Author Topic: Should Obama Control the Internet?  (Read 9139 times)

Ron

  • friends
  • Senior Member
  • ***
  • Posts: 10,883
  • Like a tree planted by the rivers of water
    • What I believe ...
Should Obama Control the Internet?
« on: April 04, 2009, 10:00:35 AM »
Quote
A new bill would give the President emergency authority to halt web traffic and access private data.

http://www.motherjones.com/politics/2009/04/should-obama-control-internet

Should President Obama have the power to shut down domestic Internet traffic during a state of emergency?

Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) think so. On Wednesday they introduced a bill to establish the Office of the National Cybersecurity Advisor—an arm of the executive branch that would have vast power to monitor and control Internet traffic to protect against threats to critical cyber infrastructure. That broad power is rattling some civil libertarians.

The Cybersecurity Act of 2009 (PDF) gives the president the ability to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security." The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.

The bill does not only add to the power of the president. It also grants the Secretary of Commerce "access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access." This means he or she can monitor or access any data on private or public networks without regard to privacy laws.

Rockefeller made cybersecurity one of his key issues as a member of the Senate intelligence committee, which he chaired until last year. He now heads the Committee on Commerce, Science and Transportation, which will take up this bill.

"We must protect our critical infrastructure at all costs—from our water to our electricity, to banking, traffic lights and electronic health records—the list goes on," Rockefeller said in a statement. Snowe echoed her colleague, saying, "if we fail to take swift action, we, regrettably, risk a cyber-Katrina."

But the wide powers outlined in the Rockefeller-Snowe legislation has at least one Internet advocacy group worried. "The cybersecurity threat is real," says Leslie Harris, head of the Center for Democracy and Technology (CDT), "but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

The bill could undermine the Electronic Communications Privacy Act (ECPA), says CDT senior counsel Greg Nojeim. That law, enacted in the mid '80s, requires law enforcement seek a warrant before tapping in to data transmissions between computers.

"It's an incredibly broad authority," Nojeim says, pointing out that existing privacy laws "could fall to this authority."

Jennifer Granick, civil liberties director at the Electronic Frontier Foundation, says that granting such power to the Commerce secretary could actually cause networks to be less safe. When one person can access all information on a network, "it makes it more vulnerable to intruders," Granick says. "You've basically established a path for the bad guys to skip down."

The bill's scope, she says, is "contrary to what the Constitution promises us." That's because of the impact it could have on Internet users' privacy rights: If the Commerce Department uncovers evidence of illegal activity when accessing "critical" networks, that information could be used against a potential defendant, even if the department never had the intent to find incriminating evidence. And this might violate the Constitutional protection against searches without cause.

"Once information is accessed, it can be used for whatever purpose, no matter the original reason for accessing something," Granick says. "Who's interested in this [bill]? Law enforcement and people in the security industry who want to ensure more government dollars go to them."

Nojeim, though, thinks it's possible the bill's powers could be trimmed as it moves through Congress. "We will be working with them to clarify just what is needed and how to accomplish that," he says. "We're hopeful that some of the very broad powers that the bill would confer won't be included."
For the invisible things of him since the creation of the world are clearly seen, being perceived through the things that are made, even his everlasting power and divinity, that they may be without excuse. Because knowing God, they didn’t glorify him as God, and didn’t give thanks, but became vain in their reasoning, and their senseless heart was darkened. Professing themselves to be wise, they became fools.

Ron

  • friends
  • Senior Member
  • ***
  • Posts: 10,883
  • Like a tree planted by the rivers of water
    • What I believe ...
Re: Should Obama Control the Internet?
« Reply #1 on: April 04, 2009, 10:02:33 AM »
Here is another link that dove-tails nicely with the above article. I posted this last week but nobody had a comment :P

I'll post the pertinent observation from the end of the blog post.

http://www.pbs.org/cringely/pulpit/2000/pulpit_20000713_000657.html

Quote
But I have my own theory about Carnivore. From a network architecture standpoint, the best location for Carnivore is right after the ISP's router. This puts Carnivore in the path of every packet entering or leaving the ISP. It's also a major reason why ISPs might not want to install Carnivore boxes — it's the network's point of greatest vulnerability. In this position, Carnivore can act as a listening and recording device, OR IT CAN ACT AS A SWITCH. If we ever hear a proposal from the FBI in which it plans to install Carnivores at all 6000 ISPs in the U.S., we'll be giving the government the power to do something it can't do right now.

Shut the Internet down.
For the invisible things of him since the creation of the world are clearly seen, being perceived through the things that are made, even his everlasting power and divinity, that they may be without excuse. Because knowing God, they didn’t glorify him as God, and didn’t give thanks, but became vain in their reasoning, and their senseless heart was darkened. Professing themselves to be wise, they became fools.

longeyes

  • friend
  • Senior Member
  • ***
  • Posts: 5,405
Re: Should Obama Control the Internet?
« Reply #2 on: April 04, 2009, 11:20:43 AM »
A "state of emergency" is when those in control fear they might lose that control.

