-
WikiLeaks exposes tensions between "need to know" and "need to share"
The WikiLeaks posting of stolen classified information has highlighted the tension between the strategy of “share to win” and the necessity to enforce “need to know”; share to win refers to the idea of getting information and intelligence out to the personnel who need it; need to know is about how information is shared, who has the information, for what purposes and for what period of time
-
-
Lawmakers urge Obama to expand State Department's cybercrime reach
Lawmakers call President Obama to expand the U.S. State Department’s foreign policy mechanisms to address crime and security on the Internet; Senator Kirsten Gillibrand (D-New York) joined with Senator Orrin Hatch (R-Utah) to author the International Cybercrime Reporting and Cooperation Act; this bill will hold foreign countries accountable for cybercrime committed on their soil
-
-
Senate bill would require minimum cybersecurity standards for Internet
Senator Benjamin Cardin (D-Maryland) has introduced a bill that would require the U.S. government to work with the private sector to propose minimum standards for internet and cybersecurity safety; “Just as automobiles cannot be sold or operated on public highways without meeting certain minimum safety standards, we also need minimum Internet and cybersecurity safety standards for our information superhighway,” Cardin said
-
-
Former Goldman-Sachs programmer convicted of stealing source code
A former Goldman-Sachs programmer faces fifteen years in prison after being convicted Friday of stealing the company’s high-frequency trade technology; the programmer was convicted of stealing the source code for Goldman-Sachs’ high-frequency trade technology — a market trading system described by Futures Magazine as “like day-trading on near fatal doses of amphetamines”
-
-
Car immobilizers no longer a problem for car thieves
For sixteen years, car immobilizers have kept car thieves at bay — but that may now be changing; most cars still use either a 40 or 48-bit key, even though the 128-bit AES — which would take too long to crack for car thieves to bother trying — is now considered by security professionals to be a minimum standard
-
-
Microsoft partner in China trains hackers, steals 50 MB of U.S. gov't e-mail
A Chinese security firm called Topsec got access to the Windows source under a 2003 agreement designed to help companies improve the security of the Microsoft operating system; the company, rather than help Microsoft make Windows more secure, worked closely with Chinese intelligence to exploit Windows weaknesses: they helped the Chinese government train hackers — and steal more than 50 MB of secret U.S. government e-mails; Topsec started out in 1995 with funding of just $4,400, and by 2002 had earnings about $440 million; it is now China’s largest provider of information security products and services
-
-
China's Huawei sets up U.K. cybersecurity center
China’s top telecommunications equipment maker Huawei Technologies has seen its plans for global expansion crimped by national security concerns among foreign governments; the company hopes that its Cyber Security Evaluation Center, opened last month in Britain’s Banbury, will allay those fears
-
-
DHS slowly moving government's Internet traffic to secure networks
It will take several more years for the U.S. government fully to install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say; DHS is responsible for securing government systems other than military sites, and the department is slowly moving all the government’s Internet and e-mail traffic into secure networks — known as Einstein 2 and Einstein 3 — which eventually will be guarded by intrusion detection and prevention programs
-
-
U.S. State Department disconnects its computers from government-wide network
In response to the leaks published by WikiLeaks, the U.S. Department of States disconnected its computer files from the government’s classified network; by temporarily pulling the plug, the United States significantly reduced the number of government employees who can read important diplomatic messages; the network the Department has disconnected itself from is the U.S. Defense Department’s Secret Internet Protocol Router Network (SIPRNet), a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s globally to transmit material up to and including “secret,” the government’s second-highest level of classified information; “Top secret” information may be shared electronically via the Joint Worldwide Intelligence Communications System (JWICS), another group of interconnected computer networks used by Defense and State to securely transmit classified information.
-
-
Former Goldman Sachs programmer on trial in NYC
A Goldman Sachs programmer stole secret computer code that enables high-speed trading on his last day with the company so he could help develop the same kind of system at a startup financial company, a prosecutor say
-
-
Chinese cyber spies target British defense official
A high official in the British Ministry of Defense was targeted by a sophisticated Chinese spear phishing operation that aimed to steal military secrets; the plan was foiled last year when the official became suspicious of an e-mail she received from a contact she had met at a conference
-
-
DHS official: Stuxnet a "game changer"
The head of the Cybersecurity Center at DHS said Stuxnet is an incredibly large, complex threat with capabilities never seen before; “This code can automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product, and indicate to the operator and your anti-virus software that everything is functioning as expected,” he said
-
-
New anti-cybercrime software emulates DNA matching process
The biologically inspired software digitally mimics the DNA matching process used in the real world. The software tracks the sequence of events that follow a hacker’s first access request into a secure network system and creates a “digital fingerprint”
-
-
China "hijacked" sensitive U.S. Internet traffic to Chinese servers
Highly sensitive Internet traffic on U.S. government and military Web sites was briefly “hijacked” and routed through Chinese servers earlier this year; for eighteen minutes on 8 April, a Chinese state-owned telecommunications firm rerouted e-mail traffic to and from Web sites of the U.S. Senate, the Department of Defense, along with “many others” including NASA and Department of Commerce
-
-
New Facebook app monitors users' social circle for danger
How long will it be before it is impractical to use Facebook without a dedicated app to protect you from spammers and scammers? New app scans your wall, inbox, and any comments on your profile for malicious links that might lead to sites that try to install malware or hijack your account details. It also checks your privacy settings and offers reminders and tips on how much you are sharing and how to change those settings
-
More headlines
Who's online
The long view
U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure
Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”
U.S. adopts a more assertive cyber defense posture
Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.