Thursday, May 17, 2012

Army Wants To Monitor Your Computer Activity




By Joe Gould - Staff writer
Posted : Saturday May 5, 2012 12:22:14 EDT
Courtesy Of "The Army Times"


In the wake of the biggest dump of classified information in the history of the Army, the brass is searching for ways to watch what every soldier is doing on his or her Army computer.
The Army wants to look at keystrokes, downloads and Web searches on computers that soldiers use.
Maj. Gen. Steven Smith, chief of the Army Cyber Directorate, said the software was one of his chief priorities, joking that it would take the place of a lower-tech solution: “A guy with a large bat behind every user as they go to search the Internet.”
“Now we’ve been in the news — I don’t know if you’ve seen it — with a little insider threat issue,” Smith continued.
Smith did not mention Pfc. Bradley Manning by name. However, the effort comes in the wake of the former intelligence analyst’s alleged leak of hundreds of thousands of pages of classified documents to the anti-secrecy organization WikiLeaks in 2009 and 2010. Manning faces a military trial on 22 counts, including aiding the enemy.
According to Smith, the Army will soon shop for software pre-programmed to detect a user’s abnormal behavior and record it, catching malicious insiders in the act. Though it is unclear how broadly the Army plans to adopt the program, the Army has more than 900,000 users on its computers.
Smith explained how it might work.
“So I’m on the South American desk, doing intelligence work and all of a sudden I start going around to China, let’s say,” Smith said. “That might be an anomaly, it might be justified, but I would sure like to know that and let someone make a decision, almost at the speed of thought.”
The scenario echoes the allegations against Manning: As an intelligence analyst charged with researching the Shiite threat to Iraqi elections, Manning raided classified networks for State Department cables, Afghanistan and Iraq war logs and video from a helicopter attack, according to courtroom testimony.
Software of the type Smith describes is at various stages of development in the public and private sectors. Such software could spy on virtually any activity on a desktop depending on its programming, to detect when a soldier searches outside of his or her job description, downloads massive amounts of data from a shared hard drive or moves the data onto a removable drive.
The program could respond by recording the activity, alerting an administrator, shutting down the user’s access, or by feeding the person “dummy data” to watch what they do next, said Charles Beard, a cybersecurity executive with the defense firm SAIC’s intelligence, surveillance and reconnaissance group.
“It’s a giant game of cat and mouse with some of these actors,” Beard said.
What’s exciting, Smith said, is the possibility of detecting problems as they happen, on what cybersecurity experts call “zero day,” as opposed to after the fact.
“We don’t want to be forensics experts. We want to catch it at the perimeter,” Smith said. “We want to catch this before it has a chance to be exploited.”

A GOVERNMENTWIDE EFFORT




The Army’s efforts dovetail with a broader federal government initiative. President Obama signed an executive order last October that established an Insider Threat Task Force to develop a governmentwide program to deter, detect and mitigate insider threats.
Among other responsibilities, it would create policies for safeguarding classified information and networks, and for auditing and monitoring users.
In January, the White House’s Office of Management and Budget issued a memo directing government agencies that deal with classified information to ensure they adhere to security rules enacted after the WikiLeaks debacle.
Beyond technical solutions, the document asks agencies to create their own “insider threat program” to monitor employees for “behavioral changes” suggesting they might leak sensitive information.
The interagency Insider Threat Task Force is aiming to complete work on the new standards by October. These standards may address training and employee awareness protocols, said John Swift III, senior policy adviser to a task force now working on the draft policy.
Deanna Caputo, lead behavioral psychologist for Mitre Corp., said both technical solutions and monitoring of human behaviors are needed for a successful detection and prevention program.
“To think that we can tackle the problem simply by technical solutions is a mistake,” Caputo said.
A “culture of reporting” is essential, she said. “We need to up the ante and expect a little bit more from our people” to report abnormal behaviors among their co-workers. However, “there is a fine line with that [reporting]. People need to trust they are in a safe environment to do their job.”
Carnegie Mellon’s Software Engineering Institute has compiled 700 insider threat case studies, and come up with two broad profiles of insiders who steal intellectual property in business settings.
One is an “entitled independent” disgruntled with his job who typically exfiltrates his work a month before leaving. The other is an “ambitious leader” who steals information on entire systems and product lines, sometimes to take to a foreign country, such as China.
According to Patrick Reidy, who leads the FBI’s insider threat program, such users may be conducting authorized activities for malicious ends, and their actions would not register on intrusion detection or anti-virus systems.
“People look at computers and networks but not people and data,” he said. “The insider threat is all about people.”
Reidy, Swift and Caputo discussed the effort at a defense industry convention in Washington, D.C., on April 4.

