Government

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech (onthewire.io) 40

Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.
Space

Boeing Will Make the Military's New Hypersonic Spaceplane (theverge.com) 77

The Department of Defense has selected Boeing to make a new hypersonic spaceplane that can be reused frequently over a short period of time to deliver multiple satellites into orbit. "DARPA, the agency that tests new advanced technologies for the military, has picked Boeing's design concept, called the Phantom Express, to move forward as part of the agency's Experimental Spaceplane (XS-1) program," reports The Verge. From the report: The goal of DARPA's XS-1 program is to create a spacecraft that's something of a hybrid between an airplane and a traditional vertical rocket. The spaceplane is meant to take off vertically and fly uncrewed to high altitudes above Earth. From there, the vehicle will release a mini-rocket -- a booster with an engine that can propel a satellite weighing up to 3,000 pounds into orbit. As the booster deploys the satellite, the spaceplane will then land back on Earth horizontally just like a normal airplane -- and then be fueled up for its next mission. DARPA wants the turnaround time between flights to last just a few hours. But perhaps the most audacious goal is the price DARPA wants for each flight. The agency is aiming for the spaceplane to cost $5 million per mission, a significant bargain considering most orbital rockets cost tens to hundreds of millions of dollars to launch. And Boeing says it's up to the task. "Phantom Express is designed to disrupt and transform the satellite launch process as we know it today, creating a new, on-demand space-launch capability that can be achieved more affordably and with less risk," Darryl Davis, president of Boeing Phantom Works, said in a statement.
Crime

Sweden Drops Julian Assange Rape Investigation (cnn.com) 187

rmdingler writes: "Sweden is dropping its investigation into WikiLeaks founder Julian Assange on rape allegations, according to a prosecution statement released Friday," reports CNN. "Assange, who has always denied wrongdoing, has been holed up at the Ecuadorian Embassy in London since 2012, in an effort to avoid a Swedish arrest warrant." Despite Friday's announcement, he's unlikely to walk out of the embassy imminently. There is no apparent change in the risk of being detained in the west, particularly in the U.S., but it's definitely a win for Assange. Joshua.Niland adds: The pressure on Julian Assange may have lifted ever so slightly with Swedish prosecutors dropping their investigation into the allegations of rape. A brief statement ahead of a press conference by the prosecutor later on Friday said: "Director of Public Prosecution, Ms Marianne Ny, has today decided to discontinue the investigation regarding suspected rape (lesser degree) by Julian Assange." This will not likely deter the United States from pursuing their own charges against him for publishing tens of thousands of military documents leaked by Army whistleblower Chelsea Manning. After describing the development as "an important victory," Assange said, "[...] it by no means erases seven years of detention without charge under house arrest and almost five years here in this embassy without sunlight. Seven years without charge while my children grow up without me. That is not something I can forgive. It is not something I can forget."
Government

CIA Co-Developed 'Athena' Windows Malware With US Cyber Security Company, WikiLeaks Reveals (bleepingcomputer.com) 108

An anonymous reader writes: Today, WikiLeaks leaked documentation about a tool called Athena. According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant -- a CIA technical term for "malware" -- that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version. Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS. [...] The documents reveal that CIA had received help from a non-government contractor in developing the malware. The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA's headquarters, in a zone peppered with various military and defense contractors.
Power

How the Lights Have Gone Out For the People of Syria (bbc.co.uk) 126

dryriver shares an excerpt from a report via the BBC that shows what the impact of the Syrian war looks like from space: Six years of war in Syria have had a devastating effect on millions of its people. One of the most catastrophic impacts has been on the country's electricity network. Images from NASA, obtained by BBC Arabic, show clearly how the lights have gone out during the course of the conflict, leaving people to survive with little to no power. Each timelapse frame shows an average of the light emitted at night every month from 2012, one year after the war began. They show that the areas where Syrians can turn lights on at night, power their daily lives and get access to life-saving medical equipment, have shrunk dramatically. The city of Aleppo was Syria's powerhouse and home to over two million people. But the country's industrial hub became a battleground and remained so for more than four years. Russian airstrikes against Syrian rebels began in October 2015 and the timelapse shows the city in almost complete darkness at night throughout 2016, when the battle for Aleppo was at its peak. As mains power supplies dropped off, ordinary people had to be creative in finding alternative sources for light and power.
Crime

