Hackers

  • CybersecurityNew NCCoE building blocks for e-mail security and PIV credentials

    NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations improve the security of e-mail, the other to enable mobile devices to provide security services based on personal identity verification (PIV) credentials. NIST invites the public to comment on the draft documents, and the comment period ends 14 August 2015.

  • CybersecurityDuqu 2.0: New, menacing programming concept

    In 2011, the security world was rocked by the announcement of a newly discovered virus named Stuxnet. This malware, unlike previous viruses, was targeted at one particular victim. That target was Iran’s nuclear program.Following on the heels of Stuxnet was a variant named Duqu.Duqu is different from Stuxnet, however, in that it was designed to gather information for future attacks, rather than perform the attack itself.There is evidence that the malware was used to gather information on the U.S. talks with Iran over the Iranian nuclear program.Since this worm is able to move laterally, and runs only in system memory, a given computer can be easily re-infected from elsewhere in the home network, without using any mechanisms that would provide persistence. Duqu 2.0 represents programming concepts never used before that make it extremely dangerous.

  • CybersecurityAbu Dhabi’s power system to be used for critical infrastructure cybersecurity study

    Abu Dhabi, UAE-based Masdar Institute of Science and Technology and MIT will use Abu Dhabi’s power system as a case study for developing a knowledge map of the power system and its cybersecurity shortcomings. The project is due to run for two years. At the end of this two year period, the collaborating institutions hope that data from the analysis of Abu Dhabi’s power system could be compared against data from the projects running concurrently in New York and Singapore to develop a comprehensive knowledge map, capable of being applied to critical infrastructure worldwide.

  • Cyber educationU.S. Cyber Challenge Eastern Regional Competition announces winner

    On Friday, participants of the annual U.S. Cyber Challenge (USCC) Eastern Regional Cyber Camp competed in a “Capture-the-Flag” competition to demonstrate their knowledge and skill of cybersecurity and compete to win one of a limited number of (ISC)2 scholarships. Participants of Eastern Regional Cyber Camp were selected based in part on their scores from Cyber Quests, an online competition offered through USCC in April, which drew more than 1,300 registrants from over 600 schools nationwide.

  • view counter
  • CybersecurityGovernment credentials found on the open Web

    Somerville, Massachusetts-based Recorded Future has identified the possible exposures of login credentials for forty-seven U.S. government agencies across eighty-nine unique domains. Recorded Future says that as of early 2015, twelve of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication.

  • China syndromeState Department stays away from Chinese-owned Waldorf Astoria

    The U.S. State Department said American diplomats and State Department officials, for the first time in decades, would not be staying at New York’s Waldorf-Astoria hotel during this year’s UN general assembly. Worldwide last year sold the high-end Midtown hotel for $1.95 billion to the Chinese group Anbang Insurance Group. The sales contract allowed for “a major renovation” by the Chinese, and American security experts had no doubt as to the purpose of these “renovations”: As is the practice in China, the Chinese owners, working on behalf of China’s intelligence services, were going to plant listening devices in every room and ball room, and wire every phone, Wi-Fi hot spot, and restaurant table in order to eavesdrop on hotel guests.

  • view counter
  • CybersecurityLatest massive data breach highlights federal government cyber vulnerability

    The latest hacking of federal government records has resulted in the theft of personal files for as many as fourteen million people, and is yet another sign of systemic security breaches within government. The Office of Personnel Management (OPM) is an agency notorious for its lax cybersecurity, but experts say that the OPM incident is indicative of a greater need across the country to better defend governmental infrastructure with updated methodologies.

  • Quick Take // By Ben FrankelSnowden fallout: Revelations forced U.K. to pull out agents from “hostile countries”

    The British security services had to pull out agents from “hostile countries” as a result of information the Chinese and Russian intelligence services obtained when they gained access to the millions of top-secret NSA files Edward Snowed was carrying with him when he fled to Honk Kong and then to Russia. Snowden assured journalists who interviewed him that the Chinese and Russian intelligence services would not be able to access these files because he encrypted them with the highest encryption methods available. Security experts commented that he was either naïve or disingenuous – because he must have known, or should have known, that the cyber capabilities these two countries would make it relatively easy for them to crack the encrypted files he was carrying with him. We now know that these security experts were right.

  • CybersecurityCompanies making cybersecurity a greater priority, but hackers may still be gaining

    Companies are spending increasing amounts on cybersecurity tools, but are not convinced their data is truly secure and many chief information security officers believe that attackers are gaining on their defenses, according to a new RAND Corporation study. While worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually, many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

  • CybersecurityNIST releases update of Industrial Control Systems Security Guide

    The National Institute of Standards and Technology (NIST) has issued the second revision to its Guide to Industrial Control Systems (ICS) Security. It includes new guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability, and safety requirements, as well as updates to sections on threats and vulnerabilities, risk management, recommended practices, security architectures and security capabilities and tools.

  • SurveillanceAdministration rejects criticism of NSA’s surveillance of foreign hackers

    Just two years after the Edward Snowden leaks exposed the NSA’s domestic surveillance program, another report released last Friday from the Snowden files shares information about the NSA’s efforts to track foreign hackers. As with the NSA’s controversial foreign surveillance program which kept metadata records of suspected foreign terrorists’ conversations with Americans, the NSA’s hacker program may incidentally gather Americans’ private information from the files of foreign hackers.

  • CybersecurityCriminals receive 1,425 percent return on investment from malware attacks: Report

    Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014. Among the report’s findings: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment); spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.

  • GridCan the power grid survive a cyberattack?

    By Michael McElfresh

    It is very hard to overstate how important the U.S. power grid is to American society and its economy. Every critical infrastructure, from communications to water, is built on it and every important business function from banking to milking cows is completely dependent on it. And the dependence on the grid continues to grow as more machines, including equipment on the power grid, get connected to the Internet. The grid’s vulnerability to nature and physical damage by man, including a sniper attack in a California substation in 2013, has been repeatedly demonstrated. But it is the threat of cyberattack that keeps many of the most serious people up at night, including the U.S. Department of Defense. In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority.

  • CybersecurityCombating cyber threats to the global financial industry

    Today more than fifteen billion devices are connected to the Internet; in the next five years, that number will grow to fifty billion. With each new device presenting an opportunity to be infiltrated and compromised by hackers, it is easy to understand why the importance of cybersecurity continues to skyrocket. So explained keynote speaker Elizabeth Petrie, director of strategic intelligence analysis for Citigroup, who kicked off a one-day conference at the University of Delaware on cybersecurity issues impacting the global financial industry.

  • EncryptionUSMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.