When M16 use GCHQ computer experts to hack into Middle Eastern computers and replace bomb making instructions with a recipe for cup cakes, it’s a bit of a giggle, What Ho! Boys, just a jolly jape.

When US and Israeli computer experts infected Middle Eastern industrial computers with the Stuxnet virus and wiped out the programming for their nuclear plants, all was declared ‘fair’ in cyber love and war – Iran might not have been planning to use its proposed nuclear weapons to bully and cajole non-nuclear countries into behaving in the approved all-American way; heavens, they might even have had their own agenda.

When a bored Chinese teenager in Jinan sends a daft Pentagon official an e-mail asking him ever so nicely if he would care to enter his Google password into this nice little box, it becomes an act of war. One that requires a change of the rules in US military engagement allowing them to respond with the full force of Uncle Sam’s big box of big bangs.

According to the Pentagon, planned retaliatory strikes against cyber criminals can come within the gamut of laws governing armed conflict.

“When warranted, the US will respond to hostile acts in cyberspace as we would to any other threat to our country,” the White House said a fortnight ago.

I doubt that even the famously loyal and supportive Mrs Gary McKinnon would take kindly to a Cruise missile shearing its way through the shag pile carpet only to embed itself in the pet hamster’s cage and ruin her celebrated soufflé, merely because young Gary got a bit bored and thought he’d e-mail Hilary Clinton and ask her if she could give him her paypal account loggin – which appears to be roughly equivalent to the sinister and evil ‘hacking’ that is being alleged to have been undertaken by the Chinese government.

The latest Gmail hackers, who launched the attack from Jinan in Shandong province, tried to take total control of the targets’ gmail, including login details, settings, mail forward patterns and other functions.

Well, of course they could sweetie, if you’ve given them your password – and several highly placed Pentagon officials seem to have done so – they can do whatever they damn well please from them on. You’re lucky they didn’t send an e-mail to the Pope claiming that they know for a fact that Barack Obama is actually a Chinese Buddhist born in North Korea, they could have done you know, they’re damned clever these ‘hackers’ once they’ve got your password. They could have cancelled your gym membership, invited your wife and your mistress to lunch together – those inscrutable Chinese, nothing is beyond them. In fact, I’ll bet you that they had discovered some incredibly complex way to ensure that if they clicked on ‘new e-mail’ once they’d logged into your account, an exact replica e-mail form would have popped up that they could have addressed to just anyone in your address book….incredible skill these hackers.

Sneaking into the email systems of high-profile sensitive targets could be just a precursor to daring attacks on critical computer networks supporting a country’s security. The U.S. has realized the scope and gravity of cyber attacks and their utility in real warfare.

Oh, it could, it could….

That is why the U.S. decided to change it military rule book to accommodate provisions for retaliatory strikes on hacker groups and their state sponsors.

Yes, unmanned drones heading into the 17^th floor back bedroom of Nelson Mandella Towers is definitely the way to deal with the problem.

So much easier than telling your top officials not to be so daft as to give their password to anyone.

I wonder if one of those Chinese hackers would be kind enough to hack into my old annaraccoon@gmail.com account?

I was so security conscious; I didn’t even give myself the password.

John B June 4, 2011 at 21:02

There is a real war happening and it is getting ever closer to blow
open.
I only know about this situation from what I have read in this
post.
Intelligence people can be stupid but they are not that stupid, and
those who actually direct things are actually pretty bright. Otherwise they
never would have had the cleverness to climb the slippery heap to power.
We
live in a luxury of post-western classical liberalism that s being wound up to
make way for what? – global serfdom?
It sounds to me as if this story is
just another excuse, more kite flying, to advance measures to control the
internet.

john malpas June 4, 2011 at 02:16

I knew that computers were a bad idea. Now look what you all have done.

Daz Pearce June 4, 2011 at 02:04

The blonde tendencies of intelligence agencies never cease to amaze…

Why not put the hackers in charge of the intelligence system? Would make
more sense than what we have currently…

http://outspokenrabbit.blogspot.com/

2Mac June 3, 2011 at 23:52

It is called a Phishing excercise for a reason. It is casting a wide net
propably targeting hundreds of thousands of email address variations using the
first and last names. See what you trawl in and work from their. It is not
simple asking for passwords. That is what amatuers do.

Alternatively if the attackers already have specific email account details
for the personal email addresses of military personnel then there is already a
severe breach.

