The NSA is launching a program called “Perfect Citizen”, which may or may not involve spying on domestic networks:
The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.
It doesn’t matter as long as we’re safe from cyber-terrorists, of course. This is about right:
Wired has asked the NSA some pointed questions about whether Congress has been briefed on the program. My guess is that they haven’t, at least not in any meaningful way. Congress hasn’t insisted on exercising any oversight of any part of CNCI under either Bush or Obama. They probably don’t know anything about this, and they don’t want to.
If the term “Homeland Security” wasn’t enough to creep you out about the direction this country is going, “Perfect Citizen” should do the trick.
the antibob
Also, note that where much of DARPA’s research is open to un-class, the new DARPA cyberdefense research program is strictly classified. Be afraid.
bkny
face it, this country has become a monstrous and uncontrolled death machine, impervious to international laws; its citizens by and large relegated to the sidelines, and increasingly without any rights. the police have been so militarized and the citizenry so fear-mongered into submission that there’s barely a response to the latest taser torture inflicted on an 87 year old woman resulting in her death. assassination squads roam the planet in search of targets; drone attacks against countries without formal declarations of hostility
there’s another big fat issue perking — the kill switch that holy joe advocates with support from susan collins and jay rockefeller. sure, they backed off with the resulting criticism, but you can be sure that the executive will get that power and total control over the internet .
“Right now, China, the government, can disconnect parts of its Internet in a case of war. We need to have that here, too,” Lieberman concluded.
http://www.pcmag.com/article2/0,2817,2365393,00.asp
boy, i sure do miss steve gilliard, who could always point to other dangerous periods in this country’s history; but i’m just way too cynical to think there is ever any chance to righting this country.
Redshirt
I’m really torn on this one. I haven’t read up too much on this program, but the brief things I have read indicate it’s intended to protect against cyberattacks.
As much as I am opposed to government spying on domestic activities (a lot), I’m also 100% convinced our entire, wired society is in great peril. Cyberattacks are real, and could potentially be devastating.
Currently, we rely on a hodgepodge of unconnected security systems – essentially, each company is responsible for themselves, with SOX guidelines being the only regulatory framework over IT systems, and in regards cyberattacks, it is light.
The main ISP’s are more regulated, but they too are extremely vulnerable.
So, the fact is, an infrastructure that we’ve come to depend heavily on is massively vulnerable to attack. Proof of concept attacks from China have shown beyond a doubt what could be done if one country wanted to directly attack another’s digital infrastructure.
So, this threat needs to be addressed. Is this “Perfect Citizen” program the best way? I don’t know enough about it yet, but I do know something needs to be done.
For the record, I’m a senior IT guy with lots of experience in this area.
Neutron Flux
@Redshirt: Thanks for the point of view. I was about to get all pissed off and such.
ETA: Now I am just concerned.
mclaren
Since the Department of Homeland Security has recently mission-creeped from tracking down terrorists into busting downloaders, we can all see where this is going.
Fast-forward five years, and the DHS will be breaking down doors and handcuffing kids who use the FF controls on their Comcast DVR to skip commercials.
7 or 8 years from now, the DHS will be smashing in the windows of old peoples’ houses and pinning them to the floor with submachine guns for buying cheap generic heart medicine from Canada instead of the $150-a-pill SmithKline-Glaxo name-brand stuff.
And within a decade we should see DHS riot troops bashing high school students with gun butts and dragging them out of classrooms in chains for jailbreaking their iPhones.
Operation “Perfect Citizen” indeed…
Redshirt
It is worrisome though, with asshats like Lieberman and his ilk will no doubt attempt to prize away as much freedom as possible when implementing any system. If so, hopefully the courts can resolve it.
It’s a very tricky problem though – how do you monitor the entire digital network in America without having such thorough access that in fact you can monitor anything at anytime.
Although, this debate may all be moot, since Government programs like “Eschalon” are already rumored to be capable of picking up every single email, text, twitter, etc, that goes across the internet.
So, perhaps a better way of thinking about it is, we’ve already lost real privacy, but we still don’t have any systematic defenses on our public networks to stop a systematic attack.
