May's Security Streams

Here's May's summary of all the security streams during the month. This is perhaps among the few posts in which I can actually say something about the blog, the individual behind it, and its purpose, which is to - question, provoke, and inform on the big picture. After all, "I want to know God's thoughts... all the rest are details", one of my favorite Albert Einstein's quotes. The way we often talk about a false feeling of security, we can easily talk about a false feeling of blogging, and false feeling of existence altogether. It is often assumed that the more you talk, the more you know, which is exactly the opposite, those that talk know nothing, those that don't, they do. There's nothing wrong with that of refering to yourself, as enriching yourself through past experience helps you preserve your own unique existence, and go further. Awakening the full potential within a living entity is a milestone, while self preservation may limit the very development of a spirit -- or too much techno thrillers recently? :)

It's great to see that a knowledgeble audience has become a daily reality at this blog, it's never too late to meet new friends or their pseudo personalities. I've also included this month's stats area graph so you can get a grasp of the activity, go through past summaries for - January, February, March and April, in case your brain is hungry for more knowledge.

It is my opinion that the more uninformed the end user is, the less incentive for the vendors to innovate at the bottom line, and on the other hand, it is also easier for a vendor to put emphasize on current trends, instead of emerging ones -- which is what is going to add value to its propositonin the long-term. It's more profitable to treat the disease, instead of curing it. And while curing one doesn't mean curing all, it's a progress. So, I inform both sides and everyone in between. Information has never been free, but it wants to be free, so enjoy, syndicate, and keep yourself up-to-date with my perception on information warfare and information security, even when I'm not blogging, but just linking!

01. Biased Privacy Violation
While the site's niche segment has a lot of potential, I doubt it would scale enough to achieve its full effect. Providing Ex-couples with the microphone to express their attitudes is as quistionable as whether playing 3D shooters actually limits or increases violance.

02. Travel Without Moving - Typhoon Class Submarines
There're a lot of strategic security issues going beyond the information security market, and that is the defense and intelligence community's influence on the world. What used to be a restricted, or expensive practice, satellite imageryis today's Google Earth/Maps's service on a mass scale, anyone can zoom in front of the NSA. And as it's obvious you can spot things you can somehow define as sensitive locations though Google Earth/Maps, the question is so what? I've managed to dig quite some interesting locations I haven't seen posted anywhere and will be adding them shortly, feel free to suggest a spot if you have something in mind. The series in no way compete with the Eyeball-Series.org, though I wish.

03. The Current State of Web Application Worms
Web application worms, their potential and possible huge-scale impactis a topic that's rarely covered as an emerging trend by the mainstream media sources. On the other hand, over 200 words acticles on yet another malware variant going in depth into how the Internet is driving force for the E-commerce revolution, and how a ransomware pience of malware is changing this.The problem is rather serious due to the common type of web application vulnerabilities huge eyeball aggregators suffer from. Whether it's speed or infected population to use as a benchmarking tool, just like packet-type of worms, web application worms are foundamental for the creation of a Superworm beneath the AV sensor's radar.

04. Shaping the Market for Security Vulnerabilities Through Exploit Derivatives
Resoucesful post providing overview of the most recent developments inthe emerging market for software vulnerabilities, and the possibilityto secure future vulnerability releases. As Adam at Emergentchaos.com pointed out, the legality of such markets is among the cons of the idea, which is perhaps the time to consider the usability of markets for what's turning into a commodity - security vulnerabilities. The major problem which prompts for the need of such, is the current "private club" only vulnerability sharing practices among the infomediaries, but it can easily be argued that empowering vulnerability diggers, not researchers, isn't the smartest thing the community can do.

Vendors are often discussed as liable for the vulnerabilities in their software, but it's like blaming a dating service for not generating you dates, my point is that you cannot simply blame vendors for the vulnerabilities in their software as it would result in a major slowdown of innovation. Think about it, we all hate Bill Gates and use, while trying to avoid Microsoft's products pretty much everywhere, monocultures are bad, we'd better have half the Internet using MACs, and the other Windows so there would be an incentive and fair "allocation of resources" targeting both sides, as the plain truth is that malicious attackers aren't just attacking these days, they are gaining scale and becoming efficient. In a free market, where market forces invisibly shape and guide it, there's little room for socially oriented iniciatives like these. Today's software and technologies are shipped to get adapted, that's insecure ones we become dependent on, to later find out we have the live with their insecurities -- no one is perfect, and being all well-rounded is so boring at the bottom line.

If we were to start "thinking Security" everywhere, there wouldn't be anything left in respect to usability at the end of the day. And as I've pointed out in a previous post on valuing security, if security doesn't bring anything tangible, but prevents risks, that's the cornerstone of the problems arising with justifying expenditures. The Internet we've become so addicted and dependent on wasn't build with security in mind, but our conscious or subconscious marginal thinking gave us no choice, either live with the vulnerabilities and take advantage of its benefits, or stop using it at all. If we were to start thinking security first, there wouldn't be Internet at all, at least not in our lifetime. ISPs avoiding to take action on customers participating in botnets as they still haven't managed to find a way to commercialize the service, or Microsoft shipping its products in root mode and with all features turned on by default, are important points to keep in mind when refering to the practice of threatening and not curing deceases.

You cannot blame vendors for the security vulnerabilities in their software, you can blame them for the huge windows of opportunities their lack of action opens, and lack of overal commitment towards mitigating the threats posed by these, now, how you would you go to turn your day dreaming into a measurable metric, even come up with a benchmark is challenging -- a challenge ruined by the value of keeping an 0day, a truly 0day one.

05. The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
There you go with your fully realistic 1984 scenario, I wonder would the idea constitute mass surveillance and social networking analysis altogether. DIY alternatives are gaining popularity, and the cell phone industry doesn't really want to be perceived as an "exact location"provider, rather communication services. The excuse if it becomes habitual? Well, since there's no Cold War anymore -- just sentiments -- it's Terrorism today.

06. Snooping on Historical Click Streams
It was about time Google reposition itself as a search company, not as a new media one heading towards portalization. There's nothing wrong with the idea, the realityis they can never catch up with Yahoo -- and they shouldn't! Spending some time with the feature, and you will be able to verify most of your previous research findings, or come across to surprising ones. Do you trust Google and its geolocation services at the bottom line? I do.

07. Pass the Scissors
It's never too late to earn a buck for printing currency, even in times of inflation in between.

08. Is Bin Laden Lacking a Point?
Google trends point to Washington DC as the region with the highest interest in Bin Laden, not surprising isn't it? I feel the entire idea of an organizational hierarchy and Bin Laden on the top is an oudated thinking, but a marketable one forwarding the entire responsibility to one person, who at the end of day wouldn't have any choice but to accept it, even though he had nothing to do with something in particular. Leadership is critical, and so is possible successorship. An image is worth a thousand words in this case!