It is always the same dynamic: fear or freedom.  We need to suck it up and choose freedom.  The world isn't going to come to an end, and if it does at least we'll go out with honor.
"Domari nolo."

Thug: What you lookin' at old man?
Walt Kowalski: Ever notice how you come across somebody once in a while you shouldn't have messed with? That's me.

Molon Labe.

MechAg94

  • friend
  • Senior Member
  • ***
  • Posts: 34,595
Re: Should Obama Control the Internet?
« Reply #3 on: April 04, 2009, 11:35:20 AM »
Quote
That broad power is rattling some civil libertarians.
Really!!?  I wonder why that would be. 
“It is much more important to kill bad bills than to pass good ones.”  ― Calvin Coolidge

Scout26

  • I'm a leaf on the wind.
  • friend
  • Senior Member
  • ***
  • Posts: 25,997
  • I spent a week in that town one night....
Re: Should Obama Control the Internet?
« Reply #4 on: April 04, 2009, 11:46:49 AM »
That's not all they want to control:


http://www.chicagotribune.com/news/chi-oped0402goldbergapr02,0,2108647.story
Quote
The case before the court, Citizens United vs. Federal Election Commission, involves a documentary-style film, "Hillary: The Movie," that ran afoul of campaign-finance laws designed to censor so-called stealth ads as well as electioneering paid for by corporations or unions. To be fair, the film does amount to partisan advocacy. It's a scorching indictment of the former Democratic presidential front-runner, produced by an unapologetically conservative outfit. It's as one-sided as a MoveOn.org-produced documentary about George W. Bush would be. But, some might wonder, should partisan advocacy ever be illegal in a democracy?

Several justices asked the deputy solicitor general, Malcolm Stewart, if there would be any constitutional reason why the ban on documentaries and ads couldn't be extended to books carrying similar messages. Stewart, speaking for a president who once taught constitutional law, said Congress can ban books "if the book contained the functional equivalent of express advocacy" for a candidate and was supported, even slightly, with corporate money. Such advocacy, Stewart conceded, could amount to negatively mentioning a politician just once in a 500-page book put out by a mainstream publisher.
Some days even my lucky rocketship underpants won't help.


Bring me my Broadsword and a clear understanding.
Get up to the roundhouse on the cliff-top standing.
Take women and children and bed them down.
Bless with a hard heart those that stand with me.
Bless the women and children who firm our hands.
Put our backs to the north wind.
Hold fast by the river.
Sweet memories to drive us on,
for the motherland.

Standing Wolf

  • friend
  • Senior Member
  • ***
  • Posts: 2,978
Re: Should Obama Control the Internet?
« Reply #5 on: April 04, 2009, 01:25:06 PM »
Quote
We had to burn down the village to save it.
No tyrant should ever be allowed to die of natural causes.

Gewehr98

  • friend
  • Senior Member
  • ***
  • Posts: 11,010
  • Yee-haa!
    • Neural Misfires (Blog)
Re: Should Obama Control the Internet?
« Reply #6 on: April 04, 2009, 02:16:15 PM »
Oh, noes.

Guess I'd better call up the commander of the Air Force's new Cyber Command and tell them their plans to protect the U.S. against malicious information warfare are totally off-kilter.

Because you know, sure as shinola, were the U.S. electronic data infrastructure crippled by an external or internal attack, nobody on a piddly-assed internet forum would just sit there and say, "That's ok" as their ATM cards cease to function, let alone that all-important web browser. 

I understand the reason for protecting American cyberspace.  Previous attacks have shown a real vulnerability.

Tin foil hattery notwithstanding, we're a cyber attack or two away from another 9/11, except we're already in a pretty bad recession this time. Let's knock out the financial institutions for a few days, and see how it goes.  We'll be trading chickens and ammo in no time. Then there will be some serious belly-aching.  "How come the government didn't take measures to prevent this?"

Is the cure worse than the cause?  Maybe. The devil's always in the details. 

"Bother", said Pooh, as he chambered another round...

http://neuralmisfires.blogspot.com

"Never squat with your spurs on!"

Teknoid

  • Member
  • *
  • Posts: 121
Re: Should Obama Control the Internet?
« Reply #7 on: April 04, 2009, 07:37:46 PM »
The spying part is what gets me. Isn't this the same bunch that was screaming about wiretaps being unconstitutional? What do they call tapping into the net for info WITHOUT a warrant? I suppose it's OK now, since it's them doing the listening.

MicroBalrog

  • friend
  • Senior Member
  • ***
  • Posts: 14,505
Re: Should Obama Control the Internet?
« Reply #8 on: April 04, 2009, 07:39:54 PM »
We all want to "protect cyberspace." And I'm sure everybody on this forum doesn't want terrorist  attacks.

But this doesn't mean you need a bill like this to do that.

Quote
Then there will be some serious belly-aching.  "How come the government didn't take measures to prevent this?"

