• Breach of background-checks database may lead to blackmail

    Newly released documents show how hackers infiltrated servers used by US Investigations Services(USIS), a federal contractor which conducts background checks for DHS. In a House Oversight and Government Reform Committeehearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management(OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for malicious gain.

  • U.S. adopts a more assertive cyber defense posture

    Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.

  • view counter
  • Russian hackers gained access to unclassified White House e-mails

    Reports that Russian hackers gained access to unclassified e-mails to and from President Barack Obama during last October’s White House e-mail breach, are adding to concerns regarding the security of government communications systems. “This attack is a red flag that they really need to improve their security procedures. It’s quite serious,” said Kevin Mitnick, a former hacker. “The cyber threat against U.S. interests is increasing in severity and sophistication,”Defense Secretary Ashton Carter said last Thursday.

  • Efforts to improve cyber information sharing between the private sector, government

    Lately, Obama administration officials having been venturing West to encourage tech firms to support the government’s efforts to improve cyber information sharing between the private sector and government agencies. The House of Representatives last week passed two bills to advance such effort. The Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act of 2015 authorize private firms to share threat data such as malware signatures, Internet protocol addresses, and domain names with other companies and the federal government. To the liking of the private sector, both bills offer companies liability protection for participating in cyberthreat information sharing.

  • Energy companies prime targets for hackers

    A third of the cyber incidents handled in 2014 by DHS’s Industrial Control Systems Cyber Emergency Response Team involved energy companies. Oil and gas operators face the greatest cyber risks among energy producers because their projects often involve multiple companies working together, sharing information, and trying to integrate systems. Still, 60 percent of energy companies around the world said they do not have a cyberattack response plan.

  • Emerging threats require a new social contract between the state, citizens: Study

    Technological advancements create opportunities for governments and the private sector, but they also pose a threat to individual privacy and individual – and public — safety, which most Americans look to the government to protect. The authors of a new book on emerging threats argue that while, at one time, “the government used to be our sole provider of security,” companies which store troves of private information are also key to Americans’ privacy and security. They say that the United States may need a new social contract between the state and its citizens on matters of security and privacy. “The old social contract has its roots in the security dilemmas of the Enlightenment era,” they write. “In our new era, everyone is simultaneously vulnerable to attack and menacing to others. That requires a different, more complex social contract — one that we are just starting to imagine.”

  • Cybersecurity firms hire former military, intelligence cyber experts

    Over the past two years, U.S. cybersecurity firms have brought in several former military and intelligence community computer experts to help combat hackers targeting the U.S. private sector. For the new private sector employees, the wages are higher and opportunities are endless. Hundreds of ex-government cybersecurity workers represent the competitive advantage of a cybersecurity services industry expected to bring in more than $48 billion in revenue next year, up 41 percent from 2012. “The people coming out of the military and the intelligence community are really, really good,” says a cyber startup founder. “They know the attackers. They know how they work.”

  • Thwarting the next generation of cyberattacks

    The next generation of cyberattacks will be more sophisticated, more difficult to detect, and more capable of wreaking untold damage on the nation’s computer systems. So the U.S. Department of Defense has given a $3 million grant to a team of computer scientists from the University of Utah and University of California, Irvine, to develop software that can hunt down a new kind of vulnerability that is nearly impossible to find with today’s technology. The team is tasked with creating an analyzer that can thwart so-called algorithmic attacks that target the set of rules or calculations that a computer must follow to solve a problem.

  • Cyber espionage campaign, likely sponsored by China, targets Asian countries: FireEye

    FireEye has released a report which provides intelligence on the operations of APT 30, an advanced persistent threat (APT) group most likely sponsored by the Chinese government. APT 30 has been conducting cyber espionage since at least 2005, making it one of the longest operating APT groups that FireEye tracks. APT 30 targets governments, journalists, and commercial entities across South East Asia and India.

  • New privacy technologies protect personal data better

    In Estonia, the public and private sector have databases, the merging and analysis of which could help the state and enterprises make better management decisions. Such consolidation of data, however, would be a serious threat to privacy and violate data protection rules. A researcher suggests a more convenient way of analyzing very sensitive data without the fear of data leak. The new approach would be appropriate for preserving privacy in genome-wide association studies, satellite collision prediction analysis, and conducting labor market studies.

  • Do you know where your data is?

    Bitglass, a data protection company, undertook an experiment aiming to gain better understanding of what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia. “This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO.

  • Russian hackers used compromised State Dep. computers to penetrated W.H. systems

    U.S. officials said that Russian hackers who penetrated the computer systems of the U.S. State Department in recent months were able to use the access they gained to penetrate parts of the White House computer system. Experts from government agencies looking into the incident say the breach is one of the most sophisticated attacks to have been directed at U.S. government systems. The hackers used computers around the world to mask their penetration, but investigators were able to identify codes and other markers which point to hackers working for the Russian government.

  • Computer engineers battle malicious bots

    Defending Web sites from malicious intruder bots is not unlike fighting viruses: neutralize them and they reinvent themselves, finding new ways to penetrate. IT security designers, however, still hold an advantage over some automated programs masquerading as people. To date, there are human abilities too complex to imitate. Exploiting that weakness is central to an Internet security technology developed by researchers who have come up with a new method for distinguishing humans from computers. Their next-gen CAPTCHA — a brief test that computer users must pass in order to access a Web site — requires viewers to identify text, but presents it in video animation rather than in the distorted, static letters users now identify and reproduce to gain admittance.

  • Police department pays ransom after hackers encrypt department’s data

    Last December, cyberterrorists hacked into servers belonging to the Tewksbury Police Department, encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files. The attack is known as the CryptoLocker ransomware virus, and it points to a new frontier in cyberterrorism.

  • NSA’s recruitment effort challenged by Snowden leaks, private sector competition

    The NSA employs roughly 35,000 people nationwide and anticipates on recruiting at least 1,000 workers each year. For 2015, the agency needs to find 1,600 recruits, hundreds of whom must come from highly specialized fields like computer science and mathematics. The agency has been successful so far, but still faces recruitment challenges in the aftermath of the Edward Snowden revelations and competition from private sector firms who offer recruits much higher salaries.