Cybercrime fact or fiction

Charles Jeter


'.....IT experts have rightfully been skeptical of malware / antivirus industry claims that malware driven thefts are on the massive increase. After all the banks are telling us that it is safe and getting safer and I've recently posted about the ABA's viewpoint shifting from 2005 to 2010......'



Mozilla warns of malicious add-ons that send passwords to a third party and execute remote JavaScript code

Dan Raywood


'.....Mozilla said that version 3.0.1 and all older versions have been disabled on and a fixed version was uploaded and reviewed within a day of the developer being notified. It also said that proof of concept code for this vulnerability was posted, but no known malicious exploits have been reported so far.....'




Poor SCADA systems security 'like a ticking time bomb'


Robert Westervelt,289142,sid14_gci1517544,00.html


'....While companies that run supervisory control and data acquisition systems (SCADA) often claim those systems are secure because they are disconnected from the outside world and surrounded by a myriad of physical and technical security controls, Pollet's analysis of the assessments found just the opposite to be true......'



Data breaches exploit configuration errors, not software vulnerabilities

Jeremy Kirk



'.....In other findings, some 97 percent of the malicious software found to have stolen data in 2009 was customized in some way. For example, the malware was tweaked to evade detection by security software or new features were added, such as encryption for stolen information. That doesn't bode well for companies, Verizon said.....'



Android Wallpaper App Stole Scores of Users' Data, Sent it to China






'....Wallpaper was downloaded millions of times (between 1.1 million and 4.6 million to be precise).  It offers popular wallpapers, such as My Little Pony and Star Wars.  Other apps by developer iceskysl@1sters are also collecting similar info.The app collects your phone’s SIM card number, subscriber identification, and even your voicemail password and sends it to -- a website owned by someone in Shenzhen, China.......'



Hackers fool world's largest companies using smooth talk

The Age



'....Workers that unknowingly ended up on calls with hackers ranged from a chief technical officer to IT support personnel and sales people......'



BlackBerry encryption 'too secure': National security vs. consumer privacy

Zack Whittaker


'....Update (1st August 2010, 12:55 GMT): The BBC confirmed via the UAE’s state media that come October, all half a million BlackBerry users in the region will have some services suspended unless a “solution compatible with local laws is reached”, amid national security concerns.......'



Botnet with 60GB of stolen data cracked wide open

Dan Goodin


'....“These criminals are some of the most sophisticated on the internet, and have perfected a mass-production system for deploying phishing sites and 'crimeware,'” AVG wrote in a report issued Monday. “This means that mitigating the threat by going after the servers hosting the data using the 'Mumba' botnet is now much harder than before.”......'



DeepWater Horizon (BP oil spill) appears to be a control system cyber incident!

Joe Weiss


'....In the control systems community, the primary focus is on safety and reliability while the most frequent cyber risks are unintentional.  As Walt Boyes phrases it, the control systems community needs to focus on functional security. Functional security addresses the ability of systems to perform their functions in the face of intentional or unintentional cyber threats while assuring fail-safe operation. Functional security requires not just control systems domain expertise, but looking at system design and policies from a different perspective.  The lack of functional security has led to control system cyber incidents in electric, water, oil/gas, chemicals, and transportation including several with fatalities. Air France (aircraft) and the Washington DC Metro (rail rapid transit) apparently involved cyber control system failures; the Olympic Pipeline Company – Bellingham (gasoline pipeline) did suffer from cyber control system failures; and now the Deepwater Horizon oil platform suffered from known computer failures affecting the control systems. .....'



Who really sets global cybersecurity standards?

Michael Cooney



'....This week in a report that was critical about how the US will face global cybersecurity events, the Government Accountability Office identified 19 global organizations" whose international activities significantly influence the security and governance of cyberspace."


So who are they?


>From the GAO report:


* Asia-Pacific Economic Cooperation (APEC)


* Association of Southeast Asian Nations (ASEAN)


* The Council of Europe


* The European Union


* Forum of Incident Response and Security Teams (FIRST)


* The Group of Eight (G8)


* The Institute of Electrical and Electronic Engineers (IEEE)


* The International Electrotechnical Commission (IEC)




* The International Telecommunication Union (ITU)


* The Internet Corporation for Assigned Names and Numbers (ICANN)


* The Internet Engineering Task Force (IETF)


* Internet Governance Forum (IGF)




* Meridian Conference and Process


* The North Atlantic Treaty Organization (NATO)


* The Organization of American States (OAS)


* The Organization for Economic Cooperation and Development (OECD)


* The UN.....'