There's always belly-aching. It doesn't mean the belly-achers are right. For example, I am sure that every time there is a shooting in a school or college, some people whine that the governemnt should have 'done more' to prevent it by banning more guns and introducing more psychological screening and the Good Lord only knows what else. So what?
Destroy The Enemy in Hand-to-Hand Combat.

"...tradition and custom becomes intertwined and are a strong coercion which directs the society upon fixed lines, and strangles liberty. " ~ William Graham Sumner

Gewehr98

  • friend
  • Senior Member
  • ***
  • Posts: 11,010
  • Yee-haa!
    • Neural Misfires (Blog)
Re: Should Obama Control the Internet?
« Reply #9 on: April 04, 2009, 10:27:07 PM »
MB, I believe you're not seeing the forest for the trees.

We are a piece of ripe fruit, ready for plucking, when it comes to a cyber attack against the U.S. electronic commerce infrastructure.

Were I an enterprising organization with a serious axe to grind against Uncle Sam, that's where I'd find the best bang for my buck.

It would probably do more damage, on an even longer-term basis, than the old "blowing anthrax spores into the Super Bowl" trick.

That's why the IT community was scared poopless about the recent 1 April 09 Conficker worm threat, and why Microsoft has a $250K bounty on the head(s) of those responsible.

If you dig around a bit, you'll discover that we've narrowly dodged a big cyber bullet on previous attacks, and it's enough of a threat that we're standing up a military wing to fight back in the previously uncharted territories of cyber battlespace.

I see where our two congresscritters are coming from, and contrary to popular (APS) belief, I don't think they submitted such a bill with a Snidely Whiplash sneer, aiming at subjugating minions and becoming the dark overlords we secretly knew they wanted to be. 

Could this effort have been accomplished in a different manner?  Oh, probably.

However, I'll go with "Never attribute to Malice", Alex, for $500.00.   

The road to hell is often paved with the best intentions.

That's my take on it. It needs work, but it has merit. 
"Bother", said Pooh, as he chambered another round...

http://neuralmisfires.blogspot.com

"Never squat with your spurs on!"

Ron

  • friends
  • Senior Member
  • ***
  • Posts: 10,883
  • Like a tree planted by the rivers of water
    • What I believe ...
Re: Should Obama Control the Internet?
« Reply #10 on: April 04, 2009, 11:24:26 PM »
I've voted straight Republican every year I've been eligible to vote. My first vote for Prez was for Ronald Reagan for his second term.

The one and only time I wavered was when I voted for Ron Paul and every other libertarian available in '88. Since then straight Republican.

I'm pretty sure I'm done. The Republicans are the reason we have Barack Obama and the reason our rights are eroding exponentially. I haven't relied on the Dems, never trusted them. I trusted the Republicans and they have sold me and the country down the river.

I'd rather take my chances with the chaos of freedom and liberty than continue on this course of big brotherism squared.

I've never had such little faith in or hope for this nation.
For the invisible things of him since the creation of the world are clearly seen, being perceived through the things that are made, even his everlasting power and divinity, that they may be without excuse. Because knowing God, they didn’t glorify him as God, and didn’t give thanks, but became vain in their reasoning, and their senseless heart was darkened. Professing themselves to be wise, they became fools.

Waitone

  • friend
  • Senior Member
  • ***
  • Posts: 3,133
Re: Should Obama Control the Internet?
« Reply #11 on: April 05, 2009, 03:08:25 PM »
Quote
I see where our two congresscritters are coming from, and contrary to popular (APS) belief, I don't think they submitted such a bill with a Snidely Whiplash sneer, aiming at subjugating minions and becoming the dark overlords we secretly knew they wanted to be.

Could this effort have been accomplished in a different manner?  Oh, probably.
Then why was it not.  I find myself split between two camps.  Bad guys are a reality.  And violation of constitutional liberties are a reality.  No doubt there is a need to shut down the internet in the event of a serious cyber attack.  I accept the reality.  I also accept the reality of governments announced intentions of limiting freedom of free speech and a large if not dominant force in the expression of said free speech is the existence of the internet.

So what do I believe?  The national security argument where I  ascribe pure and virtuous motive to its advocates?  Or do I go with the tinfoil hat crowd where unfettered access to the internet is doomed for any number of reasons.  I want to believe the national security argument but my guts tell me the tinfoil argument is primary.
"Men, it has been well said, think in herds. It will be seen that they go mad in herds, while they only recover their senses slowly, and one by one."
- Charles Mackay, Scottish journalist, circa 1841

"Our society is run by insane people for insane objectives. I think we're being run by maniacs for maniacal ends and I think I'm liable to be put away as insane for expressing that. That's what's insane about it." - John Lennon

MicroBalrog

  • friend
  • Senior Member
  • ***
  • Posts: 14,505
Re: Should Obama Control the Internet?
« Reply #12 on: April 05, 2009, 04:22:49 PM »
Quote
I see where our two congresscritters are coming from, and contrary to popular (APS) belief, I don't think they submitted such a bill with a Snidely Whiplash sneer, aiming at subjugating minions and becoming the dark overlords we secretly knew they wanted to be.

