SPECIAL REPORT: When it comes to hacking, the best defense is not the best offense.
Even as the U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.
The strategy is spurring concern in the technology industry and intelligence community that Washington is in effect encouraging hacking and failing to disclose to software companies and customers the vulnerabilities exploited by the purchased hacks.
That’s because U.S. intelligence and military agencies aren’t buying the tools primarily to fend off attacks. Rather, they are using the tools to infiltrate computer networks overseas, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.
The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired.
Moreover, the money going for offense lures some talented researchers away from work on defense, while tax dollars may end up flowing to skilled hackers simultaneously supplying criminal groups. “The only people paying are on the offensive side,” said Charlie Miller, a security researcher at Twitter who previously worked for the National Security Agency.
The Indian government faced an angry backlash from Twitter users on Thursday after ordering Internet service providers to block about 20 accounts that officials said had spread scare-mongering material that threatened national security.
The backlash came as New Delhi turned up the heat on Twitter, threatening “appropriate and suitable action” if it failed to remove the accounts as soon as possible. Several Indian newspapers said this could mean a total ban on access to Twitter in India but government officials would not confirm to Reuters that such a drastic step was being considered.
There was no immediate response from Twitter, which does not have an office in India. There are about 16 million Twitter users in the South Asian country.
India blocked access to more than 300 Web pages after threatening mobile phone text messages and doctored website images fuelled rumors that Muslims, a large minority in the predominantly Hindu country, were planning revenge attacks for violence in the northeastern state of Assam, where 80 people have been killed and 300,000 have been displaced since July.
DEVELOPING: U.N. investigators finish inquiry into Houla massacre
U.N. investigators have wrapped up their inquiry into the Houla massacre and have concluded that Syrian government forces and Shabbiha fighters were responsible for killing more than 100 civilians, half of those children.
The report finds that crimes by Syrian government forces indicate involvement at the “highest levels of armed and security forces and the government.”
The report also found that Syrian rebel fighters have committed war crimes, including murder and torture, but those abuses “did not reach the gravity, frequency and scale” of government abuses.
The U.N. investigators have called on U.N. Chief Ban Ki-moon to send their report to the U.N. Security COuncil to take appropriate action given the gravity of the crimes by all sides.
The U.S. Postal Service reported a net loss of $3.3 billion in its first quarter as plummeting mail volumes overshadowed stronger than expected holiday shipping, the cash-strapped agency said on Thursday.
The mail carrier has watched its traditional business erode as increasing use of email and online bill-paying drain mail volumes. The Postal Service lost $5.1 billion last year.
Protesters chant anti-government slogans during a protest condemning the death of soccer fans at Port Said stadium, near the Interior Ministry in Cairo, February 2, 2012.
Egyptians incensed by the deaths of 74 people in soccer violence staged protests in central Cairo on Thursday as the army-led government came under fire for failing to prevent the deadliest incident since the overthrow of Hosni Mubarak. [REUTERS/Asmaa Waguih]
While we believe that online piracy by foreign websites is a serious problem that requires a serious legislative response, we will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet. Any effort to combat online piracy must guard against the risk of online censorship of lawful activity and must not inhibit innovation by our dynamic businesses large and small. Across the globe, the openness of the Internet is increasingly central to innovation in business, government, and society and it must be protected. To minimize this risk, new legislation must be narrowly targeted only at sites beyond the reach of current U.S. law, cover activity clearly prohibited under existing U.S. laws, and be effectively tailored, with strong due process and focused on criminal activity. Any provision covering Internet intermediaries such as online advertising networks, payment processors, or search engines must be transparent and designed to prevent overly broad private rights of action that could encourage unjustified litigation that could discourage startup businesses and innovative firms from growing.