-
Maryland wants to become cybersecurity’s Silicon Valley
Governor Martin O’Malley: “Our federal facilities are a big part of the reason that we not only think that Maryland can be the national epicenter for cybersecurity, the fact of the matter is our state already is the epicenter of cybersecurity for our country and therefore an important epicenter for the entire world”
-
-
FTC to examine cloud computing privacy concerns
The FTC says it wants to examine potential threats to consumer privacy and data security posed by cloud computing services; David Vladeck, director of the FTC’s Bureau of Consumer Protection: “The ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers”
-
-
China offers Internet pirates bulletproof havens for illegal file sharing
Most bulletproof hosts which allow music, video, and software to be illegally shared online are located in China, where criminals are able to take advantage of low costs and legal loopholes to avoid prosecution; despite officials in Beijing talking in tough terms about computer crime — hacking potentially carries a death sentence in China — the authorities rarely cooperate with other countries to take action against hi-tech criminals; as a result, just a handful of firms in China are responsible for hosting thousands of criminal enterprises online; one example: more than 22,000 Web sites which sent pharmaceutical spam were hosted by six bulletproof servers in China
-
-
New techniques to strengthen the security of information systems
Highly developed societies rely more and more on information systems to maintain and enhance their economic vitality, societal welfare, and military effectiveness; as data are exchanged between various users, there is a danger that information could be released to unauthorized parties; the ability to guarantee secure information flow is becoming more critical as government and industry push toward increasingly complex information systems in many areas; K-State computer scientists are developing high-level policy languages and verification techniques to strengthen the security and integrity of such systems
-
-
Symantec issues South Africa cybercrime warning
Crime is not new to South Africa, but cybercrime is; broadband rollouts and World Cup creating “perfect storm” for cyber criminals
-
-
2010: Topics for homeland security discussion
The only thing we can say for sure about 2010 is terrorists, criminals, and mother nature will surprise us at some point during 2010; still, based on what we do know, we offer a short list of topics we predict will dominate the homeland security discussion in the coming year – from whole-body scanners to 100 percent air cargo screening to social Web sites to communication interoperability to the consequences of climate change (or is there a climate change?)
-
-
FBI issues a new code breaking challenge
The FBI posts its annual code-breaking challenge on its Web site; this is the longest code-breaking challenge to date; the FBI says that the code-breaking task is similar to work being done in its labs
-
-
Obama to name Howard Schmidt as cybersecurity coordinator
Howard Schmidt chosen as the White House cybersecurity coordinator; Schmidt, a former Bush White House official, will coordinate cybersecurity policy across the federal government, from the military to civilian agencies; questions remain as to whether his authority will be commensurate with the responsibilities he assumes
-
-
Drone security questions raised years ago
Questions about the security of drone communications were raised years ago; in 2004, U.S. officials raised concerns about Russia and China intercepting and manipulating video from drone aircraft, but the military believed it was facing more pressing issues; officers at the time were not concerned about communications being intercepted in Iraq or Afghanistan because they believed militants were technically unsophisticated.
-
-
U.S. Army working to encrypt UAV video feeds
The Army is scrambling to secure the live video feeds from its UAVs from being intercepted by insurgents in Iraq and Afghanistan; Raven drones will be retrofitted with encryption technology as early as this month; the U.S. Air Force has known for more than a decade that the live video feeds from its unmanned aerial vehicles can be intercepted by the enemy but opted not to do anything about it until this year.
-
-
Pentagon says U.S. fixed drones hacked by Iraqi insurgents
Iraqi insurgents, using a $25.95 off-the-shelf commercial application, were able to intercept communication between U.S. surveillance UAVs and the UAVs’ command center; the hacking was discovered when the U.S. military found files of intercepted drone video feeds on laptops of captured militants; U.S. soldiers discovered “days and days and hours and hours of proof,” one U.S. officer said; the same hacking technique is known to have been employed in Afghanistan; the U.S. government has known about the UAV communication flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it.
-
-
Adobe to patch zero-day Reader, Acrobat hole
On 12 January Adobe will release patches to fix zero-day vulnerabilities in Reader and Acrobat; malicious Adobe Acrobat PDF files are distributed via an e-mail attachment that, when opened, executes a Trojan that targets Windows systems, according to Symantec; the rate of infection is extremely limited and the risk assessment level is very low, the company said.
-
-
Prediction for 2010: The coming cloud crash
Technology maven Mark Anderson predicts a big remote-computing service disaster; “My hunch is that there will never really be a secure cloud,” he says; businesses will view cloud services more suspiciously and consumers will refuse to use them for anything important, he says
-
-
Michigan in cyber-security partnership with DHS
Michigan will deploy EINSTEIN 1, the DHS-run cyber security system which all federal agencies are required to use; EINSTEIN 1 automates the collection and analysis of computer network security information from participating agency and government networks to help analysts identify and combat malicious cyber-activity
-
-
DHS launches virtual cyber job fair
In October DHS announced it was given the authority to hire 1,000 cyber security professionals during the next three years; late last week the department launched a virtual job fair to begin and recruit these cyber specialists; DHS is looking for applicants with experience in cyber risk and strategic analysis, malware/vulnerability analysis, incident response, exercise and facilitation management, vulnerability detection and assessment, intelligence analysis, and cyber-related infrastructure inderdependency analysis
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
By Zachary Roth
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
By Dino Jahic
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
By Trina West
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.