Oh, I agree with you. None of these people in Congress are evil. I am quite sure all of those fine, upstanding gentlemen love America and want to see her prosper.

I have never claimed that the problem is a Giant Evil Conspiracy.

In fact, I do not claim this one law is The Last Nail in the Coffin Of Truth, Justice, and the American Way, either.

My argument is composed like this:

1. If we lived in an otherwise free society, such an infringement on our liberties would have been possibly acceptable. However, because of cultural change that has occured in the West (not just in America) over the last century or so, we seem to forget about the layers upon layers of pre-existing infringements. Every time, people seem to think that this is just-one-isolated-thing. Which it isn't.

2. This bill in and of itself is not a major problem. Nor is the current legislation limiting firearms ownership a major problem. Nor is the ban on lawn darts. Nor is the legislation regulating campaign funding. But little things add up. Start pulling hairs from your head, one after another. Eventually, you'll be bald.

3. The current knee-jerk reaction of most Western societies  is to always react to everything with more regulation. DUIs? Reduce the permissible BAC level and add more rolling checkpoints. Mass shootings? Ban guns. A threat of Internet attacks? Increase regulation of the Internet. Airplane hijackings? Create an arbitrary list of persons and ban them from flying. Add this to 2 and you're going to have a problem.
Destroy The Enemy in Hand-to-Hand Combat.

"...tradition and custom becomes intertwined and are a strong coercion which directs the society upon fixed lines, and strangles liberty. " ~ William Graham Sumner

seeker_two

  • friend
  • Senior Member
  • ***
  • Posts: 12,922
  • In short, most intelligence is false.
Re: Should Obama Control the Internet?
« Reply #13 on: April 05, 2009, 09:22:17 PM »

I see where our two congresscritters are coming from, and contrary to popular (APS) belief, I don't think they submitted such a bill with a Snidely Whiplash sneer, aiming at subjugating minions and becoming the dark overlords we secretly knew they wanted to be. 

 

Nope....more Palpatine-ly.....
Impressed yet befogged, they grasped at his vivid leading phrases, seeing only their surface meaning, and missing the deeper current of his thought.

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Should Obama Control the Internet?
« Reply #14 on: April 06, 2009, 07:18:34 AM »
Oh, noes.

Guess I'd better call up the commander of the Air Force's new Cyber Command and tell them their plans to protect the U.S. against malicious information warfare are totally off-kilter.

Because you know, sure as shinola, were the U.S. electronic data infrastructure crippled by an external or internal attack, nobody on a piddly-assed internet forum would just sit there and say, "That's ok" as their ATM cards cease to function, let alone that all-important web browser. 

I understand the reason for protecting American cyberspace.  Previous attacks have shown a real vulnerability.

Anything important is on a SCADA network.  Little critical infrastructure is on internet accessible networks.  The most critical stuff is only monitored by SCADA networks but cannot be given commands over SCADA.  Yes, SCADA networks need to be updated to keep in line with advances made in network defense that internet facing networks almost always have. 

The NSA and DISA publish good white papers and specifications for securing OS's, network devices, some applications, etc.  They also cooperate with private sector manufacturers and software publishers to promote Information Assurance concepts and resources.   They have a good reputation, remain strictly neutral, and usually only advise.  DISA is responsible for the overwhelming amount of US military networks, and a surprising number of general government networks.  DISA handles the bulk of the hands on information security on defense and national security networks.  A lot of server stuff too.  NSA does some stuff, but not as much hands on stuff as you'd think.  Probably for the best.

I'm not convinced that the USAF's Cyber Command is little more than a money sink.  What can they do that the NSA or DISA is not doing?  I suspect their primary mission will be to suck up funds and maybe protect a very few number of networks.  On the plus side, maybe they will do some improvements on embedded networks specific to the USAF.  That'd be nice.  But not critical to the security of the US infrastructure, as they run only more or less internal networks.  They turn over more and more of those networks to DISA each year.  While I would recommend being polite, G98, your call would not be incredibly inaccurate advice.

Disclosure:  I am a former Army commo guy that did some infosec work.  I also worked on a DISA Operational Support Team (OST). 


Quote
Tin foil hattery notwithstanding, we're a cyber attack or two away from another 9/11, except we're already in a pretty bad recession this time. Let's knock out the financial institutions for a few days, and see how it goes.  We'll be trading chickens and ammo in no time. Then there will be some serious belly-aching.  "How come the government didn't take measures to prevent this?"

Is the cure worse than the cause?  Maybe. The devil's always in the details. 

...

I agree and strongly disagree at the same time.  While there is a lot of improvement needed in the information security field, it's not catastrophically bad.  Consumers need better security.  That's the biggest threat at the moment.  Millions of ordinary desktops and laptops.  Infrastructure and corporate wise, infosec is getting better.  Govt always needs to get better, but is good enough by and large.  The only advice I can give that crosses private and public sector is, more applicable user training.  Not the boring CYA legal-ese crap, but short good information.  Put your written passwords in your wallet, don't share them, shred papers you don't need, if in doubt ask IT, don't click on stuff you think is off, if something sounds odd ask your security department, etc etc.   

