May 2008

India faces cyber challenge from China

It appears that in the decades-old standoff between India and China over their 2,500-mile common boundary, it is no longer enough these days for India to guard its borders and stave off the intermittent Chinese military intrusions; India has to be adept at repelling digital snooping as well. Indian government sources have accused China of waging cyber warfare by snooping into India's Web sites, both government and privately owned. Quoting unnamed government sources, a recent report by the Times of India -- the country's largest circulation daily newspaper -- said China has been mounting cyber attacks, particularly on government Web sites, for the past one year, adopting hacking and other intrusive methods. But over the last few months these attacks have become particularly fierce and almost daily…..(UPI, 9 May 08)

Report: US lacks plan to counter terrorist messages

The United States must develop a communications plan to counter radical Islamic messages on the Internet, according to a Congressional report released Thursday. Because the Internet's easy access makes it possible for al-Qaida and other terrorist sympathizers to spread their beliefs and recruit new followers, the government needs a coordinated and thorough response that it currently lacks…..(AP, 8 May 08)

India and Belgium decry Chinese cyber attacks

Belgium and India have joined the growing ranks of countries voicing concerns about cyber attacks originating from China. Earlier this week, officials from both countries said computer networks inside their borders are routinely targeted by hackers trying to ferret information that could benefit the Chinese government. Belgian Justice Minister Jo Vandeurzen said he had evidence that the Communist Party of China is behind recent espionage attacks against his country. They were carried out by sending spyware attached to emails addressed to Belgian state departments….(Register, 8 May 08)

Management group warns CEOs of data-breach risks

…In a report entitled Cyber Attack: A Risk Management Primer for CEOs and Directors, launched on Wednesday, the British-North American Committee (BNAC) said that chief executives underestimate the scale of data-security problems and fail to recognize the consequences of data breaches for business. BNAC is a group of business leaders and academics from the UK, US and Canada aimed at lobbying the governments of all three countries about management and business-related issues.

Paul Twomey, president and chief executive officer of the Internet Corporation for Assigned Names and Numbers (ICANN) and one of the authors of the report, said that the majority of chief executives do not recognize the risks posed by cyber-espionage to business…..(ZD Net, 8 May 08) 

Report: Cyber Attack - A Risk Management Primer for CEOs and Directors

The Coming Cyber-War

While we’re refocusing our national security apparatus around counter-insurgency and counter-terrorism, we’re falling dangerously behind the curve on cyber security. Defense Tech’s Kevin Coleman has some details:

China is well known for its global cyber espionage efforts. And while the United States has received most of the media attention given to cyber attacks, we are not the only ones dealing with this issue. India is now pointing the finger at China, claiming they have systematically launched a series of attacks on sensitive information systems and networks of Indian agencies. India rapidly responded and now has cyber-security forces down to the division-level to guard against cyber wars. But is that really enough given China’s stated ambitions?....(Outside the Beltway, 8 May 08)

Pentagon rushes to build cyber war arsenal

DARPA, the Pentagon’s agency that develops new technology for military use, is tasked with producing world-class cyber war capabilities. It’s America’s largest project since the agency was catching up with the Soviet space programme following the launch of sputnik in 1957. The project involves the creation of an Internet simulator. The 'virtual Internet' will use special hardware and software to help researchers evaluate vulnerabilities in the multi-million user computer network……(Russia Today, 8 May 08)

The Secret Internet Simulator

DARPA, the U.S. Defense Advanced Research Projects Agency, has been ordered (by the president and Congress) to develop world-class offensive and defensive Cyber War capabilities. Initial emphasis will be on defensive measures. This is a big deal. DARPA hasn't been given this large a project since Russia launched the first space satellite in 1957. This alarmed the U.S. government more than it should have, and DARPA was ordered to catch up with the Soviet Union as quickly as possible. Money was no object. Time was of the essence.

Unlike the space program boost of half a century ago, the current DARPA rush program will be highly secret. Cyber War is all about secrets…..(Strategy Page, 7 May 08)

Fighting the agents of organized cybercrime

…"Hacking has escalated from a destructive nature to financial gain through phishing, targeting people for bank account details, and siphoning accounts from there," says Derek Manky, chief security researcher at Fortinet.

"It's a very sophisticated ecosystem, with organizations and services for hire," he continues. "There's a lot of money floating around, a lot of people involved. Once the infrastructure and networks are in place, you start building that foundation, which can be further leveraged and taken to next level: denial of services, cyber warfare, espionage."……(CNN, 8 May 08)

Belgium accuses China of cyber-attacks

It’s not just the US and UK who are crying foul over China's behaviour in cyberspace - now the government of tiny Belgium has accused hackers from the country of targeting its systems.

Justice minister Jo Vandeurzen is reported to have claimed that the Federal Government had been targeted by Chinese hackers, backing up a separate statement by Belgium's foreign affairs minister, Karel De Grucht that his ministry had been hit by espionage in recent weeks……(TechWorld, 8 May 08)

Is China to Blame for India's Cyber Problems?

The U.S. isn’t the only country victimized by cyber espionage that is blaming China. Something similar seems to be happening in India, too. American military and intelligence officials, as several of my BusinessWeek colleagues published in a cover story last month, argue that China “is the U.S.’s biggest cyber menace,” a charge that the Chinese government denies. (For the full text of the Chinese response to BusinessWeek, see here.) The Chinese argue that in many cases they are victims of hackers, fraudsters and others cyber criminals based in other countries who take advantage of gaps in the Chinese security network to hijack computers in the PRC.  Now people in India are pointing the finger at China. The Times of India yesterday reported unnamed Indian government officials alleging China has orchestrated a series of attacks on sensitive networks of Indian agencies…..(Business Week, 6 May 08)

Crimeware server exposes breadth of data theft

Last month Researchers at online security company Finjan uncovered a 1.4 gigabyte cache of stolen data from North America, Europe, the Middle East and India on a Malaysian server that provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers.

