Nuclear power plant in Cattenom, France. The IAEA has reported cases of random malware-based attacks at nuclear plants. Credit: Stefan Kühn/cc by 2.0

By Thalif Deen
UNITED NATIONS, Aug 17 2015 (IPS)

As hackers continue to rampage through closely-guarded information systems and databases with monotonous regularity, there is a tempting new target for cyber-attacks: the world’s nuclear facilities.

A warning has already been sounded by the International Atomic Energy Agency (IAEA), which has urged the world community to intensify efforts to protect nuclear facilities from possible attacks.“We need to drain the swamp and stop developing technologies that are vulnerable to catastrophic attacks." -- Randy Rydell

Pointing out the nuclear industry was not immune to such attacks, IAEA Director-General Yukiya Amano says there should be a serious attempt at protecting nuclear and radioactive material – since “reports of actual or attempted cyber-attacks are now virtually a daily occurrence.”

The United States, whose defence networks at the Pentagon and also its intelligence agencies have already been compromised by hackers largely from Russia and China, is increasingly concerned about possible cyber-attacks by terrorist organisations – specifically the Islamic State (IS) with its heavy and sophisticated presence on social media.

Ironically, the United States reportedly collaborated with Israel to launch a virus attack on Iran’s nuclear enrichment programme years ago.

Tariq Rauf, director of the Disarmament, Arms Control and Non-Proliferation Programme at the Stockholm International Peace Research Institute (SIPRI), told IPS nuclear power plants and the nuclear industry rely intensively on computer systems and computer codes.

“Any corruption, malware or targeted attacks potentially could have catastrophic consequences for nuclear safety and security,” he warned.

In this regard, he said, it is deplorable that Israel and the United States targeted Iran’s uranium enrichment programme in past years with malware and viruses, thus initiating unprovoked cyber warfare, he added.

Stuxnet, the computer virus introduced into the Iranian nuclear programme by these two countries, has now escaped into other programmes in other countries, said Rauf, the former head of IAEA’s Verification and Security Policy Coordination unit.

“This clearly demonstrates that cyber warfare agents cannot be contained, can spread uncontrollably and can potentially create many hazards for critical infrastructure in the nuclear field,” he said.

He said cyber warfare at the state level is much more dangerous and difficult to defend against than cyber-attacks by hackers, though the hacking of nuclear safety and security systems by amateurs or criminals also pose major risks for radioactive and nuclear materials.

Randy Rydell, a former senior political officer at the U.N’s Office of Disarmament Affairs (ODA), told IPS the real question here is not capabilities but motivation: “Why would someone wish to launch such an attack?”

The answer, he said, is political.

“We need to drain the swamp and stop developing technologies that are vulnerable to catastrophic attacks,” said Rydell, former senior counsellor and Report Director of the Weapons of Mass Destruction (WMD) Commission.

IAEA’s Amano pointed out that last year alone there were cases of random malware-based attacks at nuclear power plants, with such facilities being specifically targeted.

He said staff responsible for nuclear security should know how to repel cyber-attacks and to limit the damage, if systems are actually penetrated.

“The IAEA is doing what it can to help governments, organisations, and individuals adapt to evolving technology-driven threats from skilled cyber adversaries,” he added.

At the next IAEA ministerial conference, scheduled for December 2016, one of the topics for discussion should be how best to elaborate a Code of Conduct for Cyber Security for the Nuclear Industry.

Asked about the cyber capability of terrorist groups and their use of social media, Admiral Cecil Haney, commander U.S. Strategic Command, told reporters last March the Islamic State (IS) and various other organisations have been able to recruit and threaten – “and so we see more and more sophistication associated with that.”

“This is something that we look at very, very closely,” he said, pointing out that U.S. Cyber Command, as well as its interagency team, is working on this.

“And, quite frankly, it is looked at on a day-to-day basis,” he added.

In one of the major breaches of security, the U.S. Office of Personnel Management, which maintains security clearance for millions of federal employees, was one of the targets of hackers last year.

“The threat we face is ever-evolving,” Josh Earnest, the White House press secretary, told reporters last June. “We understand that there is persistent risk out there and we take it seriously,” he added.