IT and IT Security departments need to expand beyond technical issues and also regularly interface with the users.  Yes, I bloody well know how problematic this can be.  But most users don't want to work around standard procedures, they just want to do their job in a way that isn't too painstaking.  IT personnel should try to make their user solutions as streamlined as possible. 


All of that said, a centralized body governing network security is such a bad idea I'm not sure I can make a proper analogy.  "You might as well shoot yourself in the head to save time" would be the closest I can come to explaining how bad of an idea it is.  Any hypercentralized NSOC (Network Security Operations Center) with legal powers to control every network in the US would be the worst security threat I can imagine.  If you find a way into such a NSOC, you can take down everything.  As it stands now, if somehow you could take down...  say a specific hospital, that didn't mean you could automatically also take down a nuclear power plant, a jet liner or a Mom'n'Pop small business network.  Decentralization means you have a wide variety of different environments.  The more diverse and decentralized you make the entire US IT infrastructure, the less likely any one attack vector can do damage to a bunch of different networks using the same trick. 

If you wanted to do the same thing in a somewhat secure manner, which is a bad idea, give the central telecoms a right to blacklist IP traffic without legal repercussion and the ability to void their obligation to completing contracts at their leisure but still get paid anyways.  Sounds like a bad idea?  It is.  But it's much more secure than the hypercentralized NSOC idea. 


Quote
That's why the IT community was scared poopless about the recent 1 April 09 Conficker worm threat, and why Microsoft has a $250K bounty on the head(s) of those responsible.

Really?  Must be a different part of the IT community than I regularly communicate with.  Oh sure, we're very concerned with users installing malware.  Any one worm?  Not so much.  If you patch your systems regularly, have a good AV solution and hopefully a half decent firewall, there isn't a worm made yet that the IT community is 'scared poopless' over.  I think you're confusing secondary effects (rush to patch an exploit, or dealing with an upsurge in spam traffic) with the worm or malware itself.   

Hell, I was amazed at how much the media was playing up Conficker.  The persons that designed Conficker were either really stupid, or didn't care.  If you upgrade to nmap 4.85Beta7 and run the command " nmap -PN -d -p 445 --script=smb-check-vulns --script-args=safe=1 12.34.56.78 ", you can determine if the host is infected or not. (12.34.56.78 being the target IP, and obviously removing the quotes.)   Why?   NetpwPathCanonicalize() gives a nonstandard answer to queries.  So you ask the worm if it has infected a host, and it accurately says "Yes, I did."

I'll grant you, worms are becoming more sophisticated.  Storm was designed by someone with a glancing knowledge of secure programming.  Not a professional level, of course.  Almost, but not quite, respectable.  Conficker is worrisome not because it was well written or well designed, but rather because it exploited a nasty hole in all relevant versions of Windows (See MS08-067), which is a hole that gives system level access with no authentication over a network.  That's as bad as an security hole gets.  If you're patched, no problem.  If you're running an AV, somewhat no problem. 

Instead of saying "ZOMG! Killer worm!  All the geeks are in a panic and predict end of the world", the media should say "Yo, a routine worm is making it around the internet exploiting a hole patched on Oct 8th, 2008.  If you haven't patched your desktop in SIX MONTHS, please do so.  Go to whatever.com for details on how to do so."  As we all know, rational dissemination of information ain't the media's strong point.
« Last Edit: April 06, 2009, 07:37:45 AM by RevDisk »
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

mtnbkr

  • friend
  • Senior Member
  • ***
  • Posts: 15,388
Re: Should Obama Control the Internet?
« Reply #15 on: April 06, 2009, 08:43:00 AM »
Gotta agree with RevDisk, though I've been seeing more and more "critical" infrastructure being put on the public Internet. 

I currently work with Internet systems (firewalls, mail, dns, etc) for a large civilian govt project (let's just say your data traverses my network at times).  Did we take Conflicker serious?  Sure.  Were we in a panic?  Hardly. 

The biggest threat to IT security has always been users who are either undereducated about security or apathetic about it.  Until those users are educated and understand the ramifications of system patches, authentication, etc we will continue to have problems.

Personally, I think the best solution is some sort of understanding at the ISP level to block traffic from insecure or infected systems.  At my project, we frequently perform penetration scans and present the results to stakeholders.  When I was running a VPN service there, I frequently received those reports.  Most of the time they were innocuous (Zomg!  Your box responds to ping!), but sometimes I got good intel from the reports that helped me further refine the security of the system in question.  I think ISPs might want to consider similar actions and even block networks that refuse to correct issues they've been alerted to.

BTW, the NSA guides mentioned above are fantastic.  I used their NT4.0 guide back in 2000 to harden a quartet of NT4 servers running a PKI system for the VPN service I mentioned.  The C&A guy said that was the first time he had no significant issues to be corrected.