“Hypothetically” if someone wanted to set up such an attack an imaginery
strategy would be as follows:

Locate a secondary source where military personnel congregate, Unions,
Military Charities, Clubs, Unions, Associations, etc in vicinity.

Target secondary source non secure servers and harvest details (See Recent
Sony Issues) cross reference details of members personal email accounts with
known names of US military personnel. (Serious people/important people have
serious email addresses using their serious and important names)

Send emails to these specific accounts not asking for passwords, that is
not the game. The trick is sending emails with script code embedded within the
body and images of the email. No attachments or anything so obvious. Simple
viewing the email in the preview pane with execute the code, no clicking or
agreeing. Simply seeing the page and the script is run.

High level” Zeroday” exploits are basically vulnerabilities in operating
systems/applications never deployed. Your anti virus does not have a
definition and therefore does not detect a “Zeroday” attack, your software
vender does not know and therefore does not have an update. It is a key to
your electronic kingdom.

The Zeroday exploit is used to gain Admin access of machine. Once you have
admin rights you can do anything with a PC. eg. Open a port and download
software to run silently with no taskmanager listing, Upload contents of
specific folders, log every stroke of keyboard revealing passwords and
communications of secure systems based on what has been typed rather than
reading information.

The options are endless for information gathering . eg. “Exif” data on
almost all digital photos reveals GPS location where it was taken. Google
accounts for androids have all your telephone numbers, IP addresses from email
headers received to identify other machines to scan and attack of other
persons of interest to sniff the data from.

Simple Geek Fun: Ever posted online from a camera phone/iphone. Go and get
a picture, find an “Exif viewer” on Google or as add on to firefox/chrome.
Read Exif data from photo. Get GPS data from list. Google map GPS data. See
Streetview of location photo was taken. (Don’t panic. If you copy photos to
bmp files then back to jpg you wipe exif data)

All Governments have people doing this and much more everyday. The Chinese
government have thousands doing this all day. attacking corporate, military
and financial targets. Looking for affairs and blackmail material.

Recently the IT Security firm of choice of the US Department of Defence was
ripped apart by a small team of kids, see link below.

http://nakedsecurity.sophos.com/2011/02/07/hbgary-federal-hacked-and-exposed-by-anonymous/

We can laugh and joke but information is power and getting it is big
business. China is not successful accidentally.

ivan June 4, 2011 at 01:05

What you say about operating systems being vulnerable is correct but the
big problem is that some are more so than others.

The email running of scripts can be overcome by using a text only email
application and if you want to be paranoid you can use it in a sandbox.

While someone can get control over an individual machine it should be
almost impossible to get out from that machine if the proper locks are
applied restricting what can and can not be done – for example, anyone that
doesn’t explicitly shut off things like ‘remote registry manipulation’ and
‘allowing operating alternative credentials’, on windows machines deserves
all they get, in my IMO.

Exif data can be edited – at least on OS/2 it can and any pictures I send
out only have file name, date and copyright.

Yes, a professional, determined hacker can get into any machine but I
maintain there is no point in making it east for them, but then that
requires thought and common sense which both appear to be in short supply at
the moment.

2Mac June 4, 2011 at 13:10

HB Garry had the best technicians in the world, billions to spend,
layers of firewalls and s business focussed on Internet security. It took
a couple of weeks for Anon to destroy there systems. A few kids who have
never met on real life coordinated and destroyed the USA militaries IT
contractor.

You are seriously deluded if you think your precautions will make a
difference if someone with skills decides you are a Target. Our only
safety is our lack of potential value to top hackers and keeping threats
minimized from other threats.

Shields up! Ports Locked! Privileges Removed! Scripts blocked! The
Internet becomes like Ceefax.

Surreptitious
Evil June 6, 2011 at 16:53

HB Garry had the best technicians in the world, billions to spend,
layers of firewalls and s business focussed on Internet
security.

None of these are remotely true, even the last.

HB Gary is a small company focussed on malware detection. HB Gary
Federal was that part of the business that sold to us.gov and it had
some ideas about open source intel and social media manipulation.

Best techs? Not even Hoglund rates up there nowadays.

Billions to spend? Uh-huh. Small company. Probably not even when
measured in Somalian shillings.

Layers of firewalls – even if they did have them, their internal
email server was accessible from the application layer at their mail
gateway. It’s a bit like having “layers of doors” but leaving them all
open …

Single
Acts of Tyranny June 3, 2011 at
22:31

Wait, wait, wait, hold the phone…..

