Huawei Telecom Gear Much More Vulnerable to Hackers Than Rivals’ Equipment – WSJ

“Reminds me of  the 1990’s Microsoft Windows/Internet Explorer Security Issues, Not Stuxnet”

-Mayo615

Source: Huawei Telecom Gear Much More Vulnerable to Hackers Than Rivals’ Equipment, Report Says – WSJ

A detailed report, prepared by Finite State, a Columbus, Ohio-based cybersecurity firm, concludes that Huawei telecom switching gear is far more vulnerable to hacking than other vendors’ hardware due to firmware flaws and inadvertent “back doors” that were discovered. The report has been circulated widely among cybersecurity experts in the U.S. and UK, and it is considered credible. The report stops short of concluding that Huawei deliberately inserted the flaws to enable espionage, as it appears more likely that these are flaws that are due to undetected software development errors. The Trump Administration has nevertheless seized on the report to claim evidence of Chinese espionage intent. The report’s conclusions do offer sound evidence that Huawei gear should not be inserted into telecom systems until these errors are removed.  This reminds me of the time when Microsoft Internet Explorer and Windows were suspected of being serious security risks for having so many security holes.

Huawei Enterprise Network Switch

From the Wall Street Journal:

WASHINGTON—Telecommunications gear made by China’s Huawei Technologies Co. is far more likely to contain flaws that could be leveraged by hackers for malicious use than equipment from rival companies, according to new research by cybersecurity experts that top U.S. officials said appeared credible.

Over half of the nearly 10,000 firmware images encoded into more than 500 variations of enterprise network-equipment devices tested by the researchers contained at least one such exploitable vulnerability, the researchers found. Firmware is the software that powers the hardware components of a computer.

The tests were compiled in a new report that has been submitted in recent weeks to senior officials in multiple government agencies in the U.S. and the U.K., as well as to lawmakers. The report is notable both for its findings and because it is circulating widely among Trump administration officials who said it further validated their policy decisions toward Huawei.

“This report supports our assessment that since 2009, Huawei has maintained covert access to some of the systems it has installed for international customers,” said a White House official who reviewed the findings. “Huawei does not disclose this covert access to customers nor local governments. This covert access enables Huawei to record information and modify databases on those local systems.”

The report, reviewed by The Wall Street Journal, was prepared by Finite State, a Columbus, Ohio-based cybersecurity firm.

While the report documents what it calls extensive cybersecurity flaws found in Huawei gear and a pattern of poor security decisions purportedly made by the firm’s engineers, it stops short of accusing the company of deliberately building weaknesses into its products. It also didn’t directly address U.S. claims that Huawei likely conducts electronic espionage for the Chinese government, which Huawei has long denied.

A Huawei official said the company welcomed independent research that could help improve the security of its products but added he couldn’t comment on specifics in the Finite State report because it wasn’t shared in full with the company.

“Without any details, we cannot comment on the professionalism and robustness of the analysis,” the Huawei official said.

Based in Shenzhen, Huawei is the world’s largest telecommunications equipment provider and a leader in next-generation 5G wireless technology.

Huawei has emerged as a central fixture in the growing rift between the U.S. and China over technology, especially with the approach of 5G cellular technology.

The Commerce Department in May cited national-security concerns when it added the telecommunications giant to its “entity list,” which prevents companies from supplying U.S.-origin technology to Huawei without U.S. government approval.

Finite State Chief Executive Matt Wyckhouse co-founded the firm in 2017, after spending nearly 13 years at nearby Battelle, a private, nonprofit applied-science and technology firm that does work in the private and public sectors.

Mr. Wyckhouse, a computer scientist who worked in Battelle’s national security division handling defense and intelligence-community contracts, said Finite State did the work pro-bono and not on behalf of any government. He also said he felt the best way to make policy makers aware of the issues was to make his firm’s research available to the public. He plans to publish it this week.

“We want 5G to be secure,” Mr. Wyckhouse said.

Finite State said it used proprietary, automated systems to analyze more than 1.5 million unique files embedded within nearly 10,000 firmware images supporting 558 products within Huawei’s enterprise-networking product lines.

The company said the rate of vulnerabilities found in Huawei equipment was far higher than the average found in devices manufactured by its rivals, and that 55% of firmware images tested contained at least one vulnerability—which the authors described as a “potential backdoor”— that could allow an attacker with knowledge of the firmware and a corresponding cryptographic key to log into the device.

The report includes a case study comparing one of Huawei’s high-end network switches against similar devices from Arista Networks andJuniper Networks Inc. It found that Huawei’s device had higher risk factors in six of nine categories, generally by a substantial margin.

“In our experience, across the board, these are the highest numbers we have ever seen,” Mr. Wyckhouse said.

In one instance in the case study, Huawei’s network switch registered a 91% risk percentile for the number of credentials with hard-coded default passwords compared against all of Finite State’s entire firmware data set.

By comparison, the risk level for Arista and Juniper was rated at 0%.

Chris Krebs, the top cybersecurity official at the Department of Homeland Security, said Finite State’s research added to existing concerns about Huawei equipment and the conclusion that the company hasn’t shown the intent or capability to improve its security practices.

“With Huawei having not demonstrated the technical proficiency or the commitment to build, deploy, and maintain trustworthy and secure equipment, magnified by the Chinese government’s potential to influence or compel a company like Huawei to do its bidding, we find it an unacceptable risk to use Huawei equipment today and in the future,” Mr. Krebs said.

White House officials who reviewed the Finite State report said the findings revealed flagrant violations of standard protocols. They said the report’s findings also suggested Huawei may be purposely designing its products to include weaknesses.

For example, some of the vulnerabilities found are well-known cybersecurity problems that aren’t difficult to avoid. Of the devices tested, 29% had at least one default username and password encoded into the firmware which could allow malicious actors easy access to those devices if the credentials were left unchanged, according to the report.

A particularly unusual finding was that security problems became quantifiably worse in at least one instance for users who patched a network switch with an updated version of firmware compared with the two-year-old version being replaced. Patches are intended to reduce cybersecurity weaknesses, but a comparison of the two versions found the newer one performed worse across seven of nine categories measured.

