Kaspersky Lab Security Software Implicated in Russian NSA Breach

UPDATE, October 11:

Israel hack uncovered Russian spies’ use of Kaspersky in 2015 – The Guardian

An Israeli security agency hacked into Russian antivirus firm Kaspersky Lab in 2015, providing the crucial evidence required to ban the company from providing services to the US government, according to a report.

While the Israeli spies were inside Kaspersky’s systems, they observed Russian spies, in turn, using the company’s tools to spy on American spies, the New York Times reports. That information, handed to the US, led to the decision in September to end the use of the company’s software across the federal government by December.

Read More: Israel hack discovered Russian spies use of Kaspersky Lab in 2015

Kaspersky Anti-Virus Software Includes a Feature That Copies Files And Provides A Backdoor for Russian Hackers – WSJ

Many know the name Kaspersky well. Others may only dimly recognize the brand name. Its anti-virus and Internet security software has been around for years in computer stores and OEM’d with computer systems. More than a year ago, I became concerned about what I was learning about Kaspersky Lab and its headquarters in Moscow, I began asking myself hypothetical rhetorical questions. What if Kaspersky was quietly working with the Russian FSB? What if Kaspersky had installed a sleeping Trojan Horse in millions of copies of its consumer computer security software? I was a user of Kaspersky Lab cybersecurity software myself. I knew that it was rated very highly by the tech journals. I liked its elegance and simplicity compared with other competitor products from U.S. based companies like Symantec and McAfee.  Nevertheless, as the Russian hacking of the 2016 election became an ever-larger issue, I decided to pull the plug on Kaspersky because of my fears, though there was no direct evidence of collusion between Kaspersky and the Kremlin at that time, wiped my system clean, and installed another competitor product.

Today, the Wall Street Journal has reported that Kaspersky software is implicated in the most serious breach of NSA security in years, validating my gut instinct decision more than a year ago.  My first hint of the serious nature of the Kaspersky/Kremlin connection came in a murky story related to the earliest public report on the Russian hacking stating with very high confidence that specific FSB officers and Kremlin officials had ordered and orchestrated the hacking. One of those individuals was also a senior engineer at Kaspersky Lab.  U.S. Senator Jeanne Shaheen, (D., N.H.) said in a statement: “This development should serve as a stark warning, not just to the federal government but to states, local governments, and the American public, of the serious dangers of using Kaspersky software.”  She added: “The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It’s astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States.”

Read more:

Source: Russian Hackers Stole NSA Data on U.S. Cyber Defense – WSJ 

Russian Hackers Stole NSA Data on U.S. Cyber Defense

The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks

By

Gordon Lubold and

Shane Harris

The Wall Street Journal

Oct. 5, 2017 12:48 p.m. ET

The National Security Agency campus in Fort Meade, Md. An NSA contractor took highly sensitive data from the complex and put it on his home computer, from which it was stolen by hackers working for the Russian government, people familiar with the matter said.PHOTO: PATRICK SEMANSKY/ASSOCIATED PRESS

WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyber attacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide.

The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel’s investigation into whether Donald Trump’s presidential campaign sought or received assistance from the Russian government. Mr. Trump denies any impropriety and has called the matter a “witch hunt.”

Intelligence officials have concluded that a campaign authorized by the highest levels of the Russian government hacked into state election-board systems and the email networks of political organizations to damage the candidacy of Democratic presidential nominee Hillary Clinton.

A spokesman for the NSA didn’t comment on the security breach. “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.

In a statement, Kaspersky Lab said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

Kremlin spokesman Dmitry Peskov in a statement didn’t address whether the Russian government stole materials from the NSA using Kaspersky software. But he criticized the U.S. government’s decision to ban the software from use by U.S. agencies as “undermining the competitive positions of Russian companies on the world arena.”

The Kaspersky incident is the third publicly known breach at the NSA involving a contractor’s access to a huge trove of highly classified materials. It prompted an official letter of reprimand to the agency’s director, Adm. Michael Rogers, by his superiors, people familiar with the situation said.

National Security Agency Director Michael Rogers. PHOTO: SAUL LOEB/AGENCE FRANCE-PRESSE/GETTY IMAGES

Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that NSA contractor Edward Snowden the year before gave classified documents to journalists that revealed surveillance programs run by the U.S. and allied nations.

The Kaspersky-linked incident predates the arrest last year of another NSA contractor, Harold Martin, who allegedly removed massive amounts of classified information from the agency’s headquarters and kept it at his home, but wasn’t thought to have shared the data.

Mr. Martin pleaded not guilty to charges that include stealing classified information. His lawyer has said he took the information home only to get better at his job and never intended to reveal secrets.