THE ‘PRE-CRIME’ DIVISION




Private industry and the Defense Advanced Research Projects Agency are among the entities that have technological solutions in various stages of progress.
Raytheon’s SureView software captures any security breach or policy violation it’s programmed to find and can “replay the event like a DVR,” for a local administrator or others to view, according to the company’s website. The software’s trigger is programmable and can be set to any behavior considered suspicious or not.
Working with Raytheon, a group of cadets from the U.S. Military Academy at West Point last year conducted a simulation of an insider attack at a forward operating base. Cadets looked at how to fine-tune the way SureView detects potential threats and eliminate false positives for innocuous behavior, said West Point computer science professor Col. Greg Conti.
“It was very powerful, very flexible and allowed you to monitor with very fine resolution activities on the desktop, and the real trick becomes how you detect anomalous behavior,” Conti said. “Predictive models are kind of the holy grail. When you see that no one else has done something but bad guys, you can start being predictive.”
At SAIC, which is testing a behavior analytics system, Beard likened behavioral modeling to the Pre-Crime unit from the science fiction movie “Minority Report.” Instead of using psychics to stop crimes before they occur, the software would be programmed to detect behavior that has preceded malicious acts in the past.
In real life, researchers are examining the behavior of malicious insiders to see what actions they took before they acted out. That in turn would be used to teach the software what behavior to flag.
“We may want to administer policies that say, ‘Gee, gosh, why do you really want to download 300 [megabytes] of stuff or a gig of data in a single session?’ ” Beard said. “We look for the antecedents of behavior that would suggest based on past history that bad things are going to take place.”
That could be visiting restricted websites, requesting access to information outside of one’s job description or asking for large amounts of storage media — or likely some combination of the above. Individually, the actions may not seem problematic, but combined and in the context of human intelligence, they could raise alarms.
“We start taking those things and recombining them to say, ‘What is going on in the environment?’ ” Beard said. “Any one of those things independently can be totally innocuous and innocent, but when you put them together — plus their job, plus their access, plus the things they are working on — you may be looking at it as a counterintel kind of thing.”

DRAWBACKS AND CHALLENGES




Cybersecurity expert Michael Tanji, an Army veteran who has spent nearly 20 years in the U.S. intelligence community, said he sees potential drawbacks and unanswered policy questions. He asked how the Army would implement such technology without unintentionally stifling cross-disciplinary collaboration among soldiers.
Knowing they are being monitored, personnel might avoid enterprising or creative behavior for fear it would be flagged by monitoring software, he said.
Tanji also predicted the technology would come at a considerable financial cost, both to warehouse the data collected by the software and to pay the added staff needed to monitor the reports it generates.
“A brigade-sized element that uses computers on a regular basis would probably need a company-sized element just to keep up with the data that comes in,” he said.
Reidy, the FBI official, said such concerns were valid. Because software may report benign behavior as malicious and vice versa, he cautioned against using technical solutions alone to solve insider threats.
“After a major incident, and no offense to any vendors, but the charlatanism always goes up,” he said. “It’s absolutely amazing how many phone calls I get from people who say they have solved the WikiLeaks problem or solved this or that problem. Everybody’s got to eat, but it’s simply not true.”
Finding bad behavior amid the vast sea of keystrokes, downloads and Web browsing on military computers is no easy task, DARPA acknowledges.
A DARPA solicitation for Suspected Malicious Insider Threat Elimination, or SMITE, announces it is attempting to recognize “moving targets” — telltale patterns of behavior amid “enormous amounts of noise (observational data of no immediate relevance).”
The program, based in behavioral science, would have to distinguish anomalous behavior from normal behavior, and deceptive and malicious behavior from anomalous behavior, the solicitation reads.
A solicitation for another program — Anomaly Detection at Multiple Scales, or ADAMS — uses accused Fort Hood shooter Maj. Nidal Hasan to frame the problem. It asks how to sift for anomalies through millions of data points — the emails and text messages on Fort Hood, for instance — using a unique algorithm, to rank threats and learn based on user feedback.
The program is trying to look beyond computers to spot the point when a good soldier turns, whether that means homicidal or suicidal or ready to dump stolen data.
“When we look through the evidence after the fact, we often find a trail — sometimes even an ‘obvious’ one,” the solicitation states. “The question is, can we pick up the trail before the fact, giving us time to intervene and prevent an incident? Why is that so hard?”

36 comments:

  1. Anonymous9:20 AM

    Genuinely no matter if someone doesn't be aware of then its up to other visitors that they will assist, so here it happens.

