PDA

View Full Version : Cybersecurity Measures Will Mandate Government “ID Tokens” To Use The Internet



Zeitus42
June 29th, 2010, 01:38 PM
The move to shut down and regulate the Internet under a new government-controlled system has accelerated into high gear with the announcement that the government’s cybersecurity strategy revolves around issuing Internet users with ID “tokens” without which they will not be able to visit websites, the latest salvo against web freedom which, in combination with Senator Joe Lieberman’s ‘kill switch’ bill, will serve to eviscerate the free Internet as we know it.
Under the guise of “cybersecurity,” the government is moving to discredit and shut down the existing Internet infrastructure in the pursuit of a new, centralized, regulated world wide web.
It is important to stress that “cybersecurity” has nothing to do with protecting the infrastructure of the United States and everything to do with taking over the Internet. Cybersecurity is about attacking non-compliant Internet users, not defending against hackers. Non-compliance equates as using the Internet as a political tool to dissent against the policies of the U.S. government. Having already tried and failed in flooding the web with paid disinformation agents, the government is now turning to its only recourse, exploiting hyped or outright staged cyberattacks as an excuse through which to implement an Internet 2 system controlled and regulated solely by the authorities.
We are constantly told that the Internet needs to be subject to government control because cyberterrorists could hack in and bring down the national power grid. However, the vast majority of the U.S. power infrastructure is not connected to the Internet. It will only be connected to the Internet if the government accelerates the implementation of “smart grid” technology, so in this sense, the government itself is leaving the power grid more vulnerable to hackers by its own programs.
Threats against computer networks in the United States are grossly exaggerated. Dire reports issued by the Defense Science Board and the Center for Strategic and International Studies “are usually richer in vivid metaphor — with fears of ‘digital Pearl Harbors’ and ‘cyber-Katrinas’ — than in factual foundation,” writes Evgeny Morozov, a Belarus-born researcher and blogger who writes on the political effects of the internet.



http://www.youtube.com/watch?v=YoZQ9FsE1b0

http://www.infowars.com/cybersecurity-measures-will-mandate-government-id-tokens-to-use-the-internet/

Tristam Green
June 29th, 2010, 02:42 PM
Reputable Source is where?

SonicSteve
June 29th, 2010, 03:05 PM
I have to ask the same question. Where is the source for this? While I don't have a difficult time believing it could happen, this is the kind of claim that needs some valid sources.

Having said that, a quick google search turns up page after page about this. All in the name of "cybersecurity" and "in case of war". It seems real enough.

kamaboko
June 29th, 2010, 03:09 PM
I should start a "I'm gonna scare you with disinformation talk show" too. The show mantra will be...."everything is a conspiracy".

sydbat
June 29th, 2010, 03:10 PM
Successful troll is successful.

ubunterooster
June 29th, 2010, 03:13 PM
Aaah! PANIC! We are all robots already! LOL.

Sorry, but without any listed source, that is how it comes across

Tristam Green
June 29th, 2010, 03:15 PM
Successful troll is successful.

I'll be the first to admit, I'll loud out a tinfoil hatter any day.

chiliman
June 29th, 2010, 03:44 PM
Almost like the freedom bashing law called the patriot act. those buttheads didnt even read that bill before they sighned it. And itll be no different if this is true.

RiceMonster
June 29th, 2010, 03:47 PM
Do majorleague baseball's spy satellites have any involvement in this?

Tristam Green
June 29th, 2010, 03:50 PM
Almost like the freedom bashing law called the patriot act. those buttheads didnt even read that bill before they sighned it. And itll be no different if this is true.

in before politicalock.

if you think congressmen themselves actually read laws in full, rather than getting a staff-created synopsis of the bill, then "you be silly".

ve4cib
June 29th, 2010, 03:51 PM
I should start a "I'm gonna scare you with disinformation talk show" too. The show mantra will be...."everything is a conspiracy".

Somebody beat you to it (http://www.coasttocoastam.com/).

