The Whole Of The Cyberthreat In A Single Tweet (Scribd.com)

According to ReadWriteWeb, Raffi Krikorian, a developer for Twitter, posted a complete version of a single "tweet", or 140 character Twitter message, this weekend on Scribd.com.

You can see the results for yourselves below:

map-of-a-tweet

In addition to the 140 (or less) characters in a tweet, this map shows all of the metadata thrown off by each and every post.

Some of this stuff is harmless but it is surprising how little metadata it takes to uniquely identify a particular computer. Don't believe me? Check out Panopticlick. Based on their fairly clever method, it only takes about 33 bits of data to uniquely ID a computer.

Note, I said ID the computer, not the user behind it. Likewise, knowing which 33 bits of data one needs to hide or dirty up helps the bad guys hide themselves and makes it difficult if not impossible to determine attribution by technical means alone.

More importantly, it leaves the rest of us, who do not know how much personal and identifying data we are providing, at the mercy if those who do. "Those who do" doesn't just include criminals either. It includes corporations and governments as well.

What to do about all of this is beyond me (though I think Jeff Carr at IntelFusion does some of the best thinking on the subject) but it is charts like this one that, for me, highlight the importance of this issue.

Chinese, Russian, Turkish Hackers Almost Certainly Targeting, Penetrating US Energy Provider Networks (Project Grey Goose)

Jeff Carr, author of Inside Cyber Warfare and IntelFusion, along with Sanjay Goel at the State University of New York, Albany and other contributors, has recently completed another of the Grey Goose reports, this time on hacker attacks on the power grid, both domestically and internationally.

The report's key findings are chilling:

• "State and/or Non-state actors from the Peoples Republic of China, the Russian Federation/Commonwealth of Independent States, and Turkey are almost certainly targeting and penetrating the networks of energy providers and other critical infrastructures in the U.S., Brazil, the Russian Federation, and the European Union."

• "Network attacks against the bulk power grid will almost certainly escalate steadily in frequency and sophistication over the next 12 months due in part to international emphasis among the G20 nations on Smart Grid research, collaborative development projects and the rich environment that creates for acts of cyber espionage"

• "The appeal of network intrusions against the U.S. Grid is enhanced by two key factors:"

• "90% of the U.S. Department of Defense's most critical assets are entirely dependent on the bulk power grid."
• "Most Grid asset owners and operators have been historically resistant to report cyber attacks against their networks as well as make the necessary investments to upgrade and secure their networks."

Grey Goose reports are volunteer efforts to analyze various cyber threats through the use of open source information. Previous reports have analyzed the Russia-Georgia cyber war and the evolution of cyber warfare.

In the interest of full disclosure: Jeff kindly listed me as a "reviewer" in the recent report but my input was limited to a little light editing. I don't consider myself a cyber war expert. I do think, however, that Jeff's record and the records of his co-contributors' speak for themselves and believe that those interested in this area (and those who should be interested in this area) need to read this report carefully (whether you ultimately agree with its conclusions or not).

Sabotaging The System, The Cyberwar Plan, The PRC's Cyberwar Capability and Trillions (Cyberwar Link List)

Cyber stuff is everywhere these days and the last couple of weeks have seen a number of interesting articles and videos make the rounds:

• Sabotaging The System. I would start the tour of this particular horizon with the recent 60 Minutes report on the cyberthreat. Readers should note that, in addition to the video below, there is quite a bit of additional material on the website as well.
  

Watch CBS News Videos Online

• The Cyberwar Plan. The National Journal recently posted an online article that discusses in some detail the US's own offensive cyberwar capabilities. Whether you agree with Jeff Carr or not over the appropriateness of this article, it is the most comprehensive piece I have seen on what is likely an open secret among the hackers of the world and those that sponsor them.
• Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation. This research report actually came out last month but it is one of those kinds of reports that, if you haven't seen it, you should. It is very solid open source analysis by the good people at Northrop-Grumman for the US-China Economic and Security Review Commission.
• Trillions (via Gizmodo). This one is probably my favorite entry on the list. It is not directly related to cyberwar but it provides an interesting perspective about where all this is going to go -- is going to have to go -- before too long.

Trillions from MAYAnMAYA on Vimeo.

Virtual Worlds And Cyberwarfare (Link List)

There have been a number of interesting articles in the news recently about the national security implications of virtual worlds and cyberwarfare. Start your reading with a couple of Danger Room articles, one on "Virtual World For Future Army Training" and an earlier article on "Army Wants 'First-Person Thinker' Video Game".

Next, stop over at Intelfusion for Jeff Carr's thoughts on cyberwarfare and the game of "Go". I have long thought that you can inform your understanding of a particular culture's strategic thinking by understanding the games people in that culture play. Go is a particularly good example of this, in my estimation, and Jeff's association of the game with cyberwarfare helped me think about the cyberwarfare issue in new ways.

Finally, if you want to understand where the future of virtual worlds might be, take a look at this chart on the KZERO website (KZERO is a research firm that covers virtual worlds). It doesn't take long to see that the millennial generation is growing up with virtual worlds and will likely drive their development. Finally, for an example of an existing virtual world targeted to this generation take a look at Club Penguin or, if you are more interested in the next generation of virtual worlds targeted at the millennials, see Gizmodo's coverage of Lego World.

Cybercrime Gets Political (ISN)

Maybe I missed it, but here is one I haven't seen much press on: Cybercriminals using their skills to influence political campaigns. Travis Senor, a Mercyhurst grad student, has just written a very interesting piece on the subject in the ISN Intel Briefs Series. Specifically, Travis estimates, "It is likely that the use of Russian and Eastern European "botnets" (large quantities of malware-infected computers) for political purposes will increase, due to their low cost, the difficulty in tracing their owners and their ability to give a voice to those with limited resources." Worth reading.

Chinese Cyberwarfare (ISN)

Rachel Kesselman, a Mercyhurst grad student, just published an interesting piece of analysis on Chinese cyberwarfare with the International Relations and Security Network (ISN). (Way to go, Rachel!)