If the Yanks regard attacks on their network as acts of war and therefore
think it is okay to respond with missiles…..Doesn’t that mean who ever hacked
the Iranian nukes sites (the USA and Israel are helping police with their
inquiries) have in fact declared war on the Persians and can have no complaint
when the Iranians open fire?

Cascadian June 3, 2011 at 21:51

Hmmm, I dunno, I actually support this initiative.

Seems to me an extension of Darwinian theory.

When a powerful country elects an affirmative-action candidate with the
skills of a diversity co-ordinator to it’s highest office it follows that
there is very large constituency of stupid people (even in the Pentagon).

When that president insists on using his Blackberry despite sensible
cautions that its encryption capabilities are not adequate for presidential
communications, very many people far below the commander-in-chiefs grade might
get the idea that security is a joke.

Seems like a game of follow the moron.

Single
Acts of Tyranny June 3, 2011 at
19:03

You really have to wonder what kind of half-wit in the Pentagon actually
sends someone his password via e-mail.

The wife/mistress thing wouldn’t work however, they take us aside in senior
school and say “Okay boys, those of you with a mind for unofficial polygamy
remember; Friday night ~ girlfriends, Saturday night ~ wives”

Katabasis June 3,
2011 at 17:40

These officials should be charged with gross incompetence. Gmail routinely
scans the content of emails in order to target its advertising. Who in their
right mind would use this for communicating “sensitive data”?

Dave H June 3, 2011 at 18:06

Perhaps it helps in their job. Ads for nuclear weapons would give them
something to investigate.

alan June 3, 2011 at 18:08

They were personal accounts. The “sensitive data” is probably just their
list of contacts and personal conversations between friends. This is very
valuable data to then use for social engineers attacks. Basic hacking
101.

Katabasis June
3, 2011 at 19:44

I agree, however even for personal accounts I assumed they would be
required to use some kind of (relatively) secure email service.

There is a substantial ‘cyber’ threat it seems, only its mostly to be
found in the halls of our own governments.

Katabasis June 3,
2011 at 17:33

Great post Anna – and to echo Ivan – WTF are they doing using gmail
accounts anyway given their positions?

aaaaargh June 3,
2011 at 17:11

Just try ‘password’ – that’s what most of the people I do tech support for
choose.

Team Merica
June 3, 2011 at 21:05

Or type in “yourpassword”!!!

Gordo June 3, 2011 at 14:41

Excellent post Anna. Again.

ivan June 3, 2011 at 14:37

I thought gmail, like hotmail, was for throw away accounts for script
kiddies NOT for secure communications at any high level. I also thought that
those high up in the pentagon had brains but it appears they don’t and these
are the ones supposed to know what they are doing.

The world is doomed!

Engineer June 3, 2011 at 16:31

If you want reliability, you can’t beat two baked tins and a length of
taut string.

Team Merica
June 3, 2011 at 21:04

Make sure the tins are empty (and cleaned out) first.

Lorenzo June
3, 2011 at 21:53

Would you recommend small tins or large?

Engineer
June 3, 2011 at 22:28

Let ear size be your guide.

Jabba the Cat June 5, 2011 at 17:04

Critically, the string must be of the old style variety, white
natural fibres carefully snipped from a ball, or a roll with a blue
cardboard tube in the middle. None of this modern plastic nonsense
that does not transmit sound properly…

Bob Doney June 3, 2011 at 13:49

I quite the cupcakes ruse – what sort of world is it if you can’t have a
joke about home-made bombers?

It seems incredible that the US military invented t’internet and now
communicate with each other with gmail accounts.

Engineer June 3, 2011 at 16:29

Life can be stranger than fiction. Before I read this article, the
thought of the Taliban and Alky Ada taking out a Fatwa against Delia Smith
would have been the sort of surrealist nonsense you’d associate with a
surfeit of recreational chemicals. Now, I’m not so sure…

Engineer
June 3, 2011 at 19:59

Scrub that. Apparently, the cupcake recipes used to delight potential
terrorists were on an Ellen DeGeneres website.

I’m not sure if that’s more surreal or less.

Michael
Fowke June 3, 2011 at 13:49

Any excuse for a war. It’s the only way America can stop China’s economic
miracle.

Team Merica
June 3, 2011 at 21:01

Do you think Merica (F@ck Yeh!) would actually win?