Archive for the ‘Technical Data Export’ Category

May

25

“Do What I Say” Etc., Etc.

Posted by Clif Burns at 5:45 pm on May 25, 2010
Category: Criminal PenaltiesDDTCDeemed ExportsTechnical Data Export

NASC RFP

In case you can’t read the text of the “WARNING” in this RFP from the Naval Air Systems Command sent to me by an alert reader, it says:

WARNING: THIS DOCUMENT CONTAINS TECHNICAL DATA WHOSE EXPORT IS RESTRICTED BY THE ARMS EXPORT CONTROL ACT (TITLE 22, U.S.C. SEC 2751 ET SEQ) OR THE EXPORT ADMINISTRATION ACT OF 1979, AS AMENDED, (TITLE 50, U.S.C. APP 2401, ET SEQ). VIOLATIONS OF THESE EXPORT

Which is why, of course, the document is posted on the web where any foreign person in any country could download the document and obtain export-restricted technical data. I was able to download without problem all of the documents attached to the RFP.

Perhaps the contracting officer was unaware that the Internet was available outside the United States or that foreign nationals in the United States could actually access the Internet. Or did the contracting officer think that if, say, an Iranian saw this “WARNING” either a crise de conscience or fear of the long arm of U.S. law would cause him or her to heed the warning and not download the juicy details? (I have blurred the details of the RFP so as to not to assist any foreign person in locating this particular RFP, and I’m not providing a link for the same reason.)

The government regularly threatens defense contractors, universities (cf. Professor Roth), and others with huge fines and criminal penalties for disclosures of ITAR-controlled technical data, even data that is already available elsewhere on the Internet. So why haven’t I read about a raid on the Naval Air Command Systems office at the Pentagon and seen pictures of ICE carting off all their computers?

Permalink Comments (8)

Bookmark and Share


Feb

8

Do Not Open That Email Attachment

Posted by Clif Burns at 10:11 am on February 8, 2010
Category: ChinaTechnical Data Export

Big News!Everyone that has sensitive data (including, of course, ITAR-controlled data) on their computers networks should read this sobering article in Wired, which reveals, for the first time that I am aware of, the methodology, extent and scope of Chinese cyber-attacks on U.S. computer networks. After you read this article, there will be no question in your mind that these attacks are orchestrated and carried out by the Chinese government, even though the Chinese government is currently issuing risible denials of its involvement. Also, you will never open an email attachment again from anyone. The problem is, of course, that someone on your network will.

Called Advanced Persistent Threats (APT), the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs. What’s more, the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures. …

The Heartland and RBS attackers, and other criminal hackers of their ilk, tend to use SQL injections attacks to breach front-end servers. The APT attackers, however, employ undetectable zero-day exploits and social engineering techniques against company employees to breach networks.

… They attempt to take every Microsoft Word, PowerPoint and Adobe PDF document from every machine they compromise, as well as all e-mail, says Mandia. …

Last year, for example, an unidentified defense contractor discovered 100 compromised systems on its network, and found that the intruders had been inside since at least 2007.

APT attackers also appear to be well-funded and well-organized. In some cases, Mandiant has found multiple groups inside a network, each pursuing their own data in a seemingly uncoordinated fashion. …

Many entities don’t discover a breach until someone from law enforcement tells them. By then, it’s too late.

“By the time the government is telling you, you’ve already lost the stuff you didn’t want to lose usually,” Mandia says, noting that it’s generally not possible to ascertain everything that an attacker took.

While APT attacks are sophisticated, they use simple techniques to gain initial entry and, once inside, adhere to a pattern.

For starters, the attackers conduct reconnaissance to identify workers to target in spear-phishing attacks — such as key executives, researchers and administrative assistants who have access to sensitive information — and then send malicious e-mails or instant messages that appear to come from a trusted colleague or friend.

The e-mails have an attachment or link to a ZIP file containing zero-day malware that exploits Microsoft Office or Adobe Reader vulnerabilities. Google employees received an e-mail with malware that exploited a vulnerability in Internet Explorer 6 that Microsoft had not yet publicly disclosed.

Once the attackers have a foothold on one system, they focus on obtaining elevated access privileges to burrow further into the network. They do this by grabbing employee password hashes from network domain controllers — and either brute-force decrypt them or use a pass-the-hash tool that tricks the system into giving them access with the encrypted hash.

Not only should you be extremely cautious about email attachments and forwarded links, even from trusted friends, but also you might think about taking down your entry on LinkedIn or other business networking sites. Unless, of course, it’s already too late.

Permalink Comments (4)

Bookmark and Share