But cyber-attacks are also increasingly a policy decision by governments in the United States, Western Europe, Russia and China, as a means of fighting back when attacked.

SIPRI’s Rauf said the IAEA is recognised as playing the central role in setting nuclear security standards for peaceful nuclear activities and has issued guidance documents in this regards for operators of nuclear facilities.

Addressing the IAEA International Conference on Computer Security in a Nuclear World, held in Vienna on June 1, Amano correctly drew attention to the risks and dangers of actual or attempted cyber-attacks against nuclear power plants and the nuclear industry, he noted.

Amano said that “computers play an essential role in all aspects of the management and safe and secure operation of nuclear facilities, including maintaining physical protection, and thus it is vitally important that all such systems are properly secured against malicious intrusions”.

In a statement released last month, the White House said that from the beginning of his current administration, President Barack Obama “has made it clear that cyber security is one of the most important challenges we face as a nation.”

In response, “the U.S. Government has implemented a wide range of policies, both domestic and international, to improve our cyber defences, enhance our response capabilities, and upgrade our incident management tools.”

As the cyber threat continues to increase in severity and sophistication, so does the pace of the Administration’s efforts, the White House noted.

Edited by Kitty Stapp

The writer can be contacted at thalifdeen@aol.com

New technologies make it easier than ever for spy agencies to invade privacy. In the photo, students at the Campus Tecnológico in Guatemala. Credit: Danilo Valladares/IPS

By Emilio Godoy
MEXICO CITY, Oct 3 2013 (IPS)

Governments of countries that engage in large-scale electronic espionage, like the United States, and companies that develop spying software could theoretically face legal action for violating the Convention on Cybercrime.

The Convention, adopted in Budapest in 2001 and in force since 2004, is the first international treaty seeking to address Internet and computer crime, and has a provision that aims to protect the right of privacy of data communication from unauthorised interception.

The treaty, also known as the Budapest Convention, requires member states to criminalise four kinds of conduct against confidentiality or the integrity and availability of computer systems or data: illegal access, illegal interception, data and system interference, and misuse of devices for the purpose of committing these offences.

These are precisely the practices engaged in by the U.S., British and other governments, according to documents leaked to the media in June by former U.S. National Security Agency (NSA) contractor Edward Snowden.

Cyber surveillance “violates the Convention, and perpetrators can be sued” under the Cybercrime Convention Committee, Lorena Pichardo, a law school professor at the National Autonomous University of Mexico (UNAM), told IPS.

The Convention was adopted by the Council of Europe, which was set up to promote democracy and protect human rights and the rule of law in Europe. But the treaty has also been signed by non-member states, like Canada, the United States and Japan. The United States ratified it in 2006.

So far, 51 states have signed the Convention and 40 have ratified it.

It is possible to file a complaint with the Cybercrime Convention Committee, but any action taken is based on the national laws that its members must approve in order to live up to the Convention. Complainants can also turn to the European Court of Human Rights.

A complaint “can be successful, but it would be partial, because among the countries that are party to the Convention, there are interests at stake. The law can be bent and accommodated to national legislation,” Enoc Gutiérrez, a professor of information and communications technology (ICT) at the Autonomous University of the State of Mexico, told IPS.

In a 2012 study that analysed Mexican, U.S. and EU laws, Gutiérrez and his colleagues Lucio Ordóñez and Víctor Saucedo argued the need for special legislation and a special court on computer crime.

The problem is that the Convention does not take into account that cybercrimes can include espionage by a state. The general impression is that when a government seeks cross-border access to computer data, it is doing so to investigate crimes and pursue criminals.

Article 32b of the Budapest Convention introduced an exception to the principle of territorial sovereignty:

“A Party may, without the authorisation of another Party [..] access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.”

The Cybercrimes Convention Committee held its ninth full session Jun. 4-5 – one day before the Guardian and the Washington Post published the first leaks by Snowden. In the meeting, the Committee did not debate anything related to cyber espionage.

But in a recent report, the Committee’s ad hoc sub-group on jurisdiction and transborder access to data said that new developments, such as cloud storage of data and the activities of law enforcement authorities, made it necessary to revise the reach of article 32b.