“For years, Huawei has essentially dared the international community to identify the security vulnerabilities that have so often been alleged regarding the use of the company’s products,” said Michael Wessel, a member of the U.S.-China Economic and Security Review Commission, a bipartisan panel that makes recommendations to Congress. “It’s hard to see the range and depth of the vulnerabilities identified by Finite State to be anything other than intentional.”

The U.K.’s National Cyber Security Centre also reviewed the Finite State research, people familiar with the matter said, and found it broadly aligned with the technical analysis in the agency’s own report, published in March. The U.K. report accused Huawei of repeatedly failing to address known security flaws in its products and admonished the firm for failing to demonstrate a commitment to fixing them.

A 2012 U.S. government review of security risks associated with Huawei didn’t find clear evidence that the company was being used by China as a tool for espionage, but concluded its gear presented cybersecurity risks due to the presence of many vulnerabilities that could be leveraged by hackers.

Rep. Mike Gallagher, (R., Wis.), said the report highlights the urgency for members of Congress and others to stop Huawei from taking over the global telecommunications supply chain.

“I’ve long thought we should treat Huawei as an appendage of the Chinese Communist Party,” said Mr. Gallagher, who earlier this year introduced legislation targeting Chinese telecommunications firms. “But even I was taken aback by the scale of the security flaws within Huawei’s network architecture as revealed by the report.”

Internet of Things At A Strategic Inflection Point

IoT Technology And Market Requirements Convergence

Current Long-Term Market Projections Are Based On The Emergence Of Technology Solutions

This Mayo615 YouTube Channel video focuses on a particularly important technology market, the Internet of Things. IoT is at a strategic inflection point, due to explosive projected market growth and unresolved problems of wireless data throughput and energy-efficiency needs. The IoT market is projected to grow to 75 Billion devices by 2025. This growth is predicated on very high throughput wireless networks combined with high energy-efficiency which are not yet available.  Existing wireless technologies, including 5G, will not meet this market need. Also, the extreme diversity of IoT applications will require both small sensors that operate using minimal energy and bandwidth and virtual reality applications with very high Gigabit per second data rates and substantial power requirements. For example, Intel estimates that one autonomous vehicle will generate 4 Terabytes of data daily.

The good news is that through my work evaluating advanced research proposals in IoT, I can report that a solution may already be at the laboratory “proof of concept” stage.

The proposed solution that is emerging is the development of innovative software-hardware architectures in which all network layers are jointly designed, combining a millimeter wave high-throughput wireless network and a battery-free wireless network into a single integrated wireless solution.

This is no small feat of engineering but it does appear to be feasible. There are many challenges to successfully demonstrating a millimeter wave wireless network integrated with the Tesla-like concept of radio-wave backscatter energy harvesting. However, collaboration among universities and large Internet companies’ research units are nearing the demonstration of such a network. The likely horizon for this becoming an industry standard is probably three to five years, with prototype products appearing sooner.

You can also read my earlier website posts on the Internet of Things here on mayo615.com.  Links to related posts on IoT are also shown below on this post.

Integration of AI, IoT and Big Data: The Intelligent Assistant

The Evolution of These Technologies Is Clearer

The IoT Tower of Proprietary Babble Is Slowly Crumbling

The Rise of the Intelligent Assistant

Five years ago, I wrote a post on this blog disparaging the state of the Internet of Things/home automation market as a “Tower of Proprietary Babble.” Vendors of many different home and industrial product offerings were literally speaking different languages, making their products inoperable with other complementary products from other vendors.  The market was being constrained by its immaturity and a failure to grasp the importance of open standards. A 2017 Verizon report concluded that “an absence of industry-wide standards…represented greater than 50% of executives concerns about IoT.” Today I can report that finally, the solutions and technologies are beginning to come together, albeit still slowly. 

 

One of the most important factors influencing these positive developments has been the recognition of the importance of this technology area by major corporate players and a large number of entrepreneurial companies funded by venture investment, as shown in the infographic above. Amazon, for example, announced in October 2018 that it has shipped over 100 Million Echo devices, which effectively combine an intelligent assistant, smart hub, and a large-scale database of information. This does not take into account the dozens of other companies which have launched their own entries. I like to point to Philips Hue as such an example of corporate strategic focus perhaps changing the future corporate prospects of Philips, based in Eindhoven in the Netherlands. I have visited Philips HQ, a company trying to evolve from the incandescent lighting market. Two years ago my wife bought me a Philips Hue WiFi controlled smart lighting starter kit. My initial reaction was disbelief that it would succeed. I am eating crow on that point, as I now control my lighting using Amazon’s Alexa and the Philips Hue smart hub. The rise of the “intelligent assistant” seems to have been a catalyst for growth and convergence. 

The situation with proprietary silos of offerings that do not work well or at all with other offerings is still frustrating, but slowly evolving. Amazon Firestick’s browser is its own awkward “Silk” or alternatively Firefox, but excluding Google’s Chrome for alleged competitive advantage. When I set up my Firestick, I had to ditch Chromecast because I only have so many HDMI ports. Alexa works with Spotify but only in one room as dictated by Spotify. Alexa can play music from Amazon Music or Sirius/XM on all Echo devices without the Spotify limitation. Which brings me to another point of aggravation: alleged Smart TV’s. Not only are they not truly “smart,” they are proprietary silos of their own, so “intelligent assistant” smart hubs do not work with “smart” TV’s. Samsung, for example, has its own competing intelligent assistant, Bixby, so of course, only Bixby can control a Samsung TV. I watched one of those YouTube DIY videos on how you could make your TV work with Alexa using third-party software and remotes. Trust me, you do not want to go there. But cracks are beginning to appear that may lead to a flood of openness. Samsung just announced at CES that beginning in 2019 its Smart TV’s will work with Amazon Echo and Google Home, and that a later software update will likely enable older Samsung TV’s to work with Echo and Home. However, Bixby will still control the remote.  Other TV’s from manufacturers like Sony and LG have worked with intelligent assistants for some time. 