    Feel free to surf to my web site - workouts to increase vertical jump

    ReplyDelete
  2. Anonymous5:23 AM

    No matter if some one searches for his required thing, so he/she desires to be available
    that in detail, therefore that thing is maintained over here.


    Here is my blog: phoenix medical malpractice attorney

    ReplyDelete
  3. Anonymous6:09 AM

    This web site certainly has all the info I wanted about
    this subject and didn't know who to ask.

    Feel free to surf to my website - vertical leap workouts

    ReplyDelete
  4. Anonymous7:48 AM

    hello there and thank you for your info – I've definitely picked up anything new from right here. I did however expertise some technical issues using this website, since I experienced to reload the website many times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I am complaining, but slow loading instances times will sometimes affect your placement in google and could damage your quality score if ads and marketing with Adwords. Anyway I am adding this RSS to my e-mail and can look out for much more of your respective fascinating content. Make sure you update this again very soon.

    my blog post ... bahnauskunft

    ReplyDelete
  5. Anonymous12:15 AM

    Hello there! I know this is kinda off topic however ,
    I'd figured I'd ask. Would you be interested in trading links or maybe guest authoring a blog post or vice-versa?

    My website goes over a lot of the same topics as yours and I think we
    could greatly benefit from each other. If you happen to be interested
    feel free to send me an e-mail. I look forward to hearing from you!
    Terrific blog by the way!

    my website; www.articledirectorynews.com

    ReplyDelete
  6. Anonymous8:37 AM

    My partner and I stumbled over here from a different page and thought
    I might as well check things out. I like what I see so i
    am just following you. Look forward to checking out your web
    page repeatedly.

    Feel free to surf to my web site ... workouts to increase vertical jump

    ReplyDelete
  7. Anonymous2:19 PM

    all the time i used to read smaller articles
    or reviews which also clear their motive,
    and that is also happening with this piece of writing which
    I am reading at this place.

    Also visit my webpage: exercises to improve vertical

    ReplyDelete
  8. Anonymous7:53 PM

    Definitely believe that that you stated. Your favorite justification seemed to be at the internet the easiest thing to be
    aware of. I say to you, I certainly get annoyed while other
    people consider concerns that they just do not understand
    about. You controlled to hit the nail upon the top as smartly as outlined out the entire thing without
    having side-effects , people can take a signal. Will probably be again to
    get more. Thanks

    Also visit my homepage; http://www.jinn-tech.com/wikka/RosacgDuvallev

    ReplyDelete
  9. Anonymous10:22 PM

    Hello very nice site!! Man .. Beautiful .. Wonderful .
    . I'll bookmark your blog and take the feeds also? I'm happy to seek out numerous useful
    information right here within the submit, we need develop extra techniques in this regard, thank you for
    sharing. . . . . .

    Feel free to visit my homepage :: workouts to improve vertical jump

    ReplyDelete
  10. Anonymous10:37 PM

    Incredible quest there. What happened after? Thanks!

    Look at my website - Universells.Com

    ReplyDelete
  11. Anonymous8:44 PM

    At this time it appears like Movable Type is the top blogging platform out there
    right now. (from what I've read) Is that what you are using on your blog?

    Feel free to surf to my site: exercises for vertical leap

    ReplyDelete
  12. Anonymous11:57 PM

    I'm curious to find out what blog system you are working with? I'm experiencing some minor security issues with
    my latest blog and I would like to find something more safe.
    Do you have any recommendations?

    Also visit my web-site http://abboiler.com/msgboard/profile.php?id=24780

    ReplyDelete
  13. Anonymous12:04 AM

    This page truly has all the information and facts I needed concerning this subject and didn't know who to ask.

    Here is my blog post; travel 001

    ReplyDelete
  14. Anonymous3:47 AM

    No matter if some one searches for his required thing, thus he/she desires to be available that in detail, therefore that thing is maintained over here.



    Here is my website: workouts to improve vertical

    ReplyDelete
  15. Anonymous3:53 PM

    It's actually very complicated in this busy life to listen news on Television, thus I simply use internet for that purpose, and obtain the latest news.

    Feel free to surf to my web-site: workouts to increase vertical leap

    ReplyDelete
  16. Anonymous6:31 PM

    It's a shame you don't have a donate button!
    I'd definitely donate to this superb blog! I suppose for now i'll settle for bookmarking and adding your RSS feed to
    my Google account. I look forward to fresh updates and will talk about
    this site with my Facebook group. Talk soon!

    Also visit my webpage - vacation email gmail

    ReplyDelete
  17. Anonymous3:56 AM

    It's actually very complex in this active life to listen news on Television, so I only use internet for that purpose, and obtain the latest news.