“This is a unique example of what we have been talking about for the last year,” said Yuval Ben-Itzhak, chief technical officer at Finjan. Online thieves are using sophisticated tools to plant malicious code on legitimate Web pages, compromising visiting PCs and stealing data. The data included 5,388 unique log files collected in just a three-week period. The files included personal and business e-mails, medical records, and financial log-in and transaction information with not only credit card and account numbers but also passwords and security codes. Although the trend of using Web exploits to steal and market personal data has been identified for some time, the discovery of the cache still was an eye-opener…The log files were traced to 5,878 distinct IP addresses. The number of compromised PCs the data was lifted from has not been determined, but Ben-Itzhak said it could be as high as double the number of IP addresses. Files on the server included 571 log files from the United States, 621 from Germany, 322 from France, 308 from India, 232 from Great Britain, 150 from Spain, 86 from Canada, 58 from Italy, 46 from the Netherlands and 1,037 from Turkey. The server was registered to a man from Moscow and was hosted in Singapore at the time it was discovered. It has since been shut down….(GCN, 6 May 08)

Belgium Names China in Hacking Incidents

One good spy is worth 10,000 men. --Chinese Proverb

Over the last few weeks, hackers have repeatedly attempted to break inside the computer network of the Belgium Federal Government as well as other organizations located in Belgium. On Friday, May 2, Jo Vandeurzen, the Belgian minister of justice, announced that his government believes the attacks were conducted from China, most likely at the request of Beijing. He admitted that he could not provide irrefutable evidence…..(Oh My News, 4 Apr 08)

Hundreds of Laptops Missing at State Department, Audit Finds

Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations with foreign countries, an internal audit has found. As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program… The program provides counterterrorism training and equipment, including laptops, to foreign police, intelligence and security forces. Ironically, the Anti-Terrorism Assistance Program is administered by the State Department’s Bureau of Diplomatic Security (DS), which is responsible for the security of the department’s computer networks and sensitive equipment, including laptops, among other duties. It also protects foreign diplomats during visits here…..(CQ, 2 May 08)

White House Plans Proactive Cyber-Security Role for Spy Agencies

…In January, President Bush signed a directive authorizing the intelligence agencies, including the National Security Agency, to monitor all federal network traffic to prevent attackers from breaking in and from stealing sensitive data or disrupting critical systems. The administration official said the intelligence community is uniquely suited to counteract today's malicious actors -- ranging from lone hackers to organized cyber criminal groups and nation states -- who the official said are constantly developing new attacks and exploiting unknown security holes in software and hardware to compromise government networks. The official said the president's new cyber-security directive will share the intelligence gleaned through monitoring threats across the government space with the private sector, which experts say is being hit with the same types of attacks that the federal dot-gov space is battling…Most of the 18 strategic goals laid out in the cyber initiative are currently classified, and few within the government have been fully briefed on the the plan. But the official said the administration plans to release additional details on at least 12 of those goals next week, after the White House Office of Management and Budget issues rules for assigning classification levels for data collected and shared under the new program….(Washington Post, 2 May 08)

Senators question DHS cybersecurity strategy

…The department is requesting $294 million for the National Cyber Security Division in fiscal 2009, an increase of $83 million. In January, DHS issued a request for proposals for contractor mission support for the division for 10 months. However, the solicitation did not clearly set out the roles, responsibilities and limitations of the contractor services, nor did it specify how contractor performance would be monitored…The senators also expressed concern about how little information has been available about the cyber initiative to Congress, private entities and the public in addition to difficulties tracking which parts of the initiative are classified and which are not……(Washington Technologt, 5 May 08)

NATO creates cyberdefense team

NATO has set up a new Cyber Defense Management Authority that will coordinate the safeguarding of its own and member states’ computer infrastructures against cyberattack. The new organization will coordinate all NATO cybersecurity activities to protect its information and communication systems and offer assistance to NATO’s 26 member states in North America and Europe, NATO said in a news release. NATO has maintained an internal cyber response capability since 2002. The authority is expected to create a NATO cybercommand center to help member states during cyberattacks. The chief of the new authority is expected to be Maj. Gen. Georges D'Hollander, who runs NATO’s internal cyberdefenses……(Washington Technology, 2 May 08)

OU tackles computer forensics

Fears of corporate espionage, malicious staff and disputed trade deals has led to the Open University's first course on computer forensics to be heavily oversubscribed. The post-graduate Computer Forensics and Investigations course starts today, and prospective students have been bumped to the November 2008 course since March…..(VNUnet 1 May 08)

April 2008

Travel group warns: Corporate data at risk from laptop searches at border

The Association of Corporate Travel Executives (ACTE) is warning its members to limit the amount of proprietary business information they carry on laptops and other electronic devices because of fears that government agents can seize that data at U.S. border crossings. The group is worried that corporate data could be downloaded by agents, leading to potential security breaches and the exposure of information that is supposed to be private. Among the devices that could be searched by border agents are cell phones, handhelds, digital cameras and USB storage devices…..(Computerworld, 30 Apr 08)

The Art of Cyber Warfare, Part 2: Digital Defense

In Late April last year, about 1 million computers under botnet control started attacking the Estonian government's computers in a denial of service (DoS) assault. The onslaught continued for three weeks. In the aftermath of this cyber warfare incident, NATO provided the Estonian government with some help in restoring the computer systems and investigating the attacks. Considerable evidence reportedly pointed to computers in Russia as the source of the commands, but Russia has denied any involvement…..(Tech News World, 30 Apr 08)

One Breach is One Too Many in Cyber Warfare

Cyberspace is a battleground that the U.S. military should learn to dominate, just as it has land, sea and air, says an expert with the Naval Postgraduate School's computer science department. "Destroying a computer infrastructure is like denying somebody air," said Scott Cote, senior lecturer in the school's Center for Information Security Studies and Research. Students at NPS waged a four-day battle in cyberspace that pitted them and each of the service academies — Army, Navy, Air Force, Coast Guard, Merchant Marine, and the Air Force Institute of Technology — against a team of computer hackers fielded by the National Security Agency last week……(Monterey Herald, 29 Apr 08)

Are we losing the security war?