The rise of an Internet of Everything Everywhere, the recognition of the need for greater data communication bandwidth, and battery-free wireless IoT sensors are heating up R&D labs everywhere. Keep in mind that I am focusing on the consumer side, and have not even mentioned the rising demands from industrial applications.  Intel has estimated that autonomous vehicles will transmit up to 4 Terabytes of data daily. AR and VR applications will require similar throughput. Existing wireless data communication technologies, including 5G LTE, cannot address this need. In addition, an exploding need for IoT sensors not connected to an electrical power source will require more work in the area of “energy harvesting.” Energy harvesting began with passive RFID, and by using kinetic, pizeo, and thermoelectric energy and converting it into a battery-free electrical power source for sensors. EnOcean, an entrepreneurial spinoff of Siemens in Munich has pioneered this technology but it is not sufficient for future market requirements.  

Fortunately, work has already begun on both higher throughput wireless data communication using mmWave spectrum, and energy harvesting using radio backscatter, reminiscent of Nikola Tesla’s dream of wireless electrical power distribution. The successful demonstration of these technologies holds the potential to open the door to new IEEE data communication standards that could potentially play a role in ending the Tower of Babble and accelerating the integration of AI, IoT, and Big Data.  Bottom line is that the market and the technology landscape are improving. 

READ MORE: IEEE Talk: Integrated Big Data, The Cloud, & Smart Mobile: One Big Deal or Not? from David Mayes

My IEEE Talk from 2013 foreshadows the development of current emerging trends in advanced technology, as they appeared at the time. I proposed that in fact, they represent one huge integrated convergence trend that has morphed into something even bigger, and is already having a major impact on the way we live, work, and think. The 2012 Obama campaign’s sophisticated “Dashboard” application is referenced, integrating Big Data, The Cloud, and Smart Mobile was perhaps the most significant example at that time of the combined power of these trends blending into one big thing. 

READ MORE: Blog Post on IoT from July 20, 2013

The term “Internet of Things”  (IoT) is being loosely tossed around in the media.  But what does it mean? It means simply that data communication, like Internet communication, but not necessarily Internet Protocol packets, is emerging for all manner of “things” in the home, in your car, everywhere: light switches, lighting devices, thermostats, door locks, window shades, kitchen appliances, washers & dryers, home audio and video equipment, even pet food dispensers. You get the idea. It has also been called home automation. All of this communication occurs autonomously, without human intervention. The communication can be between and among these devices, so-called machine to machine or M2M communication.  The data communication can also terminate in a compute server where the information can be acted on automatically, or made available to the user to intervene remotely from their smart mobile phone or any other remote Internet-connected device.

Another key concept is the promise of automated energy efficiency, with the introduction of “smart meters” with data communication capability, and also achieved in large commercial structures via the Leadership in Energy & Environmental Design program or LEED.  Some may recall that when Bill Gates built his multi-million dollar mansion on Lake Washington in Seattle, he had “remote control” of his home built into it.  Now, years later, Gates’ original home automation is obsolete.  The dream of home automation has been around for years, with numerous Silicon Valley conferences, and failed startups over the years, and needless to say, home automation went nowhere. But it is this concept of effortless home automation that has been the Holy Grail.

But this is also where the glowing promise of The Internet of Things (IoT) begins to morph into a giant “hairball.”  The term “hairball” was former Sun Microsystems CEO, Scott McNealy‘s favorite term to describe a complicated mess.  In hindsight, the early euphoric days of home automation were plagued by the lack of “convergence.”  I use this term to describe the inability of available technology to meet the market opportunity.  Without convergence, there can be no market opportunity beyond early adopter techno geeks. Today, the convergence problem has finally been eliminated. Moore’s Law and advances in data communication have swept away the convergence problem. But for many years the home automation market was stalled.

Also, as more Internet-connected devices emerged it became apparent that these devices and apps were a hacker’s paradise.  The concept of IoT was being implemented in very naive and immature ways and lacking common industry standards on basic issues: the kinds of things that the IETF and IEEE are famous for.  These vulnerabilities are only now very slowly being resolved, but still in a fragmented ad hoc manner. The central problem has not been addressed due to classic proprietary “not invented here” mindsets.

The problem that is currently the center of this hairball, and from all indications is not likely to be resolved anytime soon.  It is the problem of multiple data communication protocols, many of them effectively proprietary, creating a huge incompatible Tower of Babbling Things.  There is no meaningful industry and market wide consensus on how The Internet of Things should communicate with the rest of the Internet.  Until this happens, there can be no fulfillment of the promise of The Internet of Things. I recently posted “Co-opetition: Open Standards Always Win,” which discusses the need for open standards in order for a market to scale up.

Read more: Co-opetition: Open Standards Always Win

A recent ZDNet post explains that home automation currently requires that devices need to be able to connect with “multiple local- and wide-area connectivity options (ZigBee, Wi-Fi, Bluetooth, GSM/GPRS, RFID/NFC, GPS, Ethernet). Along with the ability to connect many different kinds of sensors, this allows devices to be configured for a range of vertical markets.” Huh?  This is the problem in a nutshell. You do not need to be a data communication engineer to get the point.  And this is not even close to a full discussion of the problem.  There are also IoT vendors who believe that consumers should pay them for the ability to connect to their proprietary Cloud. So imagine paying a fee for every protocol or sensor we employ in our homes. That’s a non-starter.

The above laundry list of data communication protocols, does not include the Zigbee “smart meter” communications standards war.  The Zigbee protocol has been around for years, and claims to be an open industry standard, but many do not agree. Zigbee still does not really work, and a new competing smart meter protocol has just entered the picture.  The Bluetooth IEEE 802.15 standard now may be overtaken by a much more powerful 802.15 3a.  Some are asking if 4G LTE, NFC or WiFi may eliminate Bluetooth altogether.   A very cool new technology, energy harvesting, has begun to take off in the home automation market.  The energy harvesting sensors (no batteries) can capture just enough kinetic, peizo or thermoelectric energy to transmit short data communication “telegrams” to an energy harvesting router or server.  The EnOcean Alliance has been formed around a small German company spun off from Siemens, and has attracted many leading companies in building automation. But EnOcean itself has recently published an article in Electronic Design News, announcing that they have a created “middleware” (quote) “…to incorporate battery-less devices into networks based on several different communication standards such as Wi-Fi, GSM, Ethernet/IP, BACnet, LON, KNX or DALI.”  (unquote).  It is apparent that this space remains very confused, crowded and uncertain.  A new Cambridge UK startup, Neul is proposing yet another new IoT approach using the radio spectrum known as “white space,”  becoming available with the transition from analog to digital television.  With this much contention on protocols, there will be nothing but market paralysis.