“Current practices regarding direct law enforcement access to data as well as access via Internet service providers and other private sector entities…illustrate that law enforcement authorities of many States access data stored on computers in other States in order to secure electronic evidence. Such practices frequently go beyond the limited possibilities foreseen in Article 32b and the Budapest Convention in general,” the sub-group says.

This poses risks to human rights, they warn.

“Personal data are increasingly stored by private entities, including cloud service providers. Access by law enforcement to, or the disclosure to law enforcement authorities of personal data stored in a foreign jurisdiction by such private sector entities may violate data protection regulations,” they add.

The NSA and other intelligence agencies use software that enables them to intercept private communications around the world.

Mexico, for example, acquired software from U.S. and European companies to monitor telephone calls, email, chats, Internet browsing histories and social networks.

Of the at least 95 corporations that develop and distribute this kind of software worldwide, 32 are in the U.S., 17 are British and the rest come from some two dozen other nations, according to confidential documents from intelligence contractors published by Wikileaks in December 2011.

The list mentions 78 different products, including Trojan viruses, audio transmitters, audio and video recorders, and tracking tools.

“Any technology with such a huge potential for the violation of fundamental rights should be the focus of the highest level of legal protection, especially if it’s in the hands of private corporations that operate according to purely business objectives,” two officials from Spain’s Interior Ministry, Miguel Ángel Castellano and Pedro David Santamaría, wrote in a December 2012 article, “El control del ciberespacio por parte de gobiernos y empresas” (“Control of cyberspace by governments and companies”).

Pichardo, the law professor, said national legislation tends to take precedence in cases that invoke international principles.

“If we already have a charge of espionage, the serious problem of asking for data from other states is redundant,” she said.

Gutiérrez believes the existing international legal frameworks do not protect citizens, and specific laws are necessary. His studies focus on how to move from ICTs to technologies of learning and communication.

“When citizens are active in a social network like Facebook, by the simple act of accepting the terms of the contract they are saying their information can be shared with banks or government institutions,” he said. “They steal information from us and we don’t even realise it.”

Under CISPA, anybody whose computer became targeted by a virus - meaning most, if not all, computers - would be subject to having their information released. Credit: Danilo Valladares/IPS

By Matthew Charles Cardinale
ATLANTA, Georgia, Apr 30 2013 (IPS)

For the second year in a row, activists have successfully defeated a proposal to allow Internet companies to provide customers’ private information to government agencies and each other without risking violation of privacy laws and agreements.

The Cyber Intelligence Sharing and Protection Act (CISPA), HR 624, passed the U.S. House on Apr. 18 in a 288-127 vote. Most Republicans and just under half of Democrats supported the measure."While the bill’s sponsors talk about China hacking in or a terrorist organisation taking down the grid, they’re writing legislation that’s much broader." -- ACLU's Michelle Richardson

CISPA had been referred to the Senate Intelligence Committee, but the Senate was unable to support the House version and had yet to come up with its own proposal.

CISPA is not expected to resurface again as a single comprehensive bill on cybersecurity, but will likely be taken up as multiple pieces of legislation dealing with different aspects of cybersecurity.

President Barack Obama announced his opposition to, and threatened to veto, CISPA, both before the House Committee vote and again after it.

“The Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill,” the White House wrote in a policy statement dated Apr. 16.

“Importantly, the Committee removed the broad national security exemption, which significantly weakened the restrictions on how this information could be used by the government,” the White House wrote.

According to the American Civil Liberties Union (ACLU), that is one of several improvements – although, in the group’s opinion, still inadequate – that were made to the bill in the House Permanent Select Committee on Intelligence.

As for the purposes for which the information could be released or used, “They had this catch-all, for national security purposes, that wasn’t defined. Based on how the government has defined national security in the past, with the Patriot Act, we thought that was a very big loophole, so they sort of struck that out altogether,” Michelle Richardson, legislative counsel for the ACLU, told IPS.

