Cybersecurity
Latest
UK cyber defense unit promises to 'strike back' at enemies
The UK government announced last December that it was building a "Cyber Reserve" to protect itself, and now it has a few more details to divulge. Crucially, rather than merely focusing on defending the country from attacks, it'll also have an "offensive capability" to help it act as a deterrent. Speaking to the Daily Mail, Defense Secretary Philip Hammond said Britain needs to be able to "strike back in cyber space against enemies who attack us, putting cyber alongside land, sea, air and space as a mainstream military activity." Although it's a fair guess to suspect that other countries are honing offensive cyber skills too, the Financial Times reckons that the UK is the first nation to admit it's doing so. According to Hammond, the strikes could be used to disable enemy chemical weapons, communications, planes, ships and hardware. As for the forces carrying them out, they could be given a budget of up to £500 million ($800 million). Work on the Joint Cyber Reserve is already underway, with reservist recruitment scheduled to start next month. If the required physical military test intimidates you, there's nothing to worry about: a less rigorous version will be used to let those of us with desk-bound physiques protect (and fight for) the Queen.
White House proposes formation of a cybersecurity insurance market
Back in February, President Obama signed an executive order aimed at beefing up cybersecurity measures and established a 240 day deadline for the administration to hammer out the details. Today, the White House took to its blog to put forth a rather loosely defined set of incentives designed to convince private companies to adopt the voluntary aspects of its so-called "Cybersecurity Framework." At the top of the list is a proposed cybersecurity insurance market, which calls for the adoption of risk-reducing measures and risk-based pricing models. Beyond those broad brushstrokes, the White House has provided few details, stating that specifics would be developed in the coming months. Also included in the incentives are federal grants for companies taking part in the program, preferential treatment for some existing government services, liability limitations and public recognition. Essentially, the blog post acts mainly as a preview for the Voluntary Program set to launch in early 2014. The details are more than a bit fuzzy at the moment, but we'll keep you updated as we learn more.
Obama ordered cyber attack target list to be created, according to leaked document
President Obama hasn't been shy about engaging the public and other nations on digital issues, and that includes the idea of cyber warfare. While his administration has been pretty aggressive in building up our cyber defenses, our offensive capabilities have remained somewhat more mysterious. According to a leaked document obtained by the Guardian, the White House has made moves to seriously step up its digital arsenal. In fact, it appears that a Presidential Policy Directive issued in October (though, never released for public consumption) ordered that a list of over-seas targets be drawn up for potential future offensives. Offensive Cyber Effects Operations (or OCEOs) are cited in the directive as having "unique and unconventional capabilities to advance US national objectives around the world." It then goes on to say that the government will, "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power." The more aggressive approach to battling foreign nations through the internet is likely to raise concerns in certain circles about the weaponization of the web. Of course, such fears about militarization aren't completely unwarranted. But with countries like China posing serious digital threats, government officials will likely see the moves as necessary. The document also says that any operations must abide by US and international law, though, we doubt any suggestions that our government blatantly ignore such rules would ever be put down on paper. The leak of the document follows hot on the heels of the growing PRISM scandal, which has put the nations digital policies front and center in the public's mind.
Researchers develop algorithm to protect networks from cyber attacks
Amidst increasing concern about cybersecurity, researchers at North Carolina State University have taken one step closer to guarding America's infrastructure from Cylon attack. Well, almost. Dr. Mo-Yuen Chow and Ph.D candidate Wente Zeng have developed an algorithm that detects cyber attacks aimed at distributed network control systems (D-NCSs), which differ from their more vulnerable counterparts in that they don't rely on a centralized brain to coordinate the network's activities. Essentially, then, D-NCSs are nervous systems comprised of several mini-brains working together. In the event of a cyber attack, the algorithm isolates the infected brain before the contamination can spread across the network's pathways. This software solution will be a good first line of defense when vengeful A.I. inevitably rises up in revolt. In the words of Admiral William Adama, so say we all.
DoJ reportedly asks service providers to dodge Wiretap Act
It's funny how a few tweaks can make a Government program go from completely legal, to questionably so. A new secret authorization puts the US Justice Department on the fuzzy side of the legal line, approving the expansion of a program originally intended to monitor the internet traffic of military defense contractors to include energy, healthcare and finance sectors. The original program, known as the DIB Cyber Pilot, was voluntary, requiring users to approve monitoring via a login interface. Specific details on how the new program differs aren't known, but CNET reports that the Justice Department has begun issuing letters granting legal immunity to providers who violate the Wiretap Act for the sake of the program. These letters were sent to AT&T and other internet service providers, though it isn't clear how many have gone out. Electronic Privacy Information Center executive director Marc Rotenberg summarized the situation for CNET, "The Justice Department is helping private companies evade federal wiretap laws. Alarm bells should be going off." The operation was approved by Executive order earlier this year, but remains on shaky ground. Still, these legal complications could soon vanish: if signed into law, the CISPA (Cyber Intelligence Sharing and Protection Act) would formally authorize the program. The expanded program doesn't go into effect until June 12th and will only apply to areas of critical infrastructure. Hungry for more information? Don your tinfoil hat, and check out CNET for the entire report.
