Author Topic: Jay Rockefeller: "Internet is the #1 cause of attacks, it should not exist"  (Read 152002 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
Re: The HAMMER is now DROPPED on Jay Rockefeller, CSIS, AFCEA, NCOIC!
« Reply #240 on: March 29, 2009, 10:39:20 pm »

Still, the possibility of an insider threat is credible on multiple levels.[/b] Israeli software programmers, most of whom learned their trade while serving in the military, occupy high-level positions at numerous computer-security software concerns in the U.S. Gil Shwed, one of the most influential people in the firewall business and the founder of industry leader Check Point Software (CHKP ), learned his trade in the Israeli Defense Force, and the company maintains research labs in Israel. Check Point declined to comment for this story.

Check Point Software owns Zone Alarm. Zone Alarm used to be a good product before ZoneLabs was bought by CP. Ever since CP bought ZoneLabs, ZoneAlarm has gotten so heavy, and there are rumors that ZoneAlarm "phones home" to Israel.

Offline Scootle

  • Member
  • *****
  • Posts: 3,260
The truth will set you free
From global tyranny
Wake up American slobs
9/11 was an inside job

Century of Manipulation

... Here's Tom with the weather!

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated

You have to add a dialog bubble "t-t-t-the internets are coming to get me. s-s-s-save me from the internets. t-t-they are everwhere. h-h-help m-m-meeeeee"
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Mike Philbin

  • Guest
remember my little blog post about this issue?

well, the Polish Nation found it last night and I had a 400% increase in the daily hits to my blog - let's hope this new level of exposure continues to rise and the rest of the world becomes more educated on these very important Civil Liberties issues.


Offline Overcast

  • Member
  • *****
  • Posts: 4,133
Pretty obvious - either:

A) What's being said is getting him a lot more paranoid at getting REALLY exposed.


B) He has the brains of a retarded rat.

Could be either I guess.
And dying in your beds, many years from now, would you be willin' to trade ALL the days, from this day to that, for one chance, just one chance, to come back here and tell our enemies that they may take our lives, but they'll never take... OUR FREEDOM!

Offline cathiasus

  • Member
  • *****
  • Posts: 731
Lulz. OMG the internetz is shuttin downz mah power gridz.
As you sow, so shall you reap.

How do you like your corruption, over easy or sunny side up?


  • Guest
Wow folks, the NWO is completely freaking out over the Internet, just WOW.


Cyber Security Guru Outlines Very Real Threat at ExecutiveBiz Breakfast
January 15th, 2009 by Brian Lustig

It is hard to know what is keeping Melissa Hathaway up at night these days - the cyber security threat facing U.S. citizens, corporations and government entities or the cold and upper respiratory illness she has been battling this week.

Hathaway is Senior Advisor to the Director of National Intelligence (DNI) and Cyber Coordination Executive, and at the ExecutiveBiz Cyber Security Breakfast this past on Tuesday morning she spoke candidly to an audience of Federal IT executives and decision makers about the very real and shared cyber threat facing the country.

For Hathaway, the stakes could not be higher when it comes to the need to dramatically reduce the cyber threat. And now that Hathaway has been asked to remain on board for the incoming Administration, her role as cyber security guru will intensify. In addition to her senior advisor role, Hathaway also chairs the National Cyber Study Group (NCSG), and in January 2008 was appointed the Director of the Joint Interagency Cyber Task Force (JIACTF). I could throw a few more acronyms in her job description but that should offer a glimpse of the extent to which she sits at the heart of the government’s cyber security efforts.

While Hathaway dedicated time to outlining how the cyber threat is real and growing, she stressed that the task of thwarting nefarious cyber activity could not fall solely on the government’s shoulders. Addressing the threat requires greater public discussion and awareness, as well as deeper executive engagement from industry - a public/private sector partnership to identify big crises looming and innovative solutions that could head them off.

And while her cold probably made sleep difficult, what really keeps her up at night is what Hathaway describes as a lack of “situational awareness” - in other words an inability to assess and diagnose current and looming cyber threats across multiple areas of government and the private sector. Though Hathaway painted a dark picture in outlining the challenges, she also came armed with potential solutions - ranging from realigning R&D efforts and improved cyber-education for military professionals to the promise of DARPA’s cyber testing environment.

Hathaway concluded her remarks with a call to action for executives in the room. Not only did she seek a committed partner that would provide the technologies, expertise and resources to address cyber threats, but a partner to help communicate the threat message by monetizing the risk in a way people understand. I may never use my credit card again, but I certainly emerged from the breakfast with a better understand of how real and complex the cyber threat is.

By Doug Beizer Jan 09, 2009

The Defense Advanced Research Projects Agency has awarded multiple contracts to begin the first phase of developing a nation cyber range, a realistic environment for cyber research and testing, DARPA announced.

DARPA officials want the cyber range to be capable of testing several technologies that include security systems that could modify or replace workstation operating systems, and local area network security tools that may replace or modify traditional network operating systems.