09. Pocket Anonymity
Harnesing the power of established brands in privacy, encryption and anonymity services and providing portability is a great idea, no doubt, but what I'm missing is a targeted market, a clear positioning, is it privacy or anonymity provider, as there's a huge difference between the two of these. A free alternative to the idea as well.

10. Travel Without Moving - Scratching the Floor
No comment, just awareness.

11. Terrorist Social Network Analysis
Seems like social network analysis practices apply to terrorist organizations as well, and why wouldn't they? As you can see, there isn't big of a different between a Fortune 500 organization, and a terrorist one, the only problem and downsize is the inability to take advantage of the momentum, historical findings out of data mining are useful for power point slides seeking further investment, and that's it.

12. Valuing Security and Prioritizing Your Expenditures
Reactive, Proactive, or Adaptive, what's your security strategy, and what's your return on security investment?

13. EMP Attacks - Electronic Domination in Reverse
Did you know that Stalin was aware of the U.S's A-bomb, even before Harry Truman was? -- the consequence of too much secrecy sometimes! EMP attacks get rarely discussed, yet today's portability of these and potential for chaos put them on the top of my watch list. There have been numerous ongoing Cybersecurity and critical infrastructure security exercies in the U.S for the last couple of years, and while military equipment goes through hardening process, Russia remains a key innovator whose capabilities have surpassed their own expectations. Cyber warfare is the next Revolution in Military Affairs, and it would be naive not to keep thinking of sneaky attacks, the weakest point in an IT and electronics dependent society.

14. Insider Competition in the Defense Industry
Where else, if not in the defense industry?

15. Techno Imperialism and the Effect of Cyberterrorism
Today's public perception of Cyberterrorism is so stereotyped, perhaps due to one basic reality - you cannot fight Cyberterrorism, the way you can blow up a cave in Afghanistan, and it's a big problem. While public accountability is easily achieved through Cybersecurity exercises, there isn't a better tool for propaganda, recruitment, communication and research than the Internet, and as you're about to find out, there are ongoing initiatives to crawl the Web for terrorist web sites, analyze terrorist speaking communication patters on web forums, and how encryption, flight simulator programs are an unseperable reality of the concept.

As the conspiracy theorist inside me is screaming, there used to be a speculation how Disney on purposely brainwashed the perception of UFOs in its content, to make it more user-friendly excuse, and put everyone who's talking the opposite turns into the usual "that's the guy that has seen them" unfavorable position. Today's coverage on Cyberterrorism doesn't provoke discussion, instead it always tries to communicate and question the credibility of the idea, with the usual scenarios relating to SCADA devices, terrorists melting down power plants and the rest of the science-fiction stories. In all my posts on Cyberterrorism, a topic I've been actively writing on, and following for some years, I always point out that terrorists are not rocket scientists unless we make them feel so -- or have benefits to think they are.

16. Travel Without Moving - Cheyenne Mountain Operations Center
Cheyenne Mountain Operations Center from Google Maps, and a summary of a report onGoogle Earth's security implications, I hope you'll manage to get your hands on, the way I did through a friend.

17. Nation Wide Google Hacking Initiative
I like the idea of auditing a nation's cyber space through Google Hacking, the only problem is communicating the value to public and to the companies/sites. What can be defined as sensitive information leaked through Google, and who's the attacker? Is it a script kiddie, a google hacker, a foreign intelligence personel, or foreign company conducting unethical competitive intelligence? Knowing, or at least theorizing on the possible adversaries will lead your auditing practices to an entirely new level.

18. Espionage Ghosts Busters
No government is comfortable with having to smile at Chinese people, or how their economy is evolving from supplier to manufacturer, still there isn't any serious ground for this case -- besides and uncomfortability issue.

19. Arabic Extremist Group Forum Messages' Characteristics
Great research on today's fully realistic scenario of terrorists communicating over the Web, the public one, as basic authentication would have stopped such automated approaches for sure. What can you actually find with that type of intelligence, real terrorists communications, or growing propaganda sentiments, in between pro-democratic individuals to be recruited?

20. The Current, Emerging, and Future State of Hacktivism
A very well researched dissertation, a lot of visionary thoughts while it goes back to the basics. It is doubtful whether hacktivism would cease to exist despite the for-profit malicious attacks these days, as anarchists, governments, patriots or script kiddies, they all have an opinion on how things should be.

21. Bedtime Reading - The Baby Business
What's a "better" kid, and why you don't need one? Controllable uncertainty can be exciting sometimes, but as always, life's too short to live with uncertainty!

22. Travel Without Moving - Korean Demilitarized Zone
A post with an emphasis on North Korea, which as a matter of fact got recently a decline from the U.S on two-way talks on whether the U.S would condemn their nuclear program. As I've pointed out, there are just looking for attention, while the U.S is sticking to six way talks only. Iran truly took advantage of the overly bad publicity for the U.S around the world.

23. Aha, a Backdoor!
A smart way to fuel growth in homeland security solutions is to be able to exempt publicly traded companies from reporting these activities, and with the SEC trying to achieve better transparency in its data reporting practies, it opens up a huge backdoor for enterprises to take advantage of, without any short-term accountability, or transparency requirements for the use of their stockholder's money. It's the corporate world!

24. Forgotten Security
Forgotten what if security plans on a possible assassination to be precise. It's a like a situationwhere a newly graduated wannabe marketer is asked to conduct a marketing research for a future release of a product, and he just opens his bag and brings out a textbook, and starts looking it up.

25. Delaying Yesterday's "0day" Security Vulnerability
Nothing groundbreaking as this is today's reality for everyone, and there isn't such thing as a true 0day vulnerability these days. Oday to who, to the media, to the underground, to the market, or to the researcher who's catching up with a week of backlog?

26. Who's Who in Cyber Warfare?
In the future the majority of Cyber wars would be waged by nations, and the maturity of their understanding of the concept, and actual capabilities is again going to put the masses as a hostage in between. Defensive or offensive motives behind further development, armies will be defeated, and battles will be won in Cyberspace -- whether by infowar guerilla-fighters, corporations, or nations is the beaty of this uncertain growing reality.

27. No Anti Virus Software, No E-banking For You
Great idea, lot's of revenues for the AV vendor, end users with a feeling of security, all looks and sounds great, but it isn't, as these are the basics. An AV solution doesn't mean you won't get hacked, your financial information stolen, and your home PC won't end up in a botnet, it means there's less chance for it to happen now. Is this campaign worth the publicity and in respect to retaining the bank's customers? I feel it is, but it's where the whole process of bank2customer safety practices communication begins.