Five years ago, hopes were high that cyber crime could be cracked. Now security experts admit traditional approaches can't keep pace with the growth in malware. What can be done to turn the tide, asks Simon Moores. A short cyber crime story on Al Jazeera TV on Sunday made me realise that this year's Infosec show in London had passed me by, almost unnoticed. I had missed my annual pilgrimage to the great security bazaar at London's Olympia because I had been speaking at the IDC conference in Milan…..(Silicon, 29 Apr 08)

The Art of Cyber Warfare, Part 1: The Digital Battlefield

Computer network attacks are often perpetrated by gangs of criminal hackers attempting to break into a system for financial gain. However, cyber attacks for political purposes could just as easily be -- and sometimes are -- perpetrated. A country's national security could be severely threatened should a team of hackers successfully crack certain computer systems.  New-age warfare is here. Governments and Internet security firms are quietly gearing up for the potential onslaught. Don't think that cyber warfare is merely fuel for novel writers. Cyber attacks are being waged in increasing numbers……(Tech News World, 29 Apr 08)

Kenya works on training information security managers

A lack of training institutions for information security management has made IT investment expensive for many organizations in Kenya. Companies have invested in training IT managers abroad, which is expensive for small and medium-size businesses in Africa, said James Gathage, a consultant at QualityPlus, a Kenyan training company for information security management professionals.This has led some companies to neglect information security and management as integral parts of business and organizational growth, he said. So, to reduce costs and make courses affordable, training companies are bringing experts in to train local IT managers……(Computer World, 28 Apr 08)

Opinion: Knock, knock, it's the FBI

Just imagine if one day in the near future the FBI comes to your enterprise with warrants that allow them to seize and remove any computer-related equipment, utility bills, telephone bills, any addressed correspondence sent through the U.S. mail, video gear, camera equipment, checkbooks, bank statements and credit card statements. The first question you'd ask is, "Who has done what?"… A link?! Clicking on a link can now be a federal offense?... As is often said at moments like these, I am not making this up; this is exactly what happened to a doctoral student at Temple University who was also a history professor at La Salle University named Roderick Vosburgh….(Network World, 25 Apr 08)

FBI wants widespread monitoring of 'illegal' Internet activity

The FBI on Wednesday called for new legislation that would allow federal police to monitor the Internet for "illegal activity." The suggestion from FBI Director Robert Mueller, which came during a House of Representatives Judiciary Committee hearing, appears to go beyond a current plan to monitor traffic on federal-government networks. Mueller seemed to suggest that the bureau should have a broad "omnibus" authority to conduct monitoring and surveillance of private-sector networks as well. The surveillance should include all Internet traffic, Mueller said, "whether it be .mil, .gov, .com--whichever network you're talking about."….(CNet, 23 Apr 08)

Growing alarm over cyber espionage threats

Rapidly evolving cyber espionage threats, state-sponsored hackers, and other Internet miscreants are bounding over the best modern protections consumers, corporations, and governments can set up. The situation is providing a steady source of revenue for the essential products and services of computer and network security firms. In a series of reports on cyber espionage, Business Week says that all these defenses - firewalls and antivirus updates - devouring an organization's time, servers, and technology budget can be useless against even one moderately adept hacker engaging in open-source 'net reconnaissance' such as simple Googling; crafty 'social engineering' of fake e-mail attachments that trick recipients because they mimic messages from the boss or a client; and leveraging of cyber-break-in 'toolkits' readily available online…..(Legal-Brief, 23 Apr 08)

Executives harpooned by online 'whalers'

Corporate bosses have become the latest target of cyber-criminals, after a string of attacks in which senior management have been singled out to receive fraudulent e-mails… In the latest e-mail scam, known as "whaling" because it targets "the big fish", executives are sent official documents — for instance, court subpoenas — that apparently relate to the business of senior management. The employees singled out are typically "C-level", meaning chief financial officers, chief technology and information officers, as well as those in other sensitive parts of the company, such as accounts. The hope is that recipients will click on a link in the e-mail which directs them to a website that installs a malicious program on their machine……(Times Online, 23 Apr 08)

Overestimating Storm

Computer security researchers had an "oops!" moment recently when they realized that their monitoring and investigative tools had led to overestimating the size of the Storm botnet. Last year, it was believed that the Storm botnet was the largest botnet ever seen. Because of that, it was believed that the Storm network was capable of shutting down any military or commercial site on the planet, or do some major damage in ways that had not yet been experienced. There was the impression that there had never been anything quite like Storm. But it turned out that Storm was only about a tenth of its estimated size.....(Strategy Page, 23 Apr 08)

The CIA Hack...still working.

Once this vulnerability was submitted by Harry Sintonen to Wired's Threat Level last week, it's been spreading like wildfire throughout the web.  Discovery of a new XSS is nothing new, but does become noteworthy when it involves a domain like CIA.gov…..(Network World, 23 Apr 08)

Report: China's botnet problems grows

Computers infected by Trojan horse programs and bot software are the greatest threat to China's portion of the Internet, with compromises growing more than 20-fold in the past year, the nation's Computer Emergency Response Team (CN-CERT) stated in its 2007 annual report released last week. The response organization found that the number of Chinese Internet addresses with one or more infected systems increased by a factor of 22 in 2007. The report, currently only published in Chinese, estimates that, of 6.23 million bot-infected computers on the Internet, about 3.62 million are in China's address space…..(Security Focus, 21 Apr 08)

FBI organizes defense against cyber-attacks

The FBI quietly established last summer a task force involving U.S. intelligence and other agencies to identify and respond to cyberthreats against the United States. Called the National Cyber Investigative Joint Task Force, the group has "several dozen" personnel working together at an undisclosed location in the Washington area, said Shawn Henry, the FBI's deputy assistant director of its cyberdivision. In an interview with United Press International, Mr. Henry was tight-lipped about the task force's composition, saying only that it involved "several intelligence, law-enforcement and other agencies from across the U.S. government….(Washington Times, 21 Apr 08)

FBI program warns of inside threats, too

…The counterintelligence mission of the FBI ranks second in the agency's list of national priorities, just beneath anti-terrorism.  But in Huntsville, agents spend a good deal of time teaching businesses, academic institutions and government agencies how to protect themselves from the insider threat, said Jeff Hawkins, Huntsville coordinator of the FBI's Counterintelligence Domain Program. "This rivals almost any other place in the country in terms of research and development," Hawkins said. "What it boils down to is those critical systems and programs that provide the country its military edge are the things we must keep secure." The Domain Program is a joint effort with the FBI, academia, businesses and government entities to identify and protect important projects, whether they pertain to national security or trade secrets…..(Huntsville Times, 20 Apr 08)