Is everyone following all of these acronyms and data comm protocols?  There will be a short quiz at the end of this post. (smile)

The advent of IP version 6, strongly supported by Intel and Cisco Systems has created another area of confusion. The problem with IPv6 in the world of The IoT is “too much information” as we say.  Cisco and Intel want to see IPv6 as the one global protocol for every Internet connected device. This is utterly incompatible with energy harvesting, as the tiny amount of harvested energy cannot transmit the very long IPv6 packets. Hence, EnOcean’s middleware, without which their market is essentially constrained.

Then there is the ongoing new standards and upgrade activity in the International Standards Organization (ISO), The Institute of Electrical and Electronics Engineers (IEEE), Special Interest Groups (SIG’s”), none of which seem to be moving toward any ultimate solution to the Tower of Babbling Things problem in The Internet of Things.

The Brave New World of Internet privacy issues relating to this tidal wave of Big Data are not even considered here, and deserve a separate post on the subject.  A recent NBC Technology post has explored many of these issues, while some have suggested we simply need to get over it. We have no privacy.

Read more: Internet of Things pits George Jetson against George Orwell

Stakeholders in The Internet of Things seem not to have learned the repeated lesson of open standards and co-opetition, and are concentrating on proprietary advantage which ensures that this market will not effectively scale anytime in the foreseeable future. Intertwined with the Tower of Babbling Things are the problems of Internet privacy and consumer concerns about wireless communication health & safety issues.  Taken together, this market is not ready for prime time.

 

https://www.slideshare.net/mayo615/ieee-talk-integrated-big-data-the-cloud-smart-mobile-big-deal-or-not/mayo615/ieee-talk-integrated-big-data-the-cloud-smart-mobile-big-deal-or-not

Yesterday’s Internet Outage In Parts of U.S. and Canada You Didn’t Hear About

How a Tiny Error Shut Off the Internet for Parts of the US and Canada

Reposted from Wired

Lily Hay Newman13 hrs ago

© Joe Raedle

A year ago, a DDoS attack caused internet outages around the US by targeting the internet-infrastructure company Dyn, which provides Domain Name System services to look up web servers. Monday saw a nationwide series of outages as well, but with a more pedestrian cause: a misconfiguration at Level 3, an internet backbone company—and enterprise ISP—that underpins other big networks. Network analysts say that the misconfiguration was a routing issue that created a ripple effect, causing problems for companies like Comcast, Spectrum, Verizon, Cox, and RCN across the country.

Level 3, whose acquisition by CenturyLink closed recently, said in a statement to WIRED that it resolved the issue in about 90 minutes. “Our network experienced a service disruption affecting some customers with IP-based services,” the company said. “The disruption was caused by a configuration error.” Comcast users started reporting internet outages around the time of the Level 3 outages on Monday, but the company said that it was monitoring “an external network issue” and not a problem with its own infrastructure. RCN confirmed that it had some network problems on Monday because of Level 3. The company said it had restored RCN service by rerouting traffic to a different backbone.

 

© Downdetector.com 

The misconfiguration was a “route leak,” according to Roland Dobbins, a principal engineer at the DDoS and network-security firm Arbor Networks, which monitors global internet operations. ISPs use “Autonomous Systems,” also known as ASes, to keep track of what IP addresses are on which networks, and route packets of data between them. They use the Border Gateway Protocol (BGP) to establish and communicate routes. For example, packets can route between networks A and B, but network A can also route packets to network C through network B, and so on. This is how internet service providers interoperate to let you browse the whole internet, not just the IP addresses on their own networks.

In a “route leak,” an AS, or multiple ASes, issue incorrect information about the IP addresses on their network, which causes inefficient routing and failures for both the originating ISP and other ISPs trying to route traffic through. Think of it like a series of street signs that help keep traffic flowing in the right directions. If some of them are mislabeled or point the wrong way, assorted chaos can ensue.

Route leaks can be malicious, sometimes called “route hijacks” or “BGP hijacks,” but Monday’s incident seems to have been caused by a simple mistake that ballooned to have national impact. Large outages caused by accidental route leaks have cropped up before.

“Folks are looking to tweak routing policies, and make mistakes,” Arbor Networks’ Dobbins says. The problem could have come as CenturyLink works to integrate the Level 3 network or could have stemmed from typical traffic engineering and efficiency work.

Internet outages of all sizes caused by route leaks have occurred occasionally, but consistently, for decades. ISPs attempt to minimize them using “route filters” that check the IP routes their peers and customers intend to use to send and receive packets and attempt to catch any problematic plans. But these filters are difficult to maintain on the scale of the modern internet and can have their own mistakes.

Monday’s outages reinforce how precarious connectivity really is, and how certain aspects of the internet’s architecture—offering flexibility and ease-of-use—can introduce instability into what has become a vital service.

Kaspersky Lab Security Software Implicated in Russian NSA Breach

UPDATE, October 11:

Israel hack uncovered Russian spies’ use of Kaspersky in 2015 – The Guardian

An Israeli security agency hacked into Russian antivirus firm Kaspersky Lab in 2015, providing the crucial evidence required to ban the company from providing services to the US government, according to a report.

While the Israeli spies were inside Kaspersky’s systems, they observed Russian spies, in turn, using the company’s tools to spy on American spies, the New York Times reports. That information, handed to the US, led to the decision in September to end the use of the company’s software across the federal government by December.

Read More: Israel hack discovered Russian spies use of Kaspersky Lab in 2015

Kaspersky Anti-Virus Software Includes a Feature That Copies Files And Provides A Backdoor for Russian Hackers – WSJ

Many know the name Kaspersky well. Others may only dimly recognize the brand name. Its anti-virus and Internet security software has been around for years in computer stores and OEM’d with computer systems. More than a year ago, I became concerned about what I was learning about Kaspersky Lab and its headquarters in Moscow, I began asking myself hypothetical rhetorical questions. What if Kaspersky was quietly working with the Russian FSB? What if Kaspersky had installed a sleeping Trojan Horse in millions of copies of its consumer computer security software? I was a user of Kaspersky Lab cybersecurity software myself. I knew that it was rated very highly by the tech journals. I liked its elegance and simplicity compared with other competitor products from U.S. based companies like Symantec and McAfee.  Nevertheless, as the Russian hacking of the 2016 election became an ever-larger issue, I decided to pull the plug on Kaspersky because of my fears, though there was no direct evidence of collusion between Kaspersky and the Kremlin at that time, wiped my system clean, and installed another competitor product.

