White House Plans Proactive Cyber-Security Role for Spy Agencies

By Brian Krebs
washingtonpost.com Staff Writer
Friday, May 2, 2008; 11:47 AM

America's spy agencies for the first time would be tasked with gathering intelligence on threats to the nation's computer networks under a policy that could be detailed by the White House as early as next week, a senior administration official said Wednesday.

Speaking at a security conference in Washington, the official said the Bush administration wants to harness the intelligence community's offensive capabilities in defense of government and civilian computer systems.

"We've never looked at how all the unique things this government wages against others could be used to inform our defensive posture," said the official, who asked not to be named because the White House has not yet released details about the plan. "We really need to move from [the reality that] the advantage is always with the attacker to how we can have our offense better inform our defense to shrink that gap."

In January, President Bush signed a directive authorizing the intelligence agencies, including the National Security Agency, to monitor all federal network traffic to prevent attackers from breaking in and from stealing sensitive data or disrupting critical systems.

The administration official said the intelligence community is uniquely suited to counteract today's malicious actors -- ranging from lone hackers to organized cyber criminal groups and nation states -- who the official said are constantly developing new attacks and exploiting unknown security holes in software and hardware to compromise government networks.

The official said the president's new cyber-security directive will share the intelligence gleaned through monitoring threats across the government space with the private sector, which experts say is being hit with the same types of attacks that the federal dot-gov space is battling.

"This an important and perhaps one of the most important national security and economic security issues facing us today," the official said. "We want a broader information flow to the private sector of the threats we're seeing, so that they can increase their security posture as well."

Most of the 18 strategic goals laid out in the cyber initiative are currently classified, and few within the government have been fully briefed on the the plan. But the official said the administration plans to release additional details on at least 12 of those goals next week, after the White House Office of Management and Budget issues rules for assigning classification levels for data collected and shared under the new program. An OMB spokesperson confirmed that the White House plans to release the classification memo as early as next week.

Alan Paller, director of research at the Bethesda based SANS Institute, which tracks hacking trends, said few federal civilian agencies or private sector companies have the analysts or computer power to spot the most stealthy cyber attacks. Agencies like the NSA, he said, are in a bit of a tight spot in sharing new threat information with allies and the private sector, because spy agencies very often glean intelligence by exploiting the very same security vulnerabilities in hardware and software used by enemies of the United States.

"This is the oldest conflict in security, because if we give away our best exploits, we lose the ability to use them offensively," Paller said. "That's a conflict the guys at NSA deal with every day. When you find good ones, how long do you wait before you tell the vendors and people defending our own networks?"

This precise conundrum sprang up in December 2007, when U.S. intelligence analysts exchanged with their counterparts in Australia, Canada, New Zealand and the United Kingdom new exploits that had been observed being used against their government networks.

"We lost a key exploit for a critical hard target, so there was a gain and there was a loss," the administration official said. "Many of us agree that we're going to have to accept a lot more intelligence losses in order to increase the defensive posture of the nation."

The NSA and other intelligence agencies have an important ¿ if not vital ¿ role to play in sifting through government network traffic for signs of attacks and compromises, said Jim Dempsey, policy director at the Center for Democracy & Technology. But he said the Bush administration has a penchant for slapping a classified label on even the most benign information, and as a consequence the intelligence community's involvement could result in less ¿ not more ¿ information being shared with the private sector.

"To my mind, one of the key tests of whether this program will be successful or not is how much [information] falls on the classified side of the line, and how much falls on the unclassified side," Dempsey said. "The more information that gets classified, the less likely the initiative will succeed."

The cyber initiative comes more than five years after the Bush administration first released its National Strategy to Secure Cyberspace, a roadmap for securing federal information networks and critical information assets owned and operated by the private sector, such as those used to control the electric and nuclear power systems. The task of implementing that plan largely fell to the Department of Homeland Security, but critics say the department's progress on that front has been hampered by bureaucratic infighting and a lack of authority.

"What you're seeing here is the acknowledgment by the administration that DHS had its chance, flubbed it, and now we've got to get serious," CDT's Dempsey said.

Whether the next administration continues the work called for in the cyber initiative remains and open question. But Paul Kurtz, a former cyber adviser to the Bush administration and a key author of the 2003 strategy, said it would be wrong not to try to stand up some new programs at this time.

"Candidly, they're doing as much as they can given the 11th hour of this administration," said Kurtz, who is among more than two dozen security experts working to devise a series of cyber-security policy recommendations for the next administration. "Our job is to get the programs in place at least initially so we have enough momentum going into the next presidency that ¿ no matter who wins ¿ they can carry on with this effort."

