Author: Sean Gallagher

President Obama places a call from his secure BlackBerry 8900 from the presidential limo while in Indonesia in 2010. Secretary of State Clinton wanted similar phones for her staff, but they were told to "shut up and go color" by NSA. (credit: White House Photo by Pete Souza, November 10, 2010))

Judicial Watch, the conservative political action group that has largely driven the investigation into former Secretary of State Hillary Clinton's e-mails, has obtained documents through a Freedom of Information Act request indicating that Clinton tried and failed to get the National Security Agency to give her the same secure BlackBerry that President Obama used. Donald Reid, the State Department's coordinator for security infrastructure, reported in a 2009 e-mail, "Each time we asked the question 'What was the solution for POTUS,' we were politely asked to shut up and color."

Reid was trying to solve a problem for Assistant Secretary of State for Diplomatic Security Eric J. Boswell—the problem being that the new secretary of state was a certifiable BlackBerry addict but wasn't much of a computer user. Clinton became hooked on the BlackBerry in much the same way that President Obama did during the 2008 presidential campaign but found her preferred method of checking e-mail was banned from the secure office space at State's "Mahogany Row," the 7^th floor at the State Department's Foggy Bottom headquarters in Washington. Use of wireless devices was banned in the space, which is designated as a Sensitive Compartmented Information Facility (SCIF).

But Reid found that using the desktop computer within the SCIF for e-mail was not in Clinton's comfort zone:

Sean Gallagher

The Electron starter kit comes in a storage box with everything you need to turn lights on and off over the Internet.

11 more images in gallery

A while back, Ars took our first step into building the Internet of Extra Creepy Things (IoECT) with BearDuino, a hardware-hacked Teddy Ruxpin combined with an Arduino Uno and some desktop software. We have not yet turned BearDuino into a cloud-connected, mobile journey down the uncanny valley. But since we've started testing Particle's Electron, a cellular-connected Arduino-like device that wirelessly tethers sensors, servos, lights, and other electronics to a cloud-based service, that goal is within our grasp.

When we first heard about the Electron in February, we were eager to get our hands on a kit to see what was possible. Now that we've tested it out a bit—turning lights on and off across the Internet and diving into the code a bit—we're preparing to push it further. Like many "maker" kits, Electron starts off with a relatively mild learning curve that suddenly becomes more severe as you push toward doing anything practical beyond the tutorial samples. But unlike others we've laid hands on recently, it comes with a well-polished set of tools and services behind it that takes some of the sting off the harder climbing.

The main concern most hardware developers will have, however, is whether the Web-based consoles and services and the one-stop supply of global cellular connectivity is worth it to get locked into Particle's ecosystem—which can also become expensive. That's not something we can effectively answer for everyone based on this test drive. But we can say that if you're looking for a reasonable way to remotely manipulate an animatronic teddy bear wherever it is in the world, Electron is perfectly capable of doing that.

Fly your drone for 1.87 million years, and a plane might hit it once. (credit: Kevin Baird)

The Federal Aviation Administration has pushed forward strict rules for the operation of small consumer drones. Drones weighing more than 250 grams (a little more than half a pound) will have to be registered with the FAA, and there are restrictions on where they can be flown. The regulations are largely prompted by fears that the toy-sized flyers will pose a danger to commercial and civil aircraft—fears that new research suggests are unfounded. That research, shown in a study just published by George Mason University's Mercatus Center, was based on damage to aircraft from another sort of small, uncrewed aircraft—flying birds.

Much of the fear around drones hitting aircraft has been driven by FAA reports from pilots who have claimed near-misses with small drones. But an investigation last year by the Academy of Model Aeronautics (AMA) found that of the 764 near-miss incidents with drones recorded by the FAA, only 27 of them—3.5 percent—actually were near misses. The rest were just sightings, and those were often sightings that took place when drone operators were following the rules. The FAA also overcounted, including reports where the pilot said explicitly that there was no near miss and some where the flying object wasn't identified, leading the AMA to accuse the FAA of exaggerating the threat in order to get support for its anti-drone agenda.

There hasn't yet been an incident in which a drone has struck an aircraft. But bird strikes (and bat strikes) do happen, and there's a rich data set to work from to understand how often they do. Researchers Eli Dourado and Samuel Hammond reasoned that the chances of a bird strike remain much higher than that of an aircraft hitting a drone because "contrary to sensational media headlines, the skies are crowded not by drones but by fowl."