Chris

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Should Obama Control the Internet?
« Reply #16 on: April 06, 2009, 08:59:14 AM »
BTW, the NSA guides mentioned above are fantastic.  I used their NT4.0 guide back in 2000 to harden a quartet of NT4 servers running a PKI system for the VPN service I mentioned.  The C&A guy said that was the first time he had no significant issues to be corrected.

Chris

Links!

DISA's IA site : http://iase.disa.mil/index2.html  (DoD PKI required for some stuff.)

NSA/CSS's Security Configuration repository : http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml

OnGuard Online (for less technical folks) : http://www.onguardonline.gov/default.aspx
« Last Edit: April 06, 2009, 09:08:02 AM by RevDisk »
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

tokugawa

  • friend
  • Senior Member
  • ***
  • Posts: 2,876
Re: Should Obama Control the Internet?
« Reply #17 on: April 06, 2009, 11:49:09 AM »
Some politician once said this (or words to this effect)
 
 "  When evaluating a new proposed law, do not do so based on the intended use of that law. Instead, think of the most perverted, convoluted interpretation possible, because THAT is how the law will be stretched to encompass new "crimes", that were not even envisioned in the original document."
     (I am sure you can all think of examples)
 
  Control of the internet, as in ability to shut off things like this forum, email, blogs, etc would be a top priority for any Gov. that wants to suppress an unruly populace. Pretty hard to demonstrate if you do not know there is going to be a demonstration. Expand this thought as you wish.
 
  At this time we are undergoing the biggest theft the world has ever seen, as the powers that be bleed us and our future generations  dry, to cover the frauds perpetrated by
JP Morgan/Chase, BoA, Citygroup, Goldman Sachs, and one or two others. - between them, they hold about 95% of all the derivatives set to fail.  The same damned crew that caused the problems is now sacrificing  our children 's futures to cover their own asses, using their toadies in the Gov. to open the money spigot.   Compared to these guys, AQ are pikers. Wonder how many will end up dead, out in the cold, no food, no meds, no home, as a result of the impending collapse?  These people are indeed "changing" America from a nation of the free to a nation of "New Lords" and serfs. Welcome to the new feudalism. Shut off the internet and and the consolidation of power is complete. Hell, we wouldn't even know the pitchfork factory had closed.


   "I believe that banking institutions are more dangerous to our
 liberties than standing armies. If the American people ever allow private
 banks to control the issue of their currency, first by inflation, then by
 deflation, the banks and corporations that will grow up around the banks
 will deprive the people of all property until their children wake-up
 homeless on the continent their fathers conquered."
     
  Thomas Jefferson

 
 "The way to crush the bourgeoisie is to grind them
between the millstones of taxation and inflation."

  Lenin

longeyes

  • friend
  • Senior Member
  • ***
  • Posts: 5,405
Re: Should Obama Control the Internet?
« Reply #18 on: April 06, 2009, 12:11:13 PM »
+1

Liberty is too important to be left to the technocrats.
"Domari nolo."

Thug: What you lookin' at old man?
Walt Kowalski: Ever notice how you come across somebody once in a while you shouldn't have messed with? That's me.

Molon Labe.

mejeepnut

  • New Member
  • Posts: 29
Re: Should Obama Control the Internet?
« Reply #19 on: April 06, 2009, 12:35:41 PM »
Who makes short wave radios?I think it may be time to invest in there stocks!

Gewehr98

  • friend
  • Senior Member
  • ***
  • Posts: 11,010
  • Yee-haa!
    • Neural Misfires (Blog)
Re: Should Obama Control the Internet?
« Reply #20 on: April 06, 2009, 02:33:53 PM »
That's not how I understand Cyber Command, RevDisk. (Now 24th Air Force under U.S. Space Command)

http://www.afcyber.af.mil/

I envision it as the sharp-toothed DoD portion of our national cyberspace defense, working in conjunction with the guys at Ft. Meade, Langley, etc.   

Of course, what's in one's nascent charter and what evolves out of it are often two different things. I was only a small cog in the big national defense machine, but I could see where anything had the potential for abuse, no doubt about it.

De-centralizing internet security is all well and good, assuming the individual actors can respond to a given threat simultaneously and with the appropriate amount of force to neutralize that threat while preserving the capability that was under attack. (Gawd, that sounds like it came straight from Air War College, doesn't it?   =|)

We've been lucky so far, and have narrowly avoided previous cyber attacks.  If I were Al Qaeda and wanted to put a serious hurt on The Great Satan, that would be a very attractive target to me.

I'll agree that the media really played up Conficker.  If you're part of the system that routinely protects and safeguards systems, it was probably no big deal to you at all.  You're doing your job, and have nothing to fear.  I got called into my wife's work last week to help patch their 50+ systems, because their IT guy hadn't gotten around to it yet, and each machine had a piecemeal update history. (He has a hard time just doing nightly and weekly back-ups, so that explains a lot) To speed things up, I ran Auto-Patcher, downloaded ALL the MS KBXXXX patches, and went from there. Cash in my pocket for somebody else's laziness, and Conficker isn't even a rootkit bug, which is my most hated infection of all.  Now, if a small business with just 50 vulnerable machines is unprepared, I don't think it's a stretch to say there are a lot more out there. 