28. Microsoft in the Information Security Market
McAfee and Symantec have greatly felt the pressure from Microsoft's ambitions, as they've simultaneously released information on their alternatives of OneCare, all-in-one security and PC tunning for the masses. Moreover, IP violation suits and the rest truly represent the threat, and while I don't see any, I avoid the fact that this is what the end user really needs. And with all the buzz about OneCare, Microsoft's distribution channels, channel partners and strategic partnerships, it would be hard for them to stop using OneCare in an year. That's why McAfee, and Symantec's releases of alternatives neatly ruined the pionner position Microsoft could have taken. Now it's the same old information security market, the one you're so comfortable with, McAfee and Symantec providing security solutions as their first priority, and Microsoft, positioned as a follower catching up. Smart move!

29. Covert Competitive Intelligence
With enterprises considering key extranet participants as potential attack vectors, and web-integration of backend systems as potential targets, insiders are benefiting from within. Dealing with "hackers", malware, firewalls configuration etc. is part of the problem of perimeter based and application based defense. Consider taking into consideration, organizational threats such as insiders, and figure out a cost-effective way of dealing with this hard to detect, measure and secure against threat.

30. The Global Security Challenge - Bring Your Know-How
How would you be more creative, knowing how much is your budget and trying to allocate it for the idea of allocating it, or coming up with the idea first and then trying to commercialize it? Budget allocation is a daily practice, but the way it empowers, the very same way it wastes resources, ones usually wrongly allocated.

Healthy Paranoia
I really feel you. Continue reading →

Healthy Paranoia

More developments on the US-China Commission's decision not to use Chinese manufactured PCs on the SIRPnet follow, an event I covered in a previous post "Espionage Ghosts Busters". The oficially stated attack vector, namely that "..a significant portion" of Lenovo is owned by the Chinese Academy of Sciences, an arm of the Chinese government." is nothing more than a healthy paranoia to me, one reaching to the skies on certain occassions, of course. Just came across to an article summarizing some recent events :

"The U.S. State Department recently declared that due to national security concerns, it would restrict use of the 16,000 computers it purchased to nonclassified work. It had originally planned to use 900 of the machines on a network connecting U.S. embassies. Lenovo’s goal of becoming the “Sony of China” could be impeded by worries over its machines’ security, blocking its strategy to move out of its Asia stronghold and into the West by courting North American computer users and possibly listing on U.S. stock markets. That realization sparked outcry from officials of both the Chinese government and the computer company."

However, today's monocultural reality, and favorable trend towards diversity will have greater impact on the (in) security of the PCs. Moreover, the "manufactured in China" reality is a commonly shared myth, one that keeps getting debunked as well :

"Almost any PC you can name has Chinese content,” said Roger Kay, president of the research firm Endpoint Technologies Associates. He pointed to Intel semiconductors and Seagate hard drives made in China. He also noted that 80 percent of notebooks sold worldwide are manufactured in China."

Even if Lenovo dared to implement hardware backdoors, or ship the PCs rootkit ready, it could have successfully ruined its business future -- insider pressure is always an option, but what do you got besides speculation? Don't unload China Communist Party's load on this recently separated from IBM devision, they aren't in the most favorable position, still remain among the top players on the PC market, right next to the efficiency machine Dell, which as a matter of fact recently completed its second high-tech factory in China.

Healthy paranoia, or the George Orwell inside you? Comic page text generated at Gaxed.com Continue reading →

The Global Security Challenge - Bring Your Know-How

It's a public secret that the majority of innovative ideas come from either the academic enviroment, or plain simple entrepreneurial spirits. I find such annual competitions as a valuable incentive for both sides to unleash the full power of their ideas, or commercialize them - consciously or subconciously. SpaceShipOne is a case study on how elephants can't dance, or at least how they dance on high profit margins only.

Recently announced, The Global Security Challenge seeks "..to help young startups succeed in the security field. Take advantage of this unique opportunity to get your ideas in front of investors, media, and government and industry leaders." And most importantly :

"We seek to uncover the creative capabilities of innovators in universities and infant companies that apply to public security needs. This includes software, hardware or other industrial solutions that help (a) protect people, critical infrastructure, facilities and data/electronic systems against terrorist or other criminal attacks and natural disasters or (b) help governments, businesses and communities defend against, cope with or recover from such incidents. Examples of Technologies We Seek:
- Mesh Networks
- Data Storage and Recovery
- Detection/ Sensors
- Biometrics
- Search Software
- Cyber/Network Security
- Communications Interoperability & Reconstruction
- Biological/Chemical/Radiological Remediation
- Protective Equipment
- RFID, Asset Tracking & Container Security
- Biotechnology

I bet Europe's Top Private Security Companies revenues' exceed the limit of having less than £ 10 million in annual revenues, it's worth speculating on their participation. Do your homework, know your competitors better than they do themselves,work out your elevator pitch, and disrupt.

As far as acquisitions are concerned, SiteAdvisor is the fist recently acquired startup that comes to my mind with its $70M acquisition deal valuation. As it obviously goes beyond VC type of mentorship, to many this seemed as an overhyped deal. There's no price for being a pioneer, but a price on acquiring the position -- a stairway to heaven. Right now, a vertical security market segment is slowly developing, and it is my humble opinion that the company's pioneering position is poised for success. Another alternative to SiteAdvisor's safe search function is the recently launched Scandoo.com which actually integrates the results from Google and Yahoo -- I doubt users would that easily change their search preferences though.

Who's next to get acquired, or hopefully funded? Continue reading →

Covert Competitive Intelligence

Yet another agreement on alleged covert competitive intelligence, this time, "WestJet Airlines says it’s sorry that members of its management team covertly accessed a confidential Air Canada website, and has agreed pay $15.5 million. In a joint news release from the two carriers, WestJet said that in 2003-2004, members of their management team "engaged in an extensive practice of covertly accessing a password protected proprietary employee website maintained by Air Canada to download detailed and commercially sensitive information without authorization or consent from Air Canada."