Rockwell Collins and Elbit Systems' joint—a helmet that can see through planes without making the pilot throw up—can also break their necks if they eject. (credit: Lockheed Martin)

The F-35 Joint Program Office is about to begin testing a prototype for a new helmet for pilots of the Joint Strike Fighter—a critical upgrade to the aircraft's control systems. The current Generation III helmet, which acts as a heads-up instrumentation and night vision display for the pilot, was discovered last year to be so heavy that it snapped the neck of smaller test dummies during ejection testing.

The Gen III helmet, which is essential to the operation of the F-35 in all its variations, has pushed forward the art of augmented reality. Combined with optic and infrared sensors on the aircraft, it essentially allows the pilot to look through the plane—a feature much desired by the Marine Corps for precision vertical landing of the F-35B. It also allows pilots to track, designate, and fire weapons at targets by looking in their direction—without having to turn the aircraft toward them. But the helmet has encountered multiple growing pains, including problems with image "jitter" early on in testing that could cause pilots with the strongest of stomachs to get motion sickness.

The mass of the approximately 5-pound, $400,000 Gen III helmet could push the pilot's head down during the acceleration of ejection and cause both neck and back injuries to pilots. When combined with the sudden forces exerted by the opening of the ejection seat's parachute, particularly when the seat pitches to the point where it is nearly upside-down when the parachute opens, it could be enough to break the neck of lighter pilots.

Richard Clarke, former White House cybersecurity czar, says the government has always put limits on what it would do to fight terrorism, and the FBI's demands of Apple overstep them. (credit: Aude)

Another former national security official has spoken out forcefully against the FBI's quest to get Apple to write code to unlock the iPhone 5c used by San Bernardino mass shooter Syed Farook. Richard Clarke served as the National Security Council's chief counter-terrorism advisor to three presidents (George H.W. Bush, Bill Clinton, and George W. Bush) before becoming George W. Bush's special advisor on cybersecurity. He told National Public Radio's David Greene today that "encryption and privacy are larger issues than fighting terrorism," taking issue with the FBI's attempts to compel Apple's assistance.

Clarke added that if he was still at the White House, he would have told FBI Director James Comey to "call Ft. Meade, and the NSA would have solved this problem…Every expert I know believes that NSA can crack this phone." But the FBI wasn't seeking that help, he said, because "they just want the precedent."

Clarke explained that the FBI was trying to get the courts to essentially compel speech from Apple with the All Writs Act. "This is a case where the federal government using a 1789 law trying to compel speech. What the FBI is trying to do is make code-writers at Apple, to make them write code that they do not want to write that will make their systems less secure," he said. "Compelling them to write code. And the courts have ruled in the past that computer code is speech."

Can you turn a Dyson vacuum cleaner into an improvised threat to US troops? DARPA may pay you to find out. (credit: Bethesda Softworks)

In an effort to understand the kinds of improvised weapons, devices, and systems that could be used against US forces in the field today, the Defense Research Projects Agency's Defense Science Office is preparing for an alternative sort of "improv" performance. DARPA is inviting researchers, developers, and hardware-hacking hobbyists to join in, and the goal of the planned jam session is to discover ways that off-the-shelf commercial technology could be modified to be used against the military by its adversaries.

The US military has dealt with a wide range of improvised weapons and tools in the hands of adversaries over the past decade, including cell phone activated improvised explosives, off-the-shelf software used to intercept drone video feeds, and USB drives laden with malware that ran rampant on computer networks in Afghanistan. Today there's growing concern about how commercial and consumer drone and robotics technology, Internet-of-Things devices, and other burgeoning technology could be used to spy on, harass, impede, or even kill members of the military.

IEDs made from artillery shells captured in Baghdad are the last generation of improvised threats. DARPA wants to know what the next is. (credit: US Army)

So today, DARPA officially unveiled Improv—a program that will fund "innovative research proposals for prototype products and systems that have the potential to threaten current military operations, equipment, or personnel and are assembled primarily from commercially available technology," according to the announcement.

Not the message you want from your Web security firm.