The name of the NSA contractor in the Kaspersky-related incident and the company he worked for aren’t publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man isn’t believed to have wittingly aided a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach.

It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.

Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.

The headquarters of the Russian cybersecurity company Kaspersky Lab. PHOTO: SAVOSTYANOV SERGEI/TASS/ZUMA PRESS

NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

Kaspersky said in its statement: “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”

Suspicions about the company prompted the Department of Homeland Security last month to take the extraordinary step of banning all U.S. government departments and agencies from using Kaspersky products and services. Officials determined that “malicious cyber actors” could use the company’s antivirus software to gain access to a computer’s files, said people familiar with the matter.

The government’s decision came after months of intensive discussions inside the intelligence community, as well as a study of how the software works and the company’s suspected connections to the Russian government, said people familiar with the events. They said intelligence officials also were concerned that given the prevalence of Kaspersky on the commercial market, countless people could be targeted, including family members of senior government officials, or that Russia could use the software to steal information for competitive economic advantage.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said Sept. 13 in announcing the government ban.

All antivirus software scans computers looking for malicious code, comparing what is on the machine to a master list housed at the software company. But that scanning also gives makers of the software an inventory of what is on the computer, experts say.

“It’s basically the equivalent of digital dumpster diving,” said Blake Darché, a former NSA employee who worked in the agency’s elite hacking group that targets foreign computer systems.

Kaspersky is “aggressive” in its methods of hunting for malware, Mr. Darché said, “in that they will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.

“You’re basically surrendering your right to privacy by using Kaspersky software,” said Mr. Darché, who is chief security officer for Area 1, a computer security company.

“We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years,” the company said in its statement. “We make no apologies for being aggressive in the battle against malware and cybercriminals.”

U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Kaspersky Lab Chief Executive Eugene Kaspersky. The company said it never would help ‘any government in the world with its cyberespionage efforts.’ PHOTO: SHARIFULIN VALERY/TASS/ZUMA PRESS

Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.

The breach illustrates the chronic problem the NSA has had with keeping highly classified secrets from spilling out, former intelligence personnel say. They say they were rarely searched while entering or leaving their workplaces to see if they were carrying classified documents or removable storage media, such as a thumb drive.

The incident was considered so serious that it was given a classified code name and set off alarms among top national security officials because it demonstrated how the software could be used for spying. Members of Congress also were informed, said people familiar with the matter.

Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of data breaches on his watch, according to several officials familiar with the matter.

The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J., last November to meet with president-elect Donald Trump about taking a job in his administration, said people familiar with the matter. Adm. Rogers didn’t notify his superiors, an extraordinary step for a senior military officer, U.S. officials said.

Adm. Rogers wasn’t fired for a number of reasons, including a pending restructuring of the NSA that would have been further complicated by his departure, according to people with knowledge of internal deliberations. An NSA spokesman didn’t comment on efforts to remove Adm. Rogers.

Sen. Jeanne Shaheen, (D., N.H.) said in a statement: “This development should serve as a stark warning, not just to the federal government but to states, local governments and the American public, of the serious dangers of using Kaspersky software.”

She added: “The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It’s astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States.”

Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com

What Happens Now That Julian Assange is Implicated in Russian Espionage?

Assange In Possession of Documents Obtained By Russian Intelligence.

Assange Could Lose Ecuadorian Diplomatic Protection and Risk Arrest by United States

The next Bradley Manning?

Lost today in the extraordinary news frenzy surrounding the release of a video tape of Donald Trump making unprecedented lewd and obscene comments about women, was Barak Obama’s announcement that the United States officially and publicly accuses Russia of espionage in the hacking of the Democratic National Committee, and stealing documents, now in the possession of Wikileaks.  Some may recall Julian Assange’s video interview with Bill Maher on HBO’s Real Time with Bill Maher about a month ago on this topic.  It seems clear from the Bill Maher interview that Assange is on a jihad against the DNC because Clinton wanted to prosecute him. He has no altruistic motives — it is personal. We have a foreigner trying to influence U.S elections using documents stolen by Russia.

Last week, Assange said that Wikileaks will release more DNC documents by the end of October.  But as I pondered Obama’s announcement today, it dawned on me that the United States surely now considers the documents in Assange’s and Wikileaks possession to have been obtained as result of Russian espionage against the United States.  This puts Assange in much more serious jeopardy than an alleged rape in Sweden.  Its seems highly probable to me that the United States will now criminally pursue Assange for being an accomplice to espionage against the United States.  Should this happen, the Ecuadorian government would abandon Assange, not wishing to damage relations with the U.S.,  and Assange would be quickly arrested by the British government and extradited to the United States.

Assange must have figured all this out, and is tonight trying to deal with the consequences of now being in a position similar to that of Chelsea (Bradley) Manning, now serving a long sentence in a federal penitentiary.