Chelsea Manning Set To Be Released From Prison, 28 Years Early (nbcnews.com) 541

An anonymous reader quotes a report from NBC News: Army whistleblower Chelsea Manning is set to walk out of prison Wednesday -- but she won't be entirely free. Manning's 35-year sentence for leaking an enormous trove of military intelligence records was commuted by President Barack Obama in January. But Manning is still appealing her conviction in a case that could take years, and the government has yet to respond to the appeal. And all the while, Private First Class Manning, 29, will remain an active duty soldier in the U.S. Army. She won't be paid a salary, and it's highly unlikely that she will be called to serve. But being placed on voluntary excess leave rather than discharged, says one of her attorneys, makes her vulnerable to new military punishment or charges if she steps out of line. Such an offense could be anything from getting into a fistfight to revealing previously unreleased classified information. Manning could even get into trouble with the military for speaking and writing. The Army private then known as Bradley Manning was just 22-year-old when she leaked nearly 750,000 military files and cables to WikiLeaks. Manning was court-martialed and sentenced in 2013 to 35 years in prison, with opportunity for parole after seven years served. n a statement given to the TODAY show the day after sentencing, Manning came out as a transgender woman. Last Tuesday, in Manning's first official statement about her plans after prison, she said, "I can see a future for myself as Chelsea."
Earth

SpaceX Launches Super-Heavy Satellite Atop Falcon 9 Rocket (usatoday.com) 85

SpaceX has successfully launched a heavy commercial communications satellite atop one of its Falcon 9 rockets today. "Weighing in at nearly 13,500 pounds atop the rocket, the fourth Inmarsat-5 satellite was the heaviest load lofted by a Falcon 9 yet," reports USA Today. From the report: The 230-foot rocket delivered the spacecraft larger than a double-decker bus to an orbit more than 22,000 miles over the equator. As a result, SpaceX did not attempt to land the rocket's first stage either at Cape Canaveral or at sea, and the Falcon 9 booster was not equipped with landing legs. The Inmarsat-5 Flight 4 satellite, built by Boeing, completes Inmarsat's four-satellite Global Xpress constellation focused on delivering high-speed broadband data to mobile customers, including commercial aircraft and ships and the U.S. military.
Government

Microsoft Blasts Spy Agencies For Leaked Exploits Used By WanaDecrypt0r (engadget.com) 323

An anonymous reader shares Engadget's report about Microsoft's response to the massive WanaDecrypt0r ransomware attack: Company president Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen"... Microsoft had already floated the concept of a "Digital Geneva Convention" that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos... While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn't.
BrianFagioli shared a BetaNews article arguing Microsoft "should absolutely not shoulder any of the responsibility. After all, the vulnerability that led to the disaster was patched back in March." But troublemaker_23 notes that ITwire still faults Microsoft for not planning ahead, since in February 150 million people were still using Windows XP.
Government

Nuclear Experts Form International 'Nuclear Crisis Group' (teenvogue.com) 63

Slashdot reader Dan Drollette shares an article by the executive director and publisher of the Bulletin of the Atomic Scientists:On Friday, an elite group of the world's nuclear experts and advisers launched a Nuclear Crisis Group, to help manage the growing risk of nuclear conflict. The group includes leading diplomats with decades of experience, and retired military officers who were once responsible for launching nuclear weapons if given the order to do so. China, India, Pakistan, Russia, and the United States, all countries that have nuclear weapons, are represented. The group intends to create a "shadow security council," or an expert group capable of providing advice to world leaders on nuclear matters...

