• China steals confidential data on the vulnerabilities of major U.S. dams

    The U.S. Army Corps of Engineers’ National Inventory of Dams(NID) contains critical information on the vulnerabilities of the roughly 8,100 major dams in the United States. Between January and April 2013, U.S. intelligence agencies spotted several attempts by China’s People’s Liberation Army (PLA) cyber-espionage unit to access the NID database and steal its contents. On Monday, National Weather Service (NWS) hydrologist Xiafen “Sherry” Chen, 59 was arrested for allegedly breaching the NID security and stealing confidential data on U.S. dam vulnerabilities. The Justice Department has raised the alarm over multiple attempts by China to steal data on U.S. critical infrastructure through individuals with privileged access to confidential databases.

  • Sale of NYC historic Waldorf Astoria hotel to Chinese firm worries U.S. security officials

    Citing an espionage risk, U.S. officials are expressing concern over the sale of the historic Waldorf Astoria hotel in New York City to a Chinese insurance company. The Beijing-based Anbang Insurance Group purchased the property from Hilton Worldwide on 6 October for $1.95 billion. One clause in the sale contract, referring to “a major renovation,” has raised eye brows in Western security services. Specifically, they worry that renovations and modifications to the structure could accommodate Chinese eavesdropping and cyber espionage equipment.

  • U.K. launches inquiry into radiation poisoning of former KGB agent

    British authorities have announced that a public inquiry will be held into the death of former Russian KGB officer who became a British citizen, Alexander Litvinenko.Litvinenko, 43, died in 2006 after he was poisoned with radioactive polonium while drinking tea with two former KGB agents at a London hotel.

  • Chinese government hackers collected information on U.S. security clearance applicants

    Chinese government hackers last March broke into the computer networks of the U.S. Office of Personnel Management, the agency which keeps the personal information of all federal employees. The hackers targeted the information of tens of thousands of employees who had applied for top-secret security clearances. Experts note that the hacking of OPM files containing information about federal employees applying for security clearance is especially disturbing since federal employees applying for security clearances enter their most personal information.

  • U.S. approves fewer security clearances

    A new report by the Office of the Director of National Intelligence(ODNI) shows that the number of new security clearances provided by the federal government, both initial clearances and renewals, has decreased by 9 percent since 2011. The number of approved clearances decreased for the second consecutive year in fiscal 2013, to just over 777,000.One observer saidthe reduction is a response to a period in the mid-2000s when “basically everyone needed a clearance.”

  • Securing Industry 4.0

    An increasing number of unsecured, computer-guided production machinery and networks in production facilities are gradually evolving into gateways for data theft. New security technologies may directly shield the sensitive data that is kept there.

  • Identifying, thwarting insider threats before they do damage

    Researchers argue that one way to identify and predict potential insider threats even before these individuals begin to do damage like stealing and leaking sensitive information, is by using Big Data to monitor changes in behavior patterns. Researchers at PARC, for example, found that individuals who exhibit sudden decrease in participation in group activity, whether in a game like World of Warcraft or corporate e-mail communications, are likely to withdraw from the organization. A withdrawal represents dissatisfaction with the organization, a common trait of individuals who are likely to engage in insider security breaches.

  • Snowden stole co-worker’s password to gain access to secret databanks: NSA

    One reason National Security Agency (NSA) former analyst Edward Snowden was able to gain such broad access to a wide variety of agency’s secret documents was that he copied a password from a co-worker who has since resigned. After Snowden was denied access to NSANet, the agency’s computer network which connects into many of the agency’s classified databases, he persuaded a co-worker, an NSA civilian employee, to use his – the co-worker’s — Public Key Infrastructure (PKI) certificate to gain access. The NSA told Congress Snowden used what the agency describes as “digital deception”: the civilian NSA employee entered his password on Snowden’s computer, not realizing that Snowden was able to capture the password, allowing him even greater access to classified information. Once he gained access to NSANet, Snowden released a “Web crawler” inside the system. The crawler automatically indexed the NSANet, and using the passwords Snowden held – one his, one or more those of co-workers – copied every document in its path.