U.S. Says Russia Directed Hacks to Influence Elections

Reblogged from THE NEW YORK TIMES

By DAVID E. SANGER and CHARLIE SAVAGE   OCT. 7, 2016

President Obama in the Rose Garden on Wednesday. CreditAl Drago/The New York Times

WASHINGTON — The Obama administration on Friday formally accused the Russian government of stealing and disclosing emails from theDemocratic National Committee and from a range of prominent individuals and institutions, immediately raising the issue of whether President Obama would seek sanctions or other retaliation for the cyberattacks.

In a joint statement from the director of national intelligence, James Clapper Jr., and the Department of Homeland Security, the government said the leaked emails that have appeared on a variety of websites were “intended to interfere with the U.S. election process.” The emails were posted on the WikiLeaks site and newer ones under the namesDCLeaks.com and Guccifer 2.0.

“We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” the statement said. It did not name President Vladimir V. Putin, but that appeared to be the intention.

For weeks, aides to Mr. Obama have been debating a variety of possible responses to the Russia action, including targeted economic sanctions and authorizing covert action against the computer servers in Russia and elsewhere that have been traced as the origin of the attacks.

The statement said that the recent “scanning and probing” of election systems “in most cases originated from servers operated by a Russian company,” but did not say the Russian government was responsible for those probes.

The president’s aides have also been debating whether to publicly attribute the attacks to Russia. Mr. Obama had decided against taking that stance in other cases where cyber techniques were used to steal tens of thousands of emails from the unclassified system of the State Department, the White House and the Joint Chiefs of Staff.

As recently as Wednesday, the director of the National Security Agency, Adm. Michael S. Rogers, refused to accuse the Russians of the cyberattack, even while talking at length about how to secure the American election system from foreign data manipulation and information warfare.

The administration’s announcement came only hours after Secretary of State John Kerry called for the Russian and Syrian governments to face a formal war-crimes investigation for attacking civilians in Aleppo and other parts of Syria. Taken together, the two moves mark a sharp escalation in Washington’s many confrontations with Moscow this year.

With little more than a month to go before the presidential election, Mr. Obama was under pressure to act now on the hacking, according to a senior administration official, who spoke on the condition of anonymity to discuss internal White House deliberations. The timing of Friday’s announcement was decided in part because a declaration closer to Election Day would appear to be political in nature, the official said.

The subject came up in the first presidential debate, with Hillary Clinton, the Democratic nominee and a former Secretary of State, blaming Russia for the attacks. Her Republican rival, Donald J. Trump, said there was no evidence that Russia was responsible, suggesting that the Chinese could be behind it, or it “could be somebody sitting on their bed that weighs 400 pounds.”

The question now is how Mr. Obama might respond without setting off an escalating cyberconflict. One possibility is that the announcement itself — an effort to “name and shame” — will deter further action.

The identification of Russia was hardly a surprise: In late July, American intelligence officials told The New York Times that they had “high confidence” that the Russian government was behind the hack of the Democratic National Committee.

The hack led to the resignation of Representative Debbie Wasserman Schultz, Democrat of Florida, as chairwoman of the committee, after the leaks suggested the committee had favored Mrs. Clinton in the nominating fight over Senator Bernie Sanders of Vermont.

The Digital Utopian Vision of Marshall McLuhan and Stewart Brand Is Cracking

It appears to me that the original vision and promise of the Internet, referred to by many as Digital Utopianism, is at severe risk of deteriorating into a “balkanized”  and severely impaired World Wide Web.

Internet barriers, censorship, protectionist Internet policy, and ubiquitous surveillance seem to be the emerging new reality.  Notable digital luminaries the likes of Vin Cerf and Bill Gates have been questioned on this point, and both have expressed no major concern about deterioration of the freedom of the Internet or with the original Utopian vision.  The argument is that the World Wide Web cannot be effectively blocked or censored.  Google would probably respond that their “loon balloons” could simply be launched to counter censorship. As a long time Silicon Valley high tech executive, I understand this optimistic view, but the facts on the ground are now providing serious evidence that the Internet is under attack, and may not survive unless there is a significant shift in these new trends.

