Office by Alex Penny
Un blog, non tecnico, su tutto quello che mi passa per la testa e voglio che sia pubblico. Queste opinioni e/o segnalazioni non rispecchiano per nulla quelle delle societa' per cui lavoro.
Dopo gli attacchi a Google provenienti dal territorio cinese (ma non imputabili, vista l’assenza di prove, ad enti governativi e non cinesi) si fa un gran parlare della Cina.
Da Stratfor una valutazione organizzativa sui servizi informativi cinesi, con una breve introduzione storica da non sottovalutare.
China’s first intelligence advocate was military theorist Sun Tzu who, in his sixth century B.C. classic The Art of War, emphasized the importance of gathering timely and accurate intelligence in order to win battles. Modern Chinese intelligence began during the Chinese Communist Revolution, when Chiang Kai-Shek’s Chinese Nationalist Party (the Kuomintang, or KMT) created its Investigation Section. The Chinese Communists later followed suit with a series of agencies that eventually became the Social Affairs Department (SAD), the party’s intelligence and counterintelligence organ.
Pare che l’intelligence americana abbia in mente di distruggere Wikileaks, in qualche maniera.
Leggendo questo pseudo-documento di due diligence, interessante di suo nella sua interezza, mi è saltato subito all’occhio che:
“The obscurification technology used by Wikileaks.org has exploitable vulnerabilities. Organizations with properly trained cyber technicians, the proper equipment, and the proper technical software could most likely conduct computer network exploitation (CNE) operations or use cyber tradecraft to obtain access to Wikileaks.org‘s Web site, information systems, or networks that may assist in identifying those persons supplying the data and the means by which they transmitted the data to Wikileaks.org. Forensic analysis of DoD unclassified and classified networks may reveal the location of the information systems used to download the leaked documents. In addition, patterns involving the types of leaked information, classification levels of the leaked information, development of psychological profiles, and inadvertent attribution of an insider through poor OPSEC could also assist in the identification of insiders.”
A mio avviso il problema non dovrebbe essere quello di distruggere Wikileaks (cosa estremamente semplice, tra l’altro, dal punto di vista tecnologico e/o legale), ma avere procedure interne per la gestione e la protezione della proprietà intellettuale e non. Cosa in cui, a quanto pare, anche l’intelligence americana scarseggia, visti gli innumerevoli casi di documenti classificati fuoriusciti verso il grande pubblico.
L’insider non sempre fedele alla causa “aziendale”, nella security moderna è la variabile più difficile da gestire.
05/03/2010 - SONDAGGIO SERVIZI SEGRETI ITALIANI
La Fondazione ICSA (Intelligence Culture and Strategic Analysis) ha realizzato nel periodo compreso tra il 14 ed il 25 gennaio 2010, una indagine campionaria diretta a verificare il grado di fiducia e il livello di conoscenza dei Servizi Segreti italiani, presso l’opinione pubblica nazionale. Inoltre, ICSA ha analizzato un segmento specifico del campione di età compresa tra i 18 ed i 34 anni, esplorandone il quadro motivazionale e le forme di reclutamento preferite per lavorare nell’Intelligence. Il comitato di direzione che ha curato l’indagine è composto dal Pref. Carlo De Stefano, dal Prof. Italo Saverio Trento e dal Gen. Leonardo Tricarico.
Potete visionare (e scaricare) l’intero sondaggio dal primo link, altrimenti leggerlo on-line da scribd, segnalato nel secondo link:
https://docs.google.com/viewer?url=http://www.fondazioneicsa.it/UserFiles/File/sondaggioicsa.pdf
FBI broke law for years in phone record searches Source: www.washingtonpost.com
The FBI illegally collected more than 2,000 U.S. telephone call records between 2002 and 2006 by invoking terrorism emergencies that did not exist or simply persuading phone companies to provide records, according to internal bureau memos and interviews. FBI officials issued approvals after the fact to justify their actions.
E-mails obtained by The Washington Post detail how counterterrorism officials inside FBI headquarters did not follow their own procedures that were put in place to protect civil liberties. The stream of urgent requests for phone records also overwhelmed the FBI communications analysis unit with work that ultimately was not connected to imminent threats.
A Justice Department inspector general’s report due out this month is expected to conclude that the FBI frequently violated the law with its emergency requests, bureau officials confirmed.
The records seen by The Post do not reveal the identities of the people whose phone call records were gathered, but FBI officials said they thought that nearly all of the requests involved terrorism investigations.
FBI general counsel Valerie Caproni said in an interview Monday that the FBI technically violated the Electronic Communications Privacy Act when agents invoked nonexistent emergencies to collect records.
“We should have stopped those requests from being made that way,” she said. The after-the-fact approvals were a “good-hearted but not well-thought-out” solution to put phone carriers at ease, she said. In true emergencies, Caproni said, agents always had the legal right to get phone records, and lawyers have now concluded there was no need for the after-the-fact approval process. “What this turned out to be was a self-inflicted wound,” she said.
Google probing possible inside help on attack - Yahoo! News Source: news.yahoo.com 
SHANGHAI (Reuters) – Google is investigating whether one or more employees may have helped facilitate a cyber-attack that the U.S. search giant said it was a victim of in mid-December, two sources told Reuters on Monday.
Google, the world’s most popular search engine, said last week it may pull out of the world’s biggest Internet market by users after reporting it had been hit by a “sophisticated” cyber-attack on its network that resulted in theft of its intellectual property.
The sources, who are familiar with the situation, told Reuters that the attack, which targeted people who have access to specific parts of Google networks, may have been facilitated by people working in Google China’s office.
“We’re not commenting on rumor and speculation. This is an ongoing investigation, and we simply cannot comment on the details,” a Google spokeswoman said.