Six companies and one university were awarded contracts totaling approximately $30 million DARPA said Jan. 7. BAE Systems, Lockheed Martin Corp., Science Applications International Corp., Sparta, Northrop Grumman Corp., General Dynamics Advanced Information Systems and Johns Hopkins University won contracts, the agency said.

DARPA officials plan to use the cyber range to test technology for the Global Information Grid, the Defense Department's network for warfighters and other personnel. The range must also be able to replicate large-scale military and government networks. It must also replicate commercial and tactical wireless systems.

With DDK acquisition, ManTech pushes further into cyber security realm
March 22nd, 2009 by JD Kathuria

ManTech recently announced its acquisition of DDK Technology Group, Inc., a provider of cyber security to the Department of Defense, with particular focus on the Naval Criminal Investigative Service (NCIS). Based in Lanham, Md., DDK is expected to generate approximately $14 million in revenue this year.

The acquisition comes at a time when defense companies are positioning themselves to meet growing demands on the cyber front. The Wall Street Journal reports U.S. losses from cyber breaches now run in the billions of dollars, with U.S. agencies from the Pentagon to the Department of Homeland Security having experienced major cyber-break-ins in recent years, including classified systems.

“This acquisition continues ManTech’s focus on the high-end intelligence arena and expands our footprint in cyber security to NCIS,” says George J. Pedersen, Chairman and CEO, ManTech International Corporation.

“Our company has grown around our excellent people and the critical mission requirements of our DoD customer base,” adds Jerry Donahoe, Managing Partner and Tim Donahoe, President of DDK. “Combining with ManTech allows DDK to offer broader solutions to our national security client base. Just as important, aligning our culture with ManTech will afford our professionals with expanded career development opportunities.”

Cyber security tops 2009 agenda for Lockheed and the public sector
January 13th, 2009 by JD Kathuria

Top defense company Lockheed Martin is taking aim to capture a market share in what is projected to be an $11 billion market for cyber security in the next four years. In 2009 cyber security is expected to be at the top of the agenda for the federal government and major defense companies. By reorganizing existing capabilities in information security assurance Lockheed Martin continues to remain one step ahead of hackers and intruders in order to best serve its government clients.

In 2008, Lockheed set itself apart from the rest with innovative solutions to the cyber threat. In April 2008 it opened a new Wireless Cyber Security Center to test and evaluate wireless communications in a classified environment. Then, in October 2008, it established the new Center for Cyber Security Innovation (CCSI), headed by Lee Holcomb, to centrally manage its technology innovation, best practices, and talent management. In addition to the operation of the center, a key responsibility of Holcomb’s will be developing partnerships with universities and industries.

Working closely with Holcomb, and leading the overall strategy on cyber security solutions at Lockheed Martin, is former DISA director Lt. General Charlie Croom who joined the corporation this past October.

Then there is Linda Gooden who leads Lockheed’s Information Systems and Global Services (ISGS) area. “The whole area of cybersecurity is probably one of the fastest growing areas,” Gooden says in a recent interview. “It’s something that we’re very focused on as I expect there will be a significant focus” on cybersecurity with Obama’s administration. In a speech given at Purdue University last summer, PE Barack Obama remarked that he will make cyber security “the top priority that it should be in the 21st century” and appoint a National Cyber Advisor to report to him. The government has actually already created an inter-agency task force to help combat cyber security threats and this is headed by Melissa Hathaway, the Cyber Coordination Executive for the Office of the Director of National Intelligence (DNI). This renowned security expert will speak at an upcoming breakfast on Jan. 13.

Lockheed Martin Establishes Center for Cyber Security Innovation
Retired Lt. General Charles E. Croom Jr. to Lead Cyber Security Strategy; Former Senior Executive Service Official Lee Holcomb to Lead Center

Gaithersburg, Md., October 17th, 2008 -- Lockheed Martin (NYSE: LMT) today announced the establishment of its new Center for Cyber Security Innovation (CCSI). The center of excellence represents an evolution for the company and its cyber security capabilities as it organizes to centrally manage its enterprise practice for technology innovation, best practices, and talent management.

"This evolution does not change what we do in cyber security, but how we do it. We intend to uniformly execute the delivery of our cyber security solutions across the company to benefit our customers long-term," said Rick Johnson, Chief Technology Officer, Lockheed Martin Information Systems & Global Services (IS&GS).

As cyber operations and reliance on networks extend throughout a diverse set of civilian, defense, and intelligence agencies, Lockheed Martin's internal infrastructure and best practices will remain critical to mission resilience for its customers. By utilizing integrated cyber security technologies and a defense-in-depth approach, the company will continue to apply real-time protection and attack management to its network and for its customers' networks.

Charles Croom joins the company as Vice President of Cyber Security Solutions to lead the overall cyber security strategy after his recent retirement as U.S. Air Force Lieutenant General, Director of the Defense Information Systems Agency, and Commander of the Joint Task Force for Global Network Operations. Croom will play a pivotal role in driving and shaping the corporation's cyber security strategy.