This week alone, Turkey’s Erdogan has tried to block both Twitter and YouTube to prevent Turks from viewing evidence of his corrupt government. This morning’s New York Times reports Edward Snowden’s latest revelation.  While the U.S. government and media were investigating and publicly reporting on Chinese government Internet espionage and Chinese network equipment manufacturer Huawei, the NSA, the British GCHQ and Canada’s  Security Intelligence Service (CSIS) ,  were all collaborating, doing exactly the same thing. The hypocrisy and irony of this is not lost on either the Chinese or the Internet community. CBS 60 Minutes reported on the Chinese espionage, but has been essentially silent on NSA’s own transgressions. 60 Minutes even broadcast a report that NSA metadata was essentially harmless, which has now been shown to be false. The 60 Minutes objective reporting problem is the canary in the coal mine of the corporate takeover of media and the Web.  Protectionist policies in various countries targeted against Google, Microsoft and others are emerging. One of the many negative effects of the NSA revelations was the announcement this week that the United States was giving up control of the International Committee for Assigned Names and Numbers (ICANN), which essentially sets Internet traffic policy. Finally, this week, Netflix spoke out forcefully against the “peering agreement” it was blackmailed into signing with Comcast to insure “quality of service” (QOS) for Netflix programming to the edges of the Web.

Read more: NSA breached Chinese servers

Read more: Netflix Thinks Peering Should Be A Net Neutrality Issue

I recently came across Professor Fred Turner, Professor of Communication at Stanford. It has been a revelation for me.  His book, “From Counterculture to Cyberculture’ is an acclaimed milestone work. Turner has articulated the World I lived in the counterculture of the 1960’s and in the early Silicon Valley. His work explaining the evolution from the “counterculture” of the 1960’s to the emerging new “cyberculture” of the late 1980’s and 1990’s is an excellent record of that time in northern California.  This was the World of Steve Jobs at that time and his personal evolvement to a digital Utopian.  It is detailed in Jobs biography, and in Jobs wonderful Stanford University 2005 commencement speech, in which he also acknowledged the importance of Stewart Brand and the Whole Earth Catalog.  This was also my countercultural World as a Communications student at San Jose State at that time, in the heart of the Silicon Valley, and subsequent high tech career, beginning at Intel Corporation.  But even Professor Turner has expressed his own ambivalence about the future direction of the Web, though only from the standpoint of less worrying lack of diversity of Web communities. My concern is much more deeply based on current evidence and much more ominous.

Fred Turner, Stanford Professor of Communication – Counterculture to Cyberculture

Stewart Brand, the father of the Whole Earth Catalog and the original digital utopia visionary, has been rethinking its basic concepts. Brand has come around 180 degrees from environmental Utopianism based on “back to the land,” and is now embracing the future importance of urban enclaves. While this new urban view is now a widely held idea by many futurists, it can also be viewed as another facet of the end of digital utopia.  This TEDTalk by Brand lays out his new vision.  Where we go from here is anyone’s guess.

Setback for Net Neutrality May Actually Speed Its Adoption

Yesterday, the United Stated Federal Court of Appeals in Washington, D.C. issued a ruling that was essentially a “technical” setback for the notion that all Internet traffic should be treated equally, better known as Net Neutrality. The ruling now permits giant corporations like Verizon, NBC/Comcast, and Time Warner to charge higher fees to content providers like Netflix, Amazon and even potentially, Google.  If that sounds bad for consumers, you are right.

This Court decision has even deeper implications as NBC/Comcast is in the unique position of being both a “carrier” of the Internet bits, and a “content provider.” The enables Comcast to charge higher fees to content providers for content that competes with NBC. Is that anti-competitive? Sure sounds like it to me.

This decision was essentially caused by an earlier decision of the U.S. Federal Communications Commission to maintain a free and open “hands off” policy, and not regulate Internet traffic, considered evil by Internet purists.

But the effect of this Court ruling may be greater evil, leading to the conclusion that “common carrier” regulation of the Internet may be the lesser of the two evils, and an inevitable outgrowth of the NSA Internet espionage revelations, Chinese military Internet espionage revelations, and “balkanization” of the Internet by foreign governments, building protectionist national firewalls, and just plain old Internet traffic snooping of your privacy.   It is like what happened to the Summer of Love. The Internet was originally about free love, but before long the whole thing deteriorated into a jungle. That is what we have now, and by the simple decision of the FCC to declare the Internet a “common carrier,” a regulated telecommunications infrastructure, corporations would need to implement Net Neutrality and report their Internet traffic policies to the government.  For those who hate government regulation, I agree in principle. Sadly, it is the corporations, and the NSA that have made this imperative, to insure transparency, equality, and some level of Internet privacy.

In February of 2013 I wrote on this blog about the problem, and the book Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age, by Yale Law School Professor Susan P. Crawford.

Read more: Why Internet Neutrality is so important

NSA Spying Is Freezing Cisco, Google And Other Companies Out of Trillion Dollar Global Market

The good news today is Cisco‘s new focus on the Internet of Things, which I have been reporting as the new Mega Global Market War.  But frankly, the damage to U.S. companies like Cisco Systems by the NSA spying scandal has been catastrophic. Not only Cisco, but Google’s strategy to become a global Internet Service Provider, Yahoo, and Facebook are all affected. Cisco’s political problem is an exact mirror image of the problems Huawei has had with suspicions of espionage. Google’s strategic initiative to expand as a global ISP has hit major foreign government snags, most notably recently in India, where Gmail has been banned for government employees.

