Talking NSA and spying on The Project

Screenshot from The Project, 8 July 2013The revelation that the US National Security Agency (NSA) was engaged in such comprehensive spying of American citizens and their allies, some of it possibly unconstitutional, continues to make headlines.

The focus has not narrowed to the manhunt for Edward Snowden as I’d feared. Instead, there’s a steady stream of mainstream news stories as new details emerge — including my third appearance on Channel TEN’s The Project on Monday night.

On the previous two occasions, when I was talking about cyberwar and crimefighting smartphones respectively, I was chatting with the presenters. Since they’re in Melbourne, that involved sitting in front of a green screen and looking down the barrel of a camera as if it’s your best friend.

But this time my comments were to be included in a stand-alone “package”, as they’re called, along with comments from Fairfax journalist Philip Dorling and others. So a videographer came to my hotel room on Friday afternoon to shoot me at my desk, while the Melbourne-based journalist asked me questions via speakerphone — and I looked toward a yellow piece of paper that indicated where the journalist might have been standing had he actually been there.

Ah, the magic of television!

The video of the three-and-a-half minute segment, including comments fore and aft by the presenters, is over the fold.

Continue reading “Talking NSA and spying on The Project”

Weekly Wrap 160: Black dog, black sky and more NSA

Sydney under the clouds: kick to embiggenMy week Monday 24 to Sunday 30 June 2013 was rather complicated, at least emotionally.

As will be explained tomorrow on Tuesday Thursday.

Nevertheless, I managed to create some media objects along the way. And here they are.

Podcasts

I’m very pleased to have launched my new podcast and website, Corrupted Nerds.

  • Corrupted Nerds: Conversations 1, a conversation with Eugene Kaspersky, founder and CEO of Kaspersky Lab. If we’re going to be accurate, then this was really published in the previous week. But I forgot. So sue me.
  • Corrupted Nerds: Extra 1, being Senator Brett Mason’s “corrupted nerds” speech in the Australian Senate from 21 August 2012, which inspired the title. This was published last week too.
  • Corrupted Nerds: Conversations 2, a chat with Sean Richmond, senior technology consultant from Sophos Australia and New Zealand, about personalised malware, defense in depth, and why advanced persistent threats (APTs) and cyberwar are over-hyped.

I have yet to arrange any funding for this podcast, so I’ll be seeking that soon — and I’d be more than happy to hear your suggestions.

Articles

Media Appearances

None.

Corporate Largesse

  • Since Saturday 8 June I’ve been using Vodafone’s new 4G network while in Sydney, and their existing 3G network while in the Blue Mountains, with a Samsung Galaxy S4 handset that they’ve loaned me. I’ll be writing about my experiences on Monday. [Update 2 July 2013: I’ve just posted my write-up of my experiences. Yeah, it’s Tuesday.

The Week Ahead

The new financial year starts on Monday, so I daresay the morning will be full of administrivia. I’ll then be heading down to Sydney, because…

On Tuesday morning I’m attending a discussion on data sovereignty and the cloud, hosted by data centre firm NEXTDC, along with financial services company Aon and law firm Baker & McKenzie. That will be followed at the same event by the launch of the University of New South Wales’ report Data Sovereignty and the Cloud — A Board and Executive Officers’ Guide. I’ll be reporting this for someone, but as yet I don’t know who that will be.

I’ll be in Sydney again later in the week, probably Thursday, for a medical appointment, but that’s not confirmed yet. When it is, I’ll arrange my writing and media production schedule around that. There’s definitely stories to write for ZDNet Australia and CSO Online, plus an episode of Corrupted Nerds, and there’ll certainly be things that pop up along the way.

And then the weekend is unplanned.

[Photo: Sydney under the clouds, photographed from the Rydges Camperdown hotel in Sydney on 25 June 2013.]

Weekly Wrap 158: NSA and all the cybers, mostly

NSA Decipher Dog character: click to embiggenMy week Monday 10 to Sunday 16 June 2013 was dominated by the US National Security Agency (NSA). Well, by the news pertaining thereto. Funny world.

I can’t be arsed writing about that any further today. Here’s the links, and you can ask me questions and initiate conversation in the comments. Which I may ignore.

You post your comments, you take your chances.

Articles

Media Appearances

None.

Corporate Largesse

  • On Wednesday I attended the Sydney launch of Intel’s 4th Generation Core processors at the Museum of Contemporary Art. There was food and drink.

[Photo: NSA’s Decipher Dog character, part of the agency’s kids outreach program.]

Hillary’s mangoes, no NSA involved

[I was in a bit of a mood on Thursday, so when The Guardian broke the news that the NSA has been collecting the phone records of American citizens, my tolerance for political arsehattery was nonexistent. Calls for street protests? Bah! My countermove was to tweet a bunch of nonsense, which is posted here as prose.]