Former Senior Executive Service official Lee Holcomb has been appointed Vice President to lead the CCSI and manage technology solution development, process excellence, and talent development. Holcomb, also the former Chief Technology Officer for the U.S. Department of Homeland Security, will play a key role in shaping technology initiatives with a significant focus on strategic research and development. Key partnerships with universities and industry will serve to facilitate innovation, leverage the best technologies and solutions, and create a pipeline for talent.

Headquartered in Bethesda, Md., Lockheed Martin is a global security company that employs about 140,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. The corporation reported 2007 sales of $41.9 billion.

Offline Farn

  • Member
  • ****
  • Posts: 250
Jay Rochefeller (original German family name before they Americanized it) is a senile swine.  The man is daft.  All of them are daft, and a bit too rich for comfort.  They're roaches.


  • Guest

FBI Warns of Sweeping Global Threat to U.S. Cybersecurity
Andrew Noyes CongressDaily 10/15/2008

The FBI's newly appointed chief of cybersecurity warned today that "a couple dozen" countries are eager to hack U.S. government, corporate and military networks. While he refused to provide country-specific details, FBI Cyber Division Chief Shawn Henry told reporters at a roundtable cooperation with foreign law enforcement is one of the bureau's highest priorities and added the United States has had incredible success fostering overseas partnerships.

He compared the situation to 1999, when he headed the FBI's National Infrastructure Intrusion Center's computer intrusion unit and "there wasn't all that much we could do" in the face of a cyberattack.

Henry said certain countries have mounted aggressive campaigns to attack U.S. Internet assets like the .gov, .mil and .com Web domains. Some are interested in sensitive research and development data, while others, like terrorist organizations, see the value in stealing and selling sensitive data to fund physical attacks.

"The threat that we face from organized groups that have infiltrated home computers, corporate computers, government computers [is] substantial and its impact on economy is a national security concern," Henry said. He then hinted that an announcement, expected Thursday, will be "an example of really good cooperation" between the FBI and foreign counterparts.

The department's caseload of active cybercrime investigations is well into the thousands and the number has increased steadily in the past year, Henry said. That is due to a "greater sense of awareness about the amount of money that is to be made illegally" on the Web, he said. Malicious activity by armies of corrupted computers known as "botnets" and by criminal gangs is on the rise and a chief concern of the agency. Public awareness of the threat is also growing, he said. The FBI's Internet Crime Complaint Center has fielded more than a million complaints since May 2000 and the center hears from 18,000-20,000 victims per month.

At the briefing, Henry would not comment in detail on President Bush's largely classified government-wide initiative designed to better protect federal computer networks, which is being spearheaded by the Homeland Security Department. He shied away from commenting on a forthcoming report by the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency, which will recommend that government cybersecurity leadership in the next administration should reside at the White House. Both have been topics of hearings in the 110th Congress.

Henry's comments came a day after Homeland Security Secretary Chertoff spoke about the Bush administration's cybersecurity agenda, noting the topic would be a "major priority" for the next president. Unlike other areas of national security, the cyber realm "is not exclusively or even largely a federal responsibility," Chertoff said in a U.S. Chamber of Commerce speech that stressed the important role of the private sector.

Cybercrime Supersite 'DarkMarket' Was FBI Sting, Documents Confirm
Kevin Poulsen, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network.

Reports from the German national police obtained by the Südwestrundfunk, Southwest Germany public radio, blow the lid off the long running sting by revealing its role in nabbing a German credit card forger active on DarkMarket. The FBI agent is identified in the documents as J. Keith Mularski, a senior cybercrime agent based at the National Cyber Forensics Training Alliance in Pittsburgh, who ran the site under the hacker handle Master Splynter.

The NCFTA is a non-profit information sharing alliance funded by financial firms, internet companies and the federal government. It's also home to a seven-agent FBI headquarters unit called the Cyber Initiative and Resource Fusion Unit, which evidently ran the DarkMarket sting.

The FBI didn't return a phone call Monday.

Like earlier crime sites, DarkMarket allowed buyers and sellers of stolen identities and credit card data to meet and do business in an entrepreneurial, peer-reviewed environment. Products for sale ran the gamut from specialized hardware, to electronic banking logins collected from phishing attacks, stolen personal data needed to assume a consumer's identity ("full infos") and credit card magstripe swipes ("dumps), which are used to produce counterfeit cards. Vendors were encouraged to submit their goods for review before offering them for sale.

The unearthed documents, seen by Threat Level, show the FBI sting had begun by November, 2006. An FBI memo sent to the German national police regarding a forum member in that country boasts, "Currently, the FBI has been successful in penetrating the inner 'family' of the carding forum, DarkMarket." A March 2007 e-mail from Mularski's FBI address to his German counterpart puts it bluntly. "Master Splynter is me."

The documents indicate the FBI used DarkMarket to build "intelligence briefs" on its members, complete with their internet IP addresses and details of their activities on the site. In at least some cases, the bureau matched the information with transaction records provided by the electronic currency service E-Gold.

