Defence

You are currently browsing the archive for the Defence category.

Digitally manipulated image of Eugene Kaspersky: click for podcastI’m headed to Canberra this week to hear Eugene Kaspersky, chief executive officer and chairman of Kaspersky Lab, speak at the National Press Club on Thursday 7 November.

It’ll be an interesting event.

When I last spoke with Kaspersky in May — you can listen to that conversation now, because it became the first episode of the Corrupted Nerds: Conversations podcast — it was before Edward Snowden’s revelations began. Before “all of the cybers” changed from being something of interest only to a few specialist technology and national security writers into front page news around the world.

Actually, I’ll embed it here so you don’t even have to click through.

I suspect that the kinds of questions asked by the insular and largely Canberra-bound press gallery journalists will be as revealing of the state of play as the words of the Russian information security star himself — and he knows how to work the media.

Kaspersky is speaking at the NPC at lunchtime on Thursday, immediately after which I’ll be reporting on it for ZDNet Australia. But I’ll be in Canberra from early Wednesday afternoon through until Friday afternoon, so if you want or need to catch up, do let me know.

Disclosure: I am travelling to Canberra as the guest of Kaspersky Lab.

[Photo: Eugene Kaspersky speaking at CeBIT Australia 2012. Original photo by CeBIT Australia, used under a Creative Commons Attribution 2.0 Generic (CC-BY) license. Digital manipulation by Stilgherrian.]

ABC logoThis evening I had a lovely conversation on ABC Local Radio in Sydney and around NSW on the takedown of the Silk Road internet marketplace and the Tor anonymity software that made such anonymity possible.

The presenter was the redoubtable Dom Knight. Given that we last spoke in April, we had a lot to catch up on. Here’s the full audio.

Play

The audio is of course ©2013 Australian Broadcasting Corporation, archived here because it isn’t being archived anywhere else.

Composite image of ZDNet column headline and McAfee report title: click for ZDNet columnAs brokers of reliable information about the scale of online crime and espionage, most information security vendors would make great used car salesmen — but McAfee’s latest research finally seems to be taking the right path.

In my column at ZDNet Australia this week, I give McAfee some praise for the most recent research they’ve funded, a preliminary report from the Washington-based Center for Strategic and International Studies titled The Economic Impact of Cybercrime and Cyber Espionage that dismantles the daft idea that cyberstuff costs the global economy a trillion dollars a year.

McAfee now admits that you can’t run a small-N survey in a couple dozen large, wealthy nations — often a self-selected sample of known crime victims at that — and extrapolate the data globally.

Their new figure is “probably measured in the hundreds of billions of dollars”, although they never quite commit to one specific number…

“In the context of a $70 trillion global economy, these losses are small, but that does not mean it is not in the national interest to try to reduce the loss, and the theft of sensitive military technology creates damage whose full cost is not easily quantifiable in monetary terms,” McAfee writes.

True, but as McAfee themselves point out, this supposed cybercrime explosion is really down at the level of shoplifting. Retailers generally budget between 0.5% and 2% for pilferage and other such “shrinkage”.

I also mention my previous critical comments about various infosec vendors’ dodgy statistics — but I don’t link to them, because they were mostly published at non-CBS mastheads. So here’s a selection of stories I’ve written on this subject over the last couple of years.

Read the rest of this entry »

Screenshot from The Project, 8 July 2013The revelation that the US National Security Agency (NSA) was engaged in such comprehensive spying of American citizens and their allies, some of it possibly unconstitutional, continues to make headlines.

The focus has not narrowed to the manhunt for Edward Snowden as I’d feared. Instead, there’s a steady stream of mainstream news stories as new details emerge — including my third appearance on Channel TEN’s The Project on Monday night.

On the previous two occasions, when I was talking about cyberwar and crimefighting smartphones respectively, I was chatting with the presenters. Since they’re in Melbourne, that involved sitting in front of a green screen and looking down the barrel of a camera as if it’s your best friend.

But this time my comments were to be included in a stand-alone “package”, as they’re called, along with comments from Fairfax journalist Philip Dorling and others. So a videographer came to my hotel room on Friday afternoon to shoot me at my desk, while the Melbourne-based journalist asked me questions via speakerphone — and I looked toward a yellow piece of paper that indicated where the journalist might have been standing had he actually been there.

Ah, the magic of television!

The video of the three-and-a-half minute segment, including comments fore and aft by the presenters, is over the fold.

Read the rest of this entry »

Corrupted Nerds: Conversations cover image: click for the first episodeLast night launched a new website and podcast, Corrupted Nerds, and the first episode is an interview with Eugene Kaspersky.

Yes, this is a “replacement” for the Patch Monday podcast I used to do for ZDNet Australia, but which was killed off in a budget cut at the beginning of 2013 — with my approval, by the way, because I agreed that from ZDNet Australia’s point of view the money would be better spent on a written column, The Full Tilt.