Today, the Wall Street Journal has reported that Kaspersky software is implicated in the most serious breach of NSA security in years, validating my gut instinct decision more than a year ago.  My first hint of the serious nature of the Kaspersky/Kremlin connection came in a murky story related to the earliest public report on the Russian hacking stating with very high confidence that specific FSB officers and Kremlin officials had ordered and orchestrated the hacking. One of those individuals was also a senior engineer at Kaspersky Lab.  U.S. Senator Jeanne Shaheen, (D., N.H.) said in a statement: “This development should serve as a stark warning, not just to the federal government but to states, local governments, and the American public, of the serious dangers of using Kaspersky software.”  She added: “The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It’s astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States.”

Read more:

Source: Russian Hackers Stole NSA Data on U.S. Cyber Defense – WSJ 

Russian Hackers Stole NSA Data on U.S. Cyber Defense

The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks

By

Gordon Lubold and

Shane Harris

The Wall Street Journal

Oct. 5, 2017 12:48 p.m. ET

The National Security Agency campus in Fort Meade, Md. An NSA contractor took highly sensitive data from the complex and put it on his home computer, from which it was stolen by hackers working for the Russian government, people familiar with the matter said.PHOTO: PATRICK SEMANSKY/ASSOCIATED PRESS

WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyber attacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide.

The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel’s investigation into whether Donald Trump’s presidential campaign sought or received assistance from the Russian government. Mr. Trump denies any impropriety and has called the matter a “witch hunt.”

Intelligence officials have concluded that a campaign authorized by the highest levels of the Russian government hacked into state election-board systems and the email networks of political organizations to damage the candidacy of Democratic presidential nominee Hillary Clinton.

A spokesman for the NSA didn’t comment on the security breach. “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.

In a statement, Kaspersky Lab said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

Kremlin spokesman Dmitry Peskov in a statement didn’t address whether the Russian government stole materials from the NSA using Kaspersky software. But he criticized the U.S. government’s decision to ban the software from use by U.S. agencies as “undermining the competitive positions of Russian companies on the world arena.”

The Kaspersky incident is the third publicly known breach at the NSA involving a contractor’s access to a huge trove of highly classified materials. It prompted an official letter of reprimand to the agency’s director, Adm. Michael Rogers, by his superiors, people familiar with the situation said.

National Security Agency Director Michael Rogers. PHOTO: SAUL LOEB/AGENCE FRANCE-PRESSE/GETTY IMAGES

Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that NSA contractor Edward Snowden the year before gave classified documents to journalists that revealed surveillance programs run by the U.S. and allied nations.

The Kaspersky-linked incident predates the arrest last year of another NSA contractor, Harold Martin, who allegedly removed massive amounts of classified information from the agency’s headquarters and kept it at his home, but wasn’t thought to have shared the data.

Mr. Martin pleaded not guilty to charges that include stealing classified information. His lawyer has said he took the information home only to get better at his job and never intended to reveal secrets.

The name of the NSA contractor in the Kaspersky-related incident and the company he worked for aren’t publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man isn’t believed to have wittingly aided a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach.

It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.

Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.

The headquarters of the Russian cybersecurity company Kaspersky Lab. PHOTO: SAVOSTYANOV SERGEI/TASS/ZUMA PRESS

NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

Kaspersky said in its statement: “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”

Suspicions about the company prompted the Department of Homeland Security last month to take the extraordinary step of banning all U.S. government departments and agencies from using Kaspersky products and services. Officials determined that “malicious cyber actors” could use the company’s antivirus software to gain access to a computer’s files, said people familiar with the matter.

The government’s decision came after months of intensive discussions inside the intelligence community, as well as a study of how the software works and the company’s suspected connections to the Russian government, said people familiar with the events. They said intelligence officials also were concerned that given the prevalence of Kaspersky on the commercial market, countless people could be targeted, including family members of senior government officials, or that Russia could use the software to steal information for competitive economic advantage.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said Sept. 13 in announcing the government ban.

All antivirus software scans computers looking for malicious code, comparing what is on the machine to a master list housed at the software company. But that scanning also gives makers of the software an inventory of what is on the computer, experts say.

“It’s basically the equivalent of digital dumpster diving,” said Blake Darché, a former NSA employee who worked in the agency’s elite hacking group that targets foreign computer systems.

Kaspersky is “aggressive” in its methods of hunting for malware, Mr. Darché said, “in that they will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.

“You’re basically surrendering your right to privacy by using Kaspersky software,” said Mr. Darché, who is chief security officer for Area 1, a computer security company.

“We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years,” the company said in its statement. “We make no apologies for being aggressive in the battle against malware and cybercriminals.”

U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Kaspersky Lab Chief Executive Eugene Kaspersky. The company said it never would help ‘any government in the world with its cyberespionage efforts.’ PHOTO: SHARIFULIN VALERY/TASS/ZUMA PRESS

Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.

The breach illustrates the chronic problem the NSA has had with keeping highly classified secrets from spilling out, former intelligence personnel say. They say they were rarely searched while entering or leaving their workplaces to see if they were carrying classified documents or removable storage media, such as a thumb drive.

The incident was considered so serious that it was given a classified code name and set off alarms among top national security officials because it demonstrated how the software could be used for spying. Members of Congress also were informed, said people familiar with the matter.

Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of data breaches on his watch, according to several officials familiar with the matter.

The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J., last November to meet with president-elect Donald Trump about taking a job in his administration, said people familiar with the matter. Adm. Rogers didn’t notify his superiors, an extraordinary step for a senior military officer, U.S. officials said.

Adm. Rogers wasn’t fired for a number of reasons, including a pending restructuring of the NSA that would have been further complicated by his departure, according to people with knowledge of internal deliberations. An NSA spokesman didn’t comment on efforts to remove Adm. Rogers.

Sen. Jeanne Shaheen, (D., N.H.) said in a statement: “This development should serve as a stark warning, not just to the federal government but to states, local governments and the American public, of the serious dangers of using Kaspersky software.”