Read more: New Global Mega Industry Battle Developing in the Internet of Everything

Bill Gates was asked directly today about the potential damage from the NSA revelations, while visiting ResearchGate in Berlin.  Many knowledgeable Internet observers are predicting a severe “balkanization” of the Internet. This means that in reaction to the NSA scandal, countries all over the World will build national border walls to the Internet, destroying the original intent of the Internet as a free and open global network.  Gates answer today claimed that only China had erected serious national barriers to the Internet, and that China’s scientists were not restricted.  I think Gates is “whistling the graveyard.” Personally, I am already seeing strong blowback against Google in India and elsewhere precisely due to the NSA problem. I have reported on Eric Schmidt’s scathing criticism of the NSA in response. United States leadership in a free and open global Internet has been severely damaged.

Read more: Why Bill Gates Doesn’t Fear Internet “Balkanization”

BLOWBACK

Cisco’s disastrous quarter shows how NSA spying could freeze US companies out of a trillion-dollar opportunity

By Christopher Mims @mims 7 minutes ago

Bellwether Cisco indicates American tech companies are no longer welcome in Russia and other emerging markets. AP Photo/Lee Jin-man

Cisco announced two important things in today’s earnings report: The first is that the company is aggressively moving into the Internet of Things—the effort to connect just about every object on earth to the internet—by rolling out new technologies. The second is that Cisco has seen a huge drop-off in demand for its hardware in emerging markets, which the company blames on fears about the NSA using American hardware to spy on the rest of the world.

+

Cisco chief executive John Chambers said on the company’s earnings call that he believes other American technology companies will be similarly affected. Cisco saw orders in Brazil drop 25% and Russia drop 30%. Both Brazil and Russia have expressed official outrage over NSA spying and have announced plans to curb the NSA’s reach.

+

Analysts had expected Cisco’s business in emerging markets to increase 6%, but instead it dropped 12%, sending shares of Cisco plunging 10% in after-hours trading.

+

This completely unexpected turn, which Chambers said was the fastest swing he had ever seen in emerging markets, comes just as Cisco is trying to establish itself as a bedrock technology provider for of the internet of things, which industry analysis firm IDC says will be an $8.9 trillion market by 2020. This quarter Cisco unveiled the nPower chip, a super-fast processor designed to funnel the enormous volumes of data that the internet of things will generate. Cisco also announced the Network Convergence System, a handful of routers that will use the nPower chip.

+

Arguably, the current shift in the underlying infrastructure of the internet makes Cisco and other American companies uniquely vulnerable. The move to cloud services, streaming video and machine to machine communication (i.e., the internet of things) means new standards and new default hardware providers are taking root, and if NSA spying keeps American companies from dominating the market at an early stage, it could mean that in the long run they’ll simply be locked out of the

Google’s Schmidt blasts NSA over fiber-optic snooping: Damage Could Be Massive for U.S. Companies

U.S. National Security Agency global surveillance of virtually all Internet traffic has been devastating for Google’s international business. At the exact time when Google has launched a strategic initiative to expand as an Internet Service Provider (ISP) in foreign countries, the NSA revelations have torpedoed its efforts.

Google sees its future growth being dependent on emerging new markets that either do not have Internet connectivity or it is very limited.  Google has been experimenting with low orbiting satellites and stratospheric balloons as a means to expand Internet coverage to the most remote corners of the globe.  Last March, Schmidt visited India to meet with government officials and to discuss his vision for the Internet. At the same time, Schmidt also wrote an editorial in The Times of India arguing for a Google future in India. The response of the Indian government was to ban Gmail use in all government agencies. ICANN, the organization that manages the Internet globally, is based in the United States. ICANN has also realized the huge damage to its credibility, and is scrambling to distance itself from any relationship with the U.S. government.  I would expect that as the International Telecommunication Union, a sister global organization, is based in Geneva, Switzerland, ICANN may be expected to relocate to Switzerland.

The potential damage of the NSA revelations of snooping on foreign leaders, breaking encryption and pinpointing cellular users locations, is incalculable.  It’s implications extend far beyond Google, to Yahoo, Facebook, LinkedIn and virtually any other big social media site you can name. The cost to the U.S. economy, it’s reputation, and to the standing

Devastating Damage To U.S. Global Internet Leadership

by Barb Darrow

SUMMARY:Google’s chairman says the NSA’s tapping of its and Yahoo’s fiber-optic cable data traffic probably violates the law.

