-
What the Chinese attacks on Google mean for enterprise security
Chinese government intelligence operatives exploited vulnerabilities in Internet Explorer 6 and higher to launch sustained cyber attacks against 32 Western companies operating in China; the hacking of the Gmail accounts of political dissidents were but a tiny part of the attacks; rather, the attacks were part of a coordinated campaign that targeted the intellectual property of a wide swath of the U.S. industrial base, including Dow Chemical, Symantec, Yahoo!, Northrop Grumman, and Juniper Networks; wide-ranging industrial espionage is a central element in the Chinese government’s effort to hasten the rise of China to a position of global economic hegemony
-
-
Experts: Chinese attack on Google “one of the most sophisticated hacking attacks to date”
The cracking techniques used by Chinese government operatives in the assault on Google and 31 other Western companies, used multiple malware components, with highly obfuscated code designed to confound security researchers; this marks out the Chinese attack as one of the most sophisticated hacking attacks to date; why was the search engine giant using the famously vulnerable IE6 remains a mystery
-
-
Chinese cyber attacks hit U.S. law firm which is suing China for stealing Web filtering code form a U.S. company
The Los Angeles-based law firm Gipson Hoffman & Pancione sued China for lifting Web-filtering code developed by U.S. company Cybersitter; Chinese companies and government agencies stole the code in order to use it in the Chinese government’s effort to create tighter Web censorship and tracking system (China’s Orwellian name for the project” “The Green Dam Youth Escort monitoring program”); on Monday, Chinese hackers began to hack the law firm’s computer systems, in a manner strikingly similar to the attacks by Chinese intelligence operatives on Google, Adobe Systems, and 32 other Western companies
-
-
China tries to contain damage from Google dispute
The Chinese government says it will try to persuade Google to continue its operations in China, but expect Google – and other foreign companies — to “respect local law and regulations and local culture and customs to shoulder social responsibility”; Google already made concessions to Chinese law and regulations by allowing the government to dictate what users can – and cannot — find when they do Google searches; Google’s decision to leave China came after Chinese intelligence agents hacked the Gmail accounts of political dissidents and human rights activitists
-
-
Cyber exercise to target financial firms
The test, which starts 9 February, will have different scenarios for each of four different types of businesses: Financial firms, retailers, card processors, and general businesses; on each day, participants will receive a description of a specific scenario for their category of business, building on the previous day
-
-
Iran-China cyberwar breaks out as Iranians hack into Chinese search engine
Iranian hackers broke into the Web site of Baidu, the Chinese search engine, displaying the Iranian flag and calling themselves the Iranian Cyber Army; in retaliation, Chinese hackers flooded Iranian Web sites with warnings about intervention in China’s internal affairs
-
-
Google to pull out of China following government-sponsored cyberattacks
In order to operate in China, Google agreed to implement stringent government-dictated censorship as to what Chinese consumers can – and cannot – find when doing Google searches; Google’s compliance with Chinese censorship was harshly criticized by human rights and freedom-of-speech organizations, but Google responded that this was the cost of doing business in China; the Chinese government’s hacking of Gmail accounts in order to monitor political dissidents proved to much for Google, though, and the company is now set to end its operations in China
-
-
Google’s decision a rare show of defiance in China
Google’s decision to leave China is a rare show of defiance in a market where the government punishes those who do not play by the rules; in industries from automaking to fast food, companies have been forced to allow communist authorities to influence — and sometimes dictate — their choice of local partners, where to operate, and what products to sell; many high-tech companies operating in China are forced to open their intellectual property and industrial secrets to their Chinese competitors – or to Chinese government officials, who pass on that property to Chinese companies – allowing these Chinese companies to reverse engineer and copy Western companies’ products and solutions; Western companies have struggled to make headway against intense competition from Chinese rivals – rivals who enjoy the fact that the Chinese government writes rules which tilt the playing field in favor of Chinese companies
-
-
China offers Internet pirates bulletproof havens for illegal file sharing
Most bulletproof hosts which allow music, video, and software to be illegally shared online are located in China, where criminals are able to take advantage of low costs and legal loopholes to avoid prosecution; despite officials in Beijing talking in tough terms about computer crime — hacking potentially carries a death sentence in China — the authorities rarely cooperate with other countries to take action against hi-tech criminals; as a result, just a handful of firms in China are responsible for hosting thousands of criminal enterprises online; one example: more than 22,000 Web sites which sent pharmaceutical spam were hosted by six bulletproof servers in China
-
-
Symantec issues South Africa cybercrime warning
Crime is not new to South Africa, but cybercrime is; broadband rollouts and World Cup creating “perfect storm” for cyber criminals
-
-
2010: Topics for homeland security discussion
The only thing we can say for sure about 2010 is terrorists, criminals, and mother nature will surprise us at some point during 2010; still, based on what we do know, we offer a short list of topics we predict will dominate the homeland security discussion in the coming year – from whole-body scanners to 100 percent air cargo screening to social Web sites to communication interoperability to the consequences of climate change (or is there a climate change?)
-
-
Pentagon says U.S. fixed drones hacked by Iraqi insurgents
Iraqi insurgents, using a $25.95 off-the-shelf commercial application, were able to intercept communication between U.S. surveillance UAVs and the UAVs’ command center; the hacking was discovered when the U.S. military found files of intercepted drone video feeds on laptops of captured militants; U.S. soldiers discovered “days and days and hours and hours of proof,” one U.S. officer said; the same hacking technique is known to have been employed in Afghanistan; the U.S. government has known about the UAV communication flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it.
-
-
Adobe to patch zero-day Reader, Acrobat hole
On 12 January Adobe will release patches to fix zero-day vulnerabilities in Reader and Acrobat; malicious Adobe Acrobat PDF files are distributed via an e-mail attachment that, when opened, executes a Trojan that targets Windows systems, according to Symantec; the rate of infection is extremely limited and the risk assessment level is very low, the company said.
-
-
Top 10 information security trends for 2010
Further adoption of cloud, social media, and virtualization technologies will continue to blur the network parameter; organizations — large and small — should consider a layered, centralized security solution that provides multiple security touch points within the network, rather than around it
-
-
U.S. Army funds a new discipline: Network Science
The U.S. Army gives Rensselaer Polytechnic in New York State $16.75 million to launch the Center for Social and Cognitive Networks; the new center will link together top social scientists, neuroscientists, and cognitive scientists with leading physicists, computer scientists, mathematicians, and engineers in the search to uncover, model, understand, and foresee the complex social interactions that take place in today’s society
-
More headlines
Who's online
The long view
U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure
Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”
U.S. adopts a more assertive cyber defense posture
Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.