Cybersecurity
Latest
Australia is pouring $178 million into cybersecurity measures
Australia is spending AU$230 ($178) million over the next four years to beef up its cybersecurity measures. Prime Minister Malcolm Turnbull has launched the new strategy in Sydney, where he also admitted that the country has offensive hacking capabilities. He didn't say whether Australia ever used it to spy on other countries or its own citizens. But he acknowledged that it exists, because it "adds to [Australia's] credibility as it promote norms of good behaviour on the international stage and, importantly, familiarity with offensive measures enhances [its] defensive capabilities as well."
Obama forms commission to bolster US cyber security
The sad state of US cyber security was laid bare when attackers stole the sensitive data of 21 million government employees from the Office of Personnel Management (OPM) last year. President Obama pledged $19 billion to fix the problem in February, and just unveiled a commission of private, public and academic experts to come up with a plan. Called the Commission on Enhancing National Cybersecurity, it will be co-chaired by former IBM CEO Sam Palmisano and Tom Donilon, the President's former national security adviser.
The Pentagon isn't sure who'd be in charge during a cyberattack
According to a report published Monday by the Government Accountability Office, the Department of Defense lacks clear rules on who would be in charge during a national-level cyberattack. It could be the US Northern Command, which coordinates DoD homeland defense efforts with civil authorities, or it could be US Cyber Command, which handles the government's cyber security forces -- but nobody's quite sure who should handle what, or when.
CNBC shows how not to handle a security screwup
As articles go, Tuesday's CNBC piece trying to cobble together the Apple/FBI fight with interactive clickbait -- a little box where readers should enter their password to test its hackability -- was a stretch. Worse, the story, called "Apple and the construction of secure passwords," hinged entirely on encouraging people to do something no one should ever, ever do. Namely, enter a password anywhere except the proper login page. CNBC, it seems, was trying to teach its readers about security.
Advertising's hottest surveillance software is surprisingly legal
You may have heard that the FTC this week sent out a dozen strongly worded letters to apps using the SilverPush framework. The FTC politely told 12 app developers that they needed to let users know that SilverPush was collecting data and selling it to third parties. SilverPush responded two days ago by issuing a statement claiming it no longer uses the "Unique Audio Beacons" (UAB), and has "no active partnership with any US-based developers." Well, if this is true, then perhaps SilverPush should remove UAB as a core product from its website -- and from the heart of its business model, as well.
America accuses Iran of hacking the dam, cyber-squirrels rejoice
As cyber-geddon stories go, Middle Eastern countries hacking into US dams or power grids and making stuff go haywire sounds like the plot for a not-so-subtly racist Hollywood scare flick. But that's the story we got when news outlets, citing unnamed sources, recently reported the Obama administration would be calling out Iranian hackers as the culprits behind a malicious 2013 breach at a New York dam.
Mr. Robot has an FBI consultant to make hacking look authentic
A line of people snakes through the halls until it winds down a flight of stairs; more than 1,000 fans are anxiously waiting for the doors to open inside the Austin Convention Center. They're here to see the creator and lead actors of Mr. Robot, the most compelling TV show about hackers in recent memory.
Obama's last budget calls for better infrastructure, cybersecurity
With President Barack Obama's final year in office comes one last, contentious dance with Congress over a $4.1 trillion dollar budget for 2017. According to the New York Times, some $3 trillion of the budget the president proposed has been earmarked for so-called "mandatory" spending, and will be funneled toward federal assistance programs and combating interest on the nation's debt. The president is pushing to use that remaining trillion-or-so dollars to build a foundation for future work he thinks the country desperately needs.
'Ghost In The Shell' wants you! (..for Japan's cybersecurity)
Ghost In the Shell questions what it is to be human (or not), but they also usually nab the bad guys in Tokyo's fictional near-future, filled with cybercriminals. Now Japan's legit, real NISC (National Center of Incident readiness and Strategy for Cybersecurity) and the JNSA (Japan Network Security Association) are teaming up with the anime series for a new month-long awareness campaign. The titular Major Kusanagi asks Japan's cyber security talent to "protect the internet with us" in the promo poster for the NISC. Drone-capturing drone not pictured.
The FDA wants improved cybersecurity for medical devices
The Food and Drug Administration has released draft cybersecurity guidelines for medical device makers. It still remains only a guideline, but data leaks and security issues are typically never a good thing for a company -- especially when lives are literally on the line. The draft suggests that companies monitor and assess cybersecurity risks (like hacking or data leaks), as well as coordinate information sharing between companies and government to help fix or address vulnerabilities as quickly as possible.
Sanders campaign regains access to DNC voter info (updated)
Bernie Sanders' National Data Director has been fired amid accusations from the Democratic National Committee that he viewed confidential voter information collected by the Hillary Clinton campaign. The DNC maintains a master list of likely Democratic voters and rents this out to campaigns, which then add their own, confidential data. Firewalls are in place to protect campaigns from viewing rival information, though the Sanders staff says a glitch on Wednesday allowed it to access Clinton's data. Sanders Campaign Manager Jeff Weaver blamed the DNC's software vendor, NGP VAN, for allowing the breach, The Washington Post reports.
