• Snowden fallout: Revelations forced U.K. to pull out agents from “hostile countries”

    The British security services had to pull out agents from “hostile countries” as a result of information the Chinese and Russian intelligence services obtained when they gained access to the millions of top-secret NSA files Edward Snowed was carrying with him when he fled to Honk Kong and then to Russia. Snowden assured journalists who interviewed him that the Chinese and Russian intelligence services would not be able to access these files because he encrypted them with the highest encryption methods available. Security experts commented that he was either naïve or disingenuous – because he must have known, or should have known, that the cyber capabilities these two countries would make it relatively easy for them to crack the encrypted files he was carrying with him. We now know that these security experts were right.

  • Companies making cybersecurity a greater priority, but hackers may still be gaining

    Companies are spending increasing amounts on cybersecurity tools, but are not convinced their data is truly secure and many chief information security officers believe that attackers are gaining on their defenses, according to a new RAND Corporation study. While worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually, many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

  • NIST releases update of Industrial Control Systems Security Guide

    The National Institute of Standards and Technology (NIST) has issued the second revision to its Guide to Industrial Control Systems (ICS) Security. It includes new guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability, and safety requirements, as well as updates to sections on threats and vulnerabilities, risk management, recommended practices, security architectures and security capabilities and tools.

  • Administration rejects criticism of NSA’s surveillance of foreign hackers

    Just two years after the Edward Snowden leaks exposed the NSA’s domestic surveillance program, another report released last Friday from the Snowden files shares information about the NSA’s efforts to track foreign hackers. As with the NSA’s controversial foreign surveillance program which kept metadata records of suspected foreign terrorists’ conversations with Americans, the NSA’s hacker program may incidentally gather Americans’ private information from the files of foreign hackers.

  • Criminals receive 1,425 percent return on investment from malware attacks: Report

    Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014. Among the report’s findings: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment); spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.

  • Can the power grid survive a cyberattack?

    It is very hard to overstate how important the U.S. power grid is to American society and its economy. Every critical infrastructure, from communications to water, is built on it and every important business function from banking to milking cows is completely dependent on it. And the dependence on the grid continues to grow as more machines, including equipment on the power grid, get connected to the Internet. The grid’s vulnerability to nature and physical damage by man, including a sniper attack in a California substation in 2013, has been repeatedly demonstrated. But it is the threat of cyberattack that keeps many of the most serious people up at night, including the U.S. Department of Defense. In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority.

  • Combating cyber threats to the global financial industry

    Today more than fifteen billion devices are connected to the Internet; in the next five years, that number will grow to fifty billion. With each new device presenting an opportunity to be infiltrated and compromised by hackers, it is easy to understand why the importance of cybersecurity continues to skyrocket. So explained keynote speaker Elizabeth Petrie, director of strategic intelligence analysis for Citigroup, who kicked off a one-day conference at the University of Delaware on cybersecurity issues impacting the global financial industry.

  • USMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.

  • A growing threat: Car hacking

    A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking. Researchers are now looking into the growing threat of automotive hacking. “More and more in your everyday life you see that we’re automating physical systems,” one researcher says. “And unlike an information system, a physical system could kill you by accident.”

  • One false tweet sent financial markets into a tailspin

    A false tweet from a hacked account owned by the Associated Press (AP) in 2013 sent financial markets into a tailspin. The Dow Jones Industrial Average dropped 143.5 points and the Standard & Poor’s 500 Index lost more than $136 billion of its value in the seconds that immediately followed the post. Once the nature of the tweet was discovered, the markets corrected themselves almost as quickly as they were skewed by the bogus information, but the event, known as Hack Crash, demonstrates the need better to understand how social media data is linked to decision making in the private and public sector.

  • How a hacker could hijack a plane from their seat

    Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry. It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight. But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.

  • Ongoing attack against oil tankers aims to defraud oil brokers

    A new report details a malicious and largely unknown targeted attack on oil tankers. First discovered in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers. Despite having been compromised by this cyber-attack, which has been dubbed the “Phantom Menace,” none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.

  • Massive cyberattack by Chinese government hackers on Penn State College of Engineering

    The Penn State College of Engineering has been the target of two sophisticated cyberattacks conducted by so-called “advanced persistent threat” actors. The FireEye cybersecurity forensic unit Mandiant, which was hired by Penn State after the breach was discovered, has confirmed that at least one of the two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college. In a coordinated response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems has been launched. On 21 November 2014 Penn State was alerted by the FBI to a cyberattack of unknown origin and scope on the school’s College of Engineering.

  • Pentagon to invest in Silicon Valley tech startups to help develop advanced cyber solutions

    The Pentagon will begin to invest in Silicon Valley tech startups as part of the department’s plan to develop and acquire more advanced cyber solutions to secure the country and military’s digital infrastructure. The investments will be made through In-Q-Tel, a nonprofit strategic investing firm the Central Intelligence Agency launched sixteen years ago. In-Q-Tel does not invest in companies alone, but rather relies on traditional venture firms to partner and contribute the lion’s share of the funding, so having them on board is critical for the program’s success.

  • Researchers hack a teleoperated surgical robot, revealing security flaws

    Real-world teleoperated robots, which are controlled by a human who may be in another physical location, are expected to become more commonplace as the technology evolves. They are ideal for situations which are dangerous for people: fighting fires in chemical plants, diffusing explosive devices or extricating earthquake victims from collapsed buildings. Researchers conducted a series of experiments in which they hacked a next generation teleoperated surgical robot — one used only for research purposes — to test how easily a malicious attack could hijack remotely controlled operations in the future and to make those systems more secure.