German Islamist Issues Call for Jihad in Internet Video

Source: Deutsche Welle (Germany), 30 April
Fears of a second suicide bombing by a German national have risen after a convert to Islam calls for holy war in an Internet video. EU officials have put posters of the suspect at all the bloc's entry points. The video, posted on the "Time for Martyrdom" Web site, shows 20-year-old Eric B. from the western state of Saarland wearing an ammunitions belt and holding a machine gun. The mountainous backdrop has led some to believe it was filmed in the border region between Afghanistan and Pakistan. "Come over to the jihad, for that is your way to paradise," he proclaims in halting German. "If you cannot come, then help us with your wealth." B., who calls himself Abdulgaffar al-Almani in the video, is reportedly known to German intelligence agencies. Authorities have been tracking his whereabouts at least since September 2007, following B. and his travelling companion, Houssain al-M., a 23-year-old German of Lebanese descent, throughout the Middle East.   Their surveillance was sparked by the raids in North Rhine-Westphalia that uncovered a Saarland-based branch of the Islamic Jihad Union (IJU). Those raids came after a warning from the CIA that the IJU was planning attacks against the American interests in Germany. Authorities thwarted those plans and arrested three men -- two German converts to Islam and a Turk.

 

 Afterwards, the German Federal Criminal Police Office (BKA) issued an alert for four additional members of the cell, including B. and al-M. A third person, Cuneyt Cifcti, a 28-year-old Turk raised in Germany, carried out a suicide bombing in the Khost province of western Afghanistan that killed two US and two Afghan soldiers in March. Cifcti's preparations were well-documented through video, and analysts fear that he may have become B.'s role model. They also fear that B.'s appearance in the film with his face uncovered heralds an imminent attack. He is suspected to have received terrorist training in an IJU camp and was last seen in Kabul in early April, leading some to speculate that he could be planning a suicide bombing there. Wanted posters with his picture on are hung throughout Kabul and his photograph recently appeared in the US army newspaper, Stars and Stripes. His photograph is also posted at all EU entry points and in all German airports in hopes of preventing a possible European attack.

 

Analysts say the video could herald an imminent attack. The video comes a week after German security agents conducted nationwide raids aimed at disrupting a network of Islamists. The raids on homes, clubs, and publishing houses, included the arrest of nine men suspected of trying to radicalize Germans and support a holy war abroad. They also heightened the fear of a growing Islamist movement in Germany.

"Schaden vom Volke abwenden"

Interview with German Interior Minister on Terrorism Topics

Source: German Interior Minister Dr. Wolfgang Schäuble, Focus Magazine, 28.

April 

FOCUS: Das Bundeskriminalamt (BKA) soll zur zentralen Polizeibehörde im

Kampf gegen den Terror ausgebaut werden. Kritiker Ihres Gesetzentwurfs

sehen darin keinen Gewinn, sondern schwere Verluste für den Rechtsstaat.

Ist im Zeichen des Terrorismus Sicherheit nur unter Verzicht auf Freiheit

zu haben?

Schäuble: Ich habe einen Amtseid geleistet: Schaden vom deutschen Volke

abzuwenden. Unser Staat verteidigt die Freiheitsrechte gegen deren Feinde.

Deshalb hat der Verfassungsgesetzgeber so entschieden: Weil der Terrorismus

die Staats- und Lebensordnung insgesamt bedroht, soll das BKA diese

Abwehrkompetenz erhalten - als begründete Ausnahme vom Prinzip, dass

polizeiliche Gefahrenabwehr Ländersache ist.

FOCUS: Ihr Entwurf liest sich, als hätten Sie aus den Länderpolizeigesetzen

die schärfsten Instrumente fürs BKA herausgesucht. Es bekommt 24 neue

Befugnisse: V-Leute und Rasterfahndung, es darf abhören und ausspähen,

Wohnungen und Computer durchsuchen.

Schäuble: Natürlich schaut der Bundesgesetzgeber, was die Länder in 60

Jahren gemacht haben. Daraus kann man doch lernen. Für die Terrorabwehr ist

das Beste gerade gut genug. So ist nach Grundgesetzartikel 13 die optische

Wohnraumüberwachung zur Strafverfolgung untersagt, zur Gefahrenabwehr aber

ausdrücklich erlaubt. Deshalb steht sie in vielen Landespolizeigesetzen.

Der SPD-Vorsitzende Kurt Beck hat im Präsidium seiner Partei gesagt: Wer

den Entwurf zum BKA-Gesetz kritisiert, soll sich erst einmal rechtskundig

machen. Genauso ist es. Seit Jahrzehnten wenden die Polizeien der Länder

diese Instrumentarien an - was keinen Bürger beunruhigt hat. Das wird nicht

dadurch anders, dass nun auch das BKA zur Terrorabwehr die gleichen eng

definierten Rechte erhält. Manche Kräfte in Politik und Medien führen die

Bevölkerung in die Irre, wenn sie eine völlig unsinnige Angst vor einem

angeblichen Überwachungsstaat schüren.