It's worth noting that Air Canada was actually aware of the security event, knew when it happened, and managed to trace it back to their competitors. Today's competitive intelligence does include unethical information gathering whether in-house, or "outsourced" practices, as DDoS for hire still make the headlines, compared to the many other still undetected insider leakages years ago. It's also impressive how Dumpster diving still remains a serious threat -- so make sure you shred your secrets! Continue reading →

Microsoft in the Information Security Market

Microsoft is emptying its pockets with tiny acquisitions of security solution providers with the idea to target the masses in its all-in-one security service OneCare. There's nothing wrong with offering up to three licenses for $49.95 per year, at least not from a marketing point of view. Microsoft's Security Ambitions are getting huge "as it continues to reveal its security ambitions in very obvious ways. Its $75 million acquisition of SSL VPN vendor Whale Communications last week shows just how deep it wants to go against the established leaders of various security technologies. Already in Microsoft’s security sights are the antivirus and antispyware vendors. Since buying European antispyware vendor Giant Company Software and antivirus vendor Sybari, it was pretty clear that Microsoft intended to get into the malware protection market. Symantec, McAfee and Trend Micro seemed to be the clearest targets, but so are Sophos, CA, F-Secure and scores more smaller vendors."

Competition is always good for all parties involved. In another article on the topic, WebRoot's founder, a leading anti-spyware solutions provider, gave great comments about Microsoft's take over of the infosec market : "The taking of a second-best product in this space is akin to locking half the doors in your house," he said. "Vista will not solve the spyware problem. It may change the vector of attack, but it will not solve this problem. And I'll bet the company on it."

Microsoft really surprised me with their release of the Strider Honey Monkeys Crawler, as precisely the type of in-house research that would act as a main differention point of its solutions. The problem has never been the technology, they still have some of the brightest minds in the world working for them, but providing value and communicating the idea to the final customer. Security as a second priority isn't tolerated by customers, and Microsoft is last company that the end user associates with security. Obsessed with perfection, and still living in the product marketing concept world, is outdated thinking, the way pushing features based on "what the sample says" is not going to hold the front any longer. Customers beg to participate!

While for the time being Microsoft is rediscovering the Web, and working on Vista, money doesn't necessarily buy innovation, prone to make impact individuals do --ones heading to Mountain View, California where the real action is. Continue reading →

No Anti Virus Software, No E-banking For You

Malware and Phishing are the true enemies of E-commerce, its future penetration, and E-banking altogether. Still, there are often banks envisioning the very basic risks, and hedging them one way or another, as "Barclays gives anti-virus software to customers"

"Barclays Bank is issuing UK internet banking customers with anti-virus software, as part of attempts to reduce online identity theft. The bank has signed a deal with Finnish anti-virus firm F-Secure, which will provide software to the bank’s 1.6m UK internet banking customers. While other banks offer discounted anti-virus software deals to customers, Barclays is the first in the UK to give it away for free. ’Nearly two-thirds of home PCs don’t have active virus protection, and one in five is actually infected by a virus, placing people at risk from data theft, as well as damage to their computers,’ said Barnaby Davis, director of electronic banking at Barclays."

I find the idea a very good mostly because compared to other banks that try to reestablish the email communication with their customers, but starting from the basics, you can't do E-banking without generally acceptable security measure in place. And while an AV solution doesn't necessarily mean the customer wouldn't get attacked by other means, or that it would be actually active in the moment of the attack, this is a very smart to do. To take advantage of even more benefits, Barclays must actively communicate their contribution and unique differentiating point to their customers, in comparison with the other banks -- it's getting harder for companies to retain customers due to improved access to information, thus more informed decisions.

You can't just deal with the technological part of the problem, but avoid the human side in it, as education and awareness will result in less gullible, but more satisfied and longer retained customers. Phishing is today's efficient social engineering, and a bank's site shouldn't be assumed "secure" as on many occasions site-specific vulnerabilities improve the truthfulness of the scam itself. Forwarding the responsibility for secured access to the E-banking feature to final customers should be simultaneous with the bank auditing its web services. In the upcoming years, with the rise of mobile banking, I think we will inevitably start seeing more mobile phishing attempts.

Ebay's PayPal is still a major player in online payments, on its way to dominate mobile payments too. The trend and potential of cross-platform malware is what both AV vendors and payment providers should keep in mind. Continue reading →

Who's Who in Cyber Warfare?

Wondering what's the current state of cyber warfare capabilities of certain countries, I recently finished reading a report "Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States", a very in-depth summary of Nation2Nation Cyber conflicts and developments I recommend you to read in case you're interested. It covers China, India, Iran, North Korea, Pakistan, and, of course, Russia. Some selected brief excerpts on China, Iran, and Russia :



China
"Beijing’s intelligence services continue to collect science and technology information to support the government’s goals, while Chinese industry gives priority to domestically manufactured products to meet its technology needs. The PLA maintains close ties with its Russian counterpart, but there is significant evidence that Beijing seeks to develop its own unique model for waging cyber warfare."



Iran
"The armed forces and technical universities have joined in an effort to create independent cyber R & D centers and train personnel in IT skills; and second, Tehran actively seeks to buy IT and military related technical assistance and training from both Russia and India."



Russia
"Russia’s armed forces, collaborating with experts in the IT sector and academic community, have developed a robust cyber warfare doctrine. The authors of Russia’s cyber warfare doctrine have disclosed discussions and debates concerning Moscow’s official policy. “Information weaponry,” i.e., weapons based on programming code, receives paramount attention in official cyber warfare doctrine."



Technology as the next Revolution in Military Affairs (RMA) was inevitable development, what's important to keep in mind is knowing who's up to what, what are the foundations of their military thinking, as well as who's copying attitude from who. Having the capacity to wage offensive and defense cyber warfare is getting more important, still, military thinkers of certain countries find network centric warfare or total renovation of C4I communications as the panacea when dealing with their about to get scraped conventional weaponry systems. Convergence represents countless opportunities for waging Cyber Warfare, offensive one as well, as I doubt there isn't a country working on defensive projects.



In a previous post Techno-Imperialism and the Effect of Cyberterrorism I also provided detailed overview of the concept and lots of real-life scenarios related to Cyberterrorism, an extension of Cyber warfare capabilities. It shouldn't come as a surprise to you, that a nation's military and intelligence personnel have, or seek to gain access to 0day security vulnerabilities, the currency of trade in today's E-society as well as recruiting local "renegades".



Undermining a nation's confidence in its own abilities, the public's perception of inevitable failure, sophisticated PSYOPS, "excluded middle" propaganda, it all comes down to who's a step ahead of the event by either predicting or intercepting its future occurrence. Information is not power, it's noise turning into Knowledge, one that becomes power -- if and when exercised. Continue reading →

Delaying Yesterday's "0day" Security Vulnerability

I never imagined we would be waiting for the release of a "0day" vulnerability, but I guess that's what happens if you're not a customer of an informediary in the growing market for software vulnerabilities -- growth in respect to, researchers, infomediaries and security vulnerabilities. Stay tuned for "Exploit Of Windows 2000 Zero-day To Hit In June", and take your time to appreciate that it's affecting "extended support" software. From the article :



"Symantec warned its enterprise customers Thursday that an unpatched vulnerability in Windows 2000’s file sharing protocol has surfaced, with details of an exploit expected to show next month. According to the Cupertino, Calif. company’s alert, an exploit for the zero-day bug in Windows 2000’s SMB (Server Message Block) protocol has been created by Immunity Security, the makers of the CANVAS exploit-creation platform. By Immunity researcher Dave Aitel’s account, the exploit leverages a flaw in the operating system’s kernel that can be triggered through SMB, and will give an attacker full access to the PC. Aitel claimed Immunity will make the exploit public in June. "Immunity is considered to be a reliable source and we are of the opinion that this information should be treated as fact," read Symantec’s warning. "An official security update from Microsoft will likely not be in development until after June when the information is released."