Its interesting to me that my two main threats at work are China and Russia. I watch hacking attempts originating from these two countries all day, every day. They never stop.
The China-Google incident of a few months ago was chilling, and was a really big deal – I suspect we’ll never hear the full story of what happened, at least not any time soon. I don’t know if this Perfect Citizen program was quickly cooked up in response, but it would make sense.
El Cid
O/T, but how is this different?
New Palin biography aimed at 9- to 12-year-olds
kommrade reproductive vigor
Everyone already knows how to crash the entire computer network system.
Just type C i alis into the comments of this blog enough times and BOOM!
Look, if they’re talking about preventing major power failures and keeping hospital telemetry systems running and shit like that, fine, have at it.
The name of the operation sucks on ice though. Who ever is in charge of naming shit over there needs to GtFo.
Bootlegger
@mclaren:
You left out the part where they shoot the family pet.
Bootlegger
@El Cid: Palin speaks with a vocabulary of that age level so that the right age group if she wrote it herself this time.
Bill E Pilgrim
@El Cid: What’s different? Well, they’re tailoring her message to an older age group than she usually does.
Seems obvious to me. Shrug.
Must not be easy for her though, they tend to understand complete sentences at those ages.
bkny
@El Cid: it’s interesting to watch that as she’s losing her audience (her polling numbers stink and her arena appearances aren’t the draw they used to be — although the mouthbreathers that do support her are intense about it), the national media is on a tear to keep her relevant and boost her political influence.
Tattoosydney
Missed opportunity for a Pet Shop Boys reference in the title: If you’ve nothing to hide, you’ve got nothing to fear.
Bill Murray
@Bootlegger: of the place next door to where they were supposed to go
mclaren
@Redshirt: You’re a gullible dupe. There is no threat. The entire “cyber-attack” scam is just another con job exactly like “WMDs in Iraq” and “Gore stealing the election in 2000” ginned up Republican operatives to destroy the Bill of Rights and put money in the pockets of the giant multinational corporations that donate to the far right wing.
In this case, the giant multinational corporation that stands to benefit from the cyber-attack scare con job is SRI International, a firm that stands to reap billions in Pentagon contracts by confecting these bogus scare stories about how “America could fall in 15 minutes to a cyber-attack.”
Every reputable cyber-security expert in America has dismissed this nonsense as ridiculous and “beyond absurd.”
The scare stories are so overblown that Washington lobbyists for these giant multinational corporations that stand to benefit from a ridiculously inflated cyber-scare are now claiming “hackers will target your blender.” Yes. Your blender. In your kitchen.
Are you people drunk?
Are you on drugs?
Haven’t you seen this over and over and over and over and over again? The Republicans crank up ridiculous nightmare doomsday scenarios (“We don’t want the first warning sign to be a mushroom cloud…”) and a stampeded public opens the floodgates to pour trillions of dollars into worthless horseshit con jobs dreamed up by the giant corporations (Halliburton, SRI international, KBR, Blackwater) the Republicans are butt-snorkeling.
Wake up! IT’S ALL A SCAM TO GRAB MORE MONEY FROM OUR ALREADY OUT-OF-CONTROL TRILLION-DOLLAR-A-YEAR MILITARY BUDGET.
Redshirt
@mclaren: With all due respect, some of what you say may be true – ramping up fear in order to increase surveillance powers; but the threat of cyber attacks are real, and happening, all over the world. As we speak.
Consider, just a piece of this problem: Since internet access became common (1995 or so) to, oh, about 2005 or so, every ISP in the world provided a wide open internet portal, with no protection to the home computer. It was wide open. And if you did not properly secure it in a variety of ways, odds are your computer was hacked, in many ways.
Right now there are hundreds of thousands of computers that are infected with a host of viruses and malicious code that sit on the internet, capable of sending/receiving data, or launching an attack.
Couple the wide open access with the insecurity inherent in most older Microsoft products, and our entire IP infrastructure is already severely compromised. This is not a political, partisan issue in any respect, but rather a flaw in the introduction of an incredibly powerful information infrastructure to the world – it was too trusting, and error prone.