Don’t Let Company Data Escape Through Employees

…Today’s cyber thieves are more sophisticated than ever, but many mobile thefts rely on the laughably unsophisticated method of eavesdropping or peering over a worker’s shoulder. At any given airport or café, dozens of laptop screens and telephone conversations are just begging to be infiltrated by a nearby thief.  When employees need to make telephone calls in public locations, Shepard recommends instructing them to walk away from crowds and cover their mouths with their hands to prevent lip readers from “listening in.” …..(Processor, 18 Apr 08)

Infosecurity 2008 - New defence strategy in battle against e-crime

…In 2008, we have seen the continued development of sophisticated criminal-to-criminal (C2C) business models. These mature business models operate on two levels. Crimeware developers are supplying "crimeware toolkits" to other criminal elements to be used for attacks. These "how to" packages instruct users step-by-step in how to infect a system and then retrieve data for financial gain. But criminals can also go the old-fashioned way: purchasing data collected by Trojans, keyloggers and other types of crimeware. These crime pros use robust and scalable crimeware that gives them maximum flexibility in terms of command and control… A striking example is the wave of attacks that came from China in late 2007 and have continued into 2008. Malicious content was distributed using obfuscated code and a network of websites to bypass traditional information security technologies. One of the websites used to distribute the crimeware belonged to a Chinese government office. It illustrates that cybercriminals not only successfully attack government websites, but also turn them into "cyber crime tools". Due to its high success rate, we see more of these kinds of attacks using infected legitimate websites. A recent example is the Forth Road Bridge's website, where cybercriminals deployed the Neosploit crimeware toolkit, using obfuscated JavaScript, for their attack……(Computer Weekly, 18 Apr 08)

E-Mailed Grand Jury Summons May Harm Computers

The FBI’s Internet Crime Complaint Center (IC3) is alerting computer users about a spam e-mail that contains a fraudulent court subpoena. The bogus e-mail attempts to notify recipients that they are commanded to appear and testify before a Grand Jury. At first glance, the e-mail appears authentic. It contains a court case number, federal code, name and address of a California federal court, court room number, issuing officers' names, and the court’s seal….(FBI Press Release, 17 Apr 08)

Hack Attack on Tibet Groups Could Hint at China's Anti-U.S. Tactic

Over the past few weeks, public protests over Chinese actions in Tibet have spread from the streets of Lhasa to cities where the Olympic torch is appearing on its way toward Beijing. Meanwhile, a quieter online conflict has come into focus, with Tibetan rights groups saying they are facing a growing number of digital attacks—even more than when protests first escalated.  The incidents provide details on threats aimed at other targets: Security consultants say that some of the attacks involve computer servers in China that were previously used to target several United States military contractors. And similar tactics have been used against the Falun Gong religious movement. There is no evidence of a Chinese government role in the operations, and Chinese officials based in the U.S. did not respond to requests for comment……(Popular Mechanics, 17 Apr 08)

Counterfeit Chips Raise Big Hacking, Terror Threats, Experts Say

This past January, two brothers from Texas, Michael and Robert Edman, appeared in court to face federal charges of selling counterfeit computer equipment to, among others, the Air Force, Marine Corps, Federal Aviation Administration, Department of Energy, numerous universities and defense contractors such as Lockheed Martin. According to prosecutors, the pair, working largely out of Michael Edman's house in the rural town of Richmond, bought cheap network cards from a supplier in China. They also purchased labels and boxes carrying the logo of Cisco Systems, the U.S.-based hardware giant. Until a source in China tipped off the FBI, no one could tell that the parts were Cisco knockoffs rather than the real thing…..(Popular Mechanics,  April 2008 Issue)

25 network research projects you should know about

…11. Analyzing the "Dark Web" - Computer scientists at a University of Arizona lab have created a project called Dark Web that is designed to track and analyze the moves of terrorists and extremists using the Internet to spread propaganda, recruit members and plan attacks (click here to read our feature on cyberwar). The project, which is funded by the National Science Foundation and other federal agencies, is led by Hsinchun Chen at the Artificial Intelligence Lab in Tucson. Dark Web's specialty is tracking massive amounts of information scattered across thousands of Web sites and in e-mail and other online programs. Spidering, link analysis, multimedia analysis and other techniques are used, according to the NSF……(Reseller, 17 Apr 08)

IT governance critical to addressing information risk

Information and its conduits provide the lifeblood of the modern business, writes Alan Calder of IT Governance. They provide the key to competitive advantage, improved productivity, cost reductions and general organizational effectiveness. As a result, information and IT deserve far more board-level attention than they enjoy currently, and most organizations urgently need to adopt IT governance measures to achieve proper oversight…..(Computer Weekly, 17 Apr 08)

Cyberwarfare 101: Black Hats, White Hats, Crackers and Bots

Most Internet “hackers” who are sufficiently capable to engage in cyberwarfare have little real affiliation with states (regardless of their citizenship in the real world). Skilled cyberwarriors can be fiercely individualistic and anonymous, though several broad classifications help give definition to the community and highlight some of the major types of actors in cyberspace…Before considering the role of a state’s power in cyberspace, it is important to identify and understand the transnational actors who populate it — particularly those who can manipulate the environment. The Internet is an environment defined by its users, and the average user is utterly powerless in terms of cyberwarfare — i.e., wreaking havoc on governments and institutions….(Stratfor, 16 Apr 08)

Defenseless on the Net

…Today, rapidly evolving cyber espionage threats, state-sponsored hackers, and other Internet miscreants are bounding over the best modern protections consumers, corporations, and governments can set up. The situation is providing a steady source of revenue—in the many billions of dollars—for the essential products and services of computer and network security firms. Yet as illustrated by the intrusions described by a BusinessWeek investigation (BusinessWeek.com, 4/10/08), all these defenses—firewalls and antivirus updates—devouring an organization's time, servers, and technology budget can be useless against even one moderately adept hacker engaging in open-source "net reconnaissance" such as simple Googling; crafty "social engineering" of fake e-mail attachments that trick recipients because they mimic messages from the boss or a client; and leveraging of cyber-break-in "toolkits" readily available online.…..(Business Week, 15 Apr 08)

