-
Companies, government responses to war game draw mixed reviews
Details emerge of a $3 million, invitation-only war game — Cyber Storm —which simulated what DHS described as plausible attacks over five days in February 2006 against the technology industry, transportation lines, and energy utilities by anti-globalization hackers
-
-
One way to fight criminals, terrorists: Register pre-paid cell phones
Texas state senator offers legislation, with the support of state police chiefs, which would help in fighting crimes — and terrorism: Legislation would require prepaid cellphone customers to present ID and limit purchases to three phones at a time; it also would require prepaid cellphone service providers to make phone records accessible to police
-
-
Swedish bank stops sophisticated digital theft
Forget ski masks and machine guns: Savvy Swedish bank robbers stealthily placed an electronic device under the desk of a bank employee; the device gave instructions to the computer atop the desk to transfer millions of dollars from bank deposits to an account the robbers had set up
-
-
Spam, Q4 Email Threat Trends of 2007
A steep rise in attacks using social networking techniques which target user psychology and behavior patterns; spammers launched attacks by predicting user behavior patterns, such as looking for easy cash and discounted gifts during the holiday season, and preying on consumer trust to generate interest in cheap pharmaceutical products and stocks
-
-
Emphasis shifts to analytical tools rather than building sturdier walls
The $169 million PayPal paid for Israeli on-line security specialist Fraud Sciences is part of a larger trend in security: “Security is less a matter of keeping everyone outside the outer wall and more one of detecting them sneaking through the premises,” as one analyst put it
-
-
U.K. Ministry of Defense selects BAE for SSEI
The Software Systems Engineering Initiative (SSEI) aims to reduce the cost and speed up production of the software; the government has identified such software as “the critical enabling technology” for modern platforms; BAE’s Military Air Solutions will lead a consortium to manage the project
-
-
Marks & Spencer loses personal information on 26,000 staff
A laptop belonging to Marks and Spencer was stolen in May 2007, joining a lengthening list of personal data breaches in the United kingdom; Information Commissioner’s Office takes action against company
-
-
NSA, other spy agencies enlisted in effort to address cyber vulnerability
Prepare for another heated NSA-domestic spying debate: The Bush administration issues secret directive on 8 January — informally known as the “cyber initiative” — expanding the intelligence community’s role in monitoring Internet traffic; the goal is to protect against a rising number of attacks on federal agencies’ computer systems
-
-
Estonian student convicted for 2007 attack against Estonian Web sites
A 20-year-old Estonian student has been fined $1,642 for launching a cyber attack which crippled the Web sites of banks, schools, and government agencies
-
-
OMB wants privacy review details in FISMA reports
U.S. government agencies will have to provide more details about the privacy reviews they conduct as part of annual reporting in compliance with FISMA
-
-
SPARQL is a new, format-independent query technology
Many successful query languages exist, including standards such as SQL and XQuery, but they were primarily designed for queries limited to a single product, format, type of information, or local data store; SPARQL is the key standard for opening up data on the Semantic Web, and the goal of the Semantic Web is to enable people to share, merge, and reuse data globally
-
-
Swiss move on quantum cryptography
Ensuring effective data security is the next challenge for global data networks; quantum cryptography offers such effective security; the Swiss national election in October 2007 provided first real-life test of the technology, and Swiss now move to implement it in security-sensitive sectors of the economy
-
-
Reviewing -- and fixing -- Open Source code security holes
Popular open source projects such as Samba, the PHP, Perl, Tcl dynamic languages, and Amanda were found to have dozens or hundreds of security exposures; some are quicker than others in fixing the problem
-
-
A new Wi-Fi security worry: Sidejacking
Two hackers’ tools — Ferret and Hamster — “sidejack” machines using Wi-Fi and accesses their Web accounts; Hamster hacks the cookies and URL trail left behind by a Wi-Fi user, and the attacker then can pose as the victim and read, send, and receive e-mail on his or her behalf
-
-
U.S. forces in Europe pay more attention to cybersecurity
Greater reliance on cyberspace by the U.S. military offers many benefits, but also introduces many vulnerabilities; the 5th Signal Command creates cyber cells to monitor and improve cyber security
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.