Last month, Master Splyntr -- now identified as Mularski -- announced he was shuttering the site as of October 4th, citing unwanted attention garnered by a fellow administrator, known as Cha0. From his home in Turkey, Cha0 had aggressively marketed a high-quality ATM skimmer and PIN pad that fraudsters could covertly affix to certain models of cash machines, capturing consumers account numbers and secret codes. But he began drawing heat this year after reportedly kidnapping and torturing a police informant. He was arrested in Turkey last month, where police identified him as one Cagatay Evyapan.

That's why it was time to close DarkMarket, Master Splynter explained, in a message that now rings with irony.

"It is apparent that this forum … is attracting too much attention from a lot of the world services (agents of FBI, SS, and Interpol). I guess it was only time before this would happen. It is very unfortunate that we have come to this situation, because ... we have established DM as the premier English speaking forum for conducting business. Such is life. When you are on top, people try to bring you down."

The German report confirm rumors that have swirled around DarkMarket since late 2006, when uber-hacker Max Ray Butler cracked the site's server and announced to the underground that he'd caught Master Splynter logging in from the NCFTA's office on the banks of the Monongahela River. Butler ran a site of his own, and the warning was generally dismissed as inter-forum rivalry, even when Butler was arrested in San Francisco last year on credit card fraud charges, and shipped to Pittsburgh for prosecution.

Until this afternoon, SpamHaus listed Master Splynter as an Eastern European spammer named Pavel Kaminski, who was active as recently as 2005. It's possible the FBI took over the handle sometime thereafter. In 2004, the Secret Service ran a similar scheme on the crime board ShadowCrew, but that agency used an informant, who went on to commit more crimes -- a risk not likely present with agent Mularski.

Lord Cyric, another former DarkMarket administrator, says Master Splynter was invited onto DarkMarket as an admin about two years ago, and was still known as a spammer. Based in Canada, Lord Cyric has sold fake IDs and checks in the underground, but he's convinced he's out of reach of any sting operation.

"Worry? Me? Nah," he wrote in an IM interview. "It's a long, slow hard process for them to interest Canadian [law enforcement] to go after someone who doesn't touch drugs nor deals with skimmers. ... It's all about U.S. busts, unless there's a big drug deal and DEA gets involved."

Threat Level admires Lord Cyric's bluster, but thinks his days in the underground are numbered. The FBI almost certainly closed DarkMarket in preparation for a global wave of arrests that will unfold in the next month or so. The site was likely shuttered to avoid an Agatha Christie scenario in which a diminishing pool of cybercrooks are free to speculate about why they're disappearing one-by-one like the hapless dinner guests in Ten Little Indians.

Kudos to Südwestrundfunk reporter Kai Laufen, who discovered the operation. I'm sending him the "I Spotted the Fed" tee-shirt I took home from DefCon 7.

updated 4:40 p.m. ET Oct. 16, 2008

ISPs Pressed to Become Child Porn Cops

New law, new monitoring technology raise concerns about privacy
Bill Dedman and Bob Sullivan

New technologies and changes in U.S. law are adding to pressures to turn Internet service providers into cops examining all Internet traffic for child pornography.

One new tool, being marketed in the U.S. by an Australian company, offers to check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.

The company caught the attention of New York's attorney general, who has been pressing Internet companies to block child porn. He forwarded the proposal to one of those companies, AOL, for discussion by an industry task force that is looking for ways to fight child porn. A copy of the company's proposal was also obtained by

Privacy advocates are raising objections to such tools, saying that monitoring all traffic would be an unconstitutional invasion. They say companies can't start watching every customer's activity, and blocking files thought to be illegal, even when the goal is as noble as protecting children.

But such monitoring just became easier with a law approved unanimously by the Congress and signed on Monday by President Bush. A section of that law written by Republican presidential candidate Sen. John McCain gives Internet service providers access to lists of child porn files, which previously had been closely held by law enforcement agencies and the National Center for Missing and Exploited Children. Although the law says it doesn't require any monitoring, it doesn't forbid it either. And the law ratchets up the pressure, making it a felony for ISPs to fail to report any "actual knowledge" of child pornography.

That actual knowledge could be handed to the Internet companies by technologies like the one proposed by the Australian company, Brilliant Digital Entertainment Ltd. Known as CopyRouter, the software would let ISPs compare computer files — movies, photographs and documents — against those lists. Banned files would be blocked, and the requestor would receive a substitute file provided by law enforcement, such as a warning message: "The material you have attempted to access has been identified as child pornography." The attempt to send or receive the file could then be reported to law enforcement, along with the Internet Protocol address of the requestor.

The CopyRouter relies on a controversial new technology called "deep packet inspection," which allows Internet companies to analyze in real time the river of data flowing through their networks. The pipeline would know what was passing through it. You can read more about this technology in Bob Sullivan's Red Tape Chronicles.