    Feel free to surf to my blog post: the-q-factor.net

    ReplyDelete
  18. Anonymous4:24 PM

    A fascinating discussion is worth comment. There's no doubt that that you need to publish more on this subject, it may not be a taboo matter but typically people do not talk about these subjects. To the next! All the best!!

    Here is my page: exercises to improve vertical

    ReplyDelete
  19. Anonymous10:49 PM

    It's an amazing article designed for all the online people; they will get benefit from it I am sure.

    Also visit my site ... exercises to improve vertical jump

    ReplyDelete
  20. Anonymous11:23 PM

    Greetings! Very useful advice within this post!
    It is the little changes that produce the most important changes.
    Thanks for sharing!

    My web page ... workouts to improve vertical jump

    ReplyDelete
  21. Anonymous1:19 PM

    When I originally commented I clicked the "Notify me when new comments are added" checkbox and now each time a comment is added I get three emails with
    the same comment. Is there any way you can remove people from that service?

    Appreciate it!

    Also visit my homepage vertical jump workouts

    ReplyDelete
  22. Anonymous3:13 AM

    I'm not sure why but this weblog is loading incredibly slow for me. Is anyone else having this problem or is it a problem on my end? I'll
    check back later on and see if the problem still exists.

    Feel free to surf to my blog - demo.socialengineexpress.com

    ReplyDelete
  23. Anonymous8:36 AM

    I'll right away clutch your rss as I can not find your e-mail subscription hyperlink or e-newsletter service. Do you've any?

    Kindly let me understand in order that I may just subscribe.
    Thanks.

    Feel free to visit my blog post :: Workouts To Improve Vertical Jump

    ReplyDelete
  24. Anonymous9:55 AM

    Thank you a bunch for sharing this with all of us you really recognise what
    you are speaking approximately! Bookmarked. Kindly additionally
    talk over with my web site =). We could have a hyperlink trade
    contract among us

    Also visit my blog post; exercises to increase vertical leap

    ReplyDelete
  25. Anonymous9:39 AM

    Definitely consider that which you said. Your favorite reason appeared to
    be on the net the simplest factor to be mindful of. I say to you, I certainly get annoyed while other folks consider
    concerns that they just do not recognize about.
    You controlled to hit the nail upon the top and defined out the
    entire thing with no need side-effects , people can take a signal.
    Will likely be again to get more. Thank you

    Also visit my homepage: Workouts for vertical leap

    ReplyDelete
  26. Anonymous2:11 AM

    I was suggested this blog by my cousin. I'm not sure whether this post is written by him as nobody else know such detailed about my problem. You are incredible! Thanks!

    Look into my blog post; Vertical Jump workouts

    ReplyDelete
  27. Anonymous4:50 AM

    My family every time say that I am killing my time
    here at web, however I know I am getting familiarity
    daily by reading thes good articles or reviews.

    my weblog :: brianiacgear.com

    ReplyDelete
  28. Anonymous4:13 PM

    Amazing! This blog looks exactly like my old one!
    It's on a totally different topic but it has pretty much the same page layout and design. Great choice of colors!

    Feel free to visit my webpage ... vertical jump workouts

    ReplyDelete
  29. Anonymous4:56 PM

    Just wish to say your article is as amazing. The clarity
    in your post is simply great and i could assume you
    are an expert on this subject. Fine with your permission allow me to grab your RSS feed to keep
    up to date with forthcoming post. Thanks a million and please keep
    up the rewarding work.

    My web site - workouts to increase vertical jump

    ReplyDelete
  30. Anonymous5:53 AM

    I all the time emailed this blog post page to all my friends, because if like to read it next
    my friends will too.

    Feel free to surf to my page :: connectoria.info

    ReplyDelete
  31. Anonymous7:22 AM

    Hey just wanted to give you a quick heads up and let you know a few of the images
    aren't loading correctly. I'm not sure why but I think its a linking issue.
    I've tried it in two different internet browsers and both show the same outcome.

    My homepage - exercises to increase vertical jump

    ReplyDelete
  32. Anonymous8:20 AM

    Hi there, just became aware of your blog through Google, and found that
    it is truly informative. I'm going to watch out for brussels. I'll appreciate
    if you continue this in future. Numerous people will be
    benefited from your writing. Cheers!

    my web-site workouts to improve vertical Jump

    ReplyDelete
  33. Anonymous5:03 PM

    When someone writes an piece of writing he/she maintains the
    thought of a user in his/her brain that how a user can know it.
    So that's why this paragraph is perfect. Thanks!

    Also visit my web blog; http://www.ruffsnstuff.com

    ReplyDelete