INSTINCT at HOSDB 2011

This week myself and Paul attended the Home Office Sceintific Development Branch (HOSDB) exhibition in Farnborough, Hampshire. HOSDB in conjunction with UK Trade & Investment Defence & Security Organisations is the UK's platform for showcasing to the world the some fo the new security applications, technologies and solutions that are available to international law enforcement, agencies and public security professionals.

Now, not only was it probably the best day's weather we have had for a long while, but the exhibition itself was actually quite good. Clearly there is very good reason and interest for the UK to market its wears and demonstrate some of its cutting edge technology and the usual companies and faces were there. But it was more the TD2 airport exhibition on the other side of the airbase that caught my eye.

In recognition of the role that technological innovation has to play in CONTEST, the Office for Security and Counter Terrorism (OSCT) with the support of The Ministry of Defence, HOSDB, the Centre for the Protection of National Infrastructure (CPNI) and the Association for Chief Police Officers (ACPO) established INSTINCT (Innovative Science and Technology in Counter Terrorism) INSTINCT is a cross-government programme involving more than a dozen departments and agencies and focuses primarily on improving our understanding of how technology can be best deployed to counter the threat of terrorism. Following a couple of foiled or failed attacks in the aviation environment INSTINCT commissioned its second Technology Demonstrator Project (TD2) and Thales UK was selected to deliver it.

The exhibition itself was laid out just like an airport terminal and by using your boarding card (show material, not actual) you progressed throughout the terminal being confronted by the security technology and of course any sales and marketing staff until your reached your airside area. Upon reaching airside (again, not actual) we were treated to a 10-15 minute presentation and Q&A session that visually demonstrated the process we had just undertaken, describing the joint up thinking and approach given to applying an intergrated security system that could enable early detection and identification of individuals posing a risks to airports and to protect passengers against those possible risks safely and with minimal or no intrusion.

For me this exhibition felt different than any other I've recently been to, as the providers of these applications were not necessarily selling their product directly, it felt more like selling the concept, which for me is a lot easier to 'buy in' to than the hard sale and of course in my opinion action always sounds louder than words. To those of you who didn't get the chance to visit and want to know more about a strand of the CONTEST strategy that doesn't seem to get much of a mention please take the time to visit the Home Office links provided.

Scam - HMRC Tax Refund Phishing Email

A friend of mine recently received the phishing email below. The hypelinks at the bottom all go back to the main www.hmrc.gov.uk website, however the link that says 'Click Here' actually goes to http://al-dammas.com/tmp/awstats/hmrc/hmrc/refundportal.htm this website has now been suspended but be cautious if you receive an email advising you that you are due a refund!

Further examples of HMRC phishing emails can be found here

Terror Plot BA Employee Gets 30 Years

Rajib Karim, 31, from Newcastle (originally from Bangladesh) a former British Airways software engineer has been jailed for 30 years for plotting to blow up a plane.

I think this is an excellent example of the insider threat (albeit a very serious one). This is someone who joined an organisation with one thing on his mind - to obtain 'critical and urgent information' and to then pass it onto a 3rd party to assist in the planning of an act of terrorism.

Rajib Karim gets 30 years
at her majesty's pleasure 

Karim, who worked at the airline's IT centre in Newcastle (having joined BA in September 2007 as a graduate IT trainee), was committed to martyrdom and even tried unsuccessfully to apply to train as an air steward during the BA cabin crew strike - which presumably would have allowed him to get 'airside' bearing in mind the trial heard Awlaki had emailed Karim asking: 'is it possible to get a package or person with a package on board a flight heading to the US?'

Karim passed on key information about airport security and suggested a crippling attack on BA's computer system. But the terrorist leader he reported to - Yemeni preacher Anwar al-Awlaki (a key figure in al-Qaeda in the Arabian Peninsula and is thought to have orchestrated the unsuccessful October plot to send mail bombs on planes from Yemen to the U.S., hidden in the toner cartridges of computer printers) - had plans for him to supply information to blow up a plane.

The Bangladeshi national, who studied electronic engineering at a university in Manchester between 1998 and 2002 has been described as 'mild-mannered, well-educated and respectful'. He has a British wife and child. The court heard Karim hid his hatred for the West from colleagues by joining a gym, playing football and never airing extreme views. BA colleagues had no knowledge of what he was planning or whom he was involved with, he kept his true intentions a secret. Karim 'kept a low-profile' at British Airways, while at home he was making violent propaganda videos for a terrorist group in Bangladesh, police said.

