-
U.S. industrial processes vulnerable to Stuxnet-like attack
Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack; industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons that target specialized control core processes; concern has spread after the Stuxnet virus targeted these systems and created physical damage; experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield”
-
-
OMB reports on 2010 cybersecurity attacks
A new report on U.S. government cybersecurity says that in 2010 there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team;the number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall
-
-
Android and Windows 7 phone confound hackers in competition
Android smartphones and the Windows 7 phone foiled hackers at the recent Pwn2Own hacking competition, while the Apple iPhone and Blackberry were successfully broken into; the results do not necessarily mean that Android and Windows 7 phones are more secure; several factors determine the relative protection a device has against hackers including the security of the software itself and the amount of research that has already been conducted on the device’s weakness; observers were surprised to see the Android repel attacks, but were not shocked when the iPhone was hacked
-
-
Cyber security firm victim of cyber attacks, Pentagon networks potentially compromised
RSA, a major cyber security firm that helps defend the Pentagon’s networks as well as thousands of others around the world, has been the subject of a cyber attack; valuable information was stolen that could comprise the Department of Defense’s networks as well as Lockheed Martin’s; the attack has been identified as an advanced persistent threat; hackers stole information related to the company’s SecurID two factor authentication products; RSA’s SecureID customers include major banks, healthcare providers, and even state governments; RSA has been working with the U.S. government to secure networks against any potential security breaches
-
-
Major increase in cyber attacks on China's government
China recently reported that last year its government websites experienced a 68 percent increase in cyber attacks; a total of 35,000 Chinese websites, including 4,635 government sites, were hit by hackers in 2010; attacks on non-government websites decreased 22 percent in 2010, while attacks on government websites had increased; in response to the increased number of cyber attacks, the report urged local regulators to step up efforts to police the Internet and deter these hackers by imposing stricter penalties; five million Chinese IP addresses had been infected with a trojan horse or corpse virus
-
-
Paris G20 files stolen in cyber attack
The French government recently confirmed that hackers have stolen sensitive files from the February G20 summit in Paris; in targeted attacks aimed at stealing specific files, more than 150 of the French Budget Ministry’s 170,000 computers were affected; officials say this was the first attack of this size and scale against the French government; circumstantial evidence points to China, but there is no clear indication to suggest the attacks were government sponsored; the most recent attack against the French government is the latest in a string of cyber attacks on companies and governments around the world with evidence pointing to China
-
-
Smartphones makes military networks vulnerable
The U.S. military has increasingly integrated smartphones into combat operations, but cyber security experts warn that these devices could also pose a major security challenge to military networks; smartphones are fast becoming the target of choice for hackers; Android phone applications have no security screening procedures before they are released, while iPhone apps are only loosely screened; to secure these devices, the military can encrypt all data, turn off voice capabilities, and lock the phone to only allow the use of approved apps; the Army is considering issuing every soldier a smartphone
-
-
Wisconsin introduces law to ban fake caller IDs
Republican legislators in Wisconsin have introduced a bill that would make it illegal to use a fake caller ID number to “defraud, cause harm, or gain anything of value”; last year Congress passed a similar bill that banned the use of “phone spoofing” technologies — technology that allow an individual to choose what number they wish to appear on another person’s caller ID; the new bill would allow law enforcement officials to target individuals making prank calls in addition to prosecuting companies that provide spoofing technology; critics question the timing of the bill as it comes after a high-profile prank call to Wisconsin governor Scott Walker
-
-
Smartphones are now audio bugs of choice
In an increasing trend, cell phones have become the tool of choice for eavesdroppers; with new smartphones, spies can easily plant a tracking device that can follow a user’s every move including their location, calls, text messages, emails, and even video; with the proliferation of smartphones, thousands of sites are now selling spy software; for as little as $25, someone can tap into all the features of Blackberries, iPhones, and Google Android phones; the software takes minutes to install and can be disguised as an email link; it can take days of searching through thousands of lines of code to discover the spy software
-
-
Tainted apps make their way into official Android store
More than fifty applications have been found to be infected with a new type of Android malware called DroidDream, an information stealer; fraudsters repackaged legitimate apps (mostly games) so that they included malicious code before uploading them to the marketplace; the tactic has been seen in mobile marketplaces in China and elsewhere but this is the first time the approach has been successfully applied in the United States
-
-
Are your phones really secure?
Breakthroughs in technology have enabled malicious actors to listen in on any conversation using your phone even when not in use; eavesdroppers have circumvented encrypted audio channels by relying on a relatively simple principle in physics — resonance; by tapping into an object’s natural resonance, spies have turned phones and phone cables into listening devices even when they are not in use; researchers at Teo, a manufacturer of secure telecommunications equipment, were able to capture human voices using standard phones, unplugged Ethernet cables, or even a rock; to address this security gap, Teo has designed its IP TSG-6 phones with special vibration dampening circuitry and materials that render them impervious to these types of listening devices
-
-
Android apps send private data in the clear
Cell phones running the Android operating system fail to encrypt data sent to and from Facebook and Google Calendar, shortcomings that could jeopardize hundreds of millions of users’ privacy; Facebook’s recently unveiled always-on SSL encryption setting to prevent snooping over insecure networks — but the encryption is no good, meaning that all private messages, photo uploads, and other transactions are visible to eavesdroppers
-
-
U.K. rethinking cyber security
U.K. cyber crime could cost more than 27 billion Pounds a year; the estimate of 21 billion Pounds to businesses, 2.2 billion Pounds to government, and 3.1 billion Pounds to citizens may be an under-estimation due to a possible lack of reporting for fear of reputational damage; the hardest-hit sectors being pharmaceuticals, biotech, electronics, IT, and chemicals
-
-
IT organization surveys potential insider-threats
Employees are being overloaded with passwords; 10 percent of IT professionals are still able to access accounts from a prior job; 52 percent of employees admit that they have shared their work log-ins and passwords with other co-workers, and vice versa
-
-
Hackers steal data from oil giants worth millions
McAfee Inc. recently announced that hackers have stolen data worth millions from five major multinational oil and gas companies; in the attacks, dubbed “Night Dragon,” hackers stole company secrets like bidding contracts, oil exploration data, proprietary industrial processes, and sensitive financial documents; analysts determined that hackers initially began infiltrating company networks in November 2009 using relatively simple methods; the information that the cyber thieves took was “tremendously sensitive and would be worth a huge amount of money to competitors”; the methods of execution and circumstantial evidence implicate China
-
More headlines
Who's online
The long view
U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure
Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”
U.S. adopts a more assertive cyber defense posture
Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.