C/Net reports that White House Director of National Intelligence Dennis Blair says the U.S. is severely under the threat of greater cyberattacks but believes we can rise to the challenge.
Blair appeared before a Senate panel on Tuesday to deliver the Annual Threat Assessment of the U.S. Intelligence Community (PDF). A statement of Blair’s remarks to the Senate Select Committee on Intelligence was released for the record. While he focused mostly on non-cyberterrorism and similar threats, he led off with a stark report on the growing dangers and challenges of cyberwarfare.
Seeing the recent attacks against Google as a “wake-up call,” Blair cautioned those who may treat the problem lightly. He also praised companies who report such incidents as they help Washington better understand the nature of cyberthreats that can affect the entire nation.
When Google reported in January that it had been the victim of a cyber-attack, it sparked what has turned out to be weeks of discussions and investigation. eWEEK looks at how the attack unfolded, including key events in the ongoing controversy between the United States, Google and China.
A report issued by iDefense, a computer security company owned by Verisign, states that 33 other companies were targeted in the attack. It also says that those responsible were working either directly on on behalf of official intelligence entities of the People’s Republic of China.
Blair detailed a laundry list of adversaries on the cyberwarfare front, including other nations, terrorist networks, and organized crime groups, all of whom have the knowledge and means to attack U.S. networks to disrupt operations and steal sensitive information.
In other news, C/Net says police want to streamline the process of peeking inside email accounts.
Cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies with search warrant documents. They’re pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.
According to CNET, eighty-nine percent of police surveyed want to be able to “exchange legal process requests and responses to legal process” through an encrypted, police-only “nationwide computer network.” The most controversial element is probably the private Web interface.
But a recent inspector general’s report (PDF) from the Justice Department details how the FBI obtained Americans’ telephone records by citing nonexistent emergencies and simply asking for the data or writing phone numbers on a sticky note rather than following procedures required by law.Some companies already have police-only Web interfaces. Sprint Nextel operates what it calls the L-Site, also known as the “legal compliance secure Web portal.” The company even has offered a course that “will teach you how to create and track legal demands through L-site. Learn to navigate and securely download requested records.” Cox Communications makes its price list for complying with police requests public; a 30-day wiretap is $3,500.
“It sounds very dangerous,” says Lee Tien, an attorney with the Electronic Frontier Foundation, referring to the police-only Web interface. “Let’s assume you set this sort of thing up. What does that mean in terms of what the law enforcement officer be able to do? Would they be able to fish through transactional information for anyone? I don’t understand how you create a system like this without it.”
Some of the responses to other questions: “AT&T is very prompt.” “Cox Communications seems to be the worst.” “Places like Yahoo can take a month for basic subscriber info which is also a problem.” “AT&T Mobility does not keep a log at all.” “MySpace give (sic) me the quickest response and they have been very pro-police.”
Hemanshu (Hemu) Nigam, MySpace’s chief security officer, said in an interview with CNET on Tuesday that: “You can be very supportive of law enforcement investigations and at the same time be very cognizant and supportive of the privacy rights of our users. Every time a legal process comes in, whether it’s a subpoena or a search order, we do a legal review to make sure it’s appropriate.”
Jim Harper, a policy analyst at the free-market Cato Institute, says that he welcomes the idea of a police-only Web interface as long as it’s designed carefully. “A system like this should have strong logins, should require that the request be documented fully, and should produce statistical information so there can be strong oversight,” he says. “I think that’s a good thing to have.”
