• Government credentials found on the open Web

    Somerville, Massachusetts-based Recorded Future has identified the possible exposures of login credentials for forty-seven U.S. government agencies across eighty-nine unique domains. Recorded Future says that as of early 2015, twelve of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication.

  • State Department stays away from Chinese-owned Waldorf Astoria

    The U.S. State Department said American diplomats and State Department officials, for the first time in decades, would not be staying at New York’s Waldorf-Astoria hotel during this year’s UN general assembly. Worldwide last year sold the high-end Midtown hotel for $1.95 billion to the Chinese group Anbang Insurance Group. The sales contract allowed for “a major renovation” by the Chinese, and American security experts had no doubt as to the purpose of these “renovations”: As is the practice in China, the Chinese owners, working on behalf of China’s intelligence services, were going to plant listening devices in every room and ball room, and wire every phone, Wi-Fi hot spot, and restaurant table in order to eavesdrop on hotel guests.

  • Underwriters of cyberinsurance policies need better understanding of cyber risks

    Demand for insurance that covers an ever-increasing range of cyberattacks is growing and evolving rapidly, and a number of insurance companies are seeking advice through sponsored events that can gradually educate their work forces. At Standard & Poor’s Rating Services 2015 Insurance Conference last week, a panel of insurance experts stressed the importance of insurance underwriters gaining a better understanding of cyber risks in order to make better property and risk assessments.

  • Latest massive data breach highlights federal government cyber vulnerability

    The latest hacking of federal government records has resulted in the theft of personal files for as many as fourteen million people, and is yet another sign of systemic security breaches within government. The Office of Personnel Management (OPM) is an agency notorious for its lax cybersecurity, but experts say that the OPM incident is indicative of a greater need across the country to better defend governmental infrastructure with updated methodologies.

  • Snowden fallout: Revelations forced U.K. to pull out agents from “hostile countries”

    The British security services had to pull out agents from “hostile countries” as a result of information the Chinese and Russian intelligence services obtained when they gained access to the millions of top-secret NSA files Edward Snowed was carrying with him when he fled to Honk Kong and then to Russia. Snowden assured journalists who interviewed him that the Chinese and Russian intelligence services would not be able to access these files because he encrypted them with the highest encryption methods available. Security experts commented that he was either naïve or disingenuous – because he must have known, or should have known, that the cyber capabilities these two countries would make it relatively easy for them to crack the encrypted files he was carrying with him. We now know that these security experts were right.

  • Companies making cybersecurity a greater priority, but hackers may still be gaining

    Companies are spending increasing amounts on cybersecurity tools, but are not convinced their data is truly secure and many chief information security officers believe that attackers are gaining on their defenses, according to a new RAND Corporation study. While worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually, many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

  • NIST releases update of Industrial Control Systems Security Guide

    The National Institute of Standards and Technology (NIST) has issued the second revision to its Guide to Industrial Control Systems (ICS) Security. It includes new guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability, and safety requirements, as well as updates to sections on threats and vulnerabilities, risk management, recommended practices, security architectures and security capabilities and tools.

  • Administration rejects criticism of NSA’s surveillance of foreign hackers

    Just two years after the Edward Snowden leaks exposed the NSA’s domestic surveillance program, another report released last Friday from the Snowden files shares information about the NSA’s efforts to track foreign hackers. As with the NSA’s controversial foreign surveillance program which kept metadata records of suspected foreign terrorists’ conversations with Americans, the NSA’s hacker program may incidentally gather Americans’ private information from the files of foreign hackers.

  • D.C.-area becoming the Silicon Valley of cybersecurity

    A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.

  • Criminals receive 1,425 percent return on investment from malware attacks: Report

    Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014. Among the report’s findings: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment); spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.

  • “Dark Internet” inhibits law enforcement’s ability to identify, track terrorists

    For several months, Islamic State militants have been using instant messaging apps which encrypt or destroy conversations immediately. This has inhibit U.S. intelligence and law enforcement agencies from identifying and monitoring suspected terrorists, even when a court order is granted, because messaging companies and app developers say they are unable to unlock the coded conversations and/or do not have a record of the conversations. “We’re past going dark in certain instances,” said Michael B. Steinbach, the FBI’s top counterterrorism official. “We are dark.”

  • Can the power grid survive a cyberattack?

    It is very hard to overstate how important the U.S. power grid is to American society and its economy. Every critical infrastructure, from communications to water, is built on it and every important business function from banking to milking cows is completely dependent on it. And the dependence on the grid continues to grow as more machines, including equipment on the power grid, get connected to the Internet. The grid’s vulnerability to nature and physical damage by man, including a sniper attack in a California substation in 2013, has been repeatedly demonstrated. But it is the threat of cyberattack that keeps many of the most serious people up at night, including the U.S. Department of Defense. In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority.

  • Combating cyber threats to the global financial industry

    Today more than fifteen billion devices are connected to the Internet; in the next five years, that number will grow to fifty billion. With each new device presenting an opportunity to be infiltrated and compromised by hackers, it is easy to understand why the importance of cybersecurity continues to skyrocket. So explained keynote speaker Elizabeth Petrie, director of strategic intelligence analysis for Citigroup, who kicked off a one-day conference at the University of Delaware on cybersecurity issues impacting the global financial industry.

  • USMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.

  • Rumor-detection software detects, corrects erroneous claims on Twitter

    A week after the Boston marathon bombing, hackers sent a bogus tweet from the official Twitter handle of the Associated Press. It read: “Breaking: Two Explosions in the White House and Barack Obama is injured.” Before the AP and White House could correct the record, the stock market responded, dropping more than 140 points in a matter of minutes. Losses mounted into the billions. The market recovered just as quickly, but analysts said the timeframe could well have been long enough for in-the-know perpetrators to profit through trading. Researchers have developed software to help society identify and correct erroneous claims on Twitter.