Akamai: DDoS attacks tripled year-over-year in 2012, China ranks as biggest offender
Akamai's back with yet another snapshot of the state of the internet and, surprise surprise, it's reporting that DDoS attacks were up threefold last year versus 2011. That stat's just one slice of the sprawling cybersecurity picture painted by the company, which also ranks China as the foremost perpetrator of "observed attack traffic" in Q4 2012, numbering that country's share at 41 percent. To put that into better perspective, consider that the number two and three offenders -- the U.S. and Turkey, respectively -- are responsible for a shared 15 percent of that traffic, while former Cold War enemy Russia accounts for just 4.3 percent. On a continent-by-continent basis, the majority of these attacks originated in the Asia Pacific / Oceania region (about 56 percent), with North and South America accounting for 18 percent. On a much lighter note, global high-speed broadband adoption (defined as any speed equal or greater than 10Mbps) grew by 2.7 percent last quarter, with top honors going to South Korea where nearly half the population enjoys super fast internet access. For the mobile flipside, Akamai found that average global speeds hovered between 8Mbps to 345kbps down, with peak downlink speeds coming in at 44Mbps to 2.7Mbps. The bulk of mobile data requests sent to Akamai's platform saw Android's Webkit browser and Apple's Mobile Safari come in nearly neck-and-neck at 35.3 percent and 32.6 percent. Although when you expand that to overall network traffic, Safari reigns supreme with a 58.7 percent share. If you're keen to digest even more of these sobering statistics, we recommend you hit up the source for the full executive summary and even more infographics.
Congress adds cyber-espionage review for government tech purchases, scrutinizes Chinese products from Lenovo, Huawei
Huawei's having a tougher time getting its network tech into the US, but Congress is apparently looking to shore up its security with other Chinese manufacturers too and has added a new purchase review law for NASA, Justice and Commerce departments of the government. Reuters reports that these branches won't be able to buy any IT system equipment without a federal law enforcement official giving it the okay, after assessing "any risk associated with such system being produced, manufactured or assembled" in China. The new restriction is folded into a 240-page spending law document and Chinese foreign ministry spokesman Hong Lei has already requesting that the US to abandon the law. While it's difficult to spell out the repurcussions yet, it could affect more than just the telecoms infrastructure that ZTE and Huawei were selling, with the ever-expanding Lenovo likely to be buffeted by the same new regulations -- stripped down or not.
Microsoft reveals hackers attacked it too, 'no customer data affected'
Following revelations of hackers accessing files at companies including Apple and Facebook, Microsoft revealed today it also found evidence of intrusions. In a blog post on the Microsoft Security Response Center, general manager Matt Thomlinson indicated "a small number of computers, including some in our Mac business unit" were affected by malware of the type described in the other attacks. As he mentions, such cyberattacks are no surprise to a company with Microsoft's profile, however one wonders if the folks in Redmond aren't having a chuckle that Macs appear to have been exploited in this case. He continued to state that the investigation is ongoing, however it does not appear that any customer data was at risk.
White House threatens trade sanctions for countries found cyber-snooping
International diplomacy may feel like schoolyard antics, but the participants do have something a little heavier to throw at each other. After President Obama signed an executive order to improve national cyber security, the White House is now reportedly opening the box marked Trade and Diplomatic Sanctions, which it'll lob at any country that's found to be appropriating US trade secrets. The executive has published a report, outlining a dozen thefts from companies such as GM, Ford and DuPont, fingering China as being behind a majority of them. If the hacking persists, then James Lewis, of the Center for Strategic and International Studies, says the White House should deny visas or access to US banks to Chinese people and corporations -- making us wistful for the courtroom dramas of yore. Update: We've corrected the story to correctly attribute the comments made by James Lewis.