Child porn foes give proposal to AOL
A PowerPoint slide show from Brilliant Digital Entertainment describing the technology was passed on to AOL last month by two powerful forces in the fight against child porn: the office of New York Attorney General Andrew M. Cuomo, who has been calling out ISPs that won't agree to block sites with illegal images, and Ernest E. Allen, the president and CEO of the National Center for Missing and Exploited Children, a nonprofit given by Congress a central role in the fight.

When inquired about the proposal, both Cuomo's office and Allen said they were not promoting the technology, merely passing it along to a committee of Internet service providers and software companies as part of "brainstorming" on new technologies to detect illegal images.

One of the leading experts on electronic privacy in the U.S. says the proposal would clearly run afoul of the U.S. Constitution, essentially setting up a wiretap without obtaining permission from a judge.

"This would be plainly illegal in the United States, whether or not a governmental official imposed this on an ISP or the ISP did this voluntarily," John Morris of the Center for Democracy and Technology said after viewing Brilliant Digital's slide show. "If I were the general counsel of an ISP, I wouldn't touch this with a 10-foot pole."

A spokesman for Brilliant Digital Entertainment disputed that, saying the technology would be "non-invasive," would not compromise privacy, would be legal in the U.S. and elsewhere, and most important, would curtail the global proliferation of child pornography.

"I don't think it takes many voices before the Internet industry separates out those who are prepared to build a business on the trafficking of child sexual exploitation," said Michael Speck, Brilliant Digital's commercial manager in charge of law enforcement products. "If boxes started turning up with Pablo Escobar's special-delivery cocaine inside, they'd stop it, they'd do something about it."

Here's how CopyRouter would work, according to the company's slide show:

• A law enforcement agency would make available a list of files known to contain child pornography. Such files are commonly discovered in law enforcement raids, in undercover operations and in Internet searches that start with certain keywords (such as "pre-teens hard core"). Police officers have looked at those files, making a judgment that the children are clearly under age and that the files are illegal in their jurisdiction, before adding them to the list. Each digital file has a unique digital signature, called a hash value, that can be recognized no matter what the file is named, and without having to open the file again. The company calls this list of hash values its Global File Registry.

• Whenever an Internet user searched the Web, attached a file to an e-mail or examined a menu of files using file-sharing software on a peer-to-peer network, the software would compare the hash values of those files against the file registry. It wouldn't be "reading" the content of the files — it couldn't tell a love note from a recipe — but it would determine whether a file is digitally identical to one on the child-porn list.

• If there were no match, the file would be provided to the user who requested it. But if there were a match, transmission of the file would be blocked. The users would instead receive another image or movie or document, containing only a warning screen. The makers of CopyRouter claim that it can even be used to defeat encryption and compression of files in the Internet's Wild West: the peer-to-peer file-sharing tools such as Gnutella and BitTorrent. Many people use those file-sharing systems for legal traffic, such as independent artists distributing their music, or software developers sharing open-source code. But others use them for illegal traffic in copyrighted music and movies. They also are popular for distributing adult pornography, which is legal, and child pornography, which is not.

Can software fool encryption schemes?
Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file. The slide show calls this "special handling." This is done by changing the underlying protocol settings that establish how the sender and recipient exchange the file. This trickery, unknown to either the sender or recipient, would make it possible for CopyRouter to see the underlying files, calculate a hash value and compare the files to the list of illegal files, Brilliant Digital says.

A photo of the company's first test machine can be found online, in the online photos of the company's systems architect, Norberto "Beto" Meijome, author of the PowerPoint presentation. Meijome's portfolio of online photos on Flickr includes photos of his Cisco SCE router on the day he unpacked and installed it, Sept. 11, 2007. He labels the SCE router "the new toy."

Brilliant Digital Entertainment has a complicated past. Its subsidiary, Altnet, made news in 2002, when its software shipped with the Kazaa file swapping software, then heir to Napster’s throne as the favored way for file swappers to illicitly trade music. Altnet's program was designed to use unused bandwidth and processing power of Kazaa users for such uses as paid advertising and promotions for commercial products. The company claimed that this activity only occurred if the customer allowed it, but some antivirus firms labeled the software as spyware. Later, Altnet was sued by the recording industry for its role in helping spread the popularity of Kazaa.

After settling a lawsuit with the music industry, Brilliant Digital decided to approach file sharing from a new direction, selling products designed to help copyright holders protect their intellectual property. It now describes itself as a "significant online provider of licensed film and music content."

Seeking allies to move the new product to market
Now the company wants to expand into a new product line: fighting child porn.

"We have been working on it for some time," Speck said in a telephone interview from Australia.

"We've been in negotiations with ISPs and law enforcement agencies and content owners." Speck said he previously led the anti-piracy organization of the Australian sound recording industry.

Now he's lining up meetings in the U.S. next month with Internet providers and the National Center for Missing and Exploited Children.

In advance of his trip to the U.S., Speck spoke with the staff of Andrew Cuomo, whose New York attorney general's office has been pressuring Internet service providers to fight child porn. In June, Cuomo announced he was investigating ISPs, using a modern version of the public stocks to encourage cooperation. He set up a Web site listing Internet providers around the nation that made the changes he demanded, as well as "ISPs that have failed to make the same commitment to stop child porn." Cuomo, who was recently cited by McCain as one Democrat he would like to appoint to federal office, has urged Internet service providers to block access to child porn news groups and "purge their servers of child porn Web sites."