FOCUS: Solcher Eindruck entsteht, wenn zum Beispiel der

Bundesnachrichtendienst (BND) seine Vorschriften bricht und eine deutsche

Journalistin bei ihren Kontakten zu einem afghanischen Minister

bespitzelt.

Schäuble: Aber die Tatsache, dass der Fall jetzt debattiert wird, zeigt

doch, dass die öffentliche Kontrolle greift.

FOCUS: Sie verwechseln Ursache und Reparatur. Es spricht für unsere

Demokratie, dass solche Fälle auffliegen. Aber es spricht gegen die

Dienste, dass solche Verstöße geschehen - im aktuellen Fall gegen

ausdrückliche Anweisungen des BND-Präsidenten.

Schäuble: Auch wenn ich für den BND keine Zuständigkeit habe, ist eines

doch klar: Wir brauchen einen leistungsfähigen Auslandsnachrichtendienst.

Dass er seine Aufklärungsarbeit nicht gegen Journalisten betreiben soll,

ist richtig. Aber ich sage zugleich: Ich kann es als Innenminister nicht

verantworten, Polizisten nach Afghanistan zu entsenden, wenn ich nicht

einen leistungsfähigen Nachrichtendienst habe, der mich über die Lage vor

Ort aufklärt. Hier geht es um den Schutz von Leib und Leben. Natürlich

machen Menschen Fehler, selbst Polizisten, Soldaten, Staatsanwälte und auch

Richter. Aber ich warne vor einem generellen Misstrauen gegen den Staat und

seine Organe. Das wäre gefährlich.

FOCUS: Mit Justizministerin Brigitte Zypries (SPD) haben Sie sich

verständigt, dass die Software für Online-Durchsuchungen nur per

Datenleitung, aber nicht mittels Eindringen in die Wohnung des Verdächtigen

auf dessen Gerät installiert werden darf. Warum so vorsichtig?

Schäuble: Nach gängiger Auslegung untersagt Grundgesetzartikel 13 das

heimliche Betreten von Wohnungen - außer zur Wohnraumüberwachung durch

Einbau einer Abhöranlage.

FOCUS: Künftig auch zur Installation von Kameras - aber nicht eines

Online-Durchsuchungsprogramms. Ist das nicht unlogisch?

Schäuble: Dazu müsste der Gesetzgeber den Verfassungsartikel 13 ändern.

Aber das wollte ich jetzt in diesem Zusammenhang ausdrücklich nicht. Hier

sehen Sie, wie vorsichtig wir vorgehen ...

FOCUS: ... nachdem das Bundesverfassungsgericht bei EU-Haftbefehl,

Luftsicherheit und Lauschangriff Sicherheitsgesetze reihenweise verworfen

hat. Müssen die Karlsruher Richter die Freiheitsrechte gegen

Regierungspläne schützen?

Schäuble: Warum werden Vorwürfe gegen mich erhoben und nicht gegen die

rot-grünen Herren Schröder oder Fischer? Beim Luftsicherheitsgesetz habe

ich als Oppositionsredner vor der Verfassungswidrigkeit gewarnt. Es ärgert

mich, wenn ich die Verleumdung lese und höre, ich hätte Gesetze

eingebracht, die das Bundesverfassungsgericht korrigiert habe. Von mir gibt

es solche Gesetze nicht.

FOCUS: Das BKA rechnet mit etwa zehn Online-Durchsuchungen jährlich. Ist

das glaub würdig? Bei der Telefonüberwachung war anfangs auch nur von

wenigen Fällen die Rede.

Schäuble: Die Online-Durchsuchung kann nur unter ganz eng begrenzten

Voraussetzungen zum Einsatz kommen und muss von einem Richter genehmigt

werden. Zudem ist sie technisch so aufwendig und so teuer, dass es hei

wenigen Fällen bleiben wird.

FOCUS: Wenn die modernen Fahndungstechniken den Kernbereich der privaten

Lebensgestaltung" erfassen, soll gemäß Karlsruher Rechtsprechung ein

Richter prüfen, welches Material gelöscht werden muss. Bei der

Wohnraumüberwachung folgt Ihr Gesetzentwurf dieser Linie. Aber bei der

Online-Durchsuchung sollen zwei BKA-Beamte reichen, das Amt kontrolliert

sich also selbst. Ist das kein Versuch, die Maßregel des

Bundesverfassungsgerichts zu umgehen?