The White House echoed many of the same concerns raised by such advocacy groups as the ACLU, the Campaign for Liberty, Demand Progress, Democrats.com, a progressive organisation not affiliated with the Democratic Party, and the Electronic Frontier Foundation, as well as the Libertarian Party of the U.S.

Demand Progress sent out a petition to its 1.5 million members and around 200,000 signed a petition opposing CISPA, co-founder David Segal told IPS. Demand Progress is a civil liberties advocacy group co-founded in 2010 by Segal and the late Aaron Swartz.

Swartz is an Internet activist who committed suicide in January 2013 after being threatened with federal prison time for releasing copywrite-protected academic journal articles from the website JSTOR to the public for free.

Demand Progress first began organising in 2010 around the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA), two other bills dealing with government regulation of online freedom that were defeated in January 2012.

However, Segal says there has been a crucial difference between the organising efforts around SOPA and PIPA, which had to do with the government’s ability to block certain websites, and CISPA, which has to do with the government’s ability to obtain private information.

“The opposition to SOPA was so severe, we haven’t had to worry for the last year. This one [CISPA], the military-industrial complex, corporations, including web platforms that were against SOPA, are for CISPA, explicitly or tacitly,” Segal said, referring to companies like Amazon.com and Google.

“Those platforms, for the most part, are not opposing CISPA, or are supporting it. It gives them greater immunity from users if they share users’ information with the government,” he said.

The ACLU noted additional improvements were made to the bill in House committee, but still called it “scary”.

“They did say that the government does need to promulgate minimisation procedures, the idea that there would be an overarching set of rules to limit the sharing and use of personal data,” Richardson said.

“It’s also fixed to say as far as private is concerned, if you receive information from another company, you can only use it for cybersecurity purposes. They could have used it for marketing, or sold it to data-brokers,” she said.

Even with the changes, the CISPA proposal was “really scary because cybersecurity truly does affect us all. While the bill’s sponsors talk about China hacking in or a terrorist organisation taking down the grid, they’re writing legislation that’s much broader and encompassing bad acts on the Internet, phishing scams, and malware,” she said.

Anybody whose computer became targeted by a virus – meaning most, if not all, computers – would be subject to having their information released.

“I have started those Viagra [spam] emails, I keep getting through my work account. You could get a Nigerian Prince [scam] email. You’re on Facebook and there’s those viruses that say, ‘Oh my God, you have to watch these videos.’ All of these are everyday, just basic crimes, all of those things also implicated by this bill,” she said.

Richardson said that because the proposed law did not mandate that private companies turn over the information – and instead only provided legal protections for companies that would choose to voluntarily do so – the bill was an attempt to circumvent the Fourth Amendment to the constitution, which protects U.S. citizens from warrantless searches and seizures.

The ACLU further outlines their concerns regarding CISPA in a series of blog posts.

Segal also has raised concerns about the recent bombing in Boston, Massachusetts, being used by some as a backdrop to rush CISPA through Congress with little or no public debate.

“Some number of people who supported the legislation were invoking the bombings. It was up for a vote anyway, it was pre-scheduled. Some people were swayed to vote for it, because of the atmospherics of the bombing and they were called by other people in Congress,” Segal said.

Cyber threats appear to have largely replaced terrorism as posing the greatest risks to U.S. national security, which also confronts major longer-term challenges from the effects of natural resource shortages and climate change, according to the latest in a series of annual threat assessments by the U.S. intelligence community.

The report, delivered Tuesday in testimony by the Director of National Intelligence (DNI), James Clapper, also cited economic threats to U.S. security, including the possible impact of the ongoing Eurozone crisis on social stability and defence budgets in Europe and Washington’s failure to resolve its fiscal deficits as most recently manifested by the so-called sequester – the indiscriminate, across-the-board cuts in all discretionary spending that took effect Mar. 1.

“Let me now be blunt for you and the American people,” Clapper told the Senate panel. “Sequestration forces the intelligence community to reduce all intelligence activities and functions, without regard to impact on our mission.”

The intelligence community (IC) faces a roughly seven percent cut in its roughly 72-billion-dollar budget. The IC’s budget reached an all-time high of 80 billion dollars last year.