Building on grass-roots support, the Nuclear Crisis Group could serve as a brake on nuclear escalation and be an early step in reversing the downward nuclear security spiral. Not only will they be able to offer expertise to inexperienced leaders who are dabbling in nuclear security, but they will be able to develop and endorse proposals that could make the world safer such as expanding the decision time that leaders have to respond to a nuclear threat, further protecting nuclear systems against cyber attacks and unintended escalations, reenergizing the appetite for arms control negotiations, and questioning global nuclear upgrade programs.

Government

Trump Signs Executive Order On Cybersecurity (techcrunch.com) 173

President Trump on Thursday signed a long-delayed executive order on cybersecurity that "makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet," reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump's order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country's ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump's homeland security adviser] said the order was not, however, prompted by Russia's targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year's presidential campaign. The Department of Homeland Security in January declared election systems "critical infrastructure." The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an "act of war" or what response the attack would invite. "We're not going to draw a red line," Bossert said, adding that the White House does not "want to telegraph our punches." The order places the defense secretary and the head of the intelligence community in charge of protecting "national security" systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector.
Security

Director of National Intelligence Warns of IoT Security Threats (engadget.com) 36

According to Director of National Intelligence Daniel Coats, IoT devices may be used to shut down US intelligence operations in the future. From a report: At an open hearing today, the Senate Select Committee on Intelligence (SSCI) heard testimony on the worldwide threat assessment of the US intelligence community. Coats' opening statements included a warning of the dangers of poor smart device security as well as the continued inevitability of Russian cyber threats. Coat's testimony lists these concerns first, with Russia topping the list of enemy actors. Coats says that the Kremlin has taken a much more aggressive "cyber posture," which "was evident in Russia's efforts to influence the 2016 US election." Coats' report (PDF) also says that Russian actors have conducted attacks on critical infrastructure networks, even going so far as to pretend to be third parties hiding behind false online personas. "Russia is a full-scope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure," says Coats in the written version of his statement. The document notes that China, Iran and North Korea, as well as terrorists and criminals, are also threats. Coats also spoke at length about "smart" devices, which have increased the number of vectors that hostile actors can attack. The denial-of-service (DDoS) attacks that we already see will only become more prevalent. These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."
The Internet

NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet (theintercept.com) 75

An anonymous reader writes: A confidential computer project designed to break military codes was accidentally made public by New York University engineers. An anonymous digital security researcher identified files related to the project while hunting for things on the internet that shouldn't be, The Intercept reported. He used a program called Shodan, a search engine for internet-connected devices, to locate the project. It is the product of a joint initiative by NYU's Institute for Mathematics and Advanced Supercomputing, headed by the world-renowned Chudnovsky brothers, David and Gregory, the Department of Defense, and IBM. Information on an exposed backup drive described the supercomputer, called -- WindsorGreen -- as a system capable of cracking passwords.
Facebook

Did A Billionaire Harvest Big Data From Facebook To 'Hijack' Democracy? (theguardian.com) 452

Long-time Slashdot readers walterbyrd and whoever57 both submitted the same article about the mysterious data analytics company Cambridge Analytica and its activities with SCL Group, a 25-year-old military psyops company in the U.K. later bought by "secretive hedge fund billionaire" Robert Mercer. One former employee calls it "this dark, dystopian data company that gave the world Trump." Facebook was the source of the psychological insights that enabled Cambridge Analytica to target individuals. It was also the mechanism that enabled them to be delivered on a large scale. The company also (perfectly legally) bought consumer datasets -- on everything from magazine subscriptions to airline travel -- and uniquely it appended these with the psych data to voter files... Finding "persuadable" voters is key for any campaign and with its treasure trove of data, Cambridge Analytica could target people high in neuroticism, for example, with images of immigrants "swamping" the country. The key is finding emotional triggers for each individual voter. Cambridge Analytica worked on campaigns in several key states for a Republican political action committee. Its key objective, according to a memo the Observer has seen, was "voter disengagement" and "to persuade Democrat voters to stay at home"... In the U.S., the government is bound by strict laws about what data it can collect on individuals. But, for private companies anything goes.
A branch of this company reportedly also received half the campaign budgets of four pro-Brexit campaign groups, and there's some dark talk about "military-funded technology that has been harnessed by a global plutocracy...being used to sway elections in ways that people can't even see." The article notes the two firms have plied their services in Russia as well as Lithuania and the Ukraine, and suggests that "we are in the midst of a massive land grab for power by billionaires via our data. Data which is being silently amassed, harvested and stored."
Space