A Web security company's systems are offline this morning after an apparent intrusion into the company's network. The servers and routers of Staminus Communications—a Newport Beach, California-based hosting and distributed denial of service (DDoS) protection company—went offline at 8am Eastern Time on Thursday in what a representative described in a Twitter post as "a rare event [that] cascaded across multiple routers in a system wide event, making our backbone unavailable."

That "rare event" appears to have been intentional. A data dump of information on Staminus' systems includes customer names and e-mail addresses, database table structures, routing tables, and more. The data was posted to the Internet this morning, and a Staminus customer who wishes to remain anonymous confirmed his data was part of the dump. The authors of the dump claim to have gained control of Staminus' routers and reset them to factory settings.

The dump, in a hacker "e-zine" format, begins with a note from the attacker. Sarcastically titled "TIPS WHEN RUNNING A SECURITY COMPANY," this details the security holes found during the breach:

The gate to the Bowman Avenue Dam facility in Rye Brook, NY is locked, but the cellular modem used for its controls wasn't. (credit: Google)

In 2013, someone gained access to the operations center for the Bowman Avenue Dam, a small flood control dam on Blind Brook in Rye Brook, New York. The attackers were later identified in a classified Department of Homeland Security report as being the same Iranian group alleged to have been responsible for attacks on PNC Financial Services Group, SunTrust, and Capital One Financial.

The attack was first made public in December 2015 by a Wall Street Journal report. Now, according to a CNN report, the US Department of Justice is preparing to file an indictment against those believed to be behind the intrusion—individuals believed to have been operating at the direction of the Iranian government.

Calling the intrusion an "attack" may be a bit of an overstatement—the controls of the dam were not accessed, according to government officials cited anonymously by CNN, and only "back office systems" were penetrated. The intrusion was made possible by a broadband cellular modem used to connect the small facility to the Internet, and the Bowman Avenue facility was targeted by a network scan for industrial control systems exposed to the Internet.

"Hello, tech support?" (credit: Dan Stijovich @ Flickr)

In an episode of CBS' techno-procedural series CSI:Cyber that aired in January, pilots were forced to power off and power back on an airliner's flight computer to regain control from a hacker. As preposterous as that cold-boot of avionics sounds, it's something that test pilots have had to do with the F-35A "Lightning II" Joint Strike Fighter's radar system—not because of a hack but because of a software problem that causes the radar to degrade or stop working entirely.

IHS Jane's reports that an issue arose in late 2015 with the F-35's AN/APG-81 active electronically scanned array (AESA) radar system, built by Northrop Grumman for the Lockheed Martin-led F-35 program. The software planned to be used in the F-35A when the Air Force declares its "initial operational capability" (IOC) with the fighter later this year—revision 3i—has a major flaw. As Air Force F-35 Integration Office Director Major General Jeffrey Harrigian told Jane's, that flaw affects "radar stability—the radar's ability to stay up and running. What would happen is they'd get a signal that says either a radar degrade or a radar fail—something that would force us to restart the radar."

Harrigan said that Lockheed Martin has discovered the cause of the problem and has diverted developers who were working on the next increment of the F-35's code to fix it. A patch is expected by the end of March. But if the fix is delayed, it could push back the Air Force's IOC declaration, which is currently expected some time after August of this year.

McAfee on McAfee, from this Youtube video. (credit: John McAfee)

Security software entrepreneur turned gonzo cyber-prophet John McAfee is sticking to his contention that he could crack San Bernardino mass shooter Sayed Farook's iPhone 5c—though there are a few caveats. In an interview with Ars today, McAfee laughed off a report from the Daily Dot that claimed McAfee lied about the ability to crack the phone, instead explaining that he was dumbing things down in his interview with Russia Today for "people uneducated in technology."

In a candid conversation with Ars, McAfee expressed frustration and exhaustion over trying to educate the masses about the dangers of allowing governments to undermine encryption—and the beating he's been taking for his crusade.

"Ars Technica has probably trashed me more than any other publication," he said. "I don't fault you for it, because I'm not speaking to you guys—you guys don't need to be educated. I'm talking to the masses of America and trying to get them to understand the massive cliff we're all teetering on." With a laugh, he added, "If I look like an idiot, that's because I'm talking to idiots, so cut me some slack."