Google, a company that’s taken some lumps itself for treading heavily on users’ privacy, is not at all amused by reports that the National Security Agency  tapped fiber-optic cables running between its data centers. Google Chairman Eric Schmidt registered that disapproval to CNN and other news outlets early Monday.

“I was shocked that the NSA would do this — perhaps a violation of law but certainly a violation of mission … This is clearly an overstep,” Schmidt told CNN.

Schmidt was responding to recent revelations from former NSA contractor Edward Snowden that the NSA was not only harvesting some customer data from big U.S. internet companies with their knowledge but also collecting data flowing in the fiber optic cables between them unbeknownst to them. Those allegations that the NSA tapped both Google and Yahoo cable links were first reported in the Washington Post, which cited Snowden-supplied documents. The documents said the NSA collected hundreds of millions of records over a month and held it for 3 to 5 days while deciding what to keep.

The NSA told the Post in a statement that it focuses on “discovering developing intelligence about valid foreign intelligence targets only.”

Whatever, Schmidt is not happy.  He told CNN: ”From a Google perspective, any internal use of Google services is unauthorized and almost certainly illegal.”

Gigaom

Google, a company that’s taken some lumps itself for treading heavily on users’ privacy, is not at all amused by reports that the National Security Agency  tapped fiber-optic cables running between its data centers. Google(s goog) Chairman Eric Schmidt registered that disapproval to CNN and other news outlets early Monday.

“I was shocked that the NSA would do this — perhaps a violation of law but certainly a violation of mission … This is clearly an overstep,” Schmidt told CNN.

Schmidt was responding to recent revelations from former NSA contractor Edward Snowden that the NSA was not only harvesting some customer data from big U.S. internet companies with their knowledge but also collecting data flowing in the fiber optic cables between them unbeknownst to them. Those allegations that the NSA tapped both Google and Yahoo cable links were first reported in the Washington Post, which cited Snowden-supplied documents…

View original post 71 more words

Quantum Computing Takes Center Stage In Wake of NSA Encryption Cracking

In the late 1990’s while I was with Ascend Communications, I participated in the creation of the “point-to-point tunneling protocol” (PPTP) with engineers at Microsoft and Cisco Systems, now an Internet Engineering Task Force (IETF) industry standard.  PPTP is the technical means for creating the “virtual private networks” we use at UBC, by encrypting “open” Internet packets with IPSEC 128 bit code, buried in public packets. It was an ingenious solution, enabling private Internet traffic that we assumed would last for a very long time.  It was not to be, as we now know.  Most disturbing, in the 1990’s the US Congress debated giving the government the key to all encryption, which was resoundingly defeated. Now, the NSA appears to have illegally circumvented this prohibition and cracked encryption anyway. But this discussion is not about the political, legal and moral issues, which are significant.  In this post I am more interested in exploring the question: “So now what do we do?” There may be an answer on the horizon, and Canada is already a significant participant in the potential solution.

As it happens, Canada is already at the forefront of quantum computing, a critically important new area of research and development, that has significant future potential in both computing and cryptography.  I have previously written about Vancouver-based D-Wave, which has produced commercial systems that have been purchased by Google and Lockheed Martin Aerospace.  The Institute for Quantum Computing in Waterloo, Ontario is the other major center of quantum computing research in Canada. Without taking a major diversion to explain quantum mechanics and its applications in computing and cryptography, there is a great PBS Nova broadcast, available online, which provides a basic tutorial.  The Economist article below, also does an admirable job of making this area understandable, and the role that the Waterloo research centre is playing in advancing cryptography to an entirely new level.

We need to insure that Canada remains at the forefront of this critically important new technology.

Cryptography

The solace of quantum

Eavesdropping on secret communications is about to get harder

REBLOGGED from The Economist online edition

First published May 25th 2013 

• CRYPTOGRAPHY is an arms race between Alice and Bob, and Eve. These are the names cryptographers give to two people who are trying to communicate privily, and to a third who is trying to intercept and decrypt their conversation. Currently, Alice and Bob are ahead—just. But Eve is catching up. Alice and Bob are therefore looking for a whole new way of keeping things secret. And they may soon have one, courtesy of quantum mechanics.

At the moment cryptography concentrates on making the decrypting part as hard as possible. The industry standard, known as RSA (after its inventors, Ron Rivest, Adi Shamir and Leonard Adleman, of the Massachusetts Institute of Technology), relies on two keys, one public and one private. These keys are very big numbers, each of which is derived from the product of the same two prime numbers. Anyone can encrypt a message using the public key, but only someone with the private key can decrypt it. To find the private key, you have to work out what the primes are from the public key. Make the primes big enough—and hunting big primes is something of a sport among mathematicians—and the task of factorising the public key to reveal the primes, though possible in theory, would take too long in practice. (About 40 quadrillion years with the primes then available, when the system was introduced in 1977.)