Well, how can they fix in such a way, even though their "sophisticated", quality-obsessed patch management practices. When working with vulnerabilities, or updating yourself with the dailypack of new ones, don't live with the false feeling of their uniqueness, but try figuring out how to be a step ahead of the vulnerabilities management stage. If Microsoft requested from Immunity Security to look up for possible security vulnerabilities, gave them a deadline, and secured a commission in case a vulnerability is actually found, it would have perfectly fited in the scenario in a previous post "Shaping the Market for Security Vulnerabilities Through Exploit Derivatives" -- reporting a vulnerability, let's not mention web application vulnerability is for the brave these days. Moreover, "Economic Analysis of the Market for Software Vulnerability Disclosure" quotes Arora et al. on the same issue from a vendor's point of view :



"developing an economic model to study a vendor's decision of when to introduce its software and whether or not to patch vulnerabilities in its software. They compare the decision process of a social-welfare maximizing monopolistic vendot, to that of a profit-maximizing monopolistic vendor. Interestingly, they observe that the profit-maximizing vendor delivers a product that has fewer bugs, than a social-welfare maximizing vendor. Howver, the profit-maximizing vendor is less willing to patch its software than its social-welfare maximizing counterpart." - The Price of Restricting Vulnerability Publications is indeed getting higher.



Reactive, Proactive, or Adaptive - what's your current security strategy? Continue reading →

Forgotten Security

It's one thing to expose a Pengaton conference's attendees list, and another Mr. Blair's security plans intended to protect the Prime Minister from a terrorist attack during the Labour Party conference".


From the article :
"Security plans intended to protect the Prime Minister from a terrorist attack during the Labour Party conference have been left in a hotel. The documents include a list of ways in which Mr Blair and members of his Cabinet could be killed as they attend the five-day conference at Manchester’s G-Mex Centre in September. Greater Manchester Police said that the dossier, found at the Midland Hotel, had been left by a member of hotel staff but insisted that the plans were not secret."


Every country has it's reputable think tanks, whether representing PhDs' with eyeglasses thick enough to have the sun burn their eyes, or plain simple analysts, worst case scenarios when protecting national leaders are among the top priorities. I think that even if the plans weren't secret, they reveal a lot of info on the security agency's thinking and hypotizing approach, still, no advantage could have been taken given the short timeframe -- thankfully. Continue reading →

Aha, a Backdoor!

Security precautions can indeed blur the transparency of a company's financial performance -- one that's extremely important in the post-Enron corporate world. Under fire over some of the biggest corporate scandals during the last decade, the Securities and Exchange Commission (SEC) has been trying to change the data standards to ensure greater accountability and support decision makers. On the other hand, the U.S's Intelligence Czar, John Negroponte remains in position to "exempt" publicly traded companies from reporting matters in relation to nothing else but national security.


From the article :

"Now, the White House’s top spymaster can cite national security to exempt businesses from reporting requirements President George W. Bush has bestowed on his intelligence czar, John Negroponte, broad authority, in the name of national security, to excuse publicly traded companies from their usual accounting and securities-disclosure obligations. Notice of the development came in a brief entry in the Federal Register, dated May 5, 2006, that was opaque to the untrained eye."



What the U.S government gets is stimulated to invest in homeland security publicly traded companies, given the benefits of the possible "exemption" and countless opportunities for profitable speculation. If the backdoor left gets used for purposes other than classifying some obvious defense contractors' accounting histories I wouldn't doubt seeing Coca Cola diversifying to take advantage of expanding the unaccountable R&D department. Moreover, today I came across to an independent research stating that classified and unaccountable military spending is at its peak.



It's fascinating to label something as top secret and let the world know about it 30 years later in order to lose the public effect of the discovery, still "excusing" companies to fuel growth would open up a great deal for corporate fraud schemes, but yes, investments too. Continue reading →

Travel Without Moving - Korean Demilitarized Zone

Continuing the travel without moving series, the Korean Demilitarized Zone remains a hot spot with North Korea publicly stating its ambtions of joining the nuclear club. How big of a threat is the statement anyway? I believe it's a desperate move from the North Koreans' side, while trying to put itself on the world's map again -- and the news of course.


What they lost was the momentum, one that Iran greatly took advantage of. Think about it, as the U.S's War on Terror is like any"product concept", it inevitably passes through introduction, growth, maturity and decline stages in respect to public relations. Abu Ghraib's offensive PSYOPS case, a national disaster in between, Muhammad's cartoons, and NSA's fiasco seemed to further strenghten the momentum of announcing their intentions without fear of having the U.S in their backyard -- smart move fully taking advantage of the situation and definitely resulting in a future dimplomatic solution.



While North Korea is presumably hoping to improve the nation's dignity and reputation as scietifically sophisticated enough to be recognized, building nuclear weapons when the central statistical bureau releases reports of people dying out of starvation reminds of the best Cold War strategy game scenario I ever played.


No real army for the regime, but sneaky partisans everywhere, no roads, no buildings, but nuclear bombs and cruise missiles in every city, as well as income distribution model based on the "model of leftovers", thus, riots and lack of any production capabilities. I remember watching a documentary where a soldier was trying to broadcast over the border, and of course, North Korea's jammers in action. Censoring news, obsessive self-regulation practices, total denial of problems, and keeping everyone in a twisted reality for as long as necessary is a daily practice -- still, there are capitalists trying to operate business ventures there.



What the international community could possibly do is not to lose touch with these people, and constantly "ping" their diplomacy while trying to achieve bargain deals -- the problem is that even Asian countries find North Korea a spooky place. Kim Jong-il is not a mad man, but a man looking for attention, give him some without having him "envision" a conventional weaponry phrase in his country's history. Continue reading →

Bedtime Reading - The Baby Business

While not necessarily an AI, a Project 2501 type of living entity breakthrough development, there's a growing (underground) market for genetically modified newborns, a scary scenario that reminds of previous episodes (Criminal Nature) of the Outer Limits and of course Gattaca in all of its twisted beauty and utopian representation of Space as the "final destination".