She added: “The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It’s astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States.”

Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com

Ecuador cuts Julian Assange’s internet access: Reuters

Final Act of the Assange and Wikileaks Saga appears to be playing out

Anti-secrecy group WikiLeaks said on Monday that its founder Julian Assange’s internet was shut down by the government of Ecuador, deflecting blame from the U.S. or British governments which have sparred with Assange for releasing sensitive material.  My earlier predictions that Assange has worn out his welcome at the Ecuadorian Embassy in Knightsbridge, appears to be playing out.  Assange and Wikileaks, originally portrayed themselves as an “international, non-profit, journalistic organization” with no political bias, that releases confidential information form anonymous sources for the benefit of the public. This image has been severely tarnished by Assange’s own statements, and numerous allegations of bias favoring Russia going back to 2011, and Assange’s own statements of a bias against the United States for seeking his prosecution.

Source: Ecuador cuts Julian Assange’s internet access: WikiLeaks | Reuters

Ecuador cuts Julian Assange’s internet access: WikiLeaks

Julian Assange, Founder and Editor-in-Chief of WikiLeaks speaks via video link during a press conference on the occasion of the ten year anniversary celebration of WikiLeaks in Berlin, Germany, October 4, 2016. REUTERS/Axel Schmidt

By Mark Hosenball | WASHINGTON

Anti-secrecy group WikiLeaks said on Monday that its founder Julian Assange’s internet was shut down by the government of Ecuador, deflecting blame from the U.S. or British governments which have sparred with Assange for releasing sensitive material.

“We can confirm Ecuador cut off Assange’s internet access Saturday, 5 pm GMT, shortly after publication of (Hillary) Clinton’s Goldman Sachs speechs (sic),” the statement from WikiLeaks said.

Assange has lived and worked in Ecuador’s London embassy since June 2012, having been granted asylum there after a British court ordered him extradited to Sweden to face questioning in a sexual molestation case involving two female WikiLeaks supporters.

WikiLeaks said Assange lost internet connectivity on Sunday night.

“We have activated the appropriate contingency plans,” added the Twitter message on Monday. People close to WikiLeaks say that Assange himself is the principal operator of the website’s Twitter feed.

The Ecuadoran government offered no immediate comment on the question of internet access, but the country’s foreign minister, Guillaume Long, said Assange remained under government protection.

“The circumstances that led to the granting of asylum remain,” Long said in a statement late on Monday.

The government of leftist President Rafael Correa has long backed Assange’s right to free speech, though the Wikileaks saga has caused some strain in relations with the United States, including the expulsion of diplomats in 2011.

Correa, whose term will end next year, has said he is behind

Democratic candidate Hillary Clinton, who he says he knows personally, in the U.S. presidential election.

“For the good of the United States and the world … I would like Hillary to win,” Correa told broadcaster Russia Today last month.

Over the last two weeks, Democratic Party officials and U.S. government agencies have accused the Russian government, including the country’s “senior-most officials,” of pursuing a campaign of cyber attacks against Democratic Party organizations ahead of the Nov. 8 election.

WikiLeaks has been one of the most prominent internet outlets to post and promote hacked Democratic Party materials. While denying any connection with a Russian hacking campaign, Assange has refused to disclose WikiLeaks’ sources for hacked Democratic Party messages.

Sources close to both the Democratic Party and WikiLeaks say they believe WikiLeaks has acquired as many as 40,000-50,000 emails hacked from the personal accounts of John Podesta, the former White House advisor who now chairs Clinton’s presidential campaign.

Despite Assange’s complaint that his internet connection was cut, WikiLeaks posted on Monday afternoon what it said was a fresh batch of Podesta’s emails.

According to a summary of the latest emails posted on Russia Today, a media outlet with close links to the Russian government, highlights include campaign staff discussions about “galvanizing Latino support” and about how to handle media queries about Clinton’s “flip-flopping” on gay marriage.

What Happens Now That Julian Assange is Implicated in Russian Espionage?

Assange In Possession of Documents Obtained By Russian Intelligence.

Assange Could Lose Ecuadorian Diplomatic Protection and Risk Arrest by United States

The next Bradley Manning?

Lost today in the extraordinary news frenzy surrounding the release of a video tape of Donald Trump making unprecedented lewd and obscene comments about women, was Barak Obama’s announcement that the United States officially and publicly accuses Russia of espionage in the hacking of the Democratic National Committee, and stealing documents, now in the possession of Wikileaks.  Some may recall Julian Assange’s video interview with Bill Maher on HBO’s Real Time with Bill Maher about a month ago on this topic.  It seems clear from the Bill Maher interview that Assange is on a jihad against the DNC because Clinton wanted to prosecute him. He has no altruistic motives — it is personal. We have a foreigner trying to influence U.S elections using documents stolen by Russia.

Last week, Assange said that Wikileaks will release more DNC documents by the end of October.  But as I pondered Obama’s announcement today, it dawned on me that the United States surely now considers the documents in Assange’s and Wikileaks possession to have been obtained as result of Russian espionage against the United States.  This puts Assange in much more serious jeopardy than an alleged rape in Sweden.  Its seems highly probable to me that the United States will now criminally pursue Assange for being an accomplice to espionage against the United States.  Should this happen, the Ecuadorian government would abandon Assange, not wishing to damage relations with the U.S.,  and Assange would be quickly arrested by the British government and extradited to the United States.

Assange must have figured all this out, and is tonight trying to deal with the consequences of now being in a position similar to that of Chelsea (Bradley) Manning, now serving a long sentence in a federal penitentiary.

U.S. Says Russia Directed Hacks to Influence Elections

Reblogged from THE NEW YORK TIMES

By DAVID E. SANGER and CHARLIE SAVAGE   OCT. 7, 2016

President Obama in the Rose Garden on Wednesday. CreditAl Drago/The New York Times

WASHINGTON — The Obama administration on Friday formally accused the Russian government of stealing and disclosing emails from theDemocratic National Committee and from a range of prominent individuals and institutions, immediately raising the issue of whether President Obama would seek sanctions or other retaliation for the cyberattacks.

In a joint statement from the director of national intelligence, James Clapper Jr., and the Department of Homeland Security, the government said the leaked emails that have appeared on a variety of websites were “intended to interfere with the U.S. election process.” The emails were posted on the WikiLeaks site and newer ones under the namesDCLeaks.com and Guccifer 2.0.