Air Force Cyber Command Gives Away the Goods

Businessweek published an interesting story last week about cyber espionage involving a spear-phishing attack that targeted a Booz Allen Hamilton executive. The e-mail contained an attachment embedded with a key-stroke logger and appeared to come from a trusted source in the Pentagon. The attacker "knew enough about the 'sender' and 'recipient' to craft a message unlikely to arouse suspicion." Spear phishing of course involves a targeted attack against a specific individual or individuals……(Wired, 15 Apr 08)

Activist Groups Under Cyber Attack

When Conall Watson resigned from the board of directors at activist group Students for a Free Tibet UK in June, 2007, someone—not a friend—was watching on the Web. The 25-year-old British pharmacist, who worked for the free-Tibet movement in his spare time, had sent a mass farewell e-mail mentioning his departure and a change in his e-mail address. "I'm stepping down from the SFT UK organizing group," part of the message, reviewed by BusinessWeek, reads. Nine months later, Conall Watson's name—and parts of that same 2007 sayonara e-mail—returned to haunt the activist organization in the form of a stealthy cyber-attack the group believes was launched from China…..(Business Week, 11 Apr 08)

Recruiting for the Cyber Wars

The U.S. military is looking for a few good geeks. "This building will be attacked 3 million times today," announces the commentator as the Pentagon appears on an ad available on the popular video site YouTube (GOOG). "Who is going to protect it? Meet Staff Sergeant Lee Jones, Air Force Cyber Command, a member of America's only cyber command protecting us from millions of cyber threats every day." The YouTube recruitment video is part of a high-profile ad campaign running on TV, in print, and on the Web. In the ads, the Air Force boasts of its ability to protect the nation from a potentially devastating cyber attack. The ads overstate just how protected the U.S. military's networks are [BusinessWeek, 4/10/08], but they underscore a new sense of urgency: As computer networks play increasingly vital roles in the U.S. military -- and expose it to new dangers from skilled information warriors trained by other nations -- the U.S. needs a new type of 21st century soldier…..(Business Week, 15 Apr 08)

No extra charge for factory-fresh viruses

From iPods to navigation systems, some of today's hottest gadgets are landing on shop shelves with unwanted extras from the factory: pre-installed viruses that steal passwords, open doors for hackers and cause computers to spew spam. Computer users have been warned for years about virus threats from downloading internet porn and opening suspicious email attachments. Now they run the risk of picking up a digital infection just by plugging a new gizmo into their PCs. Recent cases include some of the most widely used tech devices: Apple iPods, digital picture frames and navigation gear. In most cases, Chinese factories, to which many companies have turned to keep prices low, are the source. So far, the virus problem appears to come from lax quality control, such as a careless worker plugging an infected music player into a factory computer used for testing, rather than organized sabotage by hackers…..(Australian IT, 15 Apr 08)

How to spot -- and stop -- a spy

Corporations are woefully unprepared to counter attempts at corporate espionage, say experts who perform vulnerability assessments designed to uncover security weaknesses. U.S. corporations lose as much as $300 billion a year to hacking, cracking, physical security breaches and other criminal activity, according to Ira Winkler, author of Spies Among Us (Wiley, 2005) and president of the Internet Security Advisors Group, which performs espionage simulations and provides other services…Any company can be a target, says Peter Wood, chief of operations at First Base Technologies, a U.K.-based consultancy that performs ethical hacking services. Spies are interested in anything from financial data to intellectual property and customer data. They might steal information for blackmail purposes, but "the most common motive for physical intrusion is industrial espionage," he says. Here are several of the most common ploys and the countermeasures you can put into place to spot -- and possibly even stop -- the work of a spy…….(Computer World, 14 Apr 08)

4 things your administrative staff should know about your company's data security

Administrative staffers may not have their fingers on the pulse of business-critical operations, but they do get their hands on a lot of sensitive company information. Executives often grant administrative assistants and record-keepers access to strategic data and correspondence to make their own lives easier. As a result, these well-meaning assistants are often targets of hackers, scammers and even espionage…..(Computer World, 14 Apr 08)

The Chinese e-Wars: Reports from the Front

Opinion: Those who commit espionage over the Internet have plenty of weapons to choose from. There's no reason to make things easy for them. Reports continue about the sort of espionage I discussed recently in "The Secret China-US Hacking War." This Wired Report mentions how pro-Tibet groups have been the target of many such attacks, and it goes into more detail on the attacks themselves. In 2006 and 2007, there were a series of attacks against Microsoft Office users, the kind Microsoft terms as "targeted [and] isolated." We knew at the time that these were espionage of a sort; the use of a new vulnerability against one or two targets indicates a sophisticated, high-value attack.....(e-Week, 14 Apr 08)

The Secret China-U.S. Hacking War

..."The thing about China that gives you pause is that they've written openly about their emphasis in particular areas--space and cyberspace," he said. International cyber-wars are becoming a not-uncommon occurrence. Last year the Internet infrastructure of Estonia was largely taken down by attacks from Russia, following a dispute with Russia over the fate of a World War II memorial. But that attack was against the civilian Internet infrastructure: the ISPs and banks, for example, not the Estonian military or government. Such attacks can impact the entire Internet, and are fundamentally different from targeted hacks against specific installations. It's the difference between war and espionage.....(e-Week, 13 Mar 08)

Chinese Cyber Espionage

Hack-attacks have been occurring since a long time. However, it has been recently noted that there has been a rise in Cyber attacks originating from China on the US Government, Defence, and pro-Tibet organizations. Latest reports suggest that the sudden patches issued by Microsoft in 2006 and 2007 were a result of such hack-attacks exposing several loopholes in the Office Suite. In the past, hackers were motivated to steal insider trading information, trade secrets, or unreleased movies for piracy; but now these attacks are getting increasingly political, which has resulted in them being widely reported and thoroughly investigated. These attacks began in 2006, when hackers sent malicious Word and Excel files to would-be victims. F-Secure, an online security provider, has observed the escalation in spying done with Trojans, a shift that has happened in the last two years……(TechTree, 11 Apr 08)

The New E-spionage Threat

The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.