Speck had a conference call in September with Cuomo's staff, which he said gave him a blunt description of the legal and privacy landscape in the U.S.

"We'd be grateful for any assistance in getting this to the relevant ISPs and law enforcement agencies, and making any adjustments necessary," Speck said, recounting the conversation with Cuomo's staff. "It was made very clear that, for this to be a viable law enforcement tool, this would have to operate within the legislative framework within the country."

After talking with Speck, Cuomo's office passed the proposal on to John D. Ryan, AOL's senior vice president, deputy general counsel and head of its public safety and criminal investigations unit. Ryan received the slide show on Sept. 18, the day before attorneys from Cuomo's office arrived at AOL's headquarters in Virginia to discuss new technologies to fight child porn. Both Cuomo's office and AOL said that the CopyRouter was not discussed explicitly during what was described as a brainstorming session.

‘We have nothing to do with this technology’
"We have not pressured anyone to use this technology," said a Cuomo spokesman, Matthew Glazer. "We have nothing to do with this technology."

At the same time, AOL's Ryan received a copy of the slide show from the National Center for Missing and Exploited Children. Known as NCMEC, this private nonprofit organization has an increasing role in the law enforcement effort against child porn, and receives more than $35 million in taxpayer funds each year. NCMEC and Cuomo's office have worked together this year on the child-porn fight, holding a joint press conference to announce Cuomo's Web site.

Ryan also has close ties to NCMEC, serving as a member of the board of directors and as leader of its industry Technology Coalition on child porn. Members of that group also include Yahoo, Microsoft, Google and others. ( is a joint venture of Microsoft and NBC Universal.)

AOL officials said they did not feel pressured by Cuomo or NCMEC to adopt any particular technology, adding that the company has a long history of fighting child porn on its own initiative. "The relationship with the attorney general is positive and partnering," Ryan said.

AOL's has a system of its own
AOL officials told that they already examine some files for child porn, block access to those files, and provide evidence to law enforcement. That system (called image detection filtering protocol) apparently is based on the same general principle as CopyRouter, comparing the hash values of files to a known list. But there are significant differences between the two approaches.

AOL checks files uploaded as attachments to e-mail against a list of files that AOL has identified as child porn. If the file matches one on its list, the sender is led to believe that the file has been sent, but it has not. AOL's methods have been shared with other Internet service providers.

But AOL officials said a device like the CopyRouter would be more extensive and more efficient for two reasons: AOL checks only e-mail attachments, not Web searches or other Internet traffic, and its home-grown list of banned files is much shorter than the lists compiled by law enforcement and NCMEC.

"The library of hash values that AOL has, has been derived over time, completely in house from reports from users and files we've stumbled upon," said Christopher G. Bubb, an AOL assistant general counsel in the public safety and criminal investigations unit. "So it's not a government list. Courts have likened it to citizen provided information."

Government role would be problematic
That distinction is important. Internet service providers could be considered agents of law enforcement if they began comparing files to a list provided by the police and intercepting traffic by substituting a legal file for an illegal one. The Fourth Amendment to the U.S. Constitution forbids unreasonable search and seizure by the government. Courts have held that Internet service providers are within their rights to examine the traffic that flows through their pipeline — as they must do, for example, to combat spam — because the scrutiny is being done by a company, not the government.

Although they said they could not pass judgment on software proposed by any vendor, the AOL officials suggested that Brilliant Digital's proposal might not work in the U.S., at least not without Congress providing ISPs more legal cover.

""Keep in mind that this is developed in a totally different cultural and legal regime. The Australian legal system is quite different from an American legal system," said Ryan, the AOL executive. "It would raise concerns. ... Would we be deemed an agent of the government?"

‘Not an intelligence-gathering tool’
Speck, the Brilliant Digital official, argued that CopyRouter would not put ISPs in a law enforcement role because the list of banned files would be managed by the law enforcement agency, not handed over to the private companies. CopyRouter would consult that list, but at arm's length from the companies.

"The responsibility is shifted to law enforcement," Speck said. "We've delivered to Internet service providers something they've called for. ... This is not an intelligence-gathering tool. This is not for developing a list of users. This is an extension of what routers already do."

But wouldn't the Internet service provider know which traffic CopyRouter had blocked, and which user had sent or attempted to download it? No, Speck said, because his company's product would be a neutral middleman, not sharing information with the ISP or law enforcement.

"All hashes are provided to Global File Registry, which manages a secure data base and communications channel between law enforcement agencies and the ISP such that the illicit file hashes targeted by law enforcement remain private and secure to the relevant law enforcement agency," he said in an e-mail after the interview. "There is no personal (sender/receiver) information identified, and privacy is maintained."