Throughout the trial, the court heard Karim was under the influence of his brother Tehzeeb who had spearheaded the attempts to contact Awlaki. Police spent nine months breaking the encryption on 300 coded messages found on Karim’s computer. Officers described the task as the 'most sophisticated' of its kind the team had ever undertaken.

He was found guilty last month of four counts of preparing acts of terrorism and sentenced today 25/3/11), he also faces deportation after his sentence is completed. Sentencing him at Woolwich Crown Court, Mr Justice Calvert-Smith said he was a committed jihadist who planned offences 'about as grave as could be imagined'. He said Karim was a 'willing follower' who could have brought serious harm and death to civilians had his planning with others come to anything.

Karim was clearly a disciple of an extremist Islamist (Awlaki) but he was in a very dangerous position having access to the type of information which could have assisted in the plotting of a serious terror attack. In this example he was stopped but what measures do you have in place to detect and prevent these people who are clearly out there!

- Posted using BlogPress from my iPad

Guest Blogger: Cyberwar Meeting in European Parliament with NATO's Jamie Shea

This post was written by Reza Rafati - CEO Cyberwarzone.com and he has given us his permission to post it on Chatback Security. Reza recently responded to our request for guest bloggers and what a prefect way to kick things off as Cyber Security is a specialism that we do not profess to know much about!

Cyber Security is now recognized as a high risk priority by governments across the globe. This is supported by the fact that the UK Government’s Strategic Defence Spending Review which diverted key funds away from traditional areas of spending to the protection of the UK’s critical national infrastructure from the cyber threat.

There is no winner in Cyber warfare

The importance of this shift to a greater focus on Cyber Security was given highlighted by the discovery of STUXNET, the first example of a ‘cyber weapon’ designed to attack an aspect of a nation’s critical national infrastructure.

The Meeting

The Cyber Security meeting was a great success. At the start of the meeting there were some technical issues with the microphones, but who cares? We want to discuss Cyber warfare! And so we did.

Strategies

The discussion started with the NATO strategies issue, it was about which options does a country have when it is under attack by a force?

This was a very delicate issue because what is Cyber warfare is? Well we speak of Cyber warfare at the moment that a country has declared war to the country. So when a country or a force attacks another country without a declaration of warfare it is not Cyber warfare.

The act of attacking without a declaration of war is classified as Cybercrime. This makes it hard to retaliate because there is no war declared. The next issue that comes along is the fact that even if we do reply with an attack, we could take down an hospital and then we are speaking of collateral damage. Because the aggressor used the hospital network to attack, we retaliate against the hospital.

We will need a global understanding & perspective about the Cyber war attacks.

Cybercrime is like a paradox. There is no hierarchical system

Nightmare of all problems

After an attack (Stuxnet) there are certain points that need to be checked and controlled. You will have to look after :

 - How did they penetrate the systems

 - You will have to clean the systems

 - The disruption it caused

 - Exploits ?

 - The mental stress it causes.

Regulate

The cyberspace needs to be regulated, but how do you want to regulate the internet while it can't be regulated by a single regulator. Because when we look to the internet we see it as no man’s land (law of the sea), but in fact it is somebody's property, it could be from the government, companies or from civilians.

Transparency

So the world has to agree for transparency. If we need help or information regarding Cyber security the countries should provide them.

But at the moment there is no transparency, think of the Estonia and Russian conflict.

A Finnish expert, told the Helsingin Sanomat newspaper that it would be difficult to prove the Russian state's responsibility, and that the Kremlin could inflict much more serious cyber-damage if it chose to. source

Open issues

 - The internet traffic regarding Cybercrime has increased rapidly.

 - How can a behaviour code be created to use the internet legitimate.

 - If there is an attack going on, and you want to retaliate how will you get the attribution of proof?
 - How can we make retaliation possible?

 - Who is responsible ?

 - What can we do against sponsored cyber attacks?

 - How can we prevent extremists from recruiting people from the internet?

 - At a certain point defence will catch up with offensive behaviour

 - Creating a global cyber war response team

If I would shutdown a honey pot because there is a "cyber war" going on, it could affect over 500 servers. And that is the reason why you can't retaliate, because you don't know were the bodies will show up.

Author: Reza Rafati

Twitter name: @cyberwarzonecom

Website: http://www.cyberwarzone.com/