Reuters: Apple employee computers hacked, no evidence of stolen data
Last week, Facebook was the target of of a sophisticated hacking attack and now reports have surfaced that Apple's been victimized by a similar scheme. Reuters is reporting that a number of Apple's employees' Macs were infiltrated by a hacking scheme, but "there was no evidence that any data left Apple." To address the cyber security flaw found by the digital ne're-do-wells, Apple has promised a software patch will be released later today [Psst... it's available now.]. So, it appears the folks in Cupertino have things under control, and we've reached out to the company to confirm that's the case. We'll update things here when we hear back. Update: Apple has provided us with the following statement regarding the matter. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware. Since OS X Lion, Macs have shipped without Java installed and as a added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found."
Facebook says it was target of 'sophisticated attack,' no user data said to be compromised
It looks like you can add another big name to the recent string of high-profile hacking attempts. Facebook announced in a blog post today that it discovered last month that it had been targeted in what's being described as a "sophisticated attack," which it says "occurred when a handful of employees visited a mobile developer website that was compromised." Facebook further pinpoints the attack to a previously unseen zero-day exploit that bypassed the Java sandbox and installed malware on the computers in question. The company goes on to note that it immediately notified Oracle of the exploit, which issued a patch on February 1st. Facebook is also quick to point out that it has "found no evidence that Facebook user data was compromised," and adds that it was not alone in the attack, noting that it began to share information about the hack with other companies and entities as soon as it discovered it, and that it continues to work with law enforcement and others affected by the attack. You can find its full explanation of the matter at the source link.
President Obama signs executive order focused on improving national cybersecurity
While the President is currently giving his State of the Union address (viewable on YouTube here), earlier today he signed an executive order intended to improve the network security of "critical infrastructure." As noted by The Hill, the order charges the National Institute of Standards and Technology with the task of creating a framework of best practices for operators in industries like transportation, water and health to follow, due in the next 240 days. The Department of Homeland Security is also heading up a voluntary program works with various agencies and industry groups to make sure the policies are actually adopted, and find ways to create incentives for that to happen. The order has arrived after cybersecurity legislation failed to pass through Congress, and has been rumored heavily throughout the last few weeks. The president called for Congress to pass legislation to prevent cyberattacks during his speech, and this order is reportedly meant as a step in that direction. The Wall Street Journal indicates many businesses want liability protection against attacks in exchange for following the guidelines, which would require approval form Congress in order to happen. It includes language accounting for privacy concerns as well, with agencies required to look over the potential impact of their work, and release public assessments. The DHS is to report in a year how its work impacts civil liberties and provide recommendations on mitigating such risks. There's a lot to read through, so you can check out the document itself embedded after the break, or wait for those various agency reports for more updates.
AMD, Intel and RSA team up, form the Cyber Security Research Alliance
Sure, it's not the first elite cybercrime-fighting team we've heard of, it's also not everyday you hear the likes of Intel, Lockheed Martin and AMD buddying up on research. The companies are looking to address the "complex problems" in cyber security, with the private, non-profit group (which also includes Honeywell and RSA/EMC) aiming to work somewhere between government-funded security research and commercial products already out there. The Cyber Security Research Alliance is already in talks with NIST, and plans to launch a security research symposium early next year. The CSRA will also start tracking cyber security R&D, "prioritize" those aforementioned challenges, and hopefully come together for the greater good.
Huawei gives Australia peeks at its network hardware and code to regain trust
Huawei has had an image problem lately among countries skittish about trusting a Chinese telecom giant with the backbone of networks that its home government might like to snoop. The company's Australian chairman John Lord thinks that's just paranoia, and he's planning radical transparency in the country to recover what trust he can after Huawei lost a National Broadband Network deal. The firm is willing to give the Australian government "unrestricted" access to both networking hardware and source code to prove that there's no espionage afoot. Lord even likes the idea a domestic inspection agency that would greenlight equipment across the industry. All of the proposals represent a one-way conversation, however -- Canberra hasn't said if it's receptive enough to drop the cold attitude. There's a distinct chance that any successful return to favor wouldn't come soon enough to recover the most lucrative contracts, which could make any Australian change of heart a Pyrrhic victory.
DARPA to hold one-day cyberwarfare workshop, attendance not mandatory
Oh, the fruits of the global village are many: connecting strangers with fetishes, fostering culture through memes and engendering cyber attacks via remote since the late 20th century. It's the advanced decomposition of that latter rotten apple, however, that has DARPA -- the government's far-out research arm -- taking a proactive stance and casting an agency-wide intelligence net to shore up on future defense protocol. To do this, the DoD offshoot's holding a one-time workshop next month, dubbed Plan X Proposers' Day, with the aim of bringing personnel together to brainstorm and implement infrastructure specifically centered around cyberwarfare analysis and research. One area the project, which just received $110 million in funding, will specifically avoid is the creation of actual cyberweapons. So, yeah, while this effort's less Goldeneye and more of a strategic think tank initiative, it still warms the heart to know our nation's best, brightest and most secretive are hard at work protecting our digital butts.