The company's slide show, however, does describe information on users being passed directly to law enforcement. Any files that matched the child porn list would be reported to a "law enforcement data collector," along with IP addresses identifying the user's computer. The slide show says, "Any hits here will generate a 'red' report, which will be routed to the police collector server ONLY. These reports contain full IP information."

Although Brilliant Digital says no law enforcement agency has signed on to the CopyRouter plan, that hasn't kept the company from including a familiar blue seal in its slide show. At each point when a law enforcement computer is depicted, it bears a mark that closely resembles the FBI logo. Only when the logo is magnified can one see that it says "Friendly Bus Investigator" rather than "Federal Bureau of Investigation." The FBI hasn't signed on to the plan, Speck said, and the logo was not meant to imply any endorsement.

The FBI met a hailstorm of criticism in 2000 when the existence of its Carnivore project was revealed. The packet-sniffing technology was used to monitor and log traffic when installed at an Internet service provider. The FBI by 2005 had stopped using the technology, in favor of commercial tools.

New law may take law enforcement out of the loop
Under the new U.S. law, a system like CopyRouter might not require involvement of law enforcement. The McCain portion of the new child-porn law allows such a system to be set up by the Internet service providers, because it gives them access to those lists of illegal files.

The key player in that transfer is the National Center for Missing and Exploited Children. Although it's a nonprofit organization, NCMEC has increasingly taken on law enforcement roles, with Congress requiring that complaints of child pornography be sent to its CyberTipline. Since 1998, NCMEC says, it has received more than 300,000 reports from ISPs. And it gives them a daily list of Internet addresses that appear to host child porn, so the companies can choose to block those Web pages.

The new law authorizes NCMEC to go further, handing to Internet service providers the list of files judged to be child porn. Law enforcement agencies give those hash values to NCMEC, which will be allowed (but not required) to give them to the ISPs. That cooperation would allow the ISPs to use CopyRouter or their own home-grown solutions, without including cops in the loop directly.

That provision was part of the SAFE Act, a bill introduced by Sen. McCain and Democratic Sen. Chuck Schumer of New York. A McCain aide called the bill a "NCMEC wish list." The SAFE Act also made it a felony for ISPs to fail to report child porn, if they discover it, with penalties up to $300,000 for each instance.

McCain's bill got caught in a tug-of-war with a broader bill written by another player in the presidential election, Sen. Joe Biden, the Democratic vice presidential candidate. Biden's solution leaned more toward law enforcement, giving more money to the Justice Department and state Internet Crimes Against Children task forces, which investigate child pornography.

With NCMEC lined up behind McCain's bill, and other child protection activists (and Oprah Winfrey) pushing for Biden's bill, Congress finally passed them both: McCain bill was folded into the Biden bill, which passed the House and Senate without objection. Republicans were able to cut the spending in the Biden bill, down to $300 million.

With the new law in place, NCMEC has a plan for ISPs to use their new access to the hash values.

"We believe that there needs to be more proactive, voluntary methods to identify illegal child pornography content that bring it to their attention," said Allen, the NCMEC president. "We are working with leading ISPs to do that."

He said NCMEC's Hash Sharing System would share with Internet service providers information on only the " worst of the worst" images of child pornography. An image must depict a pre-pubescent child who has been identified by law enforcement. And it must depict one of the following: "oral, vaginal or anal penetration and/or sexual contact involving a child whether it be genital, digital, or a foreign object; an animal involved in some form of sexual behavior with a child; or lewd or lascivious exhibition of the genitalia or anus. "

"Through this project, NCMEC is also working with the members of the Technology Coalition to test existing software and develop new technologies that will enable ISPs to identify apparent child pornography images by hash value and block them," Allen wrote in an e-mail.

Some ISPs willing to police copyright law
The idea of turning Internet service providers into cops has been opposed and embraced by different ISPs in a different realm — copyright protection. The recording and movie industries have pressed ISPs to monitor their customers to detect traffic copyright violations. AT&T has said it hopes to monitor for pirated content, and has been in discussions with content companies, including NBC Universal (co-owner of, which has pushed for such filtering. Microsoft (the other co-owner of has said it opposes filtering by ISPs.

ISPs also have run into public and government opposition just for slowing down, not blocking, some Internet traffic. The Federal Communications Commission ruled in August, on a 3-2 vote, that Comcast's limiting of BitTorrent traffic was illegal. Comcast said it was merely trying to keep the flood of peer-to-peer file sharing from slowing down the Internet for everyone else. As for CopyRouter, the company's manager said it would not slow down Internet traffic noticeably, because it's not inspecting the contents of files, merely comparing their hash values to a list, which can be done quickly.

Privacy advocates have already raised objections to deep-packet inspection. Earlier this year, a California company named NebuAd proposed a service that would observe Web surfers’ Internet habits through machines installed at ISPs, then inject context-sensitive advertising into the Web sites the consumers visited. It called the system "Behavioral Targeting." Public outcry and rumblings of an investigation from Congress led firms considering the technology to pull out.

