-
ID theft costs U.K. £2.7 billion a year
Identity fraud affects 1.8 million Britons every year, costing £2.7 billion in the process; victims can spend up to 200 hours undoing damage
-
-
Chinese hackers steal South Korean defense secrets
Chinese hackers have stolen secrets on South Korea’s defense and foreign affairs by using bogus e-mails claiming to come from Seoul officials and diplomats; similar attacks originating in China-based servers briefly crippled U.S. and South Korean government and commercial Web sites in July 2009
-
-
U.S. considering Aussie Internet security program
The Obama administration is considering adoption of parts of an Internet security scheme which will go into effect in Australia in December; the plan will allow Internet service providers to alert customers if their computers are taken over by hackers — and could limit these customers’ online access if they do not fix the problem
-
-
U.K. security firms say GCHQ's cyberattack warning overwrought
U.K. cybersecurity industry insiders say last week’s warnings by Britain’s cybersecurity chief about the cyber threat the U.K. was facing may have over-hyped threats — and may have been related more to the run-up to the U.K. government’s comprehensive spending review announcement than to new threat information
-
-
Chertoff calls for cyber-deterrence doctrine
More than 100 countries now have cyber-espionage and cyber-attack capabilities; both kinds of attack used the same tools and might be used to mount anything from a garden variety cyber-espionage attack resulting in the corruption of financial data to something that might result in loss of life, such as a possible attack against air-traffic control systems; governments should formulate a doctrine to stave off cyberattacks similar to the cold war-era principle of nuclear deterrence, according to former DHS secretary Michael Chertoff.; “Everyone needs to understand to rules of the game”
-
-
DHS, Pentagon enhance cybersecurity cooperation
The Pentagon and DHS unveiled an agreement on Wednesday designed to boost cooperation in defending military and private computer networks from growing cyber threats; cybersecurity was the scene of fierce turf battles under the previous administration between DHS and the Pentagon’s super-secret electronic surveillance National Security Agency (NSA)
-
-
Sector Report for Thursday, 14 October 2010: Cybersecurity
This report contains the following stories.
Plus 1 additional story.
-
-
Microsoft releases barrage of fixes at Stuxnet and more
Microsoft on Tuesday released a record high number of software patches aimed at countering computer threats including a Stuxnet “worm” attacking industrial networks; the 49 fixes released by Microsoft were ranked in importance from “critical” to “moderate” and addressed vulnerabilities in an array of Microsoft programs used in personal computers
-
-
Microsoft cleaned 6.5 million zombie PCs during April-June 2010
Microsoft cleaned in excess of 6.5 million zombie computers between April and June 2010, but the company’s efforts alone are not enough to put a stop to the increasing threat that botnets represent to users, businesses and critical infrastructure
-
-
Britain faces "real and credible" cyber threat: intelligence chief
In a rare public speech, Iain Lobban, director of the Government Communications Headquarters (GCHQ), said that there is a “real and credible” cyber threat to U.K. infrastructure, and that Britain’s economy could be at risk if effective protection against cyber attacks was not developed
-
-
Briton gets 4-months jail for refusing to disclose password
A 19-year old Briton used a 50-charcter password to protect child pornography files he kept in his computers; the court ordered him to reveal the password, but he refused and was sentenced to sixteen weeks imprisonment
-
-
Experts: Stuxnet "a game changer"
EU cybersecurity agency warns that the Stuxnet malware is a game changer for critical information infrastructure protection; PLC controllers of SCADA systems infected with the worm might be programmed to establish destructive over/under pressure conditions by running pumps at different frequencies; Dr. Udo Helmbrecht, chief of EU’s cybersecurity agency: “Stuxnet is a new class and dimension of malware—- The fact that perpetrators activated such an attack tool, can be considered as the ‘first strike’ against major industrial resources. This has tremendous effect on how to protect national [cyber and critical infrastructure] in the future’
-
-
Skullduggery on a massive scale
Stuxnet, the malware which attacked more than 30,000 computers used in industrial control systems in Iran, including that country’s nuclear weapons facilities, represents a new class and dimension of malware; it can reach into the physical world, allowing attackers to run motors so fast they burn out, to turn off alarms and safety cut-offs, open effluent valves and activate pumps — in the words of Paul Marks, it allows attackers to “carry out industrial sabotage and skullduggery on a massive scale”
-
-
Malware will soon steal behavioral patterns
Examples of malware which steals personal information are all around us, sometimes for the purpose of making it public and at other times for profit; computer scientists predict that a new generation of malware will mine social networks for people’s private patterns of behavior
-
-
U.S. implements president's cybersecurity recommendations
GAO reports that of the 24 recommendations included in the president’s May 2009 cyber policy review report, 2 have been fully implemented and 22 have been partially implemented; the two fully implemented recommendations involve appointing within the National Security Council (NSC) a cybersecurity policy official (Special Assistant to the President and Cybersecurity Coordinator) responsible for coordinating the U.S. cybersecurity policies and activities, and a privacy and civil liberties official. Examples of partially implemented recommendations include
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.