Tuesday, 24 January 2012

A few Chinese hacker teams do most US data theft



As few as 12 different Chinese groups, largely backed or directed by the government there, do the bulk of the China-based cyberattacks stealing critical data from U.S. companies and government agencies, according to U.S. cybersecurity analysts and experts.

The aggressive, but stealthy attacks, which steal billions of dollars in intellectual property and data, often carry distinct signatures allowing U.S. officials to link them to certain hacker teams. And, analysts say the U.S. often gives the attackers unique names or numbers, and at times can tell where the hackers are and even who they may be.

Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant.

It is largely impossible for the U.S. to prosecute hackers in China, since it requires reciprocal agreements between the two countries, and it is always difficult to provide ironclad proof that the hacking came from specific people.

Several analysts described the Chinese attacks, speaking on condition of anonymity because of the sensitivity of the investigations and to protect the privacy of clients. China has routinely rejected allegations of cyberspying and says it also is a target. “Industry is already feeling that they are at war,” said James Cartwright, a retired Marine general and former vice chairman of the Joint Chiefs of Staff.

A recognized expert on cyber issues, Cartwright has come out strongly in favor of increased U.S. efforts to hold China and other countries accountable for the cyberattacks that come from within their borders. “Right now we have the worst of worlds,” said Cartwright. “If you want to attack me you can do it all you want, because I can’t do anythingabout it. It’s risk free, and you’re willing to take almost any risk to come after me.”

The U.S., he said, “needs to say, if you come after me, I’m going to find you, I’m going to do something about it. It will be proportional, but I’m going to do something … and if you’re hiding in a third country, I’m gong to tell that country you’re there, if they don’t stop you from doing it, I’m going to come and get you.”

Cyber experts agree, and say that companies are frustrated that the government isn’t doing enough to pressure China to stop the attacks or go after hackers in that country. Much like during the Col War with Russia, officials say the U.S. needs to make it clear that there will be repercussions for cyberattacks.

The government “needs to do more to increase the risk,” said Jon Ramsey, head of the counter threat unit at the Atlanta-based Dell SecureWorks, a computer security consulting company. “In the pivate sector we’re always on defense. We can’t do something about it, but someone has to. There is no deterrent not to attack the U.S.”

Cyberattacks originating in China have been a problem for years, but until a decade or so ago analysts said the probes focused mainly on the U.S. government – a generally ackowledged intelligence gathering activity similar to Americans and Russians spying on each other during the Cold War.

But in the last 10 to 15 years, the attacks have gradually broadened to target defense companies, and then other critical industries including those in energy, finance and other sectors. According to Ramsey and other cyber analysts, hackers in China have different digital fingerprints, often visible through the computer code they use, or the command and control computers that they use to route their malicious software through.

U.S. government officials have been reluctant to tie the attacks directly back to the Chinese government, but analysts and officials quietly say that they have tracked enough intrusions to specific locations to be confident they are linked to Beijing – either the government or the military. And, they add that they can sometimes glean who benefited from a particular stolen technology.

One of the analysts said investigations show that the dozen or so Chinese teams appear to get “taskings”, or orders, to go after specific technologies or companies within a particular industry. At times, two or more of the teams appear to get the same shopping list, and compete to be the first to get it, or the one with the greatest haul.

Analysts and U.S. officials agree that a majority of the cyberattacks seeking intellectual property or other sensitive or classified data are done by China-based hackers. While much of the cyberattacks stealing credit card or financial information come from Eastern Europe or Russia.

According to experts, the malicious software or high-tech tools used by the Chinese haven’t gotten much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years.

The tools include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data so it can be transferred back to the attacker’s computer. The malware can then delete itself or disappear until needed again.

Several specific attacks linked to China include:
  1. Two sophisticated attacks against Google’s systems that stole some of the Internet giant’s intellectual property and broke into the Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists.
  2. Last year computer security firm Mandiant reported that data was stolen from a Fortune 500 manufacturing company during business negotiations when the company was trying to buy a Chinese company.
  3. Earlier this year, McAfee traced an intrusion to an Internet protocol address in China and said intruders took data from global oil, energy and petrochemical companies.
For the first time, U.S. intelligence officials called out China and Russia last month, saying they are systematically stealing American high-tech data for their own economic gain. The unusually forceful public report seemed to signal a new, more vocal U.S. government campaign against the cyberattacks.

The next step, said Cartwright, must be a full-throated U.S. policy that makes it clear how the U.S. will deal with cyberattacks, including the attackers as well as the nations the attacks are routed through. Once an attack is detected, he said the U.S. should first go through the State Department to ask the country to stop the attack. If the country refuses, he said, the U.S. will have the right to stop the computer server from sending the attack by whatever means possible while still avoiding any collateral damage.