On other issues, the “Worldwide Threat Assessment of the U.S. Intelligence Community”, as the report is called, noted that the so-called “Arab Spring” had “unleashed destabilizing ethnic and sectarian rivalries” across the Middle East and that new governments there faced major challenges in controlling “ungoverned spaces” and overcoming economic hardship.

North Korea’s nuclear weapons and missile programmes pose a “serious threat” to the U.S. and to East Asian security, according to Clapper, although its leaders were focused primarily on “deterrence and defense”.

He also reiterated the intelligence community’s six-year-old position that, while Iran is steadily building its capacity to develop a missile-deliverable nuclear weapon, it has not yet decided to build one.

“We assess Iran is developing nuclear capabilities to enhance its security, prestige, and regional influence and give it the ability to develop nuclear weapons, should a decision be made to do so. We do not know if Iran will eventually decide to build nuclear weapons,” he said, adding that the intelligence community was confident it would discover any attempt by Iran to divert its enriched uranium stockpiles to a weapons programme.

The report also cited threats in specific global regions, highlighting more than two dozen countries in South and East Asia, sub-Saharan Africa, the former Soviet Union, Latin America, and Europe, as well as the Middle East and North Africa.

The annual threat assessment report represents the consensus view of the 17 agencies that make up the IC, including the Central Intelligence Agency (CIA), the State Department’s Bureau of Intelligence and Research, the Federal Bureau of Investigation (FBI), as well as number of agencies that fall under the Pentagon’s jurisdiction.

While the report does not explicitly prioritise threats, the fact that he opened this year’s testimony with an extensive discussion of “Cyber” – in contrast to “Terrorism” that has led the litany of threats featured in the DNI’s testimony over the last decade – was seen by analysts here as both remarkable and significant.

“We are in a major transformation because our critical infrastructure, economy, personal lives, and even basic understanding of – and interaction with – the world are becoming more intertwined with digital technologies and the Internet,” he said.

“In some cases the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.”

The IC was particularly concerned with “cyber attacks” – defined as a “non-kinetic offensive operation intended to create physical effects or manipulate disrupt, or delete data” – and “cyber espionage”.

While he said there is only a “remote chance” of a major cyber attack against U.S. critical infrastructure systems that could, for example, cause a regional power outage during the next two years and that the most advanced cyber actors “such as Russia and China” are unlikely to launch one outside an actual military conflict, isolated state or non-state actors could deploy less-sophisticated attacks against poorly protected U.S. networks.

It noted, in particular, an attack last August against the Saudi oil company ARAMCO – widely believed to have been launched by Iran – that effectively destroyed 30,000 computers, as well as a denial-of-service campaign against websites of several U.S. banks and stock exchanges.

It also cited cyber actors targeting classified networks to gain sensitive information, especially about U.S. weapons systems, “almost certainly allowing our adversaries to close the technological gap between our respective militaries, slowly neutralizing one of our key advantages in the international arena.”

While Clapper did not explicitly accuse China of such activity, his testimony came the day after President Barack Obama’s national security adviser, Tom Donilon, charged Beijing with carrying out such activities and noted that the issue “has become a key point of concern and discussion with China at all levels of our government”.

On terrorism, Clapper said violent Islamist movements have become increasingly decentralised, but that “the Arab Spring has generated a spoke in threats to U.S. interests in the region that likely will endure until political upheaval stabilizes and security forces regain their capabilities.”

The Pakistan-based core Al-Qaeda, he said, has continued to suffer losses over the past year and is now “probably unable to carry out complex, large-scale attacks in the West.”

At the same time, however, he stressed that the rise of transitional governments in Egypt, Tunisia, Yemen, and Libya, as well as the unrest in Syria and Mali, have “offered opportunities for established (Al-Qaeda) affiliates, aspiring groups, and like-minded individuals to conduct attacks against U.S. interests,” such as the one that killed the U.S. ambassador to Libya in Benghazi last September.

He also cited Nigeria’s Boko Haram, and Pakistan’s Lashkar-e-Tayibba (LT); the latter, he said, has the “long-term potential to evolve into a permanent and even HAMAS/Hizballah-like presence in Pakistan.”

