Cybersecurity

  • CybersecurityOne false tweet sent financial markets into a tailspin

    A false tweet from a hacked account owned by the Associated Press (AP) in 2013 sent financial markets into a tailspin. The Dow Jones Industrial Average dropped 143.5 points and the Standard & Poor’s 500 Index lost more than $136 billion of its value in the seconds that immediately followed the post. Once the nature of the tweet was discovered, the markets corrected themselves almost as quickly as they were skewed by the bogus information, but the event, known as Hack Crash, demonstrates the need better to understand how social media data is linked to decision making in the private and public sector.

  • AviationHow a hacker could hijack a plane from their seat

    By Yijun Yu and Andrew Smith

    Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry. It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight. But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.

  • CybersecurityOngoing attack against oil tankers aims to defraud oil brokers

    A new report details a malicious and largely unknown targeted attack on oil tankers. First discovered in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers. Despite having been compromised by this cyber-attack, which has been dubbed the “Phantom Menace,” none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.

  • China syndromeMassive cyberattack by Chinese government hackers on Penn State College of Engineering

    The Penn State College of Engineering has been the target of two sophisticated cyberattacks conducted by so-called “advanced persistent threat” actors. The FireEye cybersecurity forensic unit Mandiant, which was hired by Penn State after the breach was discovered, has confirmed that at least one of the two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college. In a coordinated response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems has been launched. On 21 November 2014 Penn State was alerted by the FBI to a cyberattack of unknown origin and scope on the school’s College of Engineering.

  • view counter
  • Cyber businessPentagon to invest in Silicon Valley tech startups to help develop advanced cyber solutions

    The Pentagon will begin to invest in Silicon Valley tech startups as part of the department’s plan to develop and acquire more advanced cyber solutions to secure the country and military’s digital infrastructure. The investments will be made through In-Q-Tel, a nonprofit strategic investing firm the Central Intelligence Agency launched sixteen years ago. In-Q-Tel does not invest in companies alone, but rather relies on traditional venture firms to partner and contribute the lion’s share of the funding, so having them on board is critical for the program’s success.

  • CybersecurityResearchers hack a teleoperated surgical robot, revealing security flaws

    Real-world teleoperated robots, which are controlled by a human who may be in another physical location, are expected to become more commonplace as the technology evolves. They are ideal for situations which are dangerous for people: fighting fires in chemical plants, diffusing explosive devices or extricating earthquake victims from collapsed buildings. Researchers conducted a series of experiments in which they hacked a next generation teleoperated surgical robot — one used only for research purposes — to test how easily a malicious attack could hijack remotely controlled operations in the future and to make those systems more secure.

  • view counter
  • Cyber businessStates, cities vying to become U.S. “cyber hub”

    The global cybersecurity market reached $67 billion in 2011, and it is projected to grow as high as $156 billion by 2019. The need for cybersecurity solutions and experts is going to grow as more companies such as Sony Pictures, Target, Home Depot, and Chase are hacked, consumers demand better online security, and businesses become more aware of the potential cost to their sales and reputation if they do not provide cybersecurity. As private sector firms compete with government agencies for the best cyber professionals, cities and states are also competing to be the country’s “cyber hub.”

  • Cyber insuranceInsurance industry wary about insuring Bitcoin companies, transactions

    Consumers worldwide are engaging in 100,000 financial transactions every day using Bitcoins. The currency has moved beyond its secretive past and has been embraced by tech firms who are interested in it from a technological perspective and for its investment potential. Venture capital companies have invested more than $670 million worth of Bitcoins into security-related companies. An estimated $3.5 billion worth of Bitcoins are in circulation, 82,000 merchants now accept the currency, and eight million users have set up Bitcoin “wallets” in which they store and manage the currency. As of Monday one bitcoin is worth about $240 U.S. dollars. As a digital currency, Bitcoin is vulnerable to cyber theft — and a s a result, cybersecurity has been a concern among many insurers considering policies that cover Bitcoins.

  • CybersecurityLawmakers reintroduce “Aaron’s Law” to curb CFAA abuses

    A bipartisan group of lawmakers have reintroduced a bill known as “Aaron’s Law,” which aims to reform the Computer Fraud and Abuse Act (CFAA). CFAA has been cited by civil libertarians (EFF) as having been abused to the point where it now stifles research and innovation, as well as civil liberties. the measure is intended to honor Aaron Swartz, the Reddit co-founder who was apprehended after downloading millions of scholarly articles from a Massachusetts Institute of Technology database in 2011. Following his arrest, with charges under the CFAA which might lead to a maximum sentence of thirty-five years in prison, Swartz committed suicide at age 26, leading some to charge that the aggression of prosecutors led to the his decision.

  • CybersecurityBreach of background-checks database may lead to blackmail

    Newly released documents show how hackers infiltrated servers used by US Investigations Services(USIS), a federal contractor which conducts background checks for DHS. In a House Oversight and Government Reform Committeehearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management(OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for malicious gain.

  • Cyber operationsIsrael’s navy protects more than the country’s coast

    Cyber warriors working for Israel’s navy are constantly engaged in protecting against intense cyber intrusions which targets the country’s digital infrastructure, according to a senior navy source. “The navy understands that cyber conflicts are wars in their own right, beyond conventional conflicts that we have grown accustomed to. In cyber war, one can engage without firing a single bullet. Attacks can come before a conventional war. There are no official cease-fires. It goes on all of the time,” the source said.

  • CybersecurityU.S. adopts a more assertive cyber defense posture

    Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.

  • Cyber insuranceTo bolster the world’s inadequate cyber governance framework, a “Cyber WHO” is needed

    A new report on cyber governance commissioned by Zurich Insurance Group highlights challenges to digital security and identifies new opportunities for business. It calls for the establishment of guiding principles to build resilience and the establishment of supranational governance bodies such as a Cyber Stability Board and a “Cyber WHO.”

  • CybersecurityRussian hackers gained access to unclassified White House e-mails

    Reports that Russian hackers gained access to unclassified e-mails to and from President Barack Obama during last October’s White House e-mail breach, are adding to concerns regarding the security of government communications systems. “This attack is a red flag that they really need to improve their security procedures. It’s quite serious,” said Kevin Mitnick, a former hacker. “The cyber threat against U.S. interests is increasing in severity and sophistication,”Defense Secretary Ashton Carter said last Thursday.

  • CybersecurityEfforts to improve cyber information sharing between the private sector, government

    Lately, Obama administration officials having been venturing West to encourage tech firms to support the government’s efforts to improve cyber information sharing between the private sector and government agencies. The House of Representatives last week passed two bills to advance such effort. The Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act of 2015 authorize private firms to share threat data such as malware signatures, Internet protocol addresses, and domain names with other companies and the federal government. To the liking of the private sector, both bills offer companies liability protection for participating in cyberthreat information sharing.