Flame malware extinguishes itself, Microsoft protects against future burns
The folks behind that nasty Flame trojan that burned its way through the Middle East aren't the kind to brag -- the malware's manufacturers apparently started dousing their own fire last week. According to Symantec reports, several compromised machines retrieved a file named browse32.ocx from Flame controlled servers, which promptly removed all traces of the malware from the infected systems. Although the attackers seem spooked, Microsoft isn't taking any chances, and has issued a fix to its Windows Server Update Services to block future attacks. The update hopes to protect networked machines from a similar attack by requiring HTTPS inspection servers to funnel Windows update traffic through an exception rule, bypassing its inspection. The attackers? "They're trying to cover their tracks in any way they can," Victor Thakur, principal security response manager at Symantec told the LA Times, "They know they're being watched." Check out the source link below for the Symantec's run down of the trojan's retreat.
Google starts warning affected users about state-sponsored cyber attacks
The fallout from malware like Stuxnet and Flame might soon be rearing its head at a Google Plus page or Gmail inbox near you. A post on its online security blog states that Google will now issue warnings in the form of a strip placed just below the upper menu bar to users being targeted by suspected state-sponsored cyber attacks. Google stressed that such warnings don't mean that its systems have been compromised but it does make it highly likely that the recipient may be the target of state-sponsored phishing or malware. How exactly does Google know this to be the case? The company declined to offer specifics, only saying that data from victim reports and its own analysis strongly point toward the involvement of states or state-sponsored groups. Google also didn't mention how often it sees such malicious activity, though coverage of Stuxnet and Flame certainly has put a spotlight on cyber warfare involving nations. In the meantime, feel free to hit the source link below for Google's tips on how to secure your account.
Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time
Much ado was made when security experts found Stuxnet wreaking havoc, but it's looking as though the malware was just a prelude to a much more elaborate attack that's plaguing the Middle East. Flame, a backdoor Windows trojan, doesn't just sniff and steal nearby network traffic info -- it uses your computer's hardware against you. The rogue code nabs phone data over Bluetooth, spreads over USB drives and records conversations from the PC's microphone. If that isn't enough to set even the slightly paranoid on edge, it's also so complex that it has to infect a PC in stages; Flame may have been attacking computers since 2010 without being spotted, and researchers at Kaspersky think it may be a decade before they know just how much damage the code can wreak. No culprit has been pinpointed yet, but a link to the same printer spool vulnerability used by Stuxnet has led researchers to suspect that it may be another instance of a targeted cyberwar attack given that Iran, Syria and a handful of other countries in the region are almost exclusively marked as targets. Even if you live in a 'safe' region, we'd keep an eye out for any suspicious activity knowing that even a fully updated Windows 7 PC can be compromised.
U.S. Department of Defense preps cyber rules of engagement, plans to work more closely with ISPs
The Pentagon left no room for argument last year when it declared cyber attacks a potential act of war. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," a military official reportedly remarked. Yikes. Before we start bombing chimneys, however, the Department of Defense plans to draft up some relevant guidelines, noting in a recent House Armed Services Committee hearing that it will be delivering a set of cyberspace-specific rules of engagement in the coming months. "We are working closely with the joint staff on the implementation of a transitional command and control model for cyberspace operations," said Madelyn Creedon, assistant secretary of defense for Global Strategic Affairs. In addition to setting ground rules for cyber-engagements, the DOD also plans to expand efforts to share classified information on possible threats with internet service providers and defense contractors.
Hacker spites Symantec, puts pcAnywhere's source code out in the open
Symantec said that folks running its pcAnywhere utility were at an "increased risk" when it revealed that the company had been hacked and its source codes pilfered, and advised customers to stop using pcAnywhere for the time being. Sage advice, as a hacker with the handle YamaTough -- who's affiliated with Anonymous -- helped do the deed and has now published the code for all the world to see. Apparently, the hacker and hackee had attempted to broker a deal for $50,000 to keep the code private, but neither side negotiated in good faith -- YamaTough always intended to release the code, and law enforcement was doing the talking for Symantec to catch him and his hacking cohorts. The good news is, Symantec has released several patches to protect pcAnywhere users going forward. As for the stolen code for Norton Antivirus, Internet Security and other Symantec software? Well, the company's expecting it to be disclosed, too, but because the code is from 2006, customers with current versions can rest easy.