So, trust = danger on the internet. Thus, many precautions must be taken. Things have gotten much better over the past few years (perhaps as a result of SOX!), but what has resulted of course is vastly more monitoring of the network.
That’s all this program is, from what I can gather: A monitoring program, just like what happens at every properly done corporate network. But instead of the IT guy monitoring you, it will be Uncle Sam.
wasabi gasp
The name Perfect Citizen does no favors for our Dear Leader. He might consider increasing our chocolate rations until getting around to renaming that thing Mama Grizzly.
General Stuck
If Al Gore hadn’t invented the internet, none of this would be hap hap happening.
Corner Stone
@Redshirt: I’m not inclined to believe a lot of the government driven hype regarding cyber attacks, but I do believe in critical node failure.
And I don’t believe we’re doing enough in that regard, nor from what I can tell, that this information mining program does anything in that area either.
Consider that a year later we’re still not sure why three routers on the Eastern Seaboard failed, essentially shutting internet traffic down all the way to Texas and the Midwest.
Or this recent example:
Massive outage cuts off communications for days
Which is not to say cyber attacks aren’t real, but rather I rank their threat lower than other possible dangers inherent in the system.
sparky
what, no Obama defenders on this point? i mean it must be eleventy-dimensional chess, right?
anyway, two observations, one of them ad hominem:
1. if Lieberman is pushing it, it is a bad idea;
2. before everyone nods sagely and says, gee yeah that could be dangerous, think about how difficult it would be to achieve whatever it is people are claiming would happen. not only would the “attackers” whoever they might be (ooo, faceless!) execute perfectly, but no one would be able to stop them. in other words, for this to happen everyone operating a network would have to be struck mute, helpless, and unable to do a single thing. show a single example of this occurring in recorded history, much less in modern times, and then maybe i will take this hysteria as something other than an excuse to extend government into, well, everything.
please , please, stop thinking Hollywood scripts are real life. all you are doing is surrendering your own.
Corner Stone
@Corner Stone:
To clarify a little ~ cyber attacks are very real for the individual or the individual environment (business, university, etc), but IMO they are not an existential threat to the system as a whole. And certainly not as much of a threat as an infrastructure breach.
General Stuck
@sparky: Fuck you very much for sharing
Tim in SF
There is already a cyber-war going on. It’s between the different departments of the government over who gets the lion’s share of the money to defend us against script kiddies running an DDoS attack from their bedroom. Whichever department wins, we lose, as we fund yet another stupid program that doesn’t make us one bit safer.
And what’s actually at risk in a cyber-war? Actual war involves people getting killed. In a cyber-war, a DDoS attack is as if “an army invaded our country, then all got in line in front of people at the DMV so they couldn’t renew their licenses. ” That’s a DDoS, the worst of the worst in cyber-terror, and we’re going to end up spending a LOT of money and trading away a lot of our freedom to prevent it.
Here’s more: http://edition.cnn.com/2010/OPINION/07/07/schneier.cyberwar.hyped/?fbid=76_HcTESp_Y
Bill Arnold
As Redshirt is noting, it is not reasonable to believe that our internet infrastructure is secure (by magic of being distributed?) against focused attack.
Sure, various defense contractors and wanabees are trying to get into the action & dollars, and most of the scare stories are absurd.
But large botnets are very powerful, and can be very hard to stop. (Note “green dam youth escort” on Chinese PCs could easily be a botnet-on-demand controlled by the Chinese government.)
This is all independent, though, of whether something like “Perfect Citizen” is a crazy idea.
ornery curmudgeon
Redshirt sounds very concerned … yes we have an oil catastrophe that’s going to bring this nation down without a single ‘cyber’ wtf, but we really need to worry NOW about … the internet. Very serious. Make changes IMMEDIATELY, we’ll study them late–what, is a game on? Michael Jackson! Tiger Woods! Natalie Holloway! American Idol!
Let’s see…
1) A cyber attack might disable the internet, so we need to give our corrupt leadership a ‘kill-switch.’ To protect it. Hand it to the military to make us super-safe.