IOW, you have your s#it wired tight as an IT guy.  Unfortunately, there are many that don't, and that's where the fun will begin in a large-scale cyber attack.  Hopefully, critical data paths will be smarter than that, with recurring Death by Powerpoint COMPUSEC training, vulnerability analysis, up-to-the-minute software patches, the whole 9 yards.  You'll never reach 100%, but perhaps we can get close. So maybe an on/off valve to throttle back the incoming hits while we scurry around like rabbits patching the holes in the dike has merit?   

(Cool links, btw!)
« Last Edit: April 06, 2009, 02:58:09 PM by Gewehr98 »
"Bother", said Pooh, as he chambered another round...

http://neuralmisfires.blogspot.com

"Never squat with your spurs on!"

Werewolf

  • friend
  • Senior Member
  • ***
  • Posts: 2,126
  • Lead, Follow or Get the HELL out of the WAY!
Re: Should Obama Control the Internet?
« Reply #21 on: April 07, 2009, 04:11:27 PM »
Quote
Should President Obama have the power to shut down domestic Internet traffic during a state of emergency?

Except for a short period of time (months?) after 1975 the US has been in an official state of emergency since 1963 or so.  Might have not been renewed by Clinton, maybe, but all it takes for the US to be in a state of emergency is for the Pres to say it is.

Quote
Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) think so. On Wednesday they introduced a bill to establish the Office of the National Cybersecurity Advisor—an arm of the executive branch that would have vast power to monitor and control Internet traffic to protect against threats to critical cyber infrastructure. That broad power is rattling some civil libertarians.
Don't the Chinese already have one of these. Hell we wouldn't even have to reinvent the wheel just go to China and copy theirs.
Life is short, Break the rules, Forgive quickly, Kiss slowly, Love
truly, Laugh uncontrollably, And never regret anything that made you smile.

Fight Me Online

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Should Obama Control the Internet?
« Reply #22 on: April 07, 2009, 08:22:12 PM »
That's not how I understand Cyber Command, RevDisk. (Now 24th Air Force under U.S. Space Command)

http://www.afcyber.af.mil/

I envision it as the sharp-toothed DoD portion of our national cyberspace defense, working in conjunction with the guys at Ft. Meade, Langley, etc.   

Yea, we already have one of those.  DISA and NSA.

Granted, we didn't do offensive IEW (Information and Electronic Warfare), but the defensive stuff, yea.  I never worked the black side, so I can't (and wouldn't) comment on our offensive IEW capacities.  But, I've been doing this since I was 16 and wrote a heuristic malware scanner before mainstream AV companies actually started including antimalware components.  I've now worked mil, gov and com, and I can tell ya with infinite certainty, your Cyber Command is a money soak.  If it wasn't just a money soak, it'd be near useless.  If it wasn't near useless, it was allowed to do stuff other than USAF networks, it'd be a security risk.

Now, there is a place for USAF IEW types, obviously.  Lots of stuff they can do.  Keeping an eye on USAF networks, especially field ones.  Developing good security procedures for embedded networks, which will only become a greater concern as their birds get more advanced.  The newest aircraft have internal networks, somewhat similiar to conventional LAN's, for all of the components to talk to each other.  I very much hope SOMEONE is reviewing its passive and active information security features.  I really don't want hostile governments to be able to take over, jam or feed false data to internal networks in say, a Raptor or JSF.  Actually, I'd be very unhappy if someone could make the bird switch coords for friendly and hostile forces.

The USAF can't even provide decent CAS or airlift capacities to other services, and that is within their responsibility.  If they can't provide their alleged core responsibilities to other services, how can they provide IEW protection to the other services?  Let alone providing IEW protection to our critical infrastructure.


Quote
Of course, what's in one's nascent charter and what evolves out of it are often two different things. I was only a small cog in the big national defense machine, but I could see where anything had the potential for abuse, no doubt about it.

De-centralizing internet security is all well and good, assuming the individual actors can respond to a given threat simultaneously and with the appropriate amount of force to neutralize that threat while preserving the capability that was under attack. (Gawd, that sounds like it came straight from Air War College, doesn't it?   =|)

We've been lucky so far, and have narrowly avoided previous cyber attacks.  If I were Al Qaeda and wanted to put a serious hurt on The Great Satan, that would be a very attractive target to me.

Thing is, just about any IW attack pales in comparison to the average battle against malware and spam.  When I say that, most infowar types say "But targetted attacks are much more dangerous than routine shotgun nature of malware and spam!"  True.  But that's becoming less true with spear phishing and narrow focused malware.  You can thank the Russian mafia for that.  They're led the way on turning hacking and malware into a money making OC  enterprise.

There have been multiple foreign hostile governments that have attempted IEW attacks against government networks in recent history. 