Many Corrupt Ukrainian Bank Workers Assist Cyber Criminals


Lucian Constantin




'.....Kyiv Post reports that the National Bank of Ukraine (NBU) has sent a letter informing local banks of an increase in the number of financial cyber crime incidents in the country. "SBU registered a stable trend of the increase in the number of computer criminality in the banking sphere in 2009-2010.......'





ENISA's General Report 2009 is online





'....As every year, ENISA publishes its General Report. It is asummary of the Agency’s operations, studies and reports......'





Incentives & barriers to Information Sharing





'.....The overall purpose of this workshop is to arrive at a robust, tested and prioritised list of the most important incentives and barriers to information sharing.....'




IBM employee sparks massive bank outage


Rik Myslewski





'....."We take full responsibility for this incident," wrote DBS Group Holdings CEO Piyush Gupta in a statement. A laudably mature response, to be sure, but his communiqué went on to explain that the blame for the outage, which lasted from 3am to 10am on Monday July 5, is to be borne by IBM......'





15 Countries Outline Principles on Cyber Security

Voice of America




'....With computer networks increasingly viewed as a realm for spying and warfare, the U.S., China, Russia and a dozen other countries have outlined principles on how to improve so-called "cybersecurity."......'





Malware targeting Siemens SCADA







The full impact of this malware is not clear and will continue to be assessed as new information becomes available. While it is concerning that the malware reportedly targets specific Siemens SCADA products, the real impact depends on the criticality and nature of the infected systems deployed......'





NY man said to use computer skills to aid al Qaeda





'.....Another New York man, Wesam El-Hanafi, was arrested and charged in the same indictment, and is currently detained pending an appearance in Manhattan federal court later this week. Both men are accused of pledging allegiance to al Qaeda and using their computer expertise to aid the group.....'





Hackers With Enigmatic Motives Vex Companies

Nick Bilton




'.....The world of hackers can be roughly divided into three groups. “Black hats” break into corporate computer systems for fun and profit, taking credit card numbers and e-mail addresses to sell and trade with other hackers, while the “white hats” help companies stop their disruptive counterparts.





Who controls the off switch?

Ross Anderson, Shailendra Fuloria




'.....From the viewpoint of a cyber attacker – whether a hostile government agency, a terrorist organisation or even a militant environmental group – the ideal attack on a target country is to interrupt its citizens’ electricity supply........'





Verizon’s 2010 Data Breach Investigations Report Released

Verizon RISK Team and the United States Secret Service.





'.....Including the USSS cases in this year’s report shook things up a bit but didn’t shake our worldview. Driven largely by organized groups, the majority of breaches and almost all data stolen (98%) in 2009 was still the work of criminals outside the  victim organization.





Cybersecurity Expert Shortage Puts U.S. At Risk

Mathew J. Schwartz




'........."A critical element of a robust cybersecurity strategy is having the right people at every level to identify, build, and staff the defenses and responses. And that is, by many accounts, the area where we are the weakest............'



Homeland Security Bill Passes House

Jill R.Aitoro





'........This time, it's the 2010 Homeland Security Science and Technology Authorization Act, which among other things, would double the cybersecurity research and development budget to $75 million for each of the next two years and authorize ............'


DHS outlines cybersecurity planning

Max Cacas




'..........Right now, Rand Beers, the Undersecretary for the National Protection and Programs Directorate with the Department of Homeland Security has a lot on his mind..........'



Cybersecurity Action at the White House

Steven Song


'.........You’ll be happy to learn that many citizens and organizations around the world, including the United States federal government, are working towards a common goal to make cyberspace a safer place. ...........'



Federal cyber strategy gets modestly clearer

Chris Bronk


'.......... the roughly eight years since it became law, the Federal Information Security Management Act has been buried with heaps of criticism from many groups, including the small legions of government employees and ..........'