“We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” the statement said. It did not name President Vladimir V. Putin, but that appeared to be the intention.

For weeks, aides to Mr. Obama have been debating a variety of possible responses to the Russia action, including targeted economic sanctions and authorizing covert action against the computer servers in Russia and elsewhere that have been traced as the origin of the attacks.

The statement said that the recent “scanning and probing” of election systems “in most cases originated from servers operated by a Russian company,” but did not say the Russian government was responsible for those probes.

The president’s aides have also been debating whether to publicly attribute the attacks to Russia. Mr. Obama had decided against taking that stance in other cases where cyber techniques were used to steal tens of thousands of emails from the unclassified system of the State Department, the White House and the Joint Chiefs of Staff.

As recently as Wednesday, the director of the National Security Agency, Adm. Michael S. Rogers, refused to accuse the Russians of the cyberattack, even while talking at length about how to secure the American election system from foreign data manipulation and information warfare.

The administration’s announcement came only hours after Secretary of State John Kerry called for the Russian and Syrian governments to face a formal war-crimes investigation for attacking civilians in Aleppo and other parts of Syria. Taken together, the two moves mark a sharp escalation in Washington’s many confrontations with Moscow this year.

With little more than a month to go before the presidential election, Mr. Obama was under pressure to act now on the hacking, according to a senior administration official, who spoke on the condition of anonymity to discuss internal White House deliberations. The timing of Friday’s announcement was decided in part because a declaration closer to Election Day would appear to be political in nature, the official said.

The subject came up in the first presidential debate, with Hillary Clinton, the Democratic nominee and a former Secretary of State, blaming Russia for the attacks. Her Republican rival, Donald J. Trump, said there was no evidence that Russia was responsible, suggesting that the Chinese could be behind it, or it “could be somebody sitting on their bed that weighs 400 pounds.”

The question now is how Mr. Obama might respond without setting off an escalating cyberconflict. One possibility is that the announcement itself — an effort to “name and shame” — will deter further action.

The identification of Russia was hardly a surprise: In late July, American intelligence officials told The New York Times that they had “high confidence” that the Russian government was behind the hack of the Democratic National Committee.

The hack led to the resignation of Representative Debbie Wasserman Schultz, Democrat of Florida, as chairwoman of the committee, after the leaks suggested the committee had favored Mrs. Clinton in the nominating fight over Senator Bernie Sanders of Vermont.

Google’s Quantum Dream May Be Just Around The Corner

In 1981, Richard Feynman, probably the most famous physicist of his time asked the question: “Can we simulate physics on a computer?” At the time the answer was “theoretically yes,” but practically not at that time. Today, we may be on the verge of answering “yes” in practice to Feynman’s original question. Quantum computers operate in such a strange way and are so radically different from today’s computers that it requires some understanding of quantum mechanics and bizarre properties like “quantum entanglement.” Quantum computers are in a realm orders of magnitude beyond today’s supercomputers. Their application in specific computational problems like cryptography, Big Data analysis, computational fluid dynamics (CFD), and sub-atomic physics will change our World. Canadian quantum computing company, D-Wave Systems has been at the center of Google’s efforts to pioneer this technology.

Reblogged from New Scientist

 

31 August 2016

Revealed: Google’s plan for quantum computer supremacy

The field of quantum computing is undergoing a rapid shake-up, and engineers at Google have quietly set out a plan to dominate

By Jacob Aron

SOMEWHERE in California, Google is building a device that will usher in a new era for computing. It’s a quantum computer, the largest ever made, designed to prove once and for all that machines exploiting exotic physics can outperform the world’s top supercomputers.

And New Scientist has learned it could be ready sooner than anyone expected – perhaps even by the end of next year.

The quantum computing revolution has been a long time coming. In the 1980s, theorists realised that a computer based on quantum mechanics had the potential to vastly outperform ordinary, or classical, computers at certain tasks. But building one was another matter. Only recently has a quantum computer that can beat a classical one gone from a lab curiosity to something that could actually happen. Google wants to create the first.

The firm’s plans are secretive, and Google declined to comment for this article. But researchers contacted by New Scientist all believe it is on the cusp of a breakthrough, following presentations at conferences and private meetings.

“They are definitely the world leaders now, there is no doubt about it,” says Simon Devitt at the RIKEN Center for Emergent Matter Science in Japan. “It’s Google’s to lose. If Google’s not the group that does it, then something has gone wrong.”

We have had a glimpse of Google’s intentions. Last month, its engineers quietly published a paper detailing their plans (arxiv.org/abs/1608.00263). Their goal, audaciously named quantum supremacy, is to build the first quantum computer capable of performing a task no classical computer can.

“It’s a blueprint for what they’re planning to do in the next couple of years,” says Scott Aaronson at the University of Texas at Austin, who has discussed the plans with the team.

So how will they do it? Quantum computers process data as quantum bits, or qubits. Unlike classical bits, these can store a mixture of both 0 and 1 at the same time, thanks to the principle of quantum superposition. It’s this potential that gives quantum computers the edge at certain problems, like factoring large numbers. But ordinary computers are also pretty good at such tasks. Showing quantum computers are better would require thousands of qubits, which is far beyond our current technical ability.

Instead, Google wants to claim the prize with just 50 qubits. That’s still an ambitious goal – publicly, they have only announced a 9-qubit computer – but one within reach.

“It’s Google’s to lose. If Google’s not the group that does it, then something has gone wrong“

To help it succeed, Google has brought the fight to quantum’s home turf. It is focusing on a problem that is fiendishly difficult for ordinary computers but that a quantum computer will do naturally: simulating the behaviour of a random arrangement of quantum circuits.

Any small variation in the input into those quantum circuits can produce a massively different output, so it’s difficult for the classical computer to cheat with approximations to simplify the problem. “They’re doing a quantum version of chaos,” says Devitt. “The output is essentially random, so you have to compute everything.”

To push classical computing to the limit, Google turned to Edison, one of the most advanced supercomputers in the world, housed at the US National Energy Research Scientific Computing Center. Google had it simulate the behaviour of quantum circuits on increasingly larger grids of qubits, up to a 6 × 7 grid of 42 qubits.