The Baby Business explains how parents willing to pay to make their kids "better" are actually fueling growth in the market itself. What's a "better" kid anyway? One that's smart, beautiful, that thinks like an Ivy League freshman when its 10 years old -- is it thinking or theoritizing? -- a math genious with a second life of a marketer?



Or intelligent, passionate about something eventually becoming a turning point for his future development, realizing admitting and getting over failure, being interested instead of being interesting type of kid, with a pure feeling of self-development and self-realization? -- a soul.



Would the "haves" donate genetic know-how, or would one be eventually found and commercialized? I think utopias are a powerful driving force, yet perfection remains among the biggest human weaknesses ever -- superhuman is a state of mind if you are willing to embrace it. Continue reading →

The Current, Emerging, and Future State of Hacktivism

Zone-H recently reported yet another major hacktivism case in what's stated to be the biggest hacking incident in the web-hosting history-- single hack, multiple targets exposed and their audiences' attention "acquired". The very same type of tension happened several weeks ago due to the Muhammad cartoons. It may seem questionable whether Hacktivism would survive in today's for-profit online crime world, but discussion and execution opens up new boundaries the way the author of this research did.



I feel I went through what's perhaps the most recent and extensive research done on Hacktivism, "Hacktivism and the Future of Political Participation" by Alexandra Samuel -- a perfect moment to mention the daily updated security resources, that I go through instantly, hudreds more will soon be shared as well!



The disertation "looks at the phenomenon of hacktivism: the marriage of political activism and computer hacking. It defines hacktivism as the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. Those tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. The dissertation uses data from fifty-one interviews in conjunction with additional primary and secondary source material. This data is used to construct a taxonomy of hacktivism, and apply the taxonomy to three core issues in political participation."



The big picture, the details, and everything in between, how fast can you print, bind and read this masterpiece? Continue reading →

Arabic Extremist Group Forum Messages' Characteristics

Ever wondered what's the font size of a terrorist forum posting? These guys are really deep into using AI for gathering intelligence on various Cyberterrorism threats, and as you can see they neatly visualize their findings. "Applying Authorship Analysis to Extremist-Group Web Forum Messages" by Ahmed Abbasi and Hsinchun Chen, University of Arizona seem to have found a way, or at least patters of ongoing terrorist communication, and of course propaganda online. What they did was :



"To explore these problems, we modified an existing framework for analyzing online authorship and applied it to Arabic and English Web forum messagesassociated with known extremist groups. We developed a special multilingual model—the set of algorithms and related features—to identify Arabic messages, gearing this model toward the language’s unique characteristics. Furthermore, we incorporated a complex message extraction component to allow the use of a more comprehensive set of features tailored specifically toward online messages. A series of experiments evaluating the models indicated a high level of success in identifying communication patterns."



Social network analysis has a lot of potential, and with data mining it seems to be the perfect match for the recent trouble with NSA's domestic spying program. DearNSA.com and the Patriot Search are aiming to solve the problem for both parties -- efficiently.



There's a lot of propaganda chat going on online all the time, and among the very few limitations that bother me about such web aggregation of open source information are the use of steganography, or plain-simple Dark Web (closed for crawlers with basic/sophisticated authentication in place) communication -- remember there's a lot of noise to sort out through as well. Continue reading →

Espionage Ghosts Busters

In previous posts, "Insider Competition in the Defense Industry", and "The anti virus industry's panacea - a virus recovery button" , I gave examples of insider trading, of malware infecting border-screening computers, or the plain truth on how U.S "manufactured" PCs are actually assembled in China these days.



Obviously, plain old paranoia without solid background still dominates as "Representative Frank Wolf (R-VA) has announced that the State Department has agreed not to use 900 computers purchased from Chinese-owned Lenovo on classified computer networks. The US-China Commission, a bipartisan congressional commission, raised concerns when State announced the purchase of 16,000 desktop computers from Lenovo, with 900 to be used on secret networks connected to the Defense Department's classified SIPRnet (Secret Internet Protocol Router Network). State is changing its procurement process to better track changes in vendor ownership that could impact national security."



There's a common myth that a nation's military uses a specially dedicated networks, ones greatly differing from the standart OSI model the way we know it -- which is wrong as it would limit the usability, and increase the costs of operating. My point is that, even a PC sold by Dell would eventually run a Microsoft OS, thus exposing it to the monocultural insecurity by itself, and the human weaknesses of the person operating the PC itself, not guarding the SIPRnet
perimeter.



It would be easier for Chinese hackers or government entities to take advantage of client side attacks on any of these systems, then to ship them backdoor-ready risking too much in case of possible espionage fiasco. There have been known cases of malware leaking nuclear plant information, or employees P2Peering sensitive/classified information. Be it, hardware keyloggers, logic bombs, BIOS rootkits, given the scrutiny, even a slight ambition might have vanished in the air. Modern spy gadgets are evolving, espionage cases are still happenning and some get even public, but in case you're interested in the true ghost covert operative - stay tuned for the Stand Alone Complex Novel! Continue reading →

Nation Wide Google Hacking Initiative

The idea of doing reconnaissance for the purpose of pen testing or malicious activity through google hacking, has already reached levels of automation -- the problem is how the threat gets often neglected by those that actually suffer from a breach later on. I came across to an article pointing out that :



"Anyone who wants to hack into sensitive information on New Zealand internet sites might be pleased to know it can be as easy as typing keywords into a Google search. Researchers at Massey University’s Albany campus say the country’s websites are more vulnerable to "Google hacking" than anywhere else in the world. University Information and Mathematical Sciences Institute senior lecturer Dr Ellen Rose and graduate student Natalia Nehring recently completed a study into the topic."



Not exactly a type of cyberterrorism exercise such as the most recent DigitalStorm, but it's logical to conclude that if someone takes the time and effort to data mine the web, localize the attack like in this case, a lot will be revealed. In a recent article, CSOonline goes in-depth into the security implications posed by Google. I once had a chat with Johnny Long on many topics, among the "few", of course, was google hacking. He made a good point on saying that it's whatever you actually do with the results that matters most, and how diverse is the threat -- by googling your lights off for instance.


