• Hackers steal data from oil giants worth millions

    McAfee Inc. recently announced that hackers have stolen data worth millions from five major multinational oil and gas companies; in the attacks, dubbed “Night Dragon,” hackers stole company secrets like bidding contracts, oil exploration data, proprietary industrial processes, and sensitive financial documents; analysts determined that hackers initially began infiltrating company networks in November 2009 using relatively simple methods; the information that the cyber thieves took was “tremendously sensitive and would be worth a huge amount of money to competitors”; the methods of execution and circumstantial evidence implicate China

  • Hackers release Stuxnet's decompiled code online

    The Stuxnet worm was a cybermissile designed to penetrate advanced security systems; it was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bushehr; security experts say it is the most sophisticated cyberweapon ever designed; now, a group of anonymous “hacktivists” hacked the computers of a U.S. security company and stole a decrypted version — the decompiled code — of the malware, and put it on the Web; security experts are anxious: “There is the real potential that others will build on what is being released,” says one; this will not lead to an immediate threat, but it could lead to something soon, he added; “Weeks wouldn’t surprise me”

  • Cyberweapon could cause Internet doomsday

    Researchers show that an attack by a large botnet — a network of computers infected with software that allows them to be externally controlled — could take down the Internet; the researchers reckon that 250,000 such machines would be enough to do the job; a sustained 20-minute attack by the 250,000-strong army — they will be sending waves of border gateway protocol (BGP) updates to every router in the world — would overwhelm the net, bringing Web servers down by overloading them with traffic

  • Hoover Dam is safe from hackers

    In response to the debate over the controversial Senate Internet “kill switch” bill, the U.S. Bureau of Reclamation refuted a central argument that the law’s proponents have been using; proponents of the bill have often stated the need for the bill because terrorists could hack into the system and open the Hoover Dam’s floodgates; the dam is not connected to the Internet and has several physical and technological safeguards that prevent the floodgates from opening; the proposed bill would authorize the president to sever critical infrastructure from the Internet in the event of a cyber attack; critics say the bill could violate First Amendment rights

  • Cell phones are hackers' target of choice

    In its fourth quarter threat report, McAfee announced that hackers have increasingly turned their attention to smart phones; in 2010 there was a 56 percent increase in malware targeting cell phones; hackers most frequently used Adobe products like PDFs and Flash to embed pernicious code; Google’s Android smart phone operating system was also a target of choice; the report noted that spam levels were down 62 percent, while politically motivated hacking was on the rise

  • Cybersecurity named one of top five global threats

    World leaders at the World Economic Forum in Davos named cyber security as one of the top five global risks in its 2011 report; the report identifies four key areas that pose global risks: cyber theft, cyber espionage, cyber war, and cyber terrorism; observers worry that the Stuxnet virus, which damaged Iran’s nuclear centrifuges, may have sparked a cyber arms race and are particularly concerned about the lack of established international norms surrounding these weapons; the report fears that cyber attacks on nations could lead to conventional attacks

  • Internet IPv4 addresses completely exhausted

    Last week the final blocks of IPv4 addresses were allocated, officially signaling the end of Web space on IPv4 networks; the moment is significant as all new Internet ready devices must now be deployed using IPv6 networks, the upgrade to IPv4; IPv6 offers greater security, higher performance, and can support nearly an infinite number of devices; China is rapidly pushing ahead with IPv6 in the hopes that it can wield more clout over the new Internet space as the United States currently enjoys with IPv4; China has deployed IPv6 capabilities at more than double the rate of the United States

  • Android Trojan captures credit card details

    A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers — typed or spoken — and relaying them back to the application’s creator

  • More than half of iPhone apps track users

    A recent study found that more than half of all iPhone apps could track users and collect data without an individual’s knowledge; researchers analyzed more than 1,400 iPhone apps to determine how they handle sensitive data; more than half collect an individual’s unique device ID or track a user’s location, and when combined with links to a Facebook account the app could gain a lot of sensitive data; researchers found that thirty six apps blatantly violated privacy rights by accessing an individual’s location without informing the user, while another five went so far as to take data from the user’s address book without first seeking permission

  • Egypt's Internet blackout revives U.S. "kill switch" debate

    Egypt’s five-day shutdown of the Internet has revived debate in the United States over how much authority the U.S. president should have over the Web in the event of a crisis; a bill pending before Congress would give the president the authority to shut down parts of the Internet in the event of a national security crisis such as a sustained enemy cyberattack on the U.S. national grid or financial systems; critics say this is a threat to civil liberties; “It’s not an Internet kill switch,” says one cyber expert; “But you can think about isolating certain domains or certain enterprises; say a big power company gets infected— You say to them, ‘Disconnect yourself before you infect other power companies’; It’s like an avian flu quarantine for the Internet”

  • DARPA working on major cyber security break through

    The DOD’s advanced research arm, DARPA, is currently working on two programs that could radically change cyber security; one program, CRASH, is based on the human immune system and will make it less likely that computers will spread cyber infections to other networks; DAPRA is also working on another program, PROCEED, which will allow programmers to work directly with encrypted data without having to decrypt it first; both are highly experimental and may not succeed, but researchers have high hopes

  • Critical cyber vulnerabilities found in financial system

    A recent report found critical weaknesses in automated high-frequency trading systems that hackers could exploit to make money or simply wreak havoc on the financial system; cPacket Networks fears that hackers could use what it calls a “side channel attack” stealthily to manipulate financial data as it is received by these high-frequency trading program; many analysts believe that the “flash crash” in May 2010, when the Dow dropped nearly a thousand points in several minutes, was unintentionally caused by high-frequency trading systems; cPacket is working with financial institutions to optimize their high-frequency trading systems to detect these manipulations

  • Stuxnet may turn Bushehr into a new Chernobyl

    The destructive Stuxnet virus infected some 45,000 industrial control computers and servers in Iran; it destroyed more than 20 percent of Iran’s centrifuges, and, on 16 November, forced Iran to shut down uranium enrichment operations; it also infected the control system of the Bushehr reactor; Stuxnet is a sophisticated virus: while doing its destructive work, it makes sure that control computers continue to display “normal” operational information; one Russian expert described how engineers at Bushehr “saw on their screens that the systems were functioning normally, when in fact they were running out of control”; a new intelligence report says that with control systems disabled by the virus, an accident in the reactor is likely — an accident which would have the force of a “small nuclear bomb”

  • Western analysts, Israel: Egyptian regime will weather the storm

    Israeli and western analysts agree Egyptian regime will remain as popular uprising gains strength while government clamps down on protesters; little to no concern of Muslim Brotherhood takeover: government shuts down Internet access, cellular service, and other personal communications in an effort to contain the rebellion as turmoil spreads across Egypt; journalists under assault; former IAEA chief El-Barradai under house arrest; ruling party headquarters set ablaze

  • Enabling PC operating systems to survive attacks

    In certain computer security attacks, an outside party compromises one computer application (such as a Web browser) and then uses that application to submit a “system call” to the operating system, effectively asking the operating system to perform a specific function; instead of a routine function, however, the attacker uses the system call to attempt to gain control of the operating system; North Carolina State University researchers offer a solution