Russian and Ukrainian criminals favor The Planet for their Web hosting

Last Updated on Monday, 8 March 2010 10:46 Written by Jeffreycarr Monday, 8 March 2010 10:46

James McQuaid has published an eye-opening post which graphically demonstrates what I’ve been saying ever since the first Project Grey Goose report came out in October, 2008; i.e., that the U.S. is the favored hosting provider for bad actors around the world. In this case, we’re talking about criminal enterprises operating out of Russia and the Ukraine and just one of the 20 or so U.S. companies who sell services to them – The Planet of Plano, TX.

By the way, there’s nothing in the unclassified 12 initiatives of the CNCI that call out this critical problem, yet its one of the easiest and least expensive problems to solve.

Imagine if Russia or China announced a formal policy of using non-state actors in cyber deterrence

Last Updated on Wednesday, 3 March 2010 10:56 Written by Jeffreycarr Wednesday, 3 March 2010 10:56

As I pointed out earlier, Initiative #10 states that the U.S. will be “building an approach to cyber defense strategy that deters interference and attack in cyberspace by improving warning capabilities, articulating roles for private sector and international partners, and developing appropriate responses by both state and non-state actors.“

About a month ago, the Russian Federation released their military doctrine for 2020. As far as cyber operations go (the RF calls it Information Warfare), it was almost a non-event, which is partly why I haven’t blogged about it (yet). Still, for the purpose of comparison between what the Kremlin released and what the White House released, I think its a constructive exercise. So according to the RF’s Military Doctrine and Principles of state policy on nuclear deterrence to 2020, the following sections relate to Information Warfare:

12. (d) Acknowledgment of the intensification of the role of information warfare in contemporary military conflict.

13. (d) The prior implementation of measures of information warfare in order to achieve political objectives without the utilization of military force and, subsequently, in the interest of shaping a favorable response from the world community to the utilization of military force.

41. The tasks of equipping the Armed Forces and other troops with armaments and military and specialized equipment are: (c) to develop forces and resources for information warfare

And that’s pretty much it. But what if 41 (c) said “to develop state and non-state actors as forces in the use of information warfare”. Can you imagine the uproar that would occur; that Russia has “outed” its own use of non-state actors? Well, that’s essentially what this document has done for the U.S. government.

Now if this document were released in a vacuum, it could be argued that it’s just a statement that could have been written a little clearer; that my concerns are excessive and over-blown. Fair enough, but it wasn’t released in a vacuum. Many other nations in the world community see the U.S. in a more negative way already because 20 of the world’s top 50 worst ISPs for serving malware operate in the United States. This creates the illusion that the US is responsible when in fact foreign actors use US servers to mask attribution and, as a side benefit to them, feed anti-US sentiment. This strategy seems to be working according to the McAfee report “In the Crossfire” (.pdf), which surveyed “600 IT and security executives from critical infrastructure enterprises across seven sectors in 14 countries”. According to the report, the U.S. is seen as the “most worrisome potential aggressor”.

Ironically, China will surely use this document against us as they continue to accuse the U.S. of launching cyber attacks against .cn websites. China, PRC officials will say, is busy shutting down bad ISPs and enforcing its own anti-hacking laws (which they are doing, by the way), while the U.S. does nothing about its own infected computers and badware.

While I have no doubt that the intentions of those who wrote this Initiative were good, announcing it in the public version is a potential disaster for us.

Russian Information Security Training for 2010 and Beyond: What you need to know

Last Updated on Thursday, 11 February 2010 08:25 Written by Jeffreycarr Thursday, 11 February 2010 02:53

Information Security standards are published by the Russian Federation Ministry of Science and Education based on curriculum developed by a scientific advisory board chaired by the Federal Security Service (FSB) that includes government and academic members. This report identifies the following key areas:

• Scientific Advisory Board Information Security Training (specialty 090103)
• Additional Members based on Specialty (090303)
• History of Russian IT Security Training (Post World War II)
• Specialty 090103 Training Requirements
• Original Scientific Advisory Board Information Security Training
• Information Security Specialties
• Sub-specialties 090303 Information Security of Telecommunications

This report (.pdf) is a unique study in current Russian Information Security requirements for 2010. It consists of 7 pages with a word count of 1630 plus two tables, and has been prepared by a career Russian intelligence analyst (retired). Contact me with any questions or after you have made the purchase to arrange for a delivery email address.

Cost: $175.00