Since the 1970s, though, the computers that do the factorisation have got bigger and faster. Some cryptographers therefore fear for the future of RSA. Hence the interest in quantum cryptography.

Alice, Bob and Werner, too?

The most developed form of quantum cryptography, known as quantum key distribution (QKD), relies on stopping interception, rather than preventing decryption. Once again, the key is a huge number—one with hundreds of digits, if expressed in the decimal system. Alice sends this to Bob as a series of photons (the particles of light) before she sends the encrypted message. For Eve to read this transmission, and thus obtain the key, she must destroy some photons. Since Bob will certainly notice the missing photons, Eve will need to create and send identical ones to Bob to avoid detection. But Alice and Bob (or, rather, the engineers who make their equipment) can stop that by using two different quantum properties, such as the polarities of the photons, to encode the ones and zeros of which the key is composed. According to Werner Heisenberg’s Uncertainty Principle, only one of these two properties can be measured, so Eve cannot reconstruct each photon without making errors. If Bob detects such errors he can tell Alice not to send the actual message until the line has been secured.

One exponent of this approach is ID Quantique, a Swiss firm. In collaboration with Battelle, an American one, it is building a 700km (440-mile) fibre-optic QKD link between Battelle’s headquarters in Columbus, Ohio, and the firm’s facilities in and around Washington, DC. Battelle will use this to protect its own information and the link will also be hired to other firms that want to move sensitive data around.

QuintessenceLabs, an Australian firm, has a different approach to encoding. Instead of tinkering with photons’ polarities, it changes their phases and amplitudes. The effect is the same, though: Eve will necessarily give herself away if she eavesdrops. Using this technology, QuintessenceLabs is building a 560km QKD link between the Jet Propulsion Laboratory in Pasadena, California, which organises many of NASA’s unmanned scientific missions, and the Ames Research Centre in Silicon Valley, where a lot of the agency’s scientific investigations are carried out.

A third project, organised by Jane Nordholt of Los Alamos National Laboratory, has just demonstrated how a pocket-sized QKD transmitter called the QKarD can secure signals sent over public data networks to control smart electricity grids. Smart grids balance demand and supply so that electricity can be distributed more efficiently. This requires constant monitoring of the voltage, current and frequency of the grid in lots of different places—and the rapid transmission of the results to control centres. That transmission, however, also needs to be secure in case someone malicious wants to bring the system down.

In their different ways, all these projects are ambitious. All, though, rely on local fixed lines to carry the photons. Other groups of researchers are thinking more globally. To do that means sending quantum-secured data to and from satellites.

At least three groups are working on this: Thomas Jennewein and his team at the Institute for Quantum Computing in Waterloo, Canada; a collaboration led by Anton Zeilinger at the University of Vienna and Jian-Wei Pan at the University of Science and Technology of China; and Alex Ling and Artur Ekert at the Centre for Quantum Technologies in Singapore.

Dr Jennewein’s proposal is for Alice to beam polarisation-encoded photons to a satellite. Once she has established a key, Bob, on another continent, will wait until the satellite passes over him so he can send some more photons to it to create a second key. The satellite will then mix the keys together and transmit the result to Bob, who can work out the first key because he has the second. Alice and Bob now possess a shared key, so they can communicate securely by normal (less intellectually exhausting) terrestrial networks. Dr Jennewein plans to test the idea, using an aircraft rather than a satellite, at some point during the next 12 months.

An alternative, but more involved, satellite method is to use entangled photon pairs. Both Dr Zeilinger’s and Dr Ling’s teams have been trying this.

Entanglement is a quantum effect that connects photons intimately, even when they are separated by a large distance. Measure one particle and you know the state of its partner. In this way Alice and Bob can share a key made of entangled photon pairs generated on a satellite. Dr Zeilinger hopes to try this with a QKD transmitter based on the International Space Station. He and his team have been experimenting with entanglement at ground level for several years. In 2007 they sent entangled photon pairs 144km through the air across the Canary Islands. Dr Ling’s device will test entanglement in orbit, but not send photons down to Earth.

If this sort of thing works at scale, it should keep Alice and Bob ahead for years. As for poor Eve, she will find herself entangled in an unbreakable quantum web.