(Granted, I haven't listened to Coast to Coast AM in a long time, but back in the day it was pretty conspiracy-laden. I can't imagine things have changed too much.)

chiliman
June 29th, 2010, 03:56 PM
in before politicalock.

if you think congressmen themselves actually read laws in full, rather than getting a staff-created synopsis of the bill, then "you be silly".


>>>waits patiently for admin to lock thread<<< we will see, ill have to re-read the forum rules lol

kamaboko
June 29th, 2010, 04:10 PM
Somebody beat you to it (http://www.coasttocoastam.com/).

(Granted, I haven't listened to Coast to Coast AM in a long time, but back in the day it was pretty conspiracy-laden. I can't imagine things have changed too much.)

Yes, Art Bell. My favorite wacko on that show is Richard Hoagland: the face on Mars guy.

sydbat
June 29th, 2010, 04:24 PM
Do majorleague baseball's spy satellites have any involvement in this?Remember - Shiny side out to repel the signals...

Crunchy the Headcrab
June 29th, 2010, 04:32 PM
Remember - Shiny side out to repel the signals...Beware of Mark McGwire!

Rey117
June 29th, 2010, 05:04 PM
Yes...got in before the destruction. So if this is true what about internet connections around the world? Doesn't seem plausible or practical...and a huge waste of money...

McRat
June 29th, 2010, 05:05 PM
Thought:

If every device hooked to the internet had a S/N, and there was a server system like Google, you could track down cyber criminals enough to reverse the trend.

Most devices already have S/N's or they could be created by registering on with the "SN server". S/N info would have to be attached to headers on transmissions (not per packet, just the first packet).

Yes, it would be expensive and clumsy at first.

But even if you don't prosecute the cyber perp due to juristiction, you can effectly earmark their equipment as being rogue. A rogue computer or a rogue path (routers, servers, etc) would require more substantial verification before money can be transferred.

Cyber crime is expanding at a rate that existing technology cannot keep up with. Banks move slowly. In another 10 years, if no progress is made, it will not be possible to rely on the internet for money transactions. Or at the least, you will pay a "processing fee" that mitigates the risk.

One thing that I love about the internet, is that the prices are often lower than I can buy locally. If cybercrime costs hit 2% of transactions (it will if nothing is done), I guarantee that businesses will start charging for the fraud costs.

betrunkenaffe
June 29th, 2010, 05:08 PM
Welcome to China

McRat
June 29th, 2010, 05:12 PM
Welcome to China

Which part? Where the government controls political content, or

Where businesses are set up that do nothing but cybercrime?

Tristam Green
June 29th, 2010, 05:19 PM
Beware of Mark McGwire!

who wants to see me knock some out of the park?

Bachstelze
June 29th, 2010, 05:25 PM
A rogue computer or a rogue path (routers, servers, etc) would require more substantial verification before money can be transferred.

And how do you know that "money is transferred"? There are no bank notes sent over the wire, all you see is encrypted traffic.

McRat
June 29th, 2010, 05:40 PM
And how do you know that "money is transferred"? There are no bank notes sent over the wire, all you see is encrypted traffic.

Short version:

I go to buy/sell something. My computer requests SN path info via SN server (like a DNS). If path is rogue or unknown, warning pops up. This is true for stores, banks, sellers, etc.

No, not perfect. But better than what is in place today. Whatever technology that is currently active is not working, it is broken and needs repair.

It can be defeated by spoofing a trusted path, buying new hardware, etc. But a database is generated so they have to constantly move.

A legitimate buyer or seller has hundreds or millions of "good" SN path transactions. Criminals wouldn't.

This system would not give up your privacy, it would tag your hardware and general location if you want to buy or sell.

McRat
June 29th, 2010, 06:30 PM
Here's what bugs me about the whole situation.

I've been buying and selling stuff on the internet since it was first possible. Thousands of transactions with hundreds of people/companies. My "cred" to a new vendor is no higher than any cybercriminal who opened up shop yesterday.

There needs to be a passive mechanism to establish a database of who are good people, without invading people's privacy.