2) The internet was designed by the military to withstand near-annihilation in a nuclear war … now it’s vewy vewy vuniwuble. The Chinese are evil, so now let’s give more power to the ones who sold our nation to them….
Meanwhile an oil catastrophe is still unfolding and the govt will protect you … from the um ah hackers. Yep. Just give tptb more power and sit staring helplessly as they ‘be.’
Redshirt is a con or an easy mark. Maybe those are the same things.
kdaug
(Re-posted from a FB entry yesterday): Read somewhere that the best way to tell between real online security programs and expansionist gov BS is to look for the word “cyber” in the name of said program. Nobody but the ones with a fat defense contract on the line uses the word. When was the last time you sent a cyber-mail? Or visited a cyber-site?
The only ones who say it don’t know what they’re talking about. By definition.
mclaren
@Redshirt:
Bullshit.
There is no threat.
Zero. None. Nada. Bupkiss. Dick. Diddly. It doesn’t exist.
Even calling these microscopic minor annoyances “attacks” is a total con job. It completely misrepresents what’s going on.
Here’s what’s actually going on:
[1] Russian mafiya crooks are stealing credit card numbers and ripping off big credit card companies — but the individuals aren’t getting hurt because the law requires that if phoney charges are laid onto your credit card, you can’t be charged for them.
This is settled. It’s a non-problem. This amount to a tiny minor annoyance at worst. For the average person, it’s meaningless. It will never affect you. For the credit card companies and banks, it’s a tiny issue. The total amount of money lost by banks that made crap housing loans is so much bigger than the amount of money stolen by mafiya cybergangs with stolen credit card numbers that the whole identity-theft-credit-card-fraud thing is an unnoticeable rounding error by comparison.
[2] DDOS attacks organized by bot networks. These are typically only aimed at gray-area online businesses located physically in the third world — for example, internet gambling websites, or internet porn sites. DDOS attacks don’t work when aimed at commercial sites located physically in the first world because first world government move right quick to shut that crap down by yanking entire domains and shutting down servers, as necessary.
So once again this is a total non-issue. The likelihood that Google.com or ebay.com or yahoo.com will ever get forced offline permanently by a DDOS attack is zero. It will never happen. The only commercial websites vulnerable to that kind of extortion are shady sites operating in the third world, typically places with third-world servers designed to evade the law — kiddyporn sites, internet gambling sites, warez sites, filesharing tracker sites, etc. And nobody really gives a damn if these kinds of sites get forced offline forever, because they’re like mosquitoes, there are a million of ’em. If you want to download your warez and rapidshare gets permanently nuked by some DDOS attack, who cares? Megaupload and zshare and mediafire and about a billion other sites will take rapidshare’s place in a heartbeat. So scarey stories about DDOS attacks are 100% bullshit.
[3] Viruses. Oooohhh, those scary scary scary viruses. The Conficker worm, waiting to end the world when Dr. No presses a button from inside his hollow volcano headquarters!
BULLSHIT. Microsoft Vista has done infinitely more to crash computers and disrupt the internet and destroy business internet infrastructure than all the viruses and worms in history. Microsoft Windows 7 has done more to slow computers down and crash hard drives than every worm ever written in Bulgaria and Romania and the former Soviet Union. If you want to know what the real danger to the internet is, it’s companies like Sony that write rootkits and distribute ’em with legally purchased CDs. Viruses are a non-issue, a tiny minor annoyance at most.
—–
The proof that all these so-called “cyber attacks!!!!!!” amount to nothing more than ankle-biting trivia is simple:
Show me all the businesses and governments that have had their infrastructure physically damaged by a so-called “cyber attack.”
You can’t.
There is none.
Even the worst so-called “cyber ATTACK!!!!” is nothing more than a trivial minor annoyance, at the very most an outage lasting a couple of minutes max.
When nobody can get through to the DOJ website for a month because of a DDOS, let me know. Never gonna happen. Total fantasy. 100% bullshit.
When a major American city loses power for a day because of a “cyber attack,” point it out. No such thing. Never happened, never will. Complete scaremongering.