This computation is difficult because as the grid size increases, the amount of memory needed to store everything balloons rapidly. A 6 × 4 grid needed just 268 megabytes, less than found in your average smartphone. The 6 × 7 grid demanded 70 terabytes, roughly 10,000 times that of a high-end PC.

Google stopped there because going to the next size up is currently impossible: a 48-qubit grid would require 2.252 petabytes of memory, almost double that of the top supercomputer in the world. If Google can solve the problem with a 50-qubit quantum computer, it will have beaten every other computer in existence.

Eyes on the prize

By setting out this clear test, Google hopes to avoid the problems that have plagued previous claims of quantum computers outperforming ordinary ones – including some made by Google.

Last year, the firm announced it had solved certain problems 100 million times faster than a classical computer by using a D-Wave quantum computer, a commercially available device with a controversial history. Experts immediately dismissed the results, saying they weren’t a fair comparison.

Google purchased its D-Wave computer in 2013 to figure out whether it could be used to improve search results and artificial intelligence. The following year, the firm hired John Martinis at the University of California, Santa Barbara, to design its own superconducting qubits. “His qubits are way higher quality,” says Aaronson.

It’s Martinis and colleagues who are now attempting to achieve quantum supremacy with 50 qubits, and many believe they will get there soon. “I think this is achievable within two or three years,” says Matthias Troyer at the Swiss Federal Institute of Technology in Zurich. “They’ve showed concrete steps on how they will do it.”

Martinis and colleagues have discussed a number of timelines for reaching this milestone, says Devitt. The earliest is by the end of this year, but that is unlikely. “I’m going to be optimistic and say maybe at the end of next year,” he says. “If they get it done even within the next five years, that will be a tremendous leap forward.”

The first successful quantum supremacy experiment won’t give us computers capable of solving any problem imaginable – based on current theory, those will need to be much larger machines. But having a working, small computer could drive innovation, or augment existing computers, making it the start of a new era.

Aaronson compares it to the first self-sustaining nuclear reaction, achieved by the Manhattan project in Chicago in 1942. “It might be a thing that causes people to say, if we want a full-scalable quantum computer, let’s talk numbers: how many billions of dollars?” he says.

Solving the challenges of building a 50-qubit device will prepare Google to construct something bigger. “It’s absolutely progress to building a fully scalable machine,” says Ian Walmsley at the University of Oxford.

For quantum computers to be truly useful in the long run, we will also need robust quantum error correction, a technique to mitigate the fragility of quantum states. Martinis and others are already working on this, but it will take longer than achieving quantum supremacy.

Still, achieving supremacy won’t be dismissed.

“Once a system hits quantum supremacy and is showing clear scale-up behaviour, it will be a flare in the sky to the private sector,” says Devitt. “It’s ready to move out of the labs.”

“The field is moving much faster than expected,” says Troyer. “It’s time to move quantum computing from science to engineering and really build devices.”

Anonymous, Chinese Hackers, RickRolling and ISIS

Anonymous Announces Plan to Attack ISIS Following Paris Killings

 

Anonymous, the murky global and leaderless hacking group has struck out on a campaign to disrupt ISIS’ sophisticated use of the Internet and social media. It claims to have disabled over 11,000 identified ISIS Twitter accounts with looped Rick Astley videos. For those of you not familiar with Rick Astley, he was a 1980’s British pop star of limited talent, whose videos are sometimes painful to watch.  For unknown reasons, Astley’s videos have been used in a variety of online pranks and hacking incidents since about 2007. So Anonymous did the convenient thing and used old Astley videos, a tactic now known as “RickRolling”, to disrupt and confound ISIS Twitter and other social media accounts.  I like it.  Striking back in this way is probably causing smiles in the French Intelligence Service, U.S. Defense Department, NSA, and GCHQ in the UK.

That said, there has also been sharp criticism of Anonymous in the press this week, notably CBC News in Canada, which quoted a leading cyber hacking author, Gabriella Coleman, the author of Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous, that the rush to embrace the group could be premature. She argues that Anonymous has made grievous errors in the past, and causing more harm than good.  A likely reason for this problem is that Anonymous creed is that it is leaderless, as its logo graphically depicts a headless figure.  That said, I disagree. This is exactly the kind of action that has the potential to take down ISIS. Anonymous has even posted a guide advising others on how they too can hack ISIS.  This is “crowdhacking,” or perhaps a new people-driven version of a bot driven “distributed denial of service attack” (DDS) attack.  I believe the civilized World is still figuring out how to exist and survive in the cyber world, which is continuing to evolve, and even sadly to balkanize. I like this Anonymous approach.

Two Chinese citizens were killed in the Mali Radisson Hotel attack, and another at the Bataclan in Paris. This has led the Chinese government to join the unanimous UN Security Council resolution denouncing the attacks and promising global collaboration and increased efforts to stop ISIS. China is well-known now for the People’s Liberation Army’s Unit 61398 in Shanghai, and its sophisticated cyber hacking capabilities and exploits, as well as those of murky independent Chinese hackers. But The PRC has so far refused to say exactly what it plans to do about the killings of Chinese citizens.  It seems to me that the UN Security Council members should now strongly urge the Chinese to join in the cyber battle against ISIS.

Anonymous torments ISIS with ‘Rickrolls’

SF GATE: Mike Moffitt

Updated 7:29 am, Tuesday, November 24, 2015

Anonymous is wielding a new weapon of mass disruption in its ongoing social media war with the Islamic State — Rick Astley videos.

The “hacktivist” group has been flooding all pro-Isis hashtags with countless videos of the red-headed bass-baritone, according to a recent tweet from the #OpParis account.

Anyone familiar with 1980s music videos knows how unsettling watching Astley sing and dance can be. In fact, as Dazed notes, tricking people to watch his “Never Gonna Give You Up” has been a staple of viruses, protests and other online pranks since 2007.

It’s called “Rickrolling.”

Whenever some Islamic State account attempts to spread a message or try to get a topic trending, the subject with be barraged with Rick videos from the late ’80s.

ISIS, which relies heavily on social media, is not taking Anonymous’ tactic lightly. It already released instructions aimed at thwarting the hackers after Anonymous posted information on 11,000 jihadist Twitter accounts, prompting them to shut down.