcement desire to inform his population on its network assault programs and of course to launch a warning to those who intend to attack the country from cyber space.

The Pentagon revealed the intent to constitute and fund new staff dedicated to offensive cyber operations for the  exploitation of opponent networks and infrastructures.

This week is circulated the document titled “Fiscal Year (FY) 2014 Budget Estimates – OPERATION AND MAINTENANCE, AIR FORCE” to explain how US intends to invest the money, lets’ go to analyze in detail the amount of money reserved by the US Administration.

The Air Force in fiscal 2014 will reserve $19.7 million on “offensive cyber operations,” the expense will support operative cyber operations, personnel training and research and development activities.  In cyber warfare scenario a crucial role is played by cyber tools used to exploit opponent’s structures so US estimate needing $9.8 million for development of new cyber tools to use in cyber operations.

The Pentagon proposed also the hiring of new personnel, 65 units, to dedicate to the cyber missions, the mission assigned to Cyber Command is critical because it is responsible to deflect incoming assaults from cyber space against critical infrastructures of the country.

Of course part of the funds will be dedicated to Defense Cyber Operations to protect data and infrastructures of the country from cyber attacks, sabotage and cyber espionage.

Following a portion of the “Summary of funding Increases and Decreases” related to the “cyber commitment”:

Transfers In


Transfers Out




Nextgov portal reported the US government chose to divulge this information “because cyber offense will be a standard line item from now on and the public needs to understand what it is paying for.”

To those taxpayers that as justification for the investments in cyberspace while defense budget is under cutting Air Force spokesman Maj. Eric Badger replied:

“We are committed to maintaining the right balance of integrated cyber capabilities and forces that are organized, equipped and trained to successfully conduct operations in cyberspace. We’re equally as committed to doing so in a way that’s respectful of the taxpayers’ dollar,”

“We know the Air Force’s capabilities in cyber are going to continue to be touchstones for the whole joint team, the whole of government and for the private sector,” the official added.

According Nextgov further $4.9 million will be dedicated to the development of “computer network exploitation” and “computer network attack” capabilities.

Of course no shortage of controversy for military spending, analysts accused the government of excessive and duplicated hacking investments. Todd Harrison, senior fellow for defense budget studies at the Center for Strategic and Budgetary Assessments accuses the dispersion in cyber attack spending to fund different commands within US army:

“Do we really want each service going off and developing their own capabilities for these threats?” questioned “How much redundancy are we building across the services in the areas of cyber? What is unique to the Army?” “Maybe it’s time to give Cyber Command more budget authority,” Harrison said.

Other military experts said the services might be giving away these details to ward off potential foes on the Internet.

I will not go into the merits of the distribution of spending and allocation of responsibilities for operations in cyberspace, but I believe that investment in cyber security is crucial for the cyber strategy of each country … Probably the funds allocated are still too small compared to the need for cyber security.

source: http://securityaffairs.co

CISPA approved by House of Representatives....

A nightmare come true, last Thursday The United States House of Representatives approved the debated cyber security bill,  the act will force any company to give away all the user’s data it collects if asked by the government, trampling all claims of privacy of the people on the Internet in the name of security.

The Cyber Intelligence Sharing and Protection Act (CISPA) passed with 288-127 vote also receiving support from 92 Democrats, now the bill is submitted to the Senate and then to the President Office.

It’s second time that The United States House of Representatives passed the challenged bill, the US Senate already rejected the first draft if the bill, that appears not different to this second one, due the lack of protection on user’s privacy. Probably the bill has been set in the wrong way, we all agree on the needs to reinforce security also in the cyberspace and of course to do this US government request greater power of action.

During the last months worldwide internet community expressed great concern at the possibility of a reintroduction of  The Cyber Intelligence Sharing and Protection act (CISPA)  before the US House by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.).

Recent events have conditioned the decision to repeat the bill, many Americans are starting to be aware of the risks related to the improper use of the Internet, they understood that we can protect sea, land, sky and space but leave uncontrolled the Internet is compared to leave the door open in a fortress.

Part of the bill are necessary to improve the security of the US against cyber attacks, let’s remind that the it establishes a strict collaboration between central governments and private companies to protect their infrastructure, “information sharing” is the watchword. US Government and private business need to share information of cyber attacks they suffered to allow the authorities to activate its alert network, although the concept may seem obvious today does not happen so often hacked companies do not disclose the news to avoid any negative impact on the reputation of the corporate and the consequences can be disastrous.

Following the statements used by Rogers to sustain the bill:

 ”This is clearly not a theoretical threat – the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear,”

“American businesses are under siege,”  “We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats.  It is time to stop admiring this problem and deal with it immediately,”

“We’re talking about exchanging packets of information, zeroes and ones, if you will, one hundred million times a second. So some notion that this is a horrible invasion of content reading is wrong. It is not even close to that.”,

The other co-author of the bill, Dutch Ruppersberger, declared during debate on the issue that $400bn worth of American trade secrets are being stolen by US companies every year.

“If your house is being robbed, you call 911 and the police department comes. That’s the same scenario we are looking at here,” he said.