What you should keep in mind is that it isn't Google to blame, the way "Improving the Security of Your Site by Breaking Into it" provoked awareness, and not damage. Think the problem isn't big of a shot -- gather some intelligence by yourself through the Google Hack Honeypot project. Continue reading →

Travel Without Moving - Cheyenne Mountain Operations Center

It's a small world -- and a busy one, this post was supposed to appear the previous week so here it goes. There are certain places you just can't miss on the world's map, and the Cheyenne Mountain Operations Center is one of them. Remember the typical massive gate in the War Games movie, or in pretty much any other military/intelligence thriller you've watched? Try this one. Nuke it, EMP it, it's supposed to stand tall, yet it remains a visible sensitive location for you to enjoy without moving. The other day I came across to a report that I somehow missed in relation to various threats -- if any -- posed by Google Earth. "Google Earth Study: Impacts and Uses for Defence and Security" is worth the read :



"The Google Earth study on the impacts and uses for defence and security is aimed at answering a number of questions. What are the technical features, the reliability and limits of GE data and software, regarding international security regulations? Which confidence in data, real dangers of a pernicious use, or impacts of such an easy access to imagery is there on users or the geographical information market? What are the new applications stemming from GE, which services can be derived from this application, or what are the ways to integrate GE into an information system?"



Stay tuned for the upcoming 0day sights from around the world. Continue reading →

Techno Imperialism and the Effect of Cyberterrorism

It's been a while since I've last blogged about Cyberterrorism, and while many did mentioned the topic in between the recent DRDoS attacks, Cyberterrorism is so much more than simply shutting down the Internet, namely the ability to communicate, research, recruit and use propaganda to achieve goals based on ideological beliefs, or the convergence of Terrorism and the Internet.



Can we argue that cyberterrorism is the direct effect of techno imperialism, or let's use a more friendly word such as IT-dependent society and information infrastructure?





What exactly does cyberterrorism mean? When does an average internet user's malicious activity turns into cyberterrorism ones? Are there clear definitions, or the lack of such as resulting in the in a total misunderstanding for both, the media and the general public. The recently released Google Trends, which I covered in a previous post, doesn't even count Cyberterrorism, so I looked further and came across to a very good research "Fear-mongering or fact: The construction of ‘cyber-terrorism’ in U.S., U.K, and Canadian news media" that aims to emphasize on the common misunderstanding when defining Cyberterrorism and the media's acceptance of the concept. The outcome? Declining media presence with the years, to end up where it is today, but what you should keep in mind is that the concept is still out there.





Trying to seperate Cyberterrorism as a tool for achieving Information Warfare dominance is like on purposely ignoring the the big picture -- that Cyberterrorism, one that sometimes results out of hacktivism tensions is a powerful tool for achieving the full effect of information warfare. Whereas such attacks occur all the time, I can argue that the actual impact of cyberterrorism cannot be easily and quantitatively justified. We all know that it's theoretically logical for terrorists to use the Internet for various cyberplanning and cyber communication, what can we do about it?

Crawling for terrorist web sites clearly associated with different organizations, or trying to spot terrorist symphatizers have been in the execution stage for yers. Projects such as the Terrorism Knowledge Discovery Project, take a very deep look into the subject by introducing Terrorism Knowledge Portal, an aggregated source for intelligence. Moreover, according to a recent article :


"SAIC has a $US7 million Defence Department contract to monitor 1500 militant websites that provide al Qaeda and other militant organisations with a main venue for communications, fund-raising, recruitment and training." It's also interesting to note other initiatives that started back in 2001, such as the Automatic Identification of Extremist Internet Web Sites.



Another concept goes in-depth into Confronting Cyberterrorism with Cyber Deception as "if it is possible to deceive terrorists, then it should also be possible to deceive cyberterrorists. The reliance of cyberterrorists on information technology makes them vulnerable to cyber deceptions. In addition, many of the methods and tools that cyberterrorists would use are similar to those used by other less malicious hackers, so we can plan specific deceptions to use against them in advance." As you can see on the grid above, the actors, the deception target and the level of difficulty provide more insight into the idea, great research!





Steganography embedded images used by terrorists on the public web can be doubtful, but on the Dark Web, why not? According to a research I came across to some time ago :


"In academia, graduate students Niel Provos and Richard Honeyman at the University of Michigan have written a web crawling program to detect steganographic images in the wild. The program has already digested 2 billion JPEG’s on popular sights such as ebay and has so far found only one stego-image in the wild. The detected image was on an ABC web page that dealt with the topic of steganography."





Detecting Steganographic Content on the Internet as a concept has been around for ages, while plain old encryption is the de-facto practice according to a well researched news article :





• Wadih El Hage, one of the suspects in the 1998 bombing of two U.S. embassies in East Africa, sent encrypted e-mails under various names, including "Norman" and "Abdus Sabbur," to "associates in al Qaida," according to the Oct. 25, 1998, U.S. indictment against him. Hage went on trial Monday in federal court in New York.





• Khalil Deek, an alleged terrorist arrested in Pakistan in 1999, used encrypted computer files to plot bombings in Jordan at the turn of the millennium, U.S. officials say. Authorities found Deek's computer at his Peshawar, Pakistan, home and flew it to the National Security Agency in Fort Meade, Md. Mathematicians, using supercomputers, decoded the files, enabling the FBI to foil the plot.





• Ramzi Yousef, the convicted mastermind of the World Trade Center bombing in 1993, used encrypted files to hide details of a plot to destroy 11 U.S. airliners. Philippines officials found the computer in Yousef's Manila apartment in 1995. U.S. officials broke the encryption and foiled the plot. Two of the files, FBI officials say, took more than a year to decrypt.





Among the many cases I am aware of worth mentioning are :





- What are the real risks of cyberterrorism? In 1998, a 12-year-old hacker broke into the computer system that controlled the floodgates of the Theodore Roosevelt Dam in Arizona, according to a June Washington Post report. If the gates had been opened, the article added, walls of water could have flooded the cities of Tempe and Mesa, whose populations total nearly 1 million.





- Cyberterrorism: How Real Is the Threat? Yonah Alexander, a terrorism researcher at the Potomac Institute—a think tank with close links to the Pentagon—announced in December 2001, the existence of an “Iraq Net.” This network supposedly consisted of more than one hundred websites set up across the world by Iraq since the mid-1990s to launch denial-of-service or DoS attacks against U.S. companies. The concept of botnets wasn't that popular at the time, so that's an example of marginal thinking on acquiring DoS power.





- In the indictment against Zacharias Moussaoui, it states that Moussaoui had among his possessions a flight simulator program, software for reviewing pilot procedures for a Boeing 747 Model 400, and a computer disk of information on aerial spraying of pesticides. The indictment also outlines Moussaoui’s use of e-mail to inquire about flight training.



- For almost two years, intelligence services around the world tried to uncover the identity of an Internet hacker who had become a key conduit for al-Qaeda. The savvy, English-speaking, presumably young webmaster taunted his pursuers, calling himself Irhabi -- Terrorist -- 007. He hacked into American university computers, propagandized for the Iraq insurgents led by Abu Musab al-Zarqawi and taught other online jihadists how to wield their computers for the cause.