I won’t got into details about Corrupted Nerds, apart from saying that the subtitle is “information, power, security and all the cybers in a global internet revolution that’s changing… everything”, and to point to the introductory blog post for more details.

I’ve got four episodes in the pipeline, but no funding yet. So I’d be grateful if you could both spread the word and comment upon what I’m doing. I thank you.

AusCERT 2013 conference banner: click for conference websiteHere’s a list of the news stories I’ve found this morning that have been written about the AusCERT 2013 information security conference.

The theme for this year’s conference was “This time it’s personal”:

[The theme reflects] the growth in attacks and unauthorised disclosures of online personal information. Motivated by illicit financial gain, cyber criminals obtain unauthorised access to personal information, but more and more, we are seeing data disclosures being posted publicly by attackers for political motives, rather than financial gain.

Hence the theme will resonate within the information security community and remind us that the online environment provides opportunities galore to capture personal information; of the impact these breaches can have on the lives of individuals; and the importance of information security to prevent these attacks. AusCERT2013 will explore these issues and bring experts from Australia and around the world to provide insight and solutions to deal with these challenges.

Items are arranged alphabetically by masthead and then chronologically. If I’ve missed anything, please let me know. Indeed, I daresay that some more articles will be published on Monday or Tuesday, so if that happens I’ll update this post appropriately.

There’s a lot here for me to read, so if I’m going to write a reaction piece some time then it’ll be… later.

Read the rest of this entry »

AusCERT 2012 logo: click for conference websiteI didn’t make it to information security conference AusCERT 2013 this year. I’m about to read what’s been written and compile a list — but first, a reflection on what happened in 2012.

When I look back two years to what I wrote from AusCERT 2011, I’m reminded that we were just getting our head around the implications of the Stuxnet worm. Not only was malware being written by organised criminals, and we were facing an explosion of anti-banking malware and mobile malware, and looking ahead to when an angry child might deploy malware against their neighbours — we were now made well aware that malware was also being written by nation states with budgets in the millions of dollars and beyond.

But looking through the list (below) for AusCERT 2012, what jumps out is the emphasis on the militarisation of information security, as well as the emphasis in the scale of criminal activities. I won’t expand on that, because the conversation with AusCERT general manager Graham Ingram speaks for itself.

Articles from AusCERT 2012

Podcasts from AusCERT 2012

  • Patch Monday episode 139, “War talk dominates AusCERT 2012″, the first of two episodes based on material recorded at the information security conference. The overall theme is that infosec is becoming militarised. We no longer talk about “information assurance” but “defensive cyber operations”. Click through for the full list of speakers.
  • Patch Monday episode 140, “Cybercrime: it’s just too easy”, the second of two episodes based on material recorded at the AusCERT 2012 information security conference. AusCERT general manager Graham Ingram explains why cybercrime is here to stay, and F-Secure chief research officer Mikko Hypponen details a complex transnational criminal operation that saw goods bought fraudulently in Denmark being resold in Moscow, as well giving his views on hacktivism and the level to which antivirus companies should cooperate with governments.

Bonus Extra Video

After the conference, my flight back to Sydney was delayed. With the need to kill some time, this video was the result.

My compilation of reports from AusCERT 2013 will be posted later today. My compilation of reports from AusCERT 2013 is now online.

The Flame worm seems to have captured the imagination of the mainstream media this week — to the point where I ended up talking about it on the Channel TEN program The Project on Tuesday night.

If you’re not up to speed yet, try my day one piece for Crikey then my day two piece for CSO Online — the latter having been written after we’d all calmed down a bit.

As you can see, I’ve uploaded the relevant video clip to YouTube because I can’t seem to get the official embed code from The Project’s website to work properly. If that YouTube embed isn’t working either, you can view the segment on YouTube. Or watch the entire program segment on The Project’s website.

Yes, The Project team really did manage to turn a discussion of cyberwar into a joke about masturbating to internet pornography. It’s a talent.

Read the rest of this entry »

The Stuxnet worm that attacked Iran’s uranium enrichment program was indeed launched by the US, according to a major investigative report published by the New York Times shortly before I was due to appear on ABC Local Radio this evening.

So guess what we talked about.

Yes, the Stuxnet worm, as well as the newly-discovered Flame worm that’s been in the news this week — including my Day 1 piece for Crikey and Day 2 for CSO Online.

The host was Dom Knight, and here’s a recording of the whole conversation.

Play

The audio is of course ©2012 Australian Broadcasting Corporation. As usual, I post the material I’m involved with here as an archive and reference.

I haven’t written anything new for Anzac Day this year. I’ve said it all before in 2011, and before that in Anzac Day Rememberings and Anzac Day 2009: Sacrifice.

They shall grow not old,
As we that are left grow old,
Age shall not weary them,
Nor the years condemn.
At the going down of the sun,
And in the morning
We will remember them.
Lest we Forget

[Photo credit: The rosemary sprig was taken from Matthew Hall's Twitter page from 2008. If I owe someone for that usage, I'll make good.]

« Older entries