Various companies, included the giant of social networks Facebook, confirmed their support to the cyber security bill, following the declaration of Joel Kaplan, FB Vice President:

“One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack,” “Similarly, if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems.”

But in the same time Reuters agency confirmed the opposition of Microsoft and Facebook to the bill.

Web companies, including Google and Wikipedia and Twitter expressed disappointment  on the debated bill warning on possible violations of digital freedoms and the user’s privacy.

The American Civil Liberties Union, one of 34 groups that wrote to lawmakers this week urging them to oppose the bill, Michelle Richardson, legislative counsel at the ACLU’s Washington Legislative Office commented the act with following words:

“CISPA is an extreme proposal that allows companies that hold our very sensitive information to share it with any company or government entity they choose, even directly with military agencies like the NSA, without first stripping out personally identifiable information,”

Of course there is a side effect far from negligible, private companies daily manage user’s data ensuring non-disclosure to protect the privacy, Privacy advocates and groups of hacktivists such as Anonymous are mobilizing to protest against the bill considered poorly drafted and that represents a serious menace to freedom of expression and to civil liberties.

Anonymous collective is invited to publish a page to explain the bill and the way it could violate our privacy,  meanwhile The House Minority leader Nancy Pelosi expressed great concerns on CISPA  that represent the failure between  security and privacy.

“I’m disappointed that we did not address some of the concerns mentioned by the White House about personal information,” Pelosi said. “Unfortunately, it offers no policies and did not allow any amendments or real solution that upholds Americans’ right to privacy.”

The Center for Democracy and Technology states that CISPA would allow Internet Service Providers (ISPs) to “funnel private communications and related information back to the government without adequate privacy protections and controls. The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD’s Cybercommand would be the primary recipient.”

The Bill will in fact allow the government to obtain complete control over the internet censoring every suspect content that could represent a threat to national security.

Do we need to sacrifice our privacy in the name of security? Is it really necessary?

source: http://securityaffairs.co

Hacking an Airplane

An alarming dispatch from the Hack In The Box security conference in Amsterdam arrived on Wednesday: a hacker says he's found a way to take over airplane controls. That's probably not true. At least according to the Federal Aviation Administration (FAA), the European Aviation Safety Administration (EASA) and Honeywell, the maker's of the cockpit software, it's not. The FAA, for one, says, "The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot." The agency assures America that this hack "does not pose a flight safety concern because it does not work on certified flight hardware."

So why did Hugo Teso, the German hacker in question, tell everybody at the conference as well as countless journalists who've latched on to the story that he could take over the software? Well, Teso says he's successfully taken over a plane's controls in a flight simulator on his desktop computer at home. Hoping to expose some of the security flaws in planes' flight management system (FMS), Teso bought some FMS hardware on eBay as well as some FMS software that, according to Forbes "was advertised as containing some or all of the same code as the systems in real planes" and gave it a go. And he did it! Teso said that his technique would send radio signals to the plane and hijack its controls. "You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes. "That includes a lot of nasty things."

To recap that order of events: Hacker buys equipment from eBay, loads up software that may contain "some or all of the same code" that's on commercial jets and in a flight simulator hijacks a plane. Come to think of it, that does sound a little reach-y doesn't it? The whole thing seems even less believable if you check out the slides that he used during the presentation, complete with images from The Matrix and Japanese Manga cartoons. One reason why the story felt like it could be feasible is the fact that there have been warnings from all sides of the cyber security industry about vulnerabilities in air traffic control software. This has been happening for years, and the FAA has actually admitted to risks in that arena.

We're not trying to say that Teso's making all this up. But hacking into your desktop computer's flight simulator is something that middle school kids do in technology class. It's not reason to strike fear into the hearts of millions. But hey, at least Teso seems well intentioned. You certainly can't say that about all hacker-types these days.

Credits to Original Author : Adam Clark Estes | The Atlantic Wire

Anonymous Hacker Arrested

A 17 year old alleged hacker accused of being associated with Anonymous hacker appeared in Parramatta Children's Court on Friday, over multiple unauthorised access crime on the behalf of hacktivist collective Anonymous.

The Australian Federal Police (AFP) issued a statement over the matter, saying that a search warrant was issued at the youth's home in Glenmore Park, New South Wales, in November last year.

The youth has been charged with six counts of unauthorised modification of data to cause impairment, one count of unauthorised access with intent to commit a serious offence, one count of possession of data with intent to commit a computer offence, and 12 counts of unauthorised access to restricted data.

"Australian Federal Police investigates various types of cybercrime and will continue to take a strong stance against these perpetrators" Suspected hacker faces a maximum of 10 years jail time if convicted and will face court again on May 17.

The AFP says the accused was charged with the following:
"Six counts of unauthorised modification of data to cause impairment, which carries a maximum penalty of 10 years imprisonment;
One count of unauthorised access with intent to commit a serious offence, which carries a maximum penalty of 10 years imprisonment;
One count of possession of data with intent to commit a computer offence, which carries a maximum penalty of 3 years imprisonment; and
Twelve counts of unauthorised access to restricted data, which carries a maximum penalty of 2 years imprisonment."
Police said, "protesting through computer intrusions and website defacements is not an appropriate method to raise public awareness about any issue."

Source: TheHackerNews.com