After Almost Two Years, The Air Force's Mysterious X-37B Space Plane Lands (space.com) 116

An anonymous reader quotes Space.com: The record-shattering mission of the U.S. Air Force's robotic X-37B space plane is finally over. After circling Earth for an unprecedented 718 days, the X-37B touched down Sunday at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida -- the first landing at the SLF since the final space shuttle mission came back to Earth in July 2011... The just-ended mission, known as OTV-4 (Orbital Test Vehicle-4), was the fourth for the X-37B program... The 29-foot-long (8.8 meters) X-37B looks like NASA's now-retired space shuttle orbiter, only much smaller; indeed, two X-37Bs could fit inside a space shuttle's cavernous payload bay...

Most of the X-37B's payloads and activities are classified, leading to some speculation that the space plane could be a weapon of some sort, perhaps a disabler of enemy satellites... But Air Force officials have always strongly refuted that notion, stressing that the vehicle is simply testing technologies on orbit. "Technologies being tested in the program include advanced guidance, navigation and control; thermal-protection systems; avionics; high-temperature structures and seals; conformal, reusable insulation, lightweight electromechanical flight systems; and autonomous orbital flight, re-entry and landing," Captain AnnMarie Annicelli, an Air Force spokeswoman, told Space.com via email in March.

Education

Should The Government Pay For Veterans To Attend Code Schools? (backchannel.com) 168

mirandakatz writes: David Molina was finishing up his 12-year time in the army when he started teaching himself to code, and started to think that he might like to pursue it professionally once his service was done. But with a wife and family, he couldn't dedicate the four years he'd need to get an undergraduate degree in computer science -- and the GI Bill, he learned, won't cover accelerated programs like code schools. So he started an organization dedicated to changing that. Operation Code is lobbying politicians to allow vets to attend code schools through the GI Bill and prepare themselves for the sorts of stable, middle-class jobs that have come to be called "blue-collar coding." Molina sees it as a serious failing that the GI Bill will cover myriad vocational programs, but not those that can prepare veterans for one of the fastest-growing industries in existence.
The issue seems to be quality. The group estimates there are already nine code schools in the U.S. which do accept GI Bill benefits -- but only "longer-standing ones that have made it through State Approving Agencies." Meanwhile, Course Report calculates 18,000 people finished coding bootcamps last year -- and that two thirds of them found a job within three months.

But I just liked how Molina described his introduction into the world of programmers. While stationed at Dover Air Force Base, he attended Baltimore's long-standing Meetup for Ruby on Rails, where "People taught me about open source. There was pizza, there was beer. They made me feel like I was at home."
Government

Unmanned US Air Force Space Plane Lands After Secret, Two-Year Mission (reuters.com) 14

Irene Klotz, reporting for Reuters: The U.S. military's experimental X-37B space plane landed on Sunday at NASA's Kennedy Space Center in Florida, completing a classified mission that lasted nearly two years, the Air Force said. The unmanned X-37B, which resembles a miniature space shuttle, touched down at 7:47 a.m. EDT (1147 GMT) on a runway formerly used for landings of the now-mothballed space shuttles, the Air Force said in an email. The Boeing-built space plane blasted off in May 2015 from nearby Cape Canaveral Air Force Station aboard an Atlas 5 rocket built by United Launch Alliance, a partnership between Lockheed Martin and Boeing. The X-37B, one of two in the Air Force fleet, conducted unspecified experiments for more than 700 days while in orbit. It was the fourth and lengthiest mission so far for the secretive program, managed by the Air Force Rapid Capabilities Office.
The Military