Mangoes by umstwitMaybe if we all run around like headless chooks, Mr Obama will say “Oh, sorry” and disband the NSA. And then Mr Obama will mount his trusty cyberpig and fly to the Moon, leaving behind a chemtrail of glitter and Bitcoins.

But look, headless chooks are the important bit. The more rushing around and screeching you can manage, the sooner the cyberpig lifts off. And quite frankly, Obama’s first term was a big disappointment as far as glitter showers go.

By comparison, I imagine that on weekends Hillary Clinton pumps out a steady stream of glitter. Like a Queen Ant, kinda.

Nyan Cat was DARPA’s prototype for that. DARPA’s main challenge was making it come out as glitter. When Hillary gets steam up, there’s no telling what it’ll be. Hummus, sometimes. Whipped cream.

One day it was just mangoes. Whole mangoes. Three a second, hour after hour. Secret Service guys took the whole weekend to clear the mess.

Then they had to figure out a cover story. Why were there mangoes smeared all the way down Pennsylvania Avenue? Eventually they decided just to tell everyone it was Madeleine Albright’s fault, so the press corps obviously bought that.

There’s a reason trams never took off in Washington.

[Photo: Mangoes by Flickr user umstwit, used under a Creative Commons Attribution 2.0 Generic license.]

AusCERT 2012 and the militarisation of cyberspace

AusCERT 2012 logo: click for conference websiteI didn’t make it to information security conference AusCERT 2013 this year. I’m about to read what’s been written and compile a list — but first, a reflection on what happened in 2012.

When I look back two years to what I wrote from AusCERT 2011, I’m reminded that we were just getting our head around the implications of the Stuxnet worm. Not only was malware being written by organised criminals, and we were facing an explosion of anti-banking malware and mobile malware, and looking ahead to when an angry child might deploy malware against their neighbours — we were now made well aware that malware was also being written by nation states with budgets in the millions of dollars and beyond.

But looking through the list (below) for AusCERT 2012, what jumps out is the emphasis on the militarisation of information security, as well as the emphasis in the scale of criminal activities. I won’t expand on that, because the conversation with AusCERT general manager Graham Ingram speaks for itself.

Articles from AusCERT 2012

Podcasts from AusCERT 2012

  • Patch Monday episode 139, “War talk dominates AusCERT 2012”, the first of two episodes based on material recorded at the information security conference. The overall theme is that infosec is becoming militarised. We no longer talk about “information assurance” but “defensive cyber operations”. Click through for the full list of speakers.
  • Patch Monday episode 140, “Cybercrime: it’s just too easy”, the second of two episodes based on material recorded at the AusCERT 2012 information security conference. AusCERT general manager Graham Ingram explains why cybercrime is here to stay, and F-Secure chief research officer Mikko Hypponen details a complex transnational criminal operation that saw goods bought fraudulently in Denmark being resold in Moscow, as well giving his views on hacktivism and the level to which antivirus companies should cooperate with governments.

Bonus Extra Video

After the conference, my flight back to Sydney was delayed. With the need to kill some time, this video was the result.

My compilation of reports from AusCERT 2013 will be posted later today. My compilation of reports from AusCERT 2013 is now online.

ASIO’s got it easy, says terrorism expert

“ASIO don’t seem to realise how privileged they are compared to intel orgs in other Western democracies,” tweeted terrorism researcher Andrew Zammit (pictured) yesterday.

Zammit is a researcher at the Global Terrorism Research Centre (Monash University) and Australian Policy Online (Swinburne University), and he was responding to my blog post from yesterday, “Insulted, ASIO? That’s not really the problem, surely?” and the attached podcast.

Here are his subsequent tweets, turned into continuous prose:

CIA for example has ongoing congressional oversight (of actual operations) as opposed to our occasional parl[iamentary] inquiries, people can FOI CIA docs only a few years old (ASIO has 20-30 year exemption) and some of the CIA’s analytical roles are transparent, as in analysts will have CIA business cards whereas even an ASIO kitchen hand’s identity will be kept secret. And CIA isn’t even a domestically-focused agency. So yes, ASIO needs to be less precious about being asked questions.

I agree. From the perspective of the United States I’m a foreign national, yet I’ve spoken with officers from the FBI, NSA and the Secret Service — all of whom had business cards with their full names. The closest I’ve gotten in Australia is chatting briefly with a DSD chap, one of two attending Linux.conf.au in January this year — given names only, and I suspect that those given names were really in scare quotes.

The excuse always given is “operational security”, but I do think the world has changed. The tools and methods are surely not so different from SEKRIT agencies to private-sector security companies and even analysis in non-security realms, given that so much technology is now available off the shelf to all comers.

Surely these days OPSEC is more about protecting sources and the specific operations that are or are not being conducted?

Of course I really don’t know this stuff. I’ve never worked in this field. I’ve never even held a security clearance. I’m just an interested bystander mouthing off. But I am intrigued.