Austin25
June 29th, 2010, 06:40 PM
Here's what bugs me about the whole situation.

I've been buying and selling stuff on the internet since it was first possible. Thousands of transactions with hundreds of people/companies. My "cred" to a new vendor is no higher than any cybercriminal who opened up shop yesterday.

There needs to be a passive mechanism to establish a database of who are good people, without invading people's privacy.
A plugin for firefox would suffice.

Bachstelze
June 29th, 2010, 06:47 PM
I go to buy/sell something. My computer requests SN path info via SN server (like a DNS). If path is rogue or unknown, warning pops up. This is true for stores, banks, sellers, etc.

But how would your computer/browser know when to request "SN path info" and when not to request it? Then you'd have a lot of webistes outside the US that wouldn't require it, I would bet a lot of money that people would just use those instead, simply because it would be a lot of hassle (not to mention the possible privacy issues) to get registered.

And by "outside the US" I don't mean shady places with shady practices like Russia or China, it could very well be Canadian or European sites, there would be no reason to trust them any less than US websites.



There needs to be a passive mechanism to establish a database of who are good people, without invading people's privacy.

What? Just ask around you. If the seller is good, then you will find someone who has already bought from them, and will tell you about their experience. Even on ebay, ratings are generally an accurate estimation of a seller's trustworthiness. I have bought more than a hundred items on ebay, only got two problems, and only one of them involved money loss (received a fake item).

McRat
June 29th, 2010, 06:54 PM
A plugin for firefox would suffice.

There would still need to be an international database and a way to target or blacklist hardware used for fraud. If there is no way to collect hardware info for criminal prosecution, the number of crooks will continue to climb. Today, cybercrime is nearly impossible to prosecute. But if you have the SN off their hardware, and documented history, it's much easier.

This would be the hard part, but still doable.

McRat
June 29th, 2010, 07:25 PM
But how would your computer/browser know when to request "SN path info" and when not to request it? Then you'd have a lot of webistes outside the US that wouldn't require it, I would bet a lot of money that people would just use those instead, simply because it would be a lot of hassle (not to mention the possible privacy issues) to get registered.

And by "outside the US" I don't mean shady places with shady practices like Russia or China, it could very well be Canadian or European sites, there would be no reason to trust them any less than US websites.



What? Just ask around you. If the seller is good, then you will find someone who has already bought from them, and will tell you about their experience. Even on ebay, ratings are generally an accurate estimation of a seller's trustworthiness. I have bought more than a hundred items on ebay, only got two problems, and only one of them involved money loss (received a fake item).

If you go to Dell.com and order a system, your "cred" is established only by a CC data, and there are internet sites that do nothing but sell stolen CC info.

They do not, or can they, tell where you are, or whether you've ripped off thousands of people.

This is a passive system. You don't "do" anything other than load up a plugin. The devices are already capable of reporting their SN for the most part. This started with the Pentium.

The other option is to tie the ID to "people", which some see as a privacy issue. But it's also easy to steal ID's, and create false ones.

Think of it as a compromise as far as privacy goes. And as far as technology goes, it's similiar to "DNS services + Microsoft Genuine Advantage", so it's very well established tech.

But I think they will try to tie it to people, and it will fail. Why? Ebay is full of fraud using a "people ID" system.

whiskeylover
June 29th, 2010, 07:26 PM
There would still need to be an international database and a way to target or blacklist hardware used for fraud. If there is no way to collect hardware info for criminal prosecution, the number of crooks will continue to climb. Today, cybercrime is nearly impossible to prosecute. But if you have the SN off their hardware, and documented history, it's much easier.

This would be the hard part, but still doable.


Whats stopping anyone from spoofing this SN?

Dayofswords
June 29th, 2010, 07:27 PM
My plan if things go bad


disconnect from the internet
start my own local internet
?????
Profit

McRat
June 29th, 2010, 07:40 PM
Whats stopping anyone from spoofing this SN?

Or changing the CPU? You'd try to make it hard to spoof, but anything can be hacked.