As for Iran and Hezbollah itself, Clapper noted they prefer to avoid confrontation with the U.S. despite what he alleged to be an increased level of terrorist activity on both their parts.

On climate change and natural resources, the report stressed that competition and scarcity “are growing security threats” and that “(e)xtreme weather events (floods, droughts, heat waves) will increasingly disrupt food and energy markets, exacerbating state weakness, forcing human migrations, and triggering riots, civil disobedience, and vandalism.”

Disruptions in food supplies caused by, among other things, extreme weather conditions, competition for land between a number of actors, including wealthy foreign countries that are buying up land in poor countries, and population growth, are likely to lead to political violence and insurgencies. Much the same applies to reductions in freshwater supplies.

In an interview with the Boston Globe this weekend, the head of the U.S. Pacific Command (PACOM), Adm. Samuel Locklear, told the Boston Globe that the impact of global warming on affected populations is “probably the most likely thing that is going to happen …that will cripple the security environment, probably more likely than the other scenarios we all often talk about.”

He said PACOM was engaging the militaries of other regional countries, including China and India, about possible co-operation in dealing with the impact in the Asia-Pacific.

“If it goes bad, you could have hundreds of thousands or millions of people displaced and then security will start to crumble pretty quickly,” he told the Globe.

*Jim Lobe’s blog on U.S. foreign policy can be read at http://www.lobelog.com.

Last weekend’s disclosure that Iranian cyber warriors had disabled some 30,000 computers owned by the Saudi oil giant Aramco is attracting considerable attention here, particularly in light of a warning last week by Pentagon chief Leon Panetta that Washington could face a “cyber-Pearl Harbor”.

The alleged Iranian hand behind the attack, first reported Saturday by the Wall Street Journal, was described as one of several forays by the increasingly sophisticated “Iran’s Cyber Army” whose existence first surfaced in 2009, according to experts here.

One key element of the Aramco attack, however, has not yet been reported. Two former senior CIA officials told IPS that it appears to have been carried out with the help of personnel inside Aramco. They said that the Saudi regime has been detaining and questioning staff with access to the affected work stations.

The fact that the work stations were not connected to the Internet lends credence to reports that the attack was facilitated by a Saudi Aramco employee.

“The attackers knew what they were doing, and it is clear they had inside knowledge. They had people inside that could move about,” according to one of the sources who asked not to be named.

Both said that one or more operators were involved.

Saudi Aramco has hired at least six firms with expertise in computer hacking, as well as outside experts, to repair the computers and to try and identify the perpetrators, according to the former CIA officials.

The virus is being called “Shamoon” after a word in its code, according to New York Times technology blogger Nicole Perlroth, who wrote in late August that key data on three-quarters of the company’s office computers were overwritten and replaced with the image of a burning U.S. flag, an account confirmed by U.S. officials here.

U.S. intelligence sources stressed that the damage was limited to those computers. Software used for the company’s massive technical operations, including pumping operations, remained untouched.

The attack is believed to have been fueled in part by sectarian, as well as political differences.

Richard Stiennon at IT-Harvest, a company that tracks evolving cyber threats, told IPS in an interview that Iranian-trained hackers probably launched the attack “in deep wrath” at the long-time mistreatment of the Shiites in Saudi Arabia’s Eastern province where most of Aramco’s operations are based.

Unrest among the Shia Muslims in the region has increased sharply since Riyadh sent troops into Bahrain 18 months ago as part of a crackdown by that sheikhdom’s Sunni monarchy against the Shiite majority and other opposition forces.

Syria’s civil war – which pits the Iranian-backed Alawite-led government of President Bashar Al-Assad against a mainly Sunni insurgency supported by Saudi Arabia, Qatar and Turkey – has also stoked sectarian tensions around the region. An offshoot of Shi’a Islam, Alawites are considered heretics by conservative Sunnis who dominate the Saudi kingdom.

Saudi Arabia also provided support to Sunni tribes in Iraq after a predominantly Shi’ite government took power there following the 2003 U.S. invasion.