  • German IT industry hopes to benefit from NSA leaks-inspired distrust of U.S. tech companies

    The German IT sector is hoping to benefit from trust lost in American technology firms in the aftermath of Edward Snowden’s leaks. The German government is looking to develop Internet security initiatives, with government departments vying with each other for a lead role. Both inside and outside the German government a proposal, known as “Schengen Routing,” is advanced which calls for data originated in Europe to be processed and stored within Europe. Critics warn that plans to create a European routing system could affect the openness of the Internet.

  • The “Mask": Kaspersky Lab discovers advanced global cyber-espionage operation

    Kaspersky Lab’s security researchers have announced the discovery of the Mask (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes the Mask special is the complexity of the toolset used by the attackers. This includes a sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions, and possibly versions for Android and iOS (iPad/iPhone). The primary targets are government institutions, diplomatic offices and embassies, energy, oil, and gas companies, research organizations and activists. Victims of this targeted attack have been found in thirty-one countries around the world.

  • Snowden’ leaks derailed important cybersecurity initiatives

    Edward Snowden’s leaks created such a climate of distrust around the NSA that many important cybersecurity initiatives died, stalled, or became non-starters. Security experts say that this is a case of throwing the baby out with the bathwater, and that the result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere. “All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).

  • Rep. Rogers, House Intelligence chair: Russian intelligence may have helped Snowden

    Representative Mike Rogers (R-Michigan), chairman of the House Intelligence Committee, said that Russia may have helped the former NSA contractor Edward Snowden to reveal details of surveillance programs and escape U.S. authorities last year. Rogers said he could reveal evidence which would support his claims, but suggested Snowden “used methods beyond his technical capabilities” and had help with his travel arrangements. Rogers’s comments were backed by Michael McCaul (R-Texas), chairman of the House Committee on Homeland Security. Senator Diane Feinstein (D-California), chair of the Senate Intelligence Committee, asked whether he was aided by the Russians, said: “He may well have.”

  • Obama announces reforms of U.S. intelligence data collection practices

    President Barack Obama on Friday called for a “new approach” by the U.S. intelligence community to the collection of Americans’ phone metadata. The major changes in current practices involve storage of and access to bulk metadata; the presence of a public advocate during FISA court deliberations; new privacy protections for non-Americans; and new restrictions on spying on leaders of allied countries. Obama offered a robust defense of the U.S. intelligence services, saying that there was no evidence they had abused their power, and that many of their methods were necessary to protect Americans. “We will not apologize simply because our services may be more effective,” he said. The president pointedly noted that some countries that “have loudly criticized the NSA privately acknowledge that America has special responsibilities as the world’s only superpower . . . and that they themselves have relied on the information we obtain to protect their own people.”

  • NSA’s bulk collection programs’ contribution to thwarting terrorism minimal: study

    There are two questions about the NSA’s bulk information collection programs: are these programs legal? Are they effective? On the second questions, supporters of the programs say these surveillance measures are essential, and as proof they claim these programs helped thwart more than fifty potential terrorist attacks in more than twenty countries around the world. A new in-depth analysis shows, however, that these claims are overblown and even misleading. The study of 225 individuals recruited by al-Qaeda, or a like-minded group, or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrates that traditional investigative methods provided the initial impetus for investigations in the majority of cases, while the contribution of NSA’s bulk surveillance programs to these cases was minimal.

  • U.S. refuses a bilateral no-spy agreement with Germany

    The United States has refused to enter into a bilateral no-spy agreement with Germany, and has refused to rule out eavesdropping on calls of German political leaders in the immediate future, according to reports in the German press. It now appears that hopes in Germany that the United States would agree to a bilateral non-spying pact — similar to agreements between the United States and Britain, Canada, Australia, and New Zealand — have been dashed.