Company that found bug has connections to Google, Obama, DHS, and FBI
April 9, 2013
Dire warnings about Heartbleed, a serious internet security risk affecting millions of websites, is echoing across the internet today. Described as a flaw in OpenSSL, the open source encryption technology used by the vast majority of web servers, Heartbleed is said to put HTTPS e-commerce websites at risk.
The bug “can give hackers access to personal data like credit card numbers, usernames, passwords, and, perhaps most importantly, cryptographic keys—which can allow hackers to impersonate or monitor a server,” writes Lily Hay Newman.
The risk was discovered by a Google researcher at Codenomicon, a Finnish company specializing in the development of “fuzzing tools” to ensure computer network security. The Codenomicon client base includes government and the defense industry and, as noted below, has suspicious connections to Obama, DHS, and the FBI.
The current buzz about Heartbleed plays into an ongoing government propaganda campaign to forge a public-private cybersecurity infrastructure.
The latest warning came from the Communications Director for Willis Global Energy Practice during a seminar held in London. He said the “energy industry is sitting on an unexploded bomb from uninsured cyber attacks” due, in large part, to web-based control systems which are routinely insecure.
In 2010, the effort to portray the internet as vulnerable and in need of government protection took the shape of a simulated cyber attack. The war game was organized by the Bipartisan Policy Center, an insider think tank, and sponsored by “companies with financial stakes in the future of cyber defense — General Dynamics is one — but also companies whose transactions are the lifeblood to the American economy, and who want to foster a greater sense of urgency among the public and policymakers,” according to Marc Ambinder of The Atlantic.
Cyber attacks often seem timed to underscore government cybersecurity talking points and proposed legislation. For instance, in February, an unprecedented denial of service attack occurred several days after the National Cybersecurity and Critical Infrastructure Protection Act found its way to the House floor. The legislation, supported by Republicans and Democrats, codifies “an equal partnership between private industry and DHS.”
The government considers this merging of government and corporate operations – basically corporatism, as Mussolini defined it – so essential Senator Jay Rockefeller tried to get the Cybersecurity Act of 2013 added as an amendment to the National Defense Authorization Act.
Takeaway from Heartbleed: Live every day as if you'll lose your SSL private keys tomorrow. Use forward secrecy. https://t.co/PpzMhLqm2I
— EFF (@EFF) April 9, 2014
Earlier this month, former Sen. Evan Bayh, an Indiana Democrat, told the American Bar Association Section of International Law 2014 Spring Meeting in New York Congress is unlikely to pass cybersecurity legislation this session.
“I think it’s not likely there will be legislative action” Bayh said. “That’s too bad. It will probably take a cyberattack succeeding in some way that significantly harms the country before we’ll be able to reconcile the debate in Washington about legislation.”
Bayh said a large cyberattack would likely result in “some mandatory standards that will make what’s been proposed, at least right now, pale in comparison. Because we always way overreact once we’ve been attacked, and both sides need to get that in their minds, because that’s what is coming,” he said.
Bayh, who sat on the Senate’s Select Committee on Intelligence, is now on the CIA’s advisory board. Due to this fact, his warning and prediction, expressed as a foregone conclusion, carries extraordinary weight.
Finally, it should be noted that Howard Schmidt, the former Cybersecurity Coordinator and Special Assistant to Obama, sits on the board of directors of Codenomicon.
Schmidt, who also worked for the FBI and the Department of Homeland Security, “was responsible for coordinating interagency cybersecurity policy development and implementation and coordinated engagement with federal, state, local, international and private sector cybersecurity partners,” a company page on the Codenomicon Defensics page states.
It is telling a company linked to Google, with its known intelligence connections, and having a member of the board of directors connected directly to the Obama administration’s cyber security initiative in addition to the DHS and the FBI, should discover a network vulnerability begging a government intervention.