The attack on Aramco, as well as an August attack against a Qatari natural gas company – now being attributed to Iran – are also seen as retaliation for the Stuxnet virus that was reportedly developed jointly by the U.S. and Israel as part of a larger effort designed to disrupt Iran’s nuclear programme. Stuxnet destroyed up to 1,000 centrifuges at the Natanz enrichment facility.

Recent cyber-attacks on major U.S. bank websites have also been blamed on Iran, whose economy has been sent into a tailspin in major part due to the effectiveness of far-reaching U.S. and European economic sanctions that are also designed to curb Iran’s nuclear programme.

A small group of hackers, numbering about 100 operatives and calling themselves “The Cutting Sword of Justice”, claimed responsibility for the attack. Reports of similar attacks on other oil and gas firms in the Middle East, including in neighbouring Qatar, suggest that Iran is positioning itself as a regional cyber power.

Iran’s Cyber Army (ICA) began as a group within the Iranian military, according to Paulo Shakarian, an expert at the West Point Military Academy and co-author with Andrew Ruef of a book called “Introduction to Cyber Warfare: A Multidisciplinary Approach”. Shakarian said the ICA uses equipment and tactics far less potent than more advanced cyber powers, including the U.S., Israel, Russia and China, but the group is fast learning more effective tactics.

If the alleged Iranian hackers used one or more insiders to launch the Shamoon virus, they might have been inspired by perhaps their most determined enemies.

The Stuxnet virus that damaged Iran’s nuclear programme was allegedly implanted by an Israeli proxy – an Iranian, who used a corrupt “memory stick.32″, former and serving U.S. intelligence officials said. They said using a person on the ground would greatly increase the probability of computer infection, as opposed to passively waiting for the software to spread through the computer facility.

“Iranian double agents” would have helped to target the most vulnerable spots in the system, one source said.

According to James Lewis, a cyber expert at the Center for International and Strategic Studies (CSIS), here, “The memory stick is the perfect tool. It can be left behind in a men’s room or left in a parking lot, and someone will at last plug it in and set the virus running. It’s human nature.”

“It’s basically a kind of low-grade cyber war,” said Vincent Cannistraro, former head of the CIA’s Counter-Terrorism office.

Israel has allegedly used cruder methods than Stuxnet to attack Iran’s nuclear programme, including the assassination of several scientists associated with it.

A senior State Department official said last month that such attacks were considered “terrorism” by Washington, which denounced the killing last January of a deputy director of the Natanz facility in unusually vehement terms. The same official insisted that the U.S. had no information as to who was behind the assassination, however.

Former and senior U.S. intelligence officials believe Israel has used recruits from the Mujahedeen-e-Khalq (MEK) for the assassinations.

“The MEK is being used as the assassination arm of Israel’s Mossad intelligence service,” said Cannistraro. He said the MEK is in charge of executing “the motorcycle attacks on Iranian targets chosen by Israel. They go to Israel for training, and Israel pays them.”

In his remarks last week, Panetta did charge Iran with responsibility for the attacks on Aramco, but he described them as “probably the most destructive attack that the private sector has seen to date.”

After the existence of Stuxnet was disclosed in June 2010, many international legal and exports noted that it would likely set an unfortunate precedent that could blow back against its creators.

*Richard Sale is author of the 2009 book, ‘Clinton’s Secret Wars: The Evolution of a Commander in Chief”.

Ordinary netizens – from bloggers to Facebook users – could be persecuted under the Philippines’ new Cybercrime Prevention Act. Credit: Kara Santos/IPS

By Kara Santos
MANILA, Sep 29 2012 (IPS)

A newly enacted cybercrime law in the Philippines has raised fears that not only online media but also ordinary netizens could be persecuted for exercising their freedom of expression.

Media groups have expressed concern that the law poses a threat to press freedom and limits freedom of expression in the country. Bloggers and social media practitioners also point out that the new law allows the government to shut down websites without due process, and makes Internet users liable for simply clicking the ‘like’ button on Facebook or re-tweeting something on Twitter.

Republic Act (RA) No. 10175, also known as the Cybercrime Prevention Act of 2012, was signed into law by Philippine President Benigno Aquino III on Sept. 12. Actions now punishable as ‘cybercrimes’ include illegal access and interception of any part of a computer system without right, computer-related identity-theft, cybersex and child pornography, among others.