New large horned viper discovered, but biologists keep location quietNew large horned viper discovered, but biologists keep location quiet



In a remote forest fragment in Tanzania, scientists have made a remarkable discovery: a uniquely-colored horned viper extending over two feet long (643 millimeters) that evolved from its closest relative over two million years ago. Unfortunately, however, the new species—named Matilda’s horned viper (Atheris matildae)—survives in a small degraded habitat and is believed to be Critically Endangered. Given its scarcity, its discoverers are working to preempt an insidious threat to the new species.

Scientists love nothing more than finding unknown animals, but the public announcement has sometimes been the beginning of the species’ undoing, especially in the case of reptiles and amphibians. Hotly pursued by the black market pet trade, in the past new species have been helplessly decimated by collectors shortly after their scientific description is published. As such, Matilda’s horned viper’s discoverers are not only keeping the snake’s location a closely-guarded secret, but have already set up an emergency conservation program. They won’t let this species vanish without a fight.

“The global trade in wildlife is huge, and a very significant part of that is the illegal trade in wild-caught amphibians and reptiles, for the pet trade. Snakes are particularly popular and a new snake arouses considerable interest,” Tim Davenport with the Wildlife Conservation Society (WCS) explained to mongabay.com. “Our concern is that a sudden rush to collect this new snake from such a small forest would at best be unsustainable, and at worst have a major detrimental impact on the species’ survival. Illegal collection for the pet trade is a huge problem in Tanzania due in part to the high number of attractive and endemic species.”
Atheris matildae

To keep the new species safe, researchers collected eleven snakes for a captive breeding program: four males, five females, and two juveniles. The offspring of these snakes are meant to be an insurance against extinction. Along with keeping its exact location in the wild quiet, the conservationists are also going one step further to anticipate the illegal pet trade.

“We are planning to make available the first few dozen offspring from the captive population free of charge, in order to provide the market with captive-bred specimens of the new species. The aim is to avoid collection of wild caught specimens, lower the price of the animal and encourage responsible captive breeding by keepers in the most highly demanding countries,” explains Davenport. “The ultimate goal is also to raise awareness and support for a community-based forest conservation program. Matilda’s horned viper will, it is hoped, be a flagship species for this initiative.”

Their caution is not an overreaction. The researcher argue the species should be listed as Critically Endangered by the IUCN Red List given its tiny range: after extensive surveys the team believes the snake survives in an area smaller than 100 square kilometers.

“In addition, the habitat quality is in decline,” Davenport adds.

Matilda’s horned viper’s closest relative is the forest horned viper (Atheris ceratophora), but Matilda’s is larger, sports different coloration, and has a unique scale pattern on its head (see more photos below). Genetic testing shows the snakes to be separated by 2.2 million years.

“We would like this discovery to contribute to the conservation of the species and its habitat, not to a more rapid demise of the species in the wild,” Davenport says. He and his colleagues also recommend other researchers follow similar paths in announcing new species.

“All three of us [Davenport, Michele Menegon, and Kim Howell] have described new species only to see these same species being illegally and unsustainably harvested just months later. We are not objecting to the pet trade, but we do believe that in most cases there is no justification at all for wild caught animals being collected. The problem is exacerbated by the huge numbers collected from the wild, only a small fraction of which live to reach their ultimate destination. There needs to be far tighter management of the pet trade or else many species will simply be extirpated in the wild by the trade.”

Matilda’s horned viper received its name from a five-year-old girl, Davenport’s daughter.

“When we first discovered the snake, we kept one securely in a tank outside the office while we studied it. My daughter, then five years old, was fascinated and always insisted on helping us feed it and look after it. It became known as Matilda’s viper and the name stuck. We simply added the ‘horned’ later. She is very pleased but of course her younger sister wants a species now too! We will see what we can do…”

Magic Mushrooms’ Can Improve Spiritual Benefits and Psychological Health



The psychedelic drug in magic mushrooms may have lasting medical and spiritual benefits, according to new research from Johns Hopkins School of Medicine. The mushroom-derived hallucinogen, called psilocybin, is known to trigger transformative spiritual states, but at high doses it can also result in “bad trips” marked by terror and panic. The trick is to get the dose just right, which the Johns Hopkins researchers report having accomplished.

In their study, the Hopkins scientists were able to reliably induce transcendental experiences in volunteers, which offered long-lasting psychological growth and helped people find peace in their lives — without the negative effects.

“The important point here is that we found the sweet spot where we can optimize the positive persistent effects and avoid some of the fear and anxiety that can occur and can be quite disruptive,” says lead author Roland Griffiths, professor of behavioral biology at Hopkins.