Schäuble: Nein, denn das Gericht hat bei seiner Entscheidung zur

Online-Durchsuchung gar kein sogenanntes Richterband gefordert. Im Übrigen

muss einer der beiden BKA-Beamten die Befähigung zum Richteramt haben.

FOCUS: Der Gesetzentwurf will auch die Video-Überwachung von Unbescholtenen

erlauben, die mit Terrorverdächtigen beruflich oder privat Kontakt haben -

zum Beispiel Anwälte und Journalisten. Dagegen erheben selbst Ihre Kollegen

aus der CDU/CSU-Bundestagsfraktion Einwände.

Schäuble: Die Bestimmung entspricht exakt dem seit Jahren bei schweren und

schwersten Straftaten geltenden Paragraf en 100c Absatz 3 der

Strafprozessordnung. Sie gilt immer dann, wenn ein Verdächtiger sich in

einer anderen als der eigenen Wohnung aufhält und deren Überwachung allein

zur Abwehr der Gefahr nicht ausreicht.

FOCUS: Auch islamische Geistliche sollen belauscht werden dürfen, wenn sie

verdächtigen Besuch haben. Erwarten Sie, dass Terroristen über einen

Anschlag vorher mit dem Imam reden?

Schäuble: Der Schutz von Geistlichen und anderen Berufsgeheimnisträgem ist

ja durch ständige Rechtsprechung zur Strafprozessordnung definiert. Unsere

BKA-Novelle schafft hier keine neue Rechtslage, weder für noch gegen

bestimmte Religionsgemeinschaften.

FOCUS: Und wenn islamische Geistliche in Zukunft einem vom Staat als

Partner anerkannten Religionsverband angehören?

Schäuble: Dann bleibt zu prüfen, ob der Islam etwas Vergleichbares wie

Beichte und Beichtgeheimnis kennt. Ich will jedenfalls nicht, dass ein

Islamfanatiker, der einen Terrorakt vorbereitet, sich ausgerechnet hinter

der Religionsfreiheit verschanzt.

EU To Punish Incitement To Terrorism On Internet

Source: Reuters, 18 Apr 08

EU states agreed on Friday on tight laws against incitement to terrorism in order to clamp down on militant groups' use of the Internet.

            EU justice and interior ministers also agreed in Luxembourg on an action plan to try to stop groups getting explosives. Police say the Internet has taken on huge importance for militants, enabling them to share know-how, plan operations and spread propaganda to a mass audience. "The Internet is used to inspire and mobilize local terrorists ... functioning as a virtual training camp," a text agreed by ministers said. "Each member state shall take the necessary measures to ensure that terrorist-linked offences include ... public provocation to commit a terrorist offence, recruitment for terrorism, training for terrorism." States may also consider attempts to train and recruit as terrorist offences, but are not obliged to do so, an EU official said. Spain 's secretary of state for justice, Julio Perez Hernandez, welcomed the move. "The battle to anticipate (terrorist acts) is crucial for Spain ," he told reporters. "One should not wait for smoke to know there is terrorism." In an effort to assuage civil rights campaigners, the law says that the new measure may not be used to restrict freedom of expression and freedom of the press.

            Before entering into force, the law still needs to be confirmed by ministers after a number of national parliaments have discussed it. A European Commission official said countries like Spain and Italy already punish public provocation to terrorism but others, like Scandinavian countries, would have to change their legislation to apply the new EU text. Under the plan to enhance the security of explosives, ministers agreed to establish an early-warning system on stolen explosives and detonators by the end of the year. They also agreed to create by the year-end a "European Bomb Data System" that would give police and governments permanent access to information on incidents involving explosive devices.

FBI Organizes Defense Against Cyber­attacks

Excerpt(s): “The FBI quietly established last summer a task force involving U.S. intelligence and other agencies to identify and respond to cyberthreats against the United States . Called the National Cyber Investigative Joint Task Force, the group has ‘several dozen’ personnel working together at an undisclosed location in the Washington area, said Shawn Henry, the FBI’s deputy assistant director of its cyberdivision. In an interview with United Press International, Mr. Henry was tight-lipped about the task force’s composition, saying only that it involved ‘several intelligence, law-enforcement and other agencies from across the U.S. government.’ Documents released earlier this month by the Homeland Security Department said the task force was being expanded ‘to include representation from the U.S. Secret Service and several other federal agencies.’”

http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080421/NATION/9002413 39/1002

EU to Criminalize Internet-Based Incitement to Terrorism

European Union justice ministers have agreed that using the Internet to publish bomb recipes or call for acts of terrorism to be committed should count as a criminal offence.