• Senate bill would require minimum cybersecurity standards for Internet

    Senator Benjamin Cardin (D-Maryland) has introduced a bill that would require the U.S. government to work with the private sector to propose minimum standards for internet and cybersecurity safety; “Just as automobiles cannot be sold or operated on public highways without meeting certain minimum safety standards, we also need minimum Internet and cybersecurity safety standards for our information superhighway,” Cardin said

  • Former Goldman-Sachs programmer convicted of stealing source code

    A former Goldman-Sachs programmer faces fifteen years in prison after being convicted Friday of stealing the company’s high-frequency trade technology; the programmer was convicted of stealing the source code for Goldman-Sachs’ high-frequency trade technology — a market trading system described by Futures Magazine as “like day-trading on near fatal doses of amphetamines”

  • Experts: Stuxnet worm wreaks havoc at Iran's nuclear sites

    Iran’s nuclear program is still in chaos as a result of the Stuxnet attack; the American and European experts say their security Web sites, which deal with the computer worm known as Stuxnet, continue to be swamped with traffic from Tehran and other places in the Islamic Republic, an indication that the worm continues to infect the computers at Iran’s two nuclear sites; Stuxnet was designed to take over the control systems and evade detection, and it apparently was very successful; last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran’s nuclear sites, but he said it was detected and controlled; the second part of that claim, experts say, does not ring true

  • Car immobilizers no longer a problem for car thieves

    For sixteen years, car immobilizers have kept car thieves at bay — but that may now be changing; most cars still use either a 40 or 48-bit key, even though the 128-bit AES — which would take too long to crack for car thieves to bother trying — is now considered by security professionals to be a minimum standard

  • Microsoft partner in China trains hackers, steals 50 MB of U.S. gov't e-mail

    A Chinese security firm called Topsec got access to the Windows source under a 2003 agreement designed to help companies improve the security of the Microsoft operating system; the company, rather than help Microsoft make Windows more secure, worked closely with Chinese intelligence to exploit Windows weaknesses: they helped the Chinese government train hackers — and steal more than 50 MB of secret U.S. government e-mails; Topsec started out in 1995 with funding of just $4,400, and by 2002 had earnings about $440 million; it is now China’s largest provider of information security products and services

  • China's Huawei sets up U.K. cybersecurity center

    China’s top telecommunications equipment maker Huawei Technologies has seen its plans for global expansion crimped by national security concerns among foreign governments; the company hopes that its Cyber Security Evaluation Center, opened last month in Britain’s Banbury, will allay those fears

  • DHS slowly moving government's Internet traffic to secure networks

    It will take several more years for the U.S. government fully to install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say; DHS is responsible for securing government systems other than military sites, and the department is slowly moving all the government’s Internet and e-mail traffic into secure networks — known as Einstein 2 and Einstein 3 — which eventually will be guarded by intrusion detection and prevention programs

  • WikiLeaks episode demonstrates insider security threat

    Even the toughest security systems sometimes have a soft center that can be exploited by someone who has passed rigorous screening; the U.S. Defense Department’s Secret Internet Protocol Router Network (SIPRNet), a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s globally to transmit material up to and including “secret,” the government’s second-highest level of classified information; in 1993, GAO report estimated more than three million U.S. military and civilian personnel had the clearance to access SIPRNet

  • U.S. State Department disconnects its computers from government-wide network

    In response to the leaks published by WikiLeaks, the U.S. Department of States disconnected its computer files from the government’s classified network; by temporarily pulling the plug, the United States significantly reduced the number of government employees who can read important diplomatic messages; the network the Department has disconnected itself from is the U.S. Defense Department’s Secret Internet Protocol Router Network (SIPRNet), a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s globally to transmit material up to and including “secret,” the government’s second-highest level of classified information; “Top secret” information may be shared electronically via the Joint Worldwide Intelligence Communications System (JWICS), another group of interconnected computer networks used by Defense and State to securely transmit classified information.

  • Former Goldman Sachs programmer on trial in NYC

    A Goldman Sachs programmer stole secret computer code that enables high-speed trading on his last day with the company so he could help develop the same kind of system at a startup financial company, a prosecutor say

  • Defeating detector blinding attacks on quantum cryptography

    Quantum cryptography is a method to distribute digital encryption keys across an optical fiber; the protocol has been proven to be perfectly secure from eavesdropping; any differences between the theoretical protocol and its real-world implementation, however, can be exploited to compromise the security of specific systems; one form of attack on quantum cryptography is called a detector blinding attack — but Toshiba researchers show how such attacks can be rendered ineffective

  • China directed Google hacking: leaked U.S. documents

    Secret documents appearing on WikiLeaks include one in which the U.S. embassy in Beijing cited “a Chinese contact” who pointed to a Chinese government role in the hacking campaign into computers of Google and Western governments

  • IAEA: Iran forced to stop enrichment on 16 November

    The UN International Atomic Energy Agency (IAEA) reported Tuesday that Iran’s uranium enrichment program had shut down a week ago; the stoppage of the enrichment program coincides with the release of detailed expert studies of the Stuxnet virus; the conclusion of the cyber experts is that Stuxnet was aimed not at Iran’s Bushehr nuclear reactor, as initially thought, but rather at destroying Iran’s centrifuge farms; the sustained cyber attacks has already reduced the number of operating centrifuges from 4,920 in May 2009 to 3,772 in September 2010; it appears that the covert campaign Israel and the United States has been conducting against Iran’s nuclear weapons program — a campaign which includes the assassination of Iranian scientists and engineers, blowing up of machinery and supplies, attacks on Revolutionary Guard facilities, and seizing of technology shipments to Iran — is beginning to take its toll

  • DHS to set cybersecurity standards for some private networks

    A new law — “The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010” — will empower DHS to set cybersecurity standards for some private networks that are considered critical infrastructure

  • Chinese cyber spies target British defense official

    A high official in the British Ministry of Defense was targeted by a sophisticated Chinese spear phishing operation that aimed to steal military secrets; the plan was foiled last year when the official became suspicious of an e-mail she received from a contact she had met at a conference