The Pentagon hadn't sent the e-mail at all. Its origin is unknown, but the message traveled through Korea on its way to Booz Allen. Its authors knew enough about the "sender" and "recipient" to craft a message unlikely to arouse suspicion. Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a mysterious master at the Internet address cybersyndrome.3322.org, which is registered through an obscure company headquartered on the banks of China's Yangtze River.

The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years…"It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier…..(BusinessWeek, 11 Apr 08)

Video: New Cyber Threat - Serious threat of cyberterrorism

Video: Defending the Homeland - U.S. efforts to tighten cyber defenses

CERT: Online Attacks Threaten U.S. Financial Institutions

CERT: U.S. Defense Contractors and Government Employee Targets

Major attacks on the U.S. government and defense industry—and their code names

.....(BusinessWeek, 11 Apr 08)

Bush's Cyber Secrets Dilemma

There's a problem facing the Bush administration: It has $30 billion to spend over the next five to seven years to keep the U.S. safe from hackers and cyberspies. But to extend that protection to the nation's critical infrastructure--including banks, telecommunications and transportation--it needs the cooperation of the private sector. And among corporate executives, even those who want to help are wary: How can the business world participate in the government's cyber initiative, they ask, if the government remains intensely secretive?

That call for transparency was a common refrain this past week at the security industry's biggest gathering, the annual RSA conference held in San Francisco. The government has plenty of money tagged to the Bush administration's classified Presidential Directive 54, the plan for shoring up the cyber defenses of the U.S. government. But any extension to key parts of the private sector, according to former officials and security professionals, could be hamstringed by the government's own secrecy……(Forbes, 10 Apr 08)

Hackers attack pro-Tibet websites - ScanSafe saves the day

Hackers have attacked pro-Tibet websites in what looks like virtual retaliation to the Olympic relay protests seen all over the world. The cyberstrikes came from a server in Taiwan and were designed to monitor the activity of users of SaveTibet.org and FreeTibet.org by creating links to invisible websites that then download spybots. It was internet security firm ScanSafe that spotted the attacks and warned the two sites with enough time to be sure that no-one was infected……(Tech Digest, 10 Apr 08)

Government used as an ATM

A syndicate, which investigators say has been treating government departments as an "ATM machine with never ending funds to withdraw", has already plundered millions of rand from accounts by using spy software to access employee user names and passwords. And while conservative estimates put the loss to departments at R20-million, the figure could be much higher……(IOL, 10 Apr 08)

DHS offers first take on Cyber Storm exercise

With its latest Cyber Storm II exercise now completed, the U.S. Department of Homeland Security said it expects to release an after-action report analyzing the event, and is now beginning planning for Cyber Storm III in 2010. Cyber Storm 2 was a week-long cybersecurity simulation that included mock attacks on computer and transportation systems. But the exercise brought in many more players from government and other industries: about 2,500 people from the U.S., U.K., Canada, Australia and New Zealand……(Computer World, 10 Apr 08)

"Black Hat" is the new "Jarhead" for cyber warfare

Given the recent rash of speeches, announcements, and other venues in which various national security types have talked up the federal government's need to somehow involve the private sector in securing the nation's network infrastructure, you could be forgiven for suspecting that some kind of coordinated civilian information security outreach campaign is underway… Kendall also implied—half jokingly, half not—that not only might some potential cyberwarrior recruits be in less than peak physical shape, but they might have broken the law in the course of acquiring the 1337 hax0r skillz that would make them useful to the military. In other words, the military might adopt a "don't ask, don't tell" policy when it comes to the color of a recruit's hat.

Kendall suggests that part of the solution to the recruiting conundrum is that these cyberwarriors could be civilian contractors—the mercenaries (my term, not his) of the digital age. Another part lies in changing the military's culture and recruiting tactics…..(Ars Technica, 10 Apr 08)

Raytheon zeroes in on defending cyberspace

…Raytheon, which acquired data-leak prevention toolmaker Oakley Systems of Salt Lake City last October, yesterday disclosed it has formed a business unit combining Oakley's staff with its own corps of security engineers to target an estimated $8 billion annual market protecting government and private-sector computer networks. The new "information security solutions" practice, including about 200 employees at Oakley and hundreds more at Raytheon sites across the country, will be based at Raytheon's Intelligence and Information Systems division in Garland, Texas, outside Dallas. Raytheon previously had provided cyber security to parts of the federal government, including the Pentagon and intelligence agencies. But its efforts were fragmented across multiple product lines and businesses…..(Boston Globe, 9 Apr 08)

US security chief: cyber-threats 'on par' with 9/11

…Mr Chertoff said that the US Government planned to shift its approach to fighting computer-based crime from what he called "a fundamentally backward-looking architecture" - analysing attacks as they happened and tracing back to their source - to "an early-warning system".  He declined to elaborate on how officials would monitor and flag up threats before they materialised - saying the details were classified, but admitted that the new approach presented significant technical challenges. ''It's going to be hard - it's hard technically," Mr Chertoff told delegates at the RSA Conference. ''(But) the fact that something's hard doesn't mean, 'Let's not do it because it's going to be difficult.' It means, 'Let's roll up our sleeves and get started.''' Mr Chertoff said that there were too many openings in government networks through which cyber-criminals were able to inject malicious software, and that one of the first goals of the new system would be to reduce the number of access points from thousands to about 50……(Times Online, 9 Apr 08)

Feds tout slow cyber-security gains

Washington politicians are frequently pilloried for moving too slowly to respond to emerging problems, and while the adage has proven true regarding the federal sector's response to cyber-security thus far, the U.S. government is making slow progress in addressing the issue, experts maintain. A panel of government and private sector security officials presenting at the ongoing RSA Conference 2008 on Tuesday admitted that Congress and the White House should have moved faster to address cyber-security challenges, both within the U.S. and in terms of protecting national interests abroad…..(Info World, 9 Apr 08)

