• Cyber whodunnit: North Korea prime suspect but there are many potential culprits

    By Alan Woodward

    Many suspect North Korea to be behind the attack on Sony Pictures. North Korea quite possibly has motive, means, and opportunity to carry out this attack on Sony, but as with any successful prosecution, that isn’t enough. We need evidence. We will have to wait for the detailed forensic work to complete before we stand a realistic chance of knowing for certain. That may or may not be forthcoming, but in the meantime we should consider what this event tells us about the balance of power in cyberspace. In a world in which major disruption can be caused with scant resources and little skill, all enemies are a threat. North Korea might be the rogue state that everyone loves to hate but there are plenty of others who could have done it. There is no longer a tiered approach of superpowers fighting proxy wars in smaller, developing nations. Now those developing nations can fight back, and you might not even know it was them.

  • A malware more sophisticated than Stuxnet discovered

    Security experts at Symantechave discovered the world’s most sophisticated computer malware, Regin. Thought to have been created by a Western intelligence agency, and in many respects more advanced than Stuxnet — which was developed by the U.S. and Israeli government in 2010 to hack the Iranian nuclear program — Regin has targeted Russian, Saudi Arabian, Mexican, Irish, and Iranian Internet service providers and telecoms companies. “Nothing else comes close to this … nothing else we look at compares,” said one security expert.

  • Security concerns over purchase of Waldorf Astoria by Chinese company

    Citing espionage risk, U.S. officials are expressing concern over the sale of the historic Waldorf Astoria hotel in New York City to a Chinese insurance company. The sale of the hotel will likely lead to a review by the U.S. Committee on Foreign Investment (CFIUS) of the Chinese firm’s long-term plans for the site and the finer details of the sale. “Because the agreement calls for major renovations to the hotel, CFIUS will be worried that the Chinese could engage in some form of espionage,” said a former Treasury Department official who managed CFIUS reviews.

  • Security contractor USIS failed to notice months-long hacking of its computer systems

    A new report reveals that the cyberattack on security contractor USIS, similar to previous attacks by Chinese government hackers on U.S. firms, was infiltrating USIS computer systems for months before the company noticed. The breach, first revealed publicly by the company and the Office of Personnel Management(OPM) in August, compromised the records of at least 25,000 DHS employees.

  • New report details Russia’s cyber-espionage activities

    Researchers at FireEye, a Silicon Valley-based computer security firm, are connecting the Russian government to cyber espionage efforts around the world. The researchers released a report on Tuesday which says that hackers working for the Russian government have, for seven years now, been hacking into computer networks used by the government of Georgia, other Eastern European governments, and some European security organizations.

  • Georgia Tech releases 2015 Emerging Cyber Threats Report

    In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.

  • China steals confidential data on the vulnerabilities of major U.S. dams

    The U.S. Army Corps of Engineers’ National Inventory of Dams(NID) contains critical information on the vulnerabilities of the roughly 8,100 major dams in the United States. Between January and April 2013, U.S. intelligence agencies spotted several attempts by China’s People’s Liberation Army (PLA) cyber-espionage unit to access the NID database and steal its contents. On Monday, National Weather Service (NWS) hydrologist Xiafen “Sherry” Chen, 59 was arrested for allegedly breaching the NID security and stealing confidential data on U.S. dam vulnerabilities. The Justice Department has raised the alarm over multiple attempts by China to steal data on U.S. critical infrastructure through individuals with privileged access to confidential databases.

  • Sale of NYC historic Waldorf Astoria hotel to Chinese firm worries U.S. security officials

    Citing an espionage risk, U.S. officials are expressing concern over the sale of the historic Waldorf Astoria hotel in New York City to a Chinese insurance company. The Beijing-based Anbang Insurance Group purchased the property from Hilton Worldwide on 6 October for $1.95 billion. One clause in the sale contract, referring to “a major renovation,” has raised eye brows in Western security services. Specifically, they worry that renovations and modifications to the structure could accommodate Chinese eavesdropping and cyber espionage equipment.

  • U.K. launches inquiry into radiation poisoning of former KGB agent

    British authorities have announced that a public inquiry will be held into the death of former Russian KGB officer who became a British citizen, Alexander Litvinenko.Litvinenko, 43, died in 2006 after he was poisoned with radioactive polonium while drinking tea with two former KGB agents at a London hotel.

  • Chinese government hackers collected information on U.S. security clearance applicants

    Chinese government hackers last March broke into the computer networks of the U.S. Office of Personnel Management, the agency which keeps the personal information of all federal employees. The hackers targeted the information of tens of thousands of employees who had applied for top-secret security clearances. Experts note that the hacking of OPM files containing information about federal employees applying for security clearance is especially disturbing since federal employees applying for security clearances enter their most personal information.

  • U.S. approves fewer security clearances

    A new report by the Office of the Director of National Intelligence(ODNI) shows that the number of new security clearances provided by the federal government, both initial clearances and renewals, has decreased by 9 percent since 2011. The number of approved clearances decreased for the second consecutive year in fiscal 2013, to just over 777,000.One observer saidthe reduction is a response to a period in the mid-2000s when “basically everyone needed a clearance.”

  • Securing Industry 4.0

    An increasing number of unsecured, computer-guided production machinery and networks in production facilities are gradually evolving into gateways for data theft. New security technologies may directly shield the sensitive data that is kept there.

  • Identifying, thwarting insider threats before they do damage

    Researchers argue that one way to identify and predict potential insider threats even before these individuals begin to do damage like stealing and leaking sensitive information, is by using Big Data to monitor changes in behavior patterns. Researchers at PARC, for example, found that individuals who exhibit sudden decrease in participation in group activity, whether in a game like World of Warcraft or corporate e-mail communications, are likely to withdraw from the organization. A withdrawal represents dissatisfaction with the organization, a common trait of individuals who are likely to engage in insider security breaches.

  • Snowden stole co-worker’s password to gain access to secret databanks: NSA

    One reason National Security Agency (NSA) former analyst Edward Snowden was able to gain such broad access to a wide variety of agency’s secret documents was that he copied a password from a co-worker who has since resigned. After Snowden was denied access to NSANet, the agency’s computer network which connects into many of the agency’s classified databases, he persuaded a co-worker, an NSA civilian employee, to use his – the co-worker’s — Public Key Infrastructure (PKI) certificate to gain access. The NSA told Congress Snowden used what the agency describes as “digital deception”: the civilian NSA employee entered his password on Snowden’s computer, not realizing that Snowden was able to capture the password, allowing him even greater access to classified information. Once he gained access to NSANet, Snowden released a “Web crawler” inside the system. The crawler automatically indexed the NSANet, and using the passwords Snowden held – one his, one or more those of co-workers – copied every document in its path.

  • German IT industry hopes to benefit from NSA leaks-inspired distrust of U.S. tech companies

    The German IT sector is hoping to benefit from trust lost in American technology firms in the aftermath of Edward Snowden’s leaks. The German government is looking to develop Internet security initiatives, with government departments vying with each other for a lead role. Both inside and outside the German government a proposal, known as “Schengen Routing,” is advanced which calls for data originated in Europe to be processed and stored within Europe. Critics warn that plans to create a European routing system could affect the openness of the Internet.