Morris, of the Center for Democracy and Technology, said Brilliant Digital's plan constitutes an illegal wiretap, and would run afoul of the Electronic Communications Privacy Act. No firm can listen in on private communications unless it is instructed to do so by a law enforcement official with a proper court order, he said.

‘Enormous First Amendment problems’
Even then, no government agency — even a law enforcement agency or state attorney general's office — could impose a requirement to stop all files on a blacklist, or otherwise create a list of forbidden content, Morris said. Such a list would not pass constitutional muster.

"You can't declare speech, or images, illegal without judicial proceedings," Morris said. "... That creates enormous First Amendment problems. You can't have an agency or outside firm acting as judge and jury on these images."

Also, blocking images before they were delivered would constitute a prior restraint of communication, Morris said, violating the First Amendment right of free speech.

Other methods used to combat child porn — logging IP addresses of frequent senders and investigating them, by using a subpoena to force ISPs to reveal the name, and then knocking on the user's door — raise no such constitutional issues, Morris said. He compared that to a law enforcement official overhearing illegal speech in a public place and prosecuting a speaker. Brilliant Digital's scheme, he said, is more like picking up a telephone and listening in on private conversations.

"As horrible as child pornography is, and it is horrible, you still have to follow the Constitution," Morris said.

At NCMEC, Allen said the privacy interests are being heard. "We have been very sensitive to legitimate free speech and privacy-related concerns. That is one of the reasons we are focusing exclusively on pre-pubescent children and the most egregious images. That does not suggest that child pornography images involving 13-year-old children are acceptable or less serious, however, traditional law enforcement investigation and prosecution efforts are being used for those situations."

A different approach
Another child protection group has a different approach. The National Association to Protect Children, which advised Sen. Biden on his bill, said that blocking of files by Internet service providers could easily be seen by the public as "overreaching," making it harder to get public support for efforts of law enforcement. What's needed, said the group's executive director, Grier Weeks, is for cops to investigate the leads they already have.

"The Department of Justice and all 50 attorneys general are sitting on a mountain of evidence leading straight to the doors of child pornography traffickers," Weeks said. "We could rescue hundreds of thousands of child sexual assault victims tomorrow in America, without raising any constitutional issues whatsoever. But government simply won't spend the money to protect these children. Instead of arrests by the Federal Bureau of Investigation, the child exploitation industry now faces Internet pop-ups from the Friendly Bus Investigators. That was always the fundamental difference between the Biden bill and the McCain bill. Biden wanted to fund cops to rescue children. McCain wanted to outsource the job."

Sen. McCain's general counsel, Lee C. Dunn, said that he's happy that both the law enforcement and technology approaches became law, that his focus was on protecting children. She said the new law does not require any Internet provider to monitor traffic.

"They have the responsibility and their right to manage the network as they wish," Dunn said. "If AOL wants to monitor their network for child porn, some customers may go to them, because they'll keep them from getting this stuff showing up in their e-mail. Other companies may choose not to, and other people may prefer that. We're not dictating to them that they monitor their network."

Brilliant Digital Entertainment is betting that most internet companies will choose to monitor their customers. Michael Speck said his company's product pitches have been well received by law enforcement agencies, government officials and Internet service providers.

"I don't think there's anyone in the Internet space," Speck said, "who doesn't think fighting child sexual exploitation is good business."

Offline portuguese anarchist

  • Member
  • ****
  • Posts: 344
  • Union of European Socialist States prisoner
I knew they would end up trying to shut down the Internet as we know it.

Years ago, when I started to seriously use the Internet to be politically informed, and became even more aware of how powerful this tool is, allowing us access to news and information that we would otherwise never have access to, I questioned myself "What the hell were this guys thinking when they released the Internet?"

"Electronic commerce", I guessed. Not being aware of other implications.

Well, seems that they finally are.

Offline Volitzar

  • Member
  • *****
  • Posts: 1,731
Sux for them !!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated
Yeah, Jay wants us to think that a guy with an AT&T WiFi card can infiltrate this:

Mark III Communications Management Unit (CMU)

The CMU Mark III is the latest Honeywell airborne communications router that supports data link service access between aircraft data link applications and their corresponding ground service providers. This includes Aeronautical Operational Communication (AOC), Controller Pilot Data Link Communication (CPDLC) and Automatic Dependent Surveillance (ADS).

The CMU Mark III is based on ARINC 758 and can be upgraded by software download to an Aeronautical Telecommunications Network (ATN). The CMU Mark III also functions as an ARINC 724B compatible data link router using the Aircraft Communications Addressing and Reporting System (ACARS) network.

Access to the ground network is accomplished by the following links:         Satellite communications (SATCOM)
       Very High Frequency (VHF)
       High Frequency (HF)
       Ultra High Frequency (UHF)

All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately


  • Guest
Jay Rockefeller: "Internet is the #1 cause of attacks, it should not exist"

Internet: "Rockefeller is the #1 cause of attacks, it should not exist"


Offline portuguese anarchist

  • Member
  • ****
  • Posts: 344
  • Union of European Socialist States prisoner
Ahaha  :D

Very well said, Denton.