ISPs using deep packet inspection to spy on you

It seems certain ISPs are using a technique called deep packet inspection to spy on hundreds of thousands of internet service customers in the United States. That is a major invasion of privacy! Deep packet inspection is way to monitor your online activity keystroke by keystroke. This type of detailed, keystroke by keystroke monitoring means that these ISPs know not only who you’re emailing, what you are searching for online and what web sites you visit, they also know the contents of your emails, text messages and tweets, plus much more. This is an incredibly invasive and highly questionable practice. What are the ISPs doing with these invasive, privacy violating tactics? Many are gathering information about your habits, likes and dislikes to sell to advertisers……(Tech Blorge, 8 Apr 08)

Counterfeit chips raise hacking, terror threats

Foreign governments and manufacturers working together could sabotage American computers and computer networks by selling hardware implanted with malicious processors, according to a story in the April issue of Popular Mechanics. Security experts warn that as supply chains become more global and more opaque, no one can be sure what parts are going into the computers that run, well, everything--from air traffic control towers to banks to weapons systems. Secretary of Homeland Security Michael Chertoff raised the issue recently at a briefing attended by Popular Mechanics and others. "Increasingly when you buy computers they have components that originate ... all around the world," he said. "We need to look at ... how we assure that people are not embedding in very small components ... that can be triggered remotely."

The scenario seems unlikely, but possible…….(Minnesota Public Radio, 8 Apr 08)

Hack steered Coast Guard e-learning users to al Jazeera site

Last summer, hackers manipulated the Coast Guard's E-Learning system so that users were redirected to a Web site operated by al Jazeera, an Arab news organization, said the service's chief information officer.

Field information systems security officers informed the Coast Guard Computer Incident Response Team of the problem, and the service took the E-Learning system offline to mitigate risks to its network while the response team conducted an investigation, said Rear Adm. David Glenn, assistant commandant and chief information officer. He spoke at a meeting of the Armed Forces Communications and Electronics Association in March.

The Coast Guard took down the E-Learning system, used by its 36,000 uniformed and civilian personnel, for 45 days while it conducted the investigation…..(Gov Exec, 8 Apr 08)

Who trumps bin Laden as a cyberthreat? Look in the mirror

Six years ago, Osama bin Laden represented the nightmare scenario for the computer security establishment. But more immediate cyberdangers lurk on the horizon. Experts attending the RSA conference that began here today say it's you--Mr. & Mrs. Computer User--who keep goofing up.

In fact, they contend, the future of cybersecurity hinges less on a latter-day version of spy-versus-spy against shadowy terror groups than on a more serious effort to instill best practices. Listening to their heeding was something akin to the scene in the movie Groundhog Day, where Bill Murray repeatedly wakes up to the same morning.

Security gurus have long urged the business world to turn network security into part of the corporate DNA. The message is not fully getting through. And now we're seeing the predictable results……(CNet, 8 Apr 08)

Estonia prepares for repeat of cyberattacks on anniversary

Estonia is bracing itself for a repeat of the internet attacks which nearly brought its government to a halt last year, the Guardian has learned. Last April hackers bombarded the Estonia's hi-tech computer systems after a controversial decision to move a Soviet memorial. The cyberstrikes crippled many public services. With the anniversary of the attacks looming, senior officials are preparing for a repeat performance. One official said there had been many smaller attempts to hack into government systems during the last 12 months but they were not as organised or successful as last year's attacks.  A 20-year-old Estonian, Dmitri Galushkevich, has been arrested in relation to those attacks and was fined £880……..(Guardian 7 Apr 08)

US Cyberwarfare Prep Includes Offense

U.S. military officials seeking to boost the nation's cyberwarfare capabilities are looking beyond defending the Internet: They are developing ways to launch virtual attacks on enemies… Elder said initial uses likely would be limited to diverting or killing data packets that threaten the nation's systems, the way the military may intercept a foreign ship carrying arms in international waters. The remarks came late Friday during a New York chapter meeting of the Association For Intelligence Officers, a nonprofit group for current and former intelligence agents and their supporters……(AP, 6 Apr 08)

Trojan Horse on a Chip

“Security experts warn that as supply chains become more global and more opaque, no one can be sure what parts are going into the computers that run, well, everything from air traffic control towers to banks to weapon systems,” Popular Mechanics says. In an article, “The Manchurian Chip,” Glenn Derene and Joe Pappalardo outline in detail the possible dangers. “Individuals, companies and federal agencies could all be at risk from foreign governments or criminal enterprises,” they write. “A computer chip built with a subtle error might allow an identity-theft ring to hack past the encryption used to connect customers with their banks.” In addition, they say, flash memory hidden in a corporation’s printers could capture an image of every document produced and send it on to people who should not have it……(New York Times, 5 Apr 08)

Secretary of Homeland Security Michael Chertoff to Address Cybersecurity and Critical Infrastructure Protection at RSA® Conference 2008

RSA® Conference today announced that the Honorable Michael Chertoff, U.S. Secretary of Homeland Security, is scheduled to join a prestigious list of featured speakers at RSA Conference 2008 – taking place April 7-11, 2008, at the Moscone Center in San Francisco. On Tuesday, April 8, at 11:30 a.m., Chertoff will address the impact of information security on today’s society and how cybersecurity will continue to be a key area of focus for the Department of Homeland Security in the coming years…..(Business Wire, 4 Apr 08)

Secret Service Agent To Lead DHS Cyber Division

A cybercrime investigator at the U.S. Secret Service has been named to head the Department of Homeland Security's National Cyber Security Division, Security Fix has learned.