Some Of The Pentagon's Critical Infrastructure Still Runs Windows 95 And 98 (defenseone.com) 152

SmartAboutThings writes: The Pentagon is set to complete its Windows 10 transition by the end of this year, but nearly 75% of its control system devices still run Windows XP or other older versions, including Windows 95 and 98. A Pentagon official now wants the bug bounty program of the top U.S. defense agency expanded to scan for vulnerabilities in its critical infrastructure.
DefenseOne raises the possibility of "building and electrical systems, HVAC equipment and other critical infrastructure laden with internet-connected sensors," with one military program manager saying "A lot of these systems are still Windows 95 or 98, and that's OK -- if they're not connected to the internet." Windows Report notes that though Microsoft no longer supports Windows XP, "the Defense Department is paying Microsoft to continue providing support for the legacy OS."
Encryption

Encrypted WhatsApp Message Recovered From Westminster Terrorist's Phone (indiatimes.com) 143

Bruce66423 brings word that a terrorist's WhatsApp message has been decrypted "using techniques that 'cannot be disclosed for security reasons', though 'sources said they now have the technical expertise to repeat the process in future.'" The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before he rammed his high-speed car into pedestrians on Westminster Bridge and stabbed to death a police officer at the gates of Parliament on March 22. The access to Masood's message was achieved by what has been described by security sources as a use of "human and technical intelligence"...

The issue of WhatsApp's encrypted service, which is closed to anyone besides the sender and recipient, had come under criticism soon after the attack. "It's completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," U.K. home secretary Amber Rudd had said.

Security sources say the message showed the victim's motive was military action in Muslim countries, while the article adds that though ISIS claimed responsibility for the attack, "no evidence has emerged to back this up."
Facebook

Navy, Marines Prohibit Sharing Nude Photos In Wake of a Facebook Scandal (fortune.com) 132

An anonymous reader quotes a report from Fortune: The Navy and Marine Corps issued new regulations that ban members from sharing nude photographs following a scandal involving military personnel sharing intimate pictures of their female colleagues -- some of which were taken without their knowledge -- in a secret Facebook group. The new statute, which was signed Tuesday by Acting Navy Secretary Sean Stackley, went into effect immediately and will be made permanent when the next edition of the Navy's regulations is printed, according to Navy Times. Military courts will handle violations of the new rule. The crackdown comes after a Facebook group was uncovered featuring naked photos of female service members. The group was eventually shut down by Facebook after a request from the Marine Corps. The Center for Investigative Reporting found that some of the photographs posted on the Facebook group may have been taken consensually, but others may not have been.
AI

Russia Wants To Send A Gun-Shooting Robot To The ISS (mashable.com) 141

"Just in time for the rise in global military tensions, Russian officials have released video that's sure to calm fears all around: a death dealing humanoid robot that shoots handguns." An anonymous reader quotes Mashable: Posted to Twitter on Friday by Russia's deputy Prime Minister, Dmitry Rogozin, the video shows the country's space robot FEDOR (Final Experimental Demonstration Object Research) accurately shooting twin pistols in a scene chillingly similar to images from The Terminator. But rather than being displayed as a not-so-subtle warning to the entire human population of the planet, Rogozin instead claims via Facebook that it's just a demonstration of the robot's dexterity and use of algorithms to execute tasks.
CNET quotes Russia's deputy prime minister as saying "We are not creating a Terminator, but artificial intelligence that will be of great practical significance in a lot of spheres." Russia plans to deploy the robot on the International Space Station by 2021, Mashable reports, adding "Hopefully, the robot's arrival on the ISS will come sans life-snuffing weaponry, which is pretty much the opposite of the intent behind creating a peaceful international space station shared by the world's super powers in the first place."

Slashdot Top Deals