Congress tucked CISA inside last night's budget bill
Last night's budget bill wasn't all about avoiding a government shutdown. Packed inside the 2,000-page bill announced by Speaker Paul Ryan (R-WI) is the full text of the controversial Cybersecurity Information Sharing Act (CISA) of 2015. If you'll recall, the measure passed the Senate back in October, leaving it up to the House to approve the bill that encourages businesses to share details of security breaches and cyber attacks.
European Union lays down first cybersecurity rules
The European Parliament has made headway into the development of cybersecurity rules its member states should follow. Under the first set of regulations it has laid down, critical service companies in all 28 member states will have to make sure they're using a system robust enough to fend off cyberattacks. By "critical service companies," we mean those that fall under any of these six categories: energy, transport, banking, financial market, health and water supply. Each member state will have to list businesses that can be identified as critical service companies under a category. Any company that makes the cut will have to be able to quickly report security breaches to authorities.
Wetherspoon hack exposes over 600,000 customers
Another week, another hack. JD Wetherspoon, the owner of countless cheap British pubs, has revealed that an older version of its website was hacked between June 15th and 17th, putting over 600,000 customers at risk. The company says it was informed of the attack on December 1st and immediately called in security specialists, who confirmed the breach a day later. All customers were then notified via email on December 3rd.
TalkTalk hack: Police make fifth arrest on blackmail charges
Now that we know the full extent of the TalkTalk hack, the whole affair has started to quieten down. Police are still pursuing the people responsible though and now, we've been told that a fifth suspect has been arrested. Officers used a search warrant on a property in Llanelli, Wales, before apprehending an 18-year-old boy on suspicion of blackmail. Unlike the other four suspects that have been arrested -- a 15-year-old from Northern Ireland, a 16-year-old from Feltham in London, a 16-year-old from Norwich and a 20-year-old man from south Staffordshire -- he hasn't been released on bail, at least not yet. At this time, he also isn't suspected of any Computer Misuse Act offences.
UK to create cybersecurity forces to fight off ISIS hackers
The UK is boosting its cybersecurity efforts after government officials learned that ISIS is planning to launch cyber attacks on various infrastructures, such as hospitals, banks and air traffic control systems. According to Reuters, the nation plans to build "elite cyber offensive forces" to fight off hackers, and it's pouring a lot of money into the project to make it happen. Chancellor George Osborne has revealed that the UK is doubling its public spending on cybersecurity to £1.9 billion ($2.9 billion) per year until 2020. But that's not all: the British government is building its own DARPA for cybersecurity, as well. It will take £165 million ($250 million) from the total funding to invest in projects and startups with innovative ideas. As Forbes notes, teaming up with and funding private companies is exactly how DARPA works, except the American agency also funds robotics and other types of military technologies.
TalkTalk hack: exactly 156,959 customers had personal details stolen
Two weeks after TalkTalk confirmed a "significant and sustained cyberattack" on its website, the company has revealed exactly how much data was stolen. Hackers obtained personal details for 156,959 customers, including their names, email addresses and phone numbers. A week ago it placed the figure at "less than 1.2 million" -- and while that was technically accurate, today's update should feel like a radical downgrade. Of those affected customers, TalkTalk says 15,656 bank account numbers and sort codes were obtained in the attack. That's down from the "less than 21,000" it had stated previously.
UK Investigatory Powers Bill: what you need to know
The UK government has put forward a bill today that forces internet service providers (ISPs) to keep a record of the websites their customers have visited for up to 12 months. These "internet connection records" (ICRs) could then be requested by law enforcement, security and intelligence agencies to identify which services a person or device has been accessing. It would not reveal every webpage they've browsed -- the current understanding, as set out in David Anderson's recent review of surveillance laws, is that it would cover google.com or bbc.co.uk, but nothing beyond the first forward slash.
TalkTalk hack: MPs launch inquiry after police make fourth arrest
We now know the extent of the TalkTalk hack, and while it's not as bad as everyone first feared, it still poses massive questions about cybersecurity and the countermeasures being taken by British technology companies. To get a better grasp of the situation, the UK's cross-party Culture, Media and Sport Committee has launched an inquiry today into the recent attack. While TalkTalk is the focal point -- MPs will look at the "nature" of the hack and TalkTalk's response -- it'll also be considering the telecoms and internet service provider (ISP) industry as a whole. Specifically, the Committee wants to know what measures are being taken to stop these sorts of breaches, how much money businesses are investing in their defences, and whether response protocols could be improved.
Bunk Baidu SDK puts backdoor on millions of Android devices
A software development kit created by Baidu, China's Google, has reportedly opened more than 100 million Android devices to malicious hackers. Baidu's Moplus SDK may not be available to the public but it's already made its way into more than 14,000 Android apps -- only 4,000 of which Baidu actually created. The SDK allows its apps to open an unsecured and unauthenticated HTTP server connection.