Giffiths’ study involved 18 healthy adults, average age 46, who participated in five eight-hour drug sessions with either psilocybin — at varying doses — or placebo. Nearly all the volunteers were college graduates and 78% participated regularly in religious activities; all were interested in spiritual experience.

Fourteen months after participating in the study, 94% of those who received the drug said the experiment was one of the top five most meaningful experiences of their lives; 39% said it was the single most meaningful experience.

Critically, however, the participants themselves were not the only ones who saw the benefit from the insights they gained: their friends, family member and colleagues also reported that the psilocybin experience had made the participants calmer, happier and kinder.

Ultimately, Griffiths and his colleagues want to see if the same kind of psychedelic experience could help ease anxiety and fear over the long term in cancer patients or others facing death. And following up on tantalizing clues from early research on hallucinogenic drugs like LSD, mescaline and psilocybin in the 1960s (which are all now illegal), researchers are also studying whether transcendental experiences could help spur recovery from addiction and treat other psychological problems like depression and post-traumatic stress disorder.

For Griffiths’ current experiment, participants were housed in a living room-like setting designed to be calm, comfortable and attractive. While under the influence, they listened to classical music on headphones, wore eyeshades and were instructed to “direct their attention inward.”

Each participant was accompanied by two other research-team members: a “monitor” and an “assistant monitor,” who both had previous experience with people on psychedelic drugs and were empathetic and supportive. Before the drug sessions, the volunteers became acquainted enough with their team so that they felt familiar and safe. Although the experiments took place in the Hopkins hospital complex in order to ensure prompt medical attention in the event that it was needed, it never was.

As described by early advocates of the use of psychedelics — from ancient shamans to Timothy Leary and the Grateful Dead — the psilocybin experience typically involves a sense of oneness with the universe and with others, a feeling of transcending time, space and other limitations, coupled with a sense of holiness and sacredness. Overwhelmingly, these experiences are difficult to put into words, but many of Griffiths’ participants said they were left with the sense that they understood themselves and others better and therefore had greater compassion and patience.

“I feel that I relate better in my marriage. There is more empathy — a greater understanding of people and understanding their difficulties and less judgment,” said one participant. “Less judging of myself, too.”

Another said: “I have better interaction with close friends and family and with acquaintances and strangers. … My alcohol use has diminished dramatically.”

To zero in on the “sweet spot” of dosing, Griffiths started half the volunteers on a low dose and gradually increased their doses over time (with placebo sessions randomly interspersed); the other half started on a high dose and worked their way down.

Those who started on a low dose found that their experiences tended to get better as the dose increased, probably because they learned what to expect and how to handle it. But people who started with high doses were more likely to experience anxiety and fear (though these feeling didn’t last long and sometimes resolved into euphoria or a sense of transcendence).

“If we back the dose down a little, we have just as much of the same positive effects. The properties of the mystical experience remain the same, but there’s a fivefold drop in anxiety and fearfulness,” Griffiths says.

Some past experiments with psychedelics in the ’60s used initial high doses of the drugs — the “blast people away with a high dose” model, says Griffiths — to try to treat addiction. “Some of the early work in addictions was done with the idea of, ‘O.K., let’s model the ‘bottoming-out’ crisis and make use of the dark side of [psychedelic] compounds. That didn’t work,” Griffiths says.

It may even have backfired: other research on addictions shows that coercion, humiliation and other attempts to produce a sense of “powerlessness,” tend to increase relapse and treatment dropout, not recovery. (And the notorious naked LSD encounter sessions conducted with psychopaths made them worse, too.)

Griffiths is currently seeking patients with terminal cancer to participate in his next set of experiments (for more information on these studies, click here); because psychedelics often produce a feeling of going beyond life and death, they are thought to be especially likely to help those facing the end of life. Griffiths is also studying whether psilocybin can help smokers quit.

Griffiths and other researchers like him are hoping to bring the study of psychedelics into the future. They want to build on the promise that some of the early research showed, while avoiding the bad rep and exaggerated claims — for example, that LSD was harmless and could usher in world peace — that became associated with the drugs when people started using them recreationally in the 1960s. The resulting negative publicity helped shut down the burgeoning research.

This time around, caution may be paying off. Dr. Jerome Jaffe, America’s first drug czar, who was not involved with the research, said in a statement, “The Hopkins psilocybin studies clearly demonstrate that this route to the mystical is not to be walked alone. But they have also demonstrated significant and lasting benefits. That raises two questions: could psilocybin-occasioned experiences prove therapeutically useful, for example in dealing with the psychological distress experienced by some terminal patients?

“And should properly-informed citizens, not in distress, be allowed to receive psilocybin for its possible spiritual benefits, as we now allow them to pursue other possibly risky activities such as cosmetic surgery and mountain-climbing?”

The study was published in the journal Psychopharmacology.