I can argue which article is more intriguing compared to BusinesWeek's writeup on catching the ShadowCrew, but anyway all you need to a get a reader's attention is a name such as Abu Musab al-Zarqawi, a point that I feel is totally brainwashed in this paragraph :)





Cyberterrorism is an inseparable part of Information Warfare, and while we would hopefully never witness a catastrophic scenario, that is offensive use of Cyberterrorism, recruitment and propaganda flood the Internet on a daily basis. Just stop being suspicious about everyone, and try to enjoy life in between, can you, as terrorists are not everywhere -- but where we see them at the bottom line! Continue reading →

Insider Competition in the Defense Industry

While there aren't any smoking emails mentioned in this case, where else can we spot insiders if not in the defense industry, an industry where securing government-backed contracts, or teasing military decion makers with the latest technologies ensures the long-term existence of the business itself? From the article :



"Boeing has been under investigation for improperly acquiring thousands of pages of rival Lockheed Martin's proprietary documents in the late 1990s, using some of them to help win a competition for government rocket-launching business. The government stripped Boeing of about $1 billion worth of rocket launches for its improper use of the Lockheed documents."



Boeing and Lockheed Martin remain the key players in the defense industry, ensuring their portfolio of services (cyberwarfare, theater warfare, grid networking compatibility etc.) remain competitive. I once said that during the Cold War, the tensions between the U.S and the Soviet Union used to be the driving force of progress and innovation, these days, terrorism is the driving force and the "excuse" for military and intelligence spending. And while NASA's budget has been decreasing with the time, the next major space innovation wouldn't come from NASA, but from the commercial sector.



What's the bottom line? A minor short-term effect, and long-term business continuity for sure as "Boeing shares fell $1.76, or 2 percent, to $85.25 in morning trading on the New York Stock Excange." Continue reading →

EMP Attacks - Electronic Domination in Reverse

Yesterday, I came across to an updated(April 14, 2006) CRS report - High Altitude Electromagnetic Pulse (HEMP) and High Power Microwave (HPM) Devices: Threat Assessments, a topic I covered in a previous post related to asymmetric warfare.



Basically, it outlines critical issues such as, what is the U.S(or pretty much any other country thinking asymmetric warfare) doing to ensure critical civil infrastructure is protected against EMP attacks, how does the vulnerability of EMP attacks encourage other nations to develop such capabilities, and yes, of course the "threat" of terrorist EMP warfare -- in your wildest dreams only. An excerpt :



"However, other analysts maintain that some testing done by the U.S. military may have been flawed, or incomplete, leading to faulty conclusions about the level of resistance of commercial equipment to the effects of EMP. These analysts point out that EMP technology has been explored by several other nations, and as circuitry becomes more miniaturized, modern electronics become increasingly vulnerable to disruption. They argue that it could possibly take years for the United States to recover fully from widespread damage to electronics resulting from a large-scale EMP attack."



Why wouldn't a "reported sponsor of terrorist" nations wage EMP warfare, or even try to over the U.S? Because they would have the U.S in their backyard in less than a day, but the opportunity to balance the powers, or achieve temporary military advantage given the attack remains undetected is a tempting factor for future developments -- the ongoing miniaturization and the fact that intense energy effects can be can be produced without an A-Bomb makes it even worse. Surgical HPM and EMP attacks without fear of retaliation is what possible adversaries could be aiming at, and of course portability :



"Other HPM weapons being tested by the military are portable and re-usable through battery-power, and are effective when fired miles away from a target. These weapons can also be focused like a laser beam and tuned to an appropriate frequency in order to penetrate electronics that are heavily shielded against a nuclear attack. The deepest bunkers with the thickest concrete walls reportedly are not safe from such a beam if they have even a single unprotected wire reaching the surface."



Yesterday I was looking for an article I wrote in 1998 on Nuclear Weapons and seem to have found it -- it makes me smile given my age, and the fact that I had to orally defend the topic, hope you will find it an interesting retro read :) I don't necessarily agree with all the things, it just the way I was perceiving the world back than. For instance, Russia didn't accelerate their scientific efforts, as the A-bomb secret eventually leaked out to them, and with the fall of the Soviet Union and ICBMs available in every corner of the country and its republics, it wasn't hard for other nations to piggyback too.



Did you know that Stalin was aware of the U.S's A-bomb, even before Harry Truman was? -- the consequence of too much secrecy sometimes!



Nuclear Weapons
There has always been war, and will always be though we live in more peaceful world nowadays. It's a long time that nuclear weapons are not the same threat to the world's peace as they were years ago. Despite all the reducement and limitation of nuclear weapons they haven't disappeared yet completely. Today all the nuclear arsenals are able to kill everybody on EARTH, a thousand times, though nobody wants to die even once. One of the greatest scientific and human's achievements - mastering the nuclear energy, is in position both to change the traditional sources of energy, and to move toward the social progress. However, this discovery was used not in people's behalf, but against it.


During Truman's leadership nuclear scientists were working on the project"MANHATTAN" as they were to finish mastering the nuclear energy, but they didn't know that their discovery would change completely the world to worse, demanding death to million people. Americans have always been competing with Russians in each sphere. When Americans discovered the A-BOMB Russians were far from it. Then Truman decided to drive Russia into a corner. But he didn't have the chance, due to Stalin who ostensibly didn't pay attention to the threat. To show his power Truman threw the A-BOMB on Hiroshima on 6 of August at 8 :00 am. It generated a huge amoung of energy when it exploded. Most people died within a few hours. By the end 0f 1945 the estimated number of peole who died as a direct result of the bomb was 140,000. But later it has been concluded that the number of people who died was approximately 200,000, even more. Russia decided that it could't last so long and accelerated the speed of doing their project for the A-BOMB several times. Only for 4 years they worked it out which the Americans succeeded for 20. As Russia's A-BOMB appeared the United State's plans for starting a war and attack Russia made them think.


All their plans went wrong. When the U.S controlled the weapons of mass destruction their strategists used to think about the harmful power of the weapons. Now, the U.S have completely changed their policy line. When a conflict arise anywhere in world they would help. When a disaster damages a country, when a war starts they always stand by the side of the weaker. They mastered outer space and they don't do it just for themselves but for the whole mankind. Now all the people in world develop good relationships. But we live in a troubled world. Our daily cares are increasingly dwarfed by the thought that they may vanish in a flash. People separated by continents and oceans are uneted in their wish to prevent the global nuclear catastrophe. Young people today do not wish war they want peace and love. It's not just a wish, it's a must!



This is eight years ago, and I'm still keeping the spirit I guess :) Continue reading →