Poof! Eye-Popping $45MM for Cyber Contests Vanish

Eric Chabrow


'........The version of the America Competes Reauthorization Act circulating in the Senate Commerce, Science and Transportation Committee this past week had an eye-popping figure: $45 million to fund cybersecurity competitions over the next three years.............'



NIST recommends new approach to cybersecurity

Meg Beasley


'.........The document, 800-39, will integrate security and risk management from the strategic level at the top of the organization down all the way to the lowest level systems. It is currently in draft form and Ross expects it to be released in about two months............'




The quiet threat: Cyber spies are already in your systems

Bob Violino




'.........As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat -- and putting in place adequate technology and procedural safeguards -- should be a high priority............'




UK launches Cyber Security Challenge

Warwick Ashford




'...........The UK has officially launched its Cyber Security Challenge to find and attract new talent to the IT security industry. "We need to excite, inspire and stimulate fresh interest in a career as a cyber security specialist," said Judy Baker, director of Cyber Security Challenge UK.............'



Cyber risks place new demands on public/private partnership

Amber Corrin




'............On a sweltering July day at a hotel in Washington, D.C., a room full of cybersecurity experts from government and industry watched a video simulation of an America in panic amid widespread cell phone and power outages that expanded from the Northeast across the country and eventually around the world............'





Cybersecurity R&D Bill Passes through House

Molly Mulrain




'..........The U.S. House of Representatives yesterday passed the Cybersecurity Enhancement Act of 2009 with a vote of 422-5.

The bill reauthorizes computer and network research and development programs to the National Science Foundation and the National Institute of Standards and Technology...............'



Black Hat: U.S. Infrastructure Vulnerable To Cyber Attack

Elizabeth Montalbano




'.............Cyber terrorists have a number of ways to mount a major cyber attack on U.S. Internet infrastructure due to the general instability of its base, the director of the agency in charge of protecting the federal government's IT network said Wednesday............'



Cyber Security Company Lunarline, Inc. Wins Multiple ISO 27001 Implementation Contracts

Bobbie Lawson




'............Cyber security company, Lunarline, Inc., has recently been awarded multiple contracts to provide ISO 27001 implementation services.  The ISO 27001 certification affirms that the company's information security management system meets the criteria from the globally accepted International Organization for Standardization.............'





Former NSA Director Calls for Clear Understanding of Cyber-war

Brian Prince




'............As a former National Security Agency director, retired Gen. Michael Hayden has seen firsthand the sometimes nebulous realities of cyber-warfare.............'



Ranum: Be Serious about Cybersecurity

Marcus Ranum




'...........This is a huge problem, and this is something that I first started talking about how this was going to play itself out as soon as people started talking about electronic commerce. The issue really is that the endpoints that people are using are just simply not good enough...............'



NSA Cyber Security Effort Critical to U.S. Business

Wayne Rash




'............A little while ago, The Wall Street Journal ran an article that detailed a massive effort by the National Security Agency to monitor high-risk targets in the U.S. against the possibility of attack by foreign interests or by terrorists. .............'



U.S. military cyberwar: What's off-limits?

Declan McCullagh




'............LAS VEGAS--The United States should decide on rules for attacking other nations' networks in advance of an actual cyberwar, which could include an international agreement not to disable banks and electrical grids, the former head of the CIA and National Security Agency said Thursday..............'



We need to win the Cyber War: Hayden

Gen. Michael Hayden


style="display: inline !important;">Excerpt:


'............uring the Obama administration, the issue of Cyber war and how exactly it should be handled was an open topic of discussion. It declared cyber security a National security priority in 2009..............'





Government, Private Sector Work On Cybersecurity


Carolyn Beeler





'...........The government is ramping up efforts to fight cyberterrorism, saying it wants to train thousands of "cyberwarriors" to protect government networks and infrastructure.............'






Cyberwar Is Hell


Andrew nagorski




'...........While we obsessed over Russian spies, top diplomats were working to stop a greater espionage problem: the threat of cyberwarfare..............'




Tighter cybersecurity, innovation on Commerce wish list

Ben Bain




'...........The Commerce Department wants suggestions on how to bolster two cornerstones of the information economy: cybersecurity and innovation..............'





Cyber security challenge of the future: Governor


Express News Service



Fighting Wars in Cyberspace

Sir Robert Fry



9 Key Cybersecurity Roles for Government

Eric Chabrow