Hell, the USSR did it.  I won't talk about the more modern episodes, but I can talk about some of the historical attacks.  The KGB did pay European hackers to attack US companies and govt systems.  They did a lot of corporate espionage stuff.  We noticed it, and among one of our all-time favorite counterhacks was giving the USSR "altered" information.  Every IEW type's favorite story was when the USSR built a high pressure natural gas pipeline control system built from stolen Western information.  We included a small...  bug.   Certain folks had to warn NORAD and other folks in advance, because the resulting explosion looked like a tac-nuke detonation.

You really don't want to know much effort the USSR had to put in to double, triple, quadruple check everything they stole.  Often, it would have been cheaper in resources to just build/write their own.    =D


Quote
I'll agree that the media really played up Conficker.  If you're part of the system that routinely protects and safeguards systems, it was probably no big deal to you at all.  You're doing your job, and have nothing to fear.  I got called into my wife's work last week to help patch their 50+ systems, because their IT guy hadn't gotten around to it yet, and each machine had a piecemeal update history. (He has a hard time just doing nightly and weekly back-ups, so that explains a lot) To speed things up, I ran Auto-Patcher, downloaded ALL the MS KBXXXX patches, and went from there. Cash in my pocket for somebody else's laziness, and Conficker isn't even a rootkit bug, which is my most hated infection of all.  Now, if a small business with just 50 vulnerable machines is unprepared, I don't think it's a stretch to say there are a lot more out there. 

IOW, you have your s#it wired tight as an IT guy.  Unfortunately, there are many that don't, and that's where the fun will begin in a large-scale cyber attack.  Hopefully, critical data paths will be smarter than that, with recurring Death by Powerpoint COMPUSEC training, vulnerability analysis, up-to-the-minute software patches, the whole 9 yards.  You'll never reach 100%, but perhaps we can get close. So maybe an on/off valve to throttle back the incoming hits while we scurry around like rabbits patching the holes in the dike has merit?   

(Cool links, btw!)

Way off topic, but your rootkit comment made me remember it.  I haven't seen anything really interesting, malware or virus wise in a while.  So when one of my users got infected with an unknown ailment, I was almost jumping for joy.   Ran it by the usual tricks, Blacklight noticed it immediately but none of the usual AV products did.  So I started dissecting.  Generic rootkit delivery system, which was boring.  The payload, I thought was quite clever.  It modified part of the DNS handling section of Windows.  Every X DNS requests, the real IP of requested system was switched for a hostile IP.  So you reload Google's site 20 times and on the twentith time, your request for Google's site instead sent you to ad laden site.  A mild ad click inflator, but I thought it was amusing because it was browser neutral.  Sent it off to the Kaspersky folks and they had it added to the definitions within 15 minutes.

If you're really worried about national exposure to IEW attacks and want the govt to take the lead in fixing, there's a lot that can be done.  Task the NSA with more public Information Assurance work.  As you noticed from the nifty links, they already do a good bit.  Have them make more handy and friendly configuration guides.  Bribe and/or threaten Microsoft into upgrading and opening their patch system.  Have the NSA write and open source a comprehensive patch management system, preferably with the capacity to plug in any third party application patches.  While these patch management systems do exist, they are expensive and many are not very friendly.

Any closed source government supplied (or manditory) solutions would be counterproductive and probably illegal.  Providing good, clean (ie, no Clipper chip like inclusions), open source tools would greatly help. 
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

Gewehr98

  • friend
  • Senior Member
  • ***
  • Posts: 11,010
  • Yee-haa!
    • Neural Misfires (Blog)
Re: Should Obama Control the Internet?
« Reply #23 on: April 07, 2009, 08:56:38 PM »
Quote
The USAF can't even provide decent CAS or airlift capacities to other services, and that is within their responsibility.  If they can't provide their alleged core responsibilities to other services, how can they provide IEW protection to the other services?  Let alone providing IEW protection to our critical infrastructure.

Jeez.

No need to get nasty. 

Get your owned damned CAS, then. Mein Gott!

I wasn't the one coming up with CyberCommand or one of the Joint Chiefs who decided that USAF CyberCommand would be the DoD-wide agency.  Give Adm. Mike Mullen a call and voice your concerns.  ;)
"Bother", said Pooh, as he chambered another round...

http://neuralmisfires.blogspot.com

"Never squat with your spurs on!"

Jamisjockey

  • Booze-fueled paragon of pointless cruelty and wanton sadism
  • friend
  • Senior Member
  • ***
  • Posts: 26,580
  • Your mom sends me care packages
Re: Should Obama Control the Internet?
« Reply #24 on: April 07, 2009, 09:11:10 PM »

The USAF can't even provide decent CAS or airlift capacities to other services, and that is within their responsibility.  If they can't provide their alleged core responsibilities to other services, how can they provide IEW protection to the other services?  Let alone providing IEW protection to our critical infrastructure.




You must've been Army....
 :lol:

Semper Fi,
JD

 The price of a lottery ticket seems to be the maximum most folks are willing to risk toward the dream of becoming a one-percenter. “Robert Hollis”