• Hackers release Stuxnet's decompiled code online

    The Stuxnet worm was a cybermissile designed to penetrate advanced security systems; it was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bushehr; security experts say it is the most sophisticated cyberweapon ever designed; now, a group of anonymous “hacktivists” hacked the computers of a U.S. security company and stole a decrypted version — the decompiled code — of the malware, and put it on the Web; security experts are anxious: “There is the real potential that others will build on what is being released,” says one; this will not lead to an immediate threat, but it could lead to something soon, he added; “Weeks wouldn’t surprise me”

  • Cyberweapon could cause Internet doomsday

    Researchers show that an attack by a large botnet — a network of computers infected with software that allows them to be externally controlled — could take down the Internet; the researchers reckon that 250,000 such machines would be enough to do the job; a sustained 20-minute attack by the 250,000-strong army — they will be sending waves of border gateway protocol (BGP) updates to every router in the world — would overwhelm the net, bringing Web servers down by overloading them with traffic

  • Cell phones are hackers' target of choice

    In its fourth quarter threat report, McAfee announced that hackers have increasingly turned their attention to smart phones; in 2010 there was a 56 percent increase in malware targeting cell phones; hackers most frequently used Adobe products like PDFs and Flash to embed pernicious code; Google’s Android smart phone operating system was also a target of choice; the report noted that spam levels were down 62 percent, while politically motivated hacking was on the rise

  • Cybersecurity named one of top five global threats

    World leaders at the World Economic Forum in Davos named cyber security as one of the top five global risks in its 2011 report; the report identifies four key areas that pose global risks: cyber theft, cyber espionage, cyber war, and cyber terrorism; observers worry that the Stuxnet virus, which damaged Iran’s nuclear centrifuges, may have sparked a cyber arms race and are particularly concerned about the lack of established international norms surrounding these weapons; the report fears that cyber attacks on nations could lead to conventional attacks

  • Android Trojan captures credit card details

    A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers — typed or spoken — and relaying them back to the application’s creator

  • More than half of iPhone apps track users

    A recent study found that more than half of all iPhone apps could track users and collect data without an individual’s knowledge; researchers analyzed more than 1,400 iPhone apps to determine how they handle sensitive data; more than half collect an individual’s unique device ID or track a user’s location, and when combined with links to a Facebook account the app could gain a lot of sensitive data; researchers found that thirty six apps blatantly violated privacy rights by accessing an individual’s location without informing the user, while another five went so far as to take data from the user’s address book without first seeking permission

  • Enabling PC operating systems to survive attacks

    In certain computer security attacks, an outside party compromises one computer application (such as a Web browser) and then uses that application to submit a “system call” to the operating system, effectively asking the operating system to perform a specific function; instead of a routine function, however, the attacker uses the system call to attempt to gain control of the operating system; North Carolina State University researchers offer a solution

  • Cyber Security Challenge finalists shortlisted

    The nation-wide U.K. Cyber Security Challenge held the first round of competition over the weekend, with two teams making it through to the finals; the industry-sponsored Challenge aims to entice young people into choosing cyber security as a career and to find great IT talent that could be put to use for defending U.K.’s cyber infrastructure

  • Fears of cyberwar exaggerated: report

    New report says that analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language; the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks; the authors say, though, that “localized misery and loss” could be caused by a successful attack on the Internet’s routing structure, which governments must ensure are defended with investment in cyber-security training

  • Android phones more vulnerable to cyber attacks than Apple iPhone

    Android smart phones are more susceptible to hacking and viruses than Apple’s iPhone; the Android operating system is open source, allowing hackers to understand the underlying code; Apple iPhone may have a safer operating system, but it is not impervious to attacks; McAfee warns that 2011 will see hackers increasingly target mobile devices like Android phones, iPads, and iPhones

  • Pentagon revamps security in wake of Wikileaks

    There are 2.2 million people in the United States with access to one or more levels (confidential, secret, and top secret) of classified information; there are 854,000 people with top secret clearances — of which 265,000 are contractors; the 9/11 Commission recommended more sharing of information among agencies — but critics say that too much sharing is as risky as too little sharing

  • Government secrecy harder to maintain in the Internet age

    Among the likely consequences of WikiLeaks: threats of prosecution under the Espionage Act; proposed legislation that would make it illegal to publish the names of military or intelligence community informants; increased use of subpoena power to compel journalists to disclose confidential sources; the mainstream media, already experiencing an ongoing financial crisis, may be dissuaded from starting and continuing the long and expensive battle to obtain information that officials want to keep secret

  • Half of India's critical infrastructure providers cyber attack victims

    Symantec’s 2010 Critical Infrastructure Protection (CIP) Survey findings reveal that nearly 50 percent of India’s critical infrastructure providers are victims of cyber attacks; the attacks are said to have become more frequent and increasingly effective

  • Germany reports "sharp rise" in China-originated cyberattacks

    Germany detected a sharp rise in serious cyberattacks in 2010; in the first nine months of 2010 there were some 1,600 such attacks recorded, compared to around 900 for the whole of 2009, plus most likely a considerable number that went undetected; Interior Ministry spokesman: “Germany is a very high-tech country with considerable experience and know-how, so of course others will naturally try to get hold of this knowledge—- China is playing a large role in this”

  • Stuxnet virus set back Iran's nuclear weapons program by two years: Langner

    Ralph Langner, top German computer security expert and the leading authority on Stuxnet, says Stuxnet was as effective in disrupting Iran’s nuclear weapons program as a direct military strike — but without any fatalities; the malware has set back the Iranian program by two years; expert says the Israeli military was the likely creator of the virus