However, the law also broadens the coverage of libel as a content-related offense that can be committed by just about anybody using a computer.

Section 4 (4) of the Cybercrime Act deems as illegal any “unlawful and prohibited act of libel as defined in Article 355 of the Revised Penal Code, as amended, committed through a computer system or any other similar means which may be devised in the future”.

Libel is defined in Article 353 of the Revised Penal Code (RPC) as a “public imputation and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status, or circumstances tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead.”

Professor Luis Teodoro, who serves as deputy director of the Centre for Media Freedom and Responsibility (CMFR), says the new law actually strengthens an 82-year-old libel law that has been described by the United Nations Human Rights Council as “draconian” and “excessive”.

“At a time when the global trend is to decriminalise libel, the new cybercrime law is very regressive and takes us several steps backward,” Teodoro told IPS.

“In the age of new media, where ordinary citizens take to Facebook and Twitter as a venue for free expression, here is this absolutely objectionable law that gives agencies so much power to limit free speech,” he said.

He added that certain provisions of the law empower government agencies to take down or prevent people from seeing Tweets that have been deemed libelous, or even monitor activity on cyberspace, including private Facebook accounts.

The National Union of Journalists in the Philippines (NUJP) said that the enactment of the Cybercrime Prevention Act of 2012 betrayed Aquino’s commitment to transparency and freedom of expression.

In an interview with IPS, Secretary General of the NUJP, Rowena Paraan, called the law “sneaky”.

“Certain provisions in the law were not part of versions approved by the Senate and just suddenly appeared in the version that the president signed. These were not subject to consultations,” Paraan told IPS.

Many Filipinos are disturbed by the fact that the man allegedly responsible for this last-minute change, which lumps online libel with cybersex and child pornography, is notorious for plagiarising blogs, and recently elicited a spate of criticism from active netizens.

Citing Senate journals and interviews, investigative journalist and blogger Raissa Robles claims that Senator Vicente Sotto III pushed for the insertion into the law at the eleventh hour; an ironic twist, given various allegations that he copied parts of blog articles in previous speeches without crediting the bloggers.

Robles goes on to list some of the flaws in the law, including the difficulty of identifying the origin of libelous material, and extending the offending parties to those who “share” or “like” a post on Facebook or comment on articles agreeing with alleged libelous material.

“Historically, in the Philippines, it is the rich and the powerful who use libel as a weapon to suppress criticisms about them,” she added.

“Before the Internet came along, it was easier for the rich and the powerful to control criticisms. All they needed to do was buy a stake in newspapers, TV and radio. Or sue them. Now they have realised that the Web is beyond their control,” she wrote in a blogpost.

According to NUJP’s Paraan, anyone who uses the internet to express their opinions is now liable for what they post. Online statements posted on blogs and social media platforms such as Facebook and Twitter, that can be interpreted as an attack on the reputation of an individual or an entity, may give rise to libel suits.

Human Rights Watch (HRW) released a statement Friday criticising the law, which, they say, “drastically increases punishments for criminal libel and gives authorities excessive and unchecked powers to shut down websites and monitor online information”.

“The cybercrime law needs to be repealed or replaced,” said Brad Adams, Asia director for HRW. “It violates Filipinos’ rights to free expression and it is wholly incompatible with the Philippine government’s obligations under international law.”

Various civil society groups have resorted to legal measures to stop government agencies from implementing provisions in the law.

“I’m quite happy that a lot of different groups have been questioning the threat to the rights of freedom of speech and due process and different provisions in the law,” Paraan told IPS, citing various civil society and blogger-led initiatives.

At the time of writing, at least five separate petitions have been filed with the Supreme Court, questioning the law’s constitutionality.

On Sept. 27 several bloggers and technology law experts hosted an online roundtable discussion on the Act using Google+ Hangouts. Netizens were able to view the live webcast via YouTube and send questions to speakers and lawyers through live chat and by using the #cybercrimelaw hashtag on Twitter.

(END)