Cornelius F. Tate, a graduate of University of Mississippi, currently heads up the Technical Security Division at Secret Service. Tate also is a member of the Electronic Crimes Special Agent Program, a Secret Service team made up of agents who conduct forensic analysis of computer systems……(Washington Post, 4 Apr 08)

Reported Dollar Loss from Internet Crime Reaches All-Time High  (FBI)

FBI: Cybercrime racks up more profits
Damages from online fraud jumped more than 20 percent, according to the latest data from the FBI's Internet Crime Complaint Center. In a report released on Thursday, the Internet Crime Complaint Center (IC3) found that the number of complaints decreased slightly, while damage from online fraud grew to $239 million in 2007, up from $198 million in 2006. The IC3, an online portal used by the FBI for receiving cybercrime complaints, processed almost 207,000 reports of criminal activity, a 0.6 percent decrease from 2006. The victims ranged in age from ten- to 100-years old.  "The Internet presents a wealth of opportunity for would-be criminals to prey on unsuspecting victims, and this report shows how extensive these types of crime have become," James E. Finch, assistant director of the FBI's Cyber Division, said in a statement. "What this report does not show is how often this type of activity goes unreported.".....(Security Focus, 4 Apr 08)

IC3 2007 Internet Crime Report

USAF Cyber Efforts Trigger New Thinking

The provisional commander of the U.S. Air Force’s nascent cyber command suggests the U.S. military may need to rethink — and essentially loosen — its definition of uniformed personnel, as well as streamline and quicken its acquisition processes to meet growing cyberwarfare needs. “Perhaps we need a different kind of warrior in this domain,” Maj. Gen. William Lord told a Council on Foreign Relations (CFR) audience. “Today, all of our armed forces have a physical fitness test that requires us to ... meet some physical fitness standards. “How do you attract the brains of some of this crowd that you might not want to wire up to a polygraph, but yet use their ... wonderful innovative ability? But they’re not the same kind of folks that perhaps you want to march to breakfast in the morning,” Lord said March 31......(Aviation Week, 4 Apr 08)

DHS to beef up cybersecurity staff

 The Homeland Security Department’s infrastructure and cyber units are interviewing candidates for more than 300 job openings and also intend to convert more than 200 contractor jobs into government positions, a top DHS official testified this week. The department’s National Protection and Programs Directorate has 330 open positions, of which 250 are new jobs created in fiscal 2008…..(Washington Technology, 3 Apr 08)

China cracks down on insider cyber hacking

An internal crackdown on hacking activities in China has prompted speculation that the country may finally be tackling its cyber criminals. But political organizations are claiming to have received attacks on their networks from within China, raising questions over whether the state is encouraging certain hacking actions while prosecuting others. Four Chinese cyber criminals were sentenced last week to between six and eight years each for grand larceny, after stealing more than 100,000 yuan (£7,165) from internet bank accounts, according to the Chinese media……(Computing, 3 Apr 08)

NATO grows increasingly concerned about terrorism on world's computer networks

NATO’s latest security worries go far beyond Taliban fighters or al-Qaida extremists: They include computer hackers, threats to global energy supplies and climate change profiteers. World leaders gathered in Bucharest for this week’s NATO summit are debating what role the trans-Atlantic alliance can play in containing “cyberterrorists,” “hacktivists” and other emerging menaces that experts concede are untraditional, but still potentially lethal……(AP, 2 Apr 08)

IEEE Computer Society to Hold Technology Summit Highlighting Latest Hot Technologies

The IEEE Computer Society, the world's leading organization of computing professionals, today announced the debut of the IEEE Computer Society Technology Summit, a one-day event designed to bring executives and technologists together to learn about and discuss the latest issues, strategies, and advances affecting today's high-technology businesses. The inaugural event will be held Tuesday, May 13 at the Rio All-Suite Hotel & Casino in Las Vegas, in conjunction with the IEEE Computer Society's annual meeting……(Press Release, 2 Apr 08)

Congressional Hearing on Virtual Worlds

Today Congress held its first hearing on virtual worlds… As I have stated here and elsewhere it seems highly unlikely jihadi terrorists would use the Second Life platform in its current form. Although I do take issue with the Linden Lab CEO’s (Philip Rosedale) comment on the subject stating, “because we have a stronger recorded identity there, it is likely that virtual world activities are somewhat more policeable and the law is more enforceable there than it is on websites”……(Counterterrorism Blog, 2 Apr 08)

Connect to the Archived Video Webcast of this Hearing or Download

Congress Holds First Hearing on Virtual Worlds; Linden Lab CEO Philip Rosedale Testifies

The first-ever Congressional hearing on virtual worlds took place today in Washington. Linden Lab CEO Philip Rosedale testified, along with representatives of IBM, TechSoup, and the New Media Consortium…..(Virtually Blind, 1 Apr 08)

Seven Questions: Waiting for a Cyber Pearl Harbor

Chinese hackers are growing increasingly bold in probing critical U.S. defense networks. But former U.S. counterterrorism chief Richard A. Clarke tells FP that if the United States waits for a dramatic, 9/11-style attack on its critical infrastructure to act, it will be missing the real threat……(Foreign Policy, 2 Apr 08)

March 2008

EU Debates Cybercrime Law Enforcement

…At a two-day conference starting Tuesday in Strasbourg, France, the Council of Europe will to review implementation of the international Convention on Cybercrime and discuss ways to improve international cooperation. Cyber defense also will be on the agenda when heads of state from NATO's 26 member nations gather in Bucharest Wednesday for three days. The leaders are expected to debate new guidelines for coordinating cyber defense……(AP, 31 Mar 08)

Analyst: Money will fuel mobile spying programs

Spying programs for mobile phones are likely to grow in sophistication and stealth as the business around selling the tools grows, according to a mobile analyst at the Black Hat conference on Friday. Many of the spy programs on the market are powerful, but aren't very sophisticated code, said Jarno Niemela, a senior antivirus researchers for Finnish security vendor F-Secure, which makes security products for PCs and mobile phones. But there is increasing evidence that money from selling the tools will create a stronger incentive for more accomplished programmers to get into the game, which could make the programs harder to detect….(Info World, 28 Mar 08)

Sizing up the new US cybersecurity czar

…Frustration, a lack of support, a feeling that the government doesn't take cybersecurity issues seriously—each successive member in the parade of post 9/11 cybersecurity czars has cited these reasons for bailing from the job, sometimes after tenures as short as three months.  Given the government's continued failing grades in information security, its repeated high-profile data breaches, the attacks of (Chinese?) hackers, it's no wonder that the post has a problem retaining talent. Even worse is the fact that it looks for all the world like the executive branch has committed $6 billion dollars worth of cybersecurity funds to the NSA as part of some classified initiative. In other words, if the bulk of America's funding for protecting our critical infrastructure from cyberattack is going into a classified, NSA-run program over which the public sections of government (like DHS) have litt