Cyberwar: “Do as I say, not as I do” shall be the whole of the law.

Summary:   Much of the hooplah about the possible involvement of foreign intelligence in digital certificate-forging is probably foreign governments wishing they had the level of access to citizen data that ours does (and we won’t share).  The second in a series by guest author Marcus J. Ranum discussing cyberwar — perhaps one of the major forms of war in the 21st century.

Article deleted at author’s request.

 

(6)  For more information about cyberwar

(a)  About this incident:

1. DigiNotar Certificate Authority breach “Operation Black Tulip”, Interim Report by FOX-IT, 5 September 2011 — FOX-IT are security consultants hired to investigate this incident.
2. “Fake DigiNotar web certificate risk to Iranians“, BBC, 5 September 2011
3. “Dutch Government Struggles to Deal With DigiNotar Hack“, PC World, 7 September 2011
4. “SSL Certificate Authority Recall Grows“, eSecurity Planet, 7 Spetember 2011 — “Mozilla issues yet another Firefox update for SSL issues as certificate authority risks mount beyond DigiNotar.”
5. “DigiNotar Certificate Authority Breach Crashes e-Government in the Netherlands“, IEEE Spectrum, 9 September 2011

(b)  About cyber-snooping by the US government:

1. “Certifed Lies: Detecting and Defeating Government Interception Attacks Against SSL“, Christopher Soghoian (Indiana U – Bloomington) and Sid Stammy, working paper posted at SSRN, 16 April 2010
2. Article about VeriSign (“Trust is the Foundation of Every Human Relationship”):  “VeriSign sells digital certification services and runs the Internet registry, thus is well prepared to sell private information on its all-too-trusting customers and to assist ISPs and wireless providers in the business of betrayal, though it is hardly alone in spying boomtime.”
3. Facebook Subpoena / Search Warrant Guidelines
4. “Patriot Act – The kitchen-sink approach to national security“, Benjamin Wallace-Wells, New York, 27 August 2011
5. A Review of the FBI’s Use of Exigent Letters and Other Informal Requests for Telephone Records, Office of the Inspector General of the US Department of Justice, January 2010
6. A thread for the tinfoil hatters:  “Beware Verisign has a security breach“, DN Forum, 2003

.

.