From the print edition: Science and technology

God Speed Edward Snowden: An Ethical Dilemma of Global Proportions

I have written a number of posts on this blog about Big Data.. Big Data is in and of itself is benign. It has enormous potential to enrich our lives.  Evidence the excellent new book, Big Data: A Revolution That Will Transform How We Live, Work and Think, by Viktor Mayer-Schonberger and Kenneth Cukier. But Big Data has a dark side as well.  We should have known that the World’s largest spy and intelligence gathering organizations have the massive resources at their disposal to exploit Big Data on a scale not yet achieved in our open world, mimicking Aldous Huxley’s warnings to us, or the film Minority Report, starring Tom Cruise

My third year UBC Management students may recall our classroom discussions on ethics, and the painful reality that there are no clear and easy answers in ethical situations, even when you want to “do the right thing.”  We are all now hearing and reading about Edward Snowden, who is now at the center of a global political firestorm, caused by Snowden’s decision to reveal the NSA‘s PRISM surveillance program,  and its extraordinary encroachment of personal privacy.  Snowden’s revelations have now also entangled the UK’s GCHQ, the secret intelligence gathering arm of MI6 in Cheltenham, Gloucestershire, and Canada’s Secret Intelligence Service (CSIS), which have also been sharing similar snooping with the NSA.  A former U.S. National Security Administration contractor, Snowden was actually employed by Booz Allen Hamilton, a global management consultancy firm.  Snowden’s situation should give us all pause to consider the Brave New World we have entered with zettabytes (1 Million Terabytes) of Big Data, and the uses of it.

So the question needs to be raised.  You are a young new management graduate, hired by one of the major international management consultancy firms, and you are surprised to find yourself posted to the Canadian Secret Intelligence Service (CSIS), or the NSA, or MI6 in the UK... You have been taught in university to recognize ethical problems and you become intimately aware of programs and activities that do not feel right to you.  Something in your gut says that it is wrong, a violation of our basic democratic freedoms.  But of course there are no easy answers. These programs are providing intelligence that may be preventing terrorist attacks.  The consequences for you personally, should you choose to reveal what you know, are potentially catastrophic.  What would you do?

Whatever side you may take on this issue, I think it is important to appreciate that Edward Snowden has made his extraordinarily difficult decision. It may well cost him for the rest of his life.  Would you be prepared to take that kind of stand? If not on an issue like this, on what kind of issue, or any issue?

Even in my home town of San Francisco, there is controversy.  U.S. Senator Diane Feinstein, from San Francisco, who sits on the Senate Intelligence Committee, has spoken out fervently that the NSA Prism intelligence gathering program is entirely “within the law.” Senator Feinstein has also joined the voices calling for Snowden’s indictment on espionage charges.  In contrast, U.S. House of Representatives Minority Leader Nancy Pelosi, also of San Francisco, has spoken up in defense of Mr. Snowden.

Bradley Manning and Julian Assange

The Snowden affair has put the Bradley Manning and Julian Assange Wikileaks matter into a much clearer perspective. Something much bigger is going on here. With multiple nations rising to support and protect Mr. Snowden, it makes it much harder for the United States to argue that they have the high moral ground.

A key issue we all need to follow is how the lightning fast advances in technology are eclipsing the “law.”  I worry that Senator Feinstein, for all of her skill and knowledge, has not grasped the significance of Big Data as it applies to personal privacy under the Constitution of the United States.

My personal cut is that Mr. Snowden has done the free world a great service, at a tremendous cost to himself.  It is also interesting to see the enormous support he has engendered around the World, in a matter of days.  The U.S. government is looking terrible on the World Stage, as it attempts to apprehend Mr. Snowden. Only a very brave few in the United States have even attempted to defend Snowden. The Libertarian Rand Paul began a defense of Snowden and later backed off.  House of Representatives Minority Leader Nancy Pelosi has also bravely spoken out in support of Snowden to a chorus of disapproval..

This is the the core stuff of ethical dilemmas.  When the going gets tough, the tough get going.  Remember this in your own small way in your careers. John F. Kennedy wrote a now legendary book, Profiles in Courage, which we should all take out and read again.

Whether you agree or disagree with Edward Snowden’s actions, he has shown himself to be a person of character and determination. Think of him like Braveheart’s William Wallace, played by Mel Gibson.

God speed, Edward Snowden.

Inside Google Spanner: The Single Largest Database in the World

http://www.wired.com/wiredenterprise/2012/11/google-spanner-time/all/

The fascinating description of Google’s Spanner, arguably the single largest “known” database in the World leads me to wonder about the National Security Administration and the Defense Intelligence Agency, as much as Big Data and data mining.  Clearly, Spanner is a giant leap forward to a truly global database architecture that does not overload global network communication, and is essentially immune from replication latency or outages. The novel application of “time”  is probably the key element.  It also porttends further advances in massive data mining.  Andrew Fikes’ paper on Spanner essentially makes it available to the World, which if you carefully consider the point of the architecture, it makes sense… It also seems a bit spooky.