American cities do lose power for more than a day and U.S. government websites do go down and stay offline, but not becuase of “cyber attacks.” It’s always because of some goddamn misconfigured router or because some idiot through it would be real smart to use Server 2008 instead of Apache to run the server, and the Microsoft piece of sh*t software crashed and trashed the hard disk so badly it couldn’t be recovered even from the backup.
New York City shut down for days in 1979. Not due to a cyber attack — because an obscure transformer blew out and took down the whole power grid in a non-linear cascade.
The entire American long-distance phone network crashed and shut down in 1989 for days. But not because of some mythical cyber-attack. It was because a couple of doofus AT&T engineers misconfigured the sofware for AT&T’s long distance switching system.
Every single instance everyone can point to of any kind of serious outage in America’s or any other first country’s internet infrastructure always traces back to some expert engineer who goofs up, or some crap company liek Cisco or Microsoft that manufactures shoddy software or hardware that fails and takes down the whole system hard.
Case in point: San Francisco airport suffered a complete internet collapse so bad that planes had to be rerouted to other airports. After 6 hours, internet troubleshooting engineers finally figured out the cause: one faulty NIC card in one obsolete computer, causing a non-linear cascade of failures that eventually took down the entire airport network including radar.
They’re cyber-annoyances, not cyber-attacks. The real internet outages occur because of failures by famous-name equipment and famous-name companies — Microsoft and Sun and Cisco. All the terrorists and evil foreign countries in the world can barely even cause a major U.S. airport or U.S. power grid to hiccup. It takes faulty crapware by Microsoft or Cisco systems to shut down a major American airport or power grid.
A news story just yesterday says the single biggest place for stolen credit card numbers is hotels. You know why? Because shady employees who swipe your card card steal the numbers. That’s a cyber “attack,” so-called. That’s no danger to America, that’s no threat to the CIA. That’s crap, it’s penny-ante thievery.
Until you can show me even one (1) seriously damaged piece of government internet infrastructure that has ever been taken down by a cyber-“attack” (so-called), it’s all nonsense. They don’t even rise to the level of cyber-annoyances. Spam is a bigger problem, and it’s minor.
licensed to kill time
The name Perfect Citizen sounds Perfectly Orwellian.
Ed Marshall
@mclaren:
Yeah, it’s bullshit, and if you have some piece of infrastructure that is so dangerous or crucial the answer is always going to be….don’t put it on the fucking internet. That is always your answer. Set up a VLAN in a worst case scenario where you absolutely have to network. If there is crucial, top secret information on your computers…Don’t put them on the internet
Redshirt
Some of you sure get fired up over something that is reasonable in theory – monitoring a key infrastructure for attack.
Our mobile networks are critical, GPS, satellites, and yes, the internet, and it’s only getting more important to everyday modern society – the banking system being taken down, the stock markets, etc, would cause billions of dollars of losses.
Sure, it may not be life and death on a large scale, but I’m not sure what the issue is against the notion of increasing the security of key public infrastructure, which really all any monitoring program is for.
And I suppose now someone will accuse me of being some authoritarian fascist or something.
General Stuck
@Redshirt:
There is more than one kind of tea bagger. They just come in different packages is all.
kormgar
I miss America.
I really do.
mclaren
There do exist critical threats to the information infrastructure of America. But they’re not named Al Qaeda.
They’re named Microsoft and Accenture Consulting. and Adobe Systems.
v0ltag3
Um mclaren a lot of what you say is true but…
The threat is overhyped yet it is there. Yahoo, ebay, cnn, and a few others have been taken offline, by a 14 year old boy. Imagine what a country could do with trained operators. I had to ignore a lot of your post because you are woefully ignorant of the situation. A cyber war does not have to involve casualties, the main problem is the ability of countries to gather intel and hit strategic targets to cause disruption. One more thing. Botnets are extremely powerful. They can do a lot more then what you seem to think. Trust me :)
Redshirt
One thing that came out of the China-Google incident was pretty direct evidence the Chinese Government is actively supporting many groups of hackers, using government resources.
We’ve seen the havoc some kid with a script can cause. Imagine what a dedicated government can do?
That’s the looming threat.