Tuesday, April 26, 2011

Iran Targeted in Second Cyber Attack

A second virus, called “Stars”, has targeted Iran’s nuclear enrichment facilities. Iran’s security officials said the virus only caused minor damage before it was discovered, isolated, and moved to a lab for study. The semi-official government news agency in Iran, Mehr made the following announcement about the virus:

“The particular characteristics of the Stars virus have been discovered. The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations.”

The report went on to blame Israel and the United States for the virus, as they did for the Stuxnet virus in early January. The Stuxnet virus, however, was not detected until it had infected nearly 80% of their system and had already caused major physical damage to the plant. The Stuxnet virus was able to take control of the plant, while simultaneously telling the plant’s monitoring staff that everything was fine. The virus caused 1,000 centrifuges to spin so fast that they broke before anyone even realized anything was wrong.

Nuclear enrichment facilities would be targeted by those concerned with Iran’s ability to create an atomic bomb. Enriched uranium provides fuel for nuclear power plants, which provide energy. Uranium enriched to a much higher degree, however, provides essential materials for nuclear weapons.

The Stuxnet virus is much too sophisticated to have been created by a simple hacker. Analysts have concluded that the virus could only have been created by a nation-state with intimate knowledge of Iran’s nuclear facilities. Although the United States and Israel have not admitted to the creation of the virus, the U.S. oversaw the creation of a simulation of Iran’s enrichment facility in a nuclear plant in southern Israel that used centrifuges identical to Iran’s.

So now I want your input. In an age of complicated diplomatic relations, when mandates and sanctions are not always effective tools for foreign policy, how should we view acts of cyber warfare against infrastructure? Should it be considered an act of war?

Source: http://www.reuters.com/article/2011/04/25/us-iran-computer-virus-idUSTRE73O1OL20110425

Wednesday, April 20, 2011

National Cyber ID

The federal agency called the National Agency for Trusted Identities in Cyberspace, or the NSTIC, an acronym you have probably never heard of, is making important decisions that may affect the way that you go on-line. The agency is seeking to promote safety and security of on-line transactions because identity theft incurred by a consumer on-line can take 130 hours and over $600 to resolve. The agency wants to create a unique log-on ID for each person in America that they can use securely for everything they do on-line, from banking to shopping to many other things. Obama made the following justifications for the plan:

"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation"

He went on to stress that the program will be in no way mandatory, and consumers will still be able to choose to do certain transactions on their National ID and certain transactions anonymously.

However, I believe it is always important to be skeptical of such programs, as the scope is hardly ever limited to the original intentions. Your Social Security number, for example, was originally created only for the purpose of paying and receiving Social Security. The scope of that number has been greatly exceeded and is now used to track all sorts of information about you. Although the National ID program is voluntary now, in the worst future case, it could eventually be a requirement of any access of the internet at all and give the government the ability for total on-line tracking of your activity. So I want your thoughts: should the federal government get into the game of on-line commerce and banking security or should this be left to private companies?

Source:http://www.digitaltrends.com/computing/obama-aims-to-fight-identity-theft-with-new-online-id-plan/