In order for a CPU S/N to be "trusted" at high levels, it would have to have a history of S/N path. The router, the server, and tracert would supply additional info.

No, this system would not be perfect. There is no such thing.

But it would create a mapping of the fraud patterns and make it far more difficult to stay in operation at the same location for years, which is the current state of affairs. It would also create "trusted users" without invading their privacy.

The huge growth of cybercrime is due to "beginners" being able to participate in the fraud by just buying CC info and tool kits online. Eventually the beginners get better and better at it. These is where you need to focus, reduce the pool of petty crooks.

whiskeylover
June 29th, 2010, 07:46 PM
Or changing the CPU? You'd try to make it hard to spoof, but anything can be hacked.

In order for a CPU S/N to be "trusted" at high levels, it would have to have a history of S/N path. The router, the server, and tracert would supply additional info.

No, this system would not be perfect. There is no such thing.

But it would create a mapping of the fraud patterns and make it far more difficult to stay in operation at the same location for years, which is the current state of affairs. It would also create "trusted users" without invading their privacy.

The huge growth of cybercrime is due to "beginners" being able to participate in the fraud by just buying CC info and tool kits online. Eventually the beginners get better and better at it. These is where you need to focus, reduce the pool of petty crooks.


Trusting/relying on the client computer to send data (such as SN) for validation would be foolish at best. It would be super easy for hackers/script kiddies to write a script to spoof the so called SN with a simple click of a button.

McRat
June 29th, 2010, 07:52 PM
Trusting/relying on the client computer to send data (such as SN) for validation would be foolish at best. It would be super easy for hackers/script kiddies to write a script to spoof the so called SN with a simple click of a button.

But that is all you have. It's a network. You can never really tell who is plugged into it.

They cannot "spoof" routers and servers, as that equipment is not theirs or under their control.

All you can do is make it difficult for crooks to operate, and make it easy to prosecute them.

Today, we have neither.

whiskeylover
June 29th, 2010, 07:54 PM
But that is all you have. It's a network. You can never really tell who is plugged into it.

They cannot "spoof" routers and servers, as that equipment is not theirs or under their control.

All you can do is made it difficult for crooks to operate, and make it easy to prosecute them.

Today, we have neither.

Okay, I see where you're going with this. You want an SSL certificate type thing for each and every device.

oldsoundguy
June 29th, 2010, 08:03 PM
after reading a lot of the clap trap, think the original report may have started at Fox News.

You know, the "report first, verify second, and if found to be false, deny we said it in the first place" news service.

same outfit that calls the World Cup a left wing plot to weaken the US.

McRat
June 29th, 2010, 08:08 PM
If you have to "invent" a new technology and not just use what is already there:

A USB dongle with a CPU, memory, and a S/N. It has a base S/N and a dynamic (transaction) S/N that is changed with user supplied encryption keyword, and registrar supplied keyword. This device would have to purchased from a single registration body.

To validate a computer into Trusted Mode, the database is checked via the dongle. The dongle will reply to the registration body with a rolling verification key. In other words, the key changes predictably based on the registration body key and user key. The registration body key is never transmitted. The only key that goes over the internet is the verification key, which changes every time it's used.

Stealing a key will do nothing if you don't know the password. Intercepted a financial transaction will do nothing, as the transaction key changes. You can't "spoof" it, because you don't know how to respond. The only way to get around it would be to buy keys (which require a CC # and address, no forwarding addresses) develop it as trusted, scam somebody once, then throw it away (it won't work after fraud is reported).

libssd
June 29th, 2010, 08:33 PM
Thanks for the tip about shiny side out when making a tinfoil hat.

This has all the hallmarks of a classic paranoid fringe story, an impression that is reinforced by looking at the sites that have picked up on it (often with copy/paste reproduction). One of the unfortunate second order effects of the internet is that it becomes an amplifier for nutty conspiracy theorists, allowing them to reach a wider audience, faster.

I wonder if Bill O'Reilly will fall for it.

Anybody remember the internet modem tax?