Key findings from the 2011 Global State of Information Security Survey

PricewaterhouseCoopers

http://www.pwc.com/en_GX/gx/information-security-survey/pdf/giss-2011-survey-report.pdf

 

 

Excerpt:

"..............This financial restraint is in spite of clear evidence that as information security emerges from the smoke of a brutal year—and, in effect a “trial by fire,” as lastyear’s survey revealed—it is sporting a new hard-won respect, not just from many but from most of this year’s respondents. This includes more than 12,800CEOs, CFOs, CIOs, CISOs, CSOs and other executives responsible for their organization’s IT and security investments in more than 135 countries........."


 

 

 

Outage at J.P. Morgan Cuts Web Access

DAN FITZPATRICK, ROBIN SIDEL AND MARY PILON

http://online.wsj.com/article/SB10001424052748704285104575492353620968926.html

 

Excerpt:

"..........A spokesman for the nation's second-largest bank by assets said the service went down because of a "technical issue, not hackers or criminals." Another person familiar with the situation said the disruption was the result of a flaw in a software program tailored for J.P. Morgan............."


 

 

US urges NATO to build 'cyber shield'

Physorg

http://www.physorg.com/news203781095.html

 

Excerpt:

"..........The alliance has a crucial role to play in extending a blanket of security over our networks," Lynn said.  "NATO has a nuclear shield, it is building a stronger and stronger defence shield, it needs a cyber shield as well," he said at a forum hosted by the Security & Defence Agenda think-tank............."

 


 

 

Former NSA Chief Hayden: Cybersecurity Policy Still 'Vacant'

National Defense Industrial Association

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=203

 

Excerpt:

"...............S. government officials often have been handcuffed when operating in cyberspace because it is unclear whether their actions will set a precedent and have unknown lasting consequences, Hayden said. Another obstacle is the absence of a  definition of privacy for the Internet age, he added.................."


 

 

Cyber Storm about to unleash chaos on Australia, the world

Tom Hyland

http://www.brisbanetimes.com.au/national/cyber-storm-about-to-unleash-chaos-on-australia-the-world-20100918-15ham.html

 

Excerpt:

"..............Its aim is to test the ability of Australia and its allies to respond to what governments, spy bosses and security experts say is the real and growing threat from cyber attacks. As a video on the website of the super-secret Defence Signals Directorate puts it: ''Online is the new front line.''................."


 

 

Thoughts on the Future of Warfare

Aoyu Bai

http://seekingalpha.com/article/225905-thoughts-on-the-future-of-warfare

 

Excerpt:

".............The U.S. Defense Secretary Robert Gates’s Pentagon budget in April 2010 eliminated funding for many flagship development programs, including the F-22, which is to be phased out in 2011. With a congressional ban on the export of the aircraft, the development of the cheaper F-35, and a lack of Russian and Chinese counterparts, the Raptor’s $143 million per unit price tag could not be justified. Despite the lengthy and secretive development process, it appears as though only 187 of these aircrafts will ever appear in service..................."


 

 

The Threat to National Security

Jonathan Evans

https://www.mi5.gov.uk/output/the-threat-to-national-security.html

 

Excerpt:

"...............Like many extreme organisations, the dissident Republicans have tended to form separate groups based on apparently marginal distinctions or personal rivalries. But those separate groups can still be dangerous and in recent months there have been increasing signs of co-ordination and cooperation between the groups. This has led to a position where this year we have seen over thirty attacks or attempted attacks by dissident Republicans on national security targets compared to just over twenty for the whole of last year................."


 

 

Nation needs more cybercops to virtually weed out hackers

VANES DEVINDRAN

http://thestar.com.my/news/story.asp?file=/2010/9/20/nation/20100920073020&sec=nation

 

 

Excerpt:

"..............Our people need to be exposed because we are facing hackers who target government websites,” he told reporters after officiating at the Malaysia Ex-Servicemen Kuching Branch Cooperative meeting here yesterday................."


 

IPv6 Transition Poses New Security Threats

Kelly Jackson Higgins

http://www.darkreading.com/vulnerability_management/security/perimeter/showArticle.jhtml?articleID=227300083

 

Excerpt:

"...............IPv6 has been in the works for over a decade now, but with the exhaustion of the IPv4 address space expected anywhere from spring to June of 2011, the long transition to the new IP may finally be on the radar screen for some organizations. Unlike its predecessor, the "new" protocol was built with security in mind: it comes with IPSec encryption, for instance, and its massive address space could help prevent worms from propagating, security experts say................."


 

 

NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines

Mark Bello

http://www.nist.gov/public_affairs/releases/nist-finalizes-initial-set-of-smart-grid-cyber-security-guidelines.cfm

 

Excerpt:

"..............."The development of common Smart Grid standards is a national priority, and these cyber security guidelines are an important step toward that goal," said U.S Energy Secretary Steven Chu. "If we are to truly modernize our electrical grid, we must have electricity producers, distributors and consumers all speaking the same language and all working together to make our grid more secure. Cyber security is an integral part of the grid.".................."


 

 

Security Questions to Ask Your Vendor

CPNI

http://www.cpni.gov.uk/Docs/Vendor_security_questions.pdf

 

Excerpt:

"...............This paper provides valuable information to procurement teams, business risk managers and information security professionals about the kinds of security questions they should be asking of vendors. By asking questions about the security of products right at the beginning of a procurement cycle, organisations are more likely to receive a better product at the end; one that does not require quite so many updates and cause so much downtime. Secure code should be one of the “features” that customers demand. .................."


 

 

Spies Among Us

Pam Baker

http://www.cioupdate.com/features/article.php/3901696/Spies-Among-Us.htm

 

Excerpt:

"...............The report covers 900-plus breaches involving more than 900 million compromised records. The majority of the Verizon investigations evaluated in the study took place outside the US whereas the bulk of the Secret Service investigations occurred within the US. While external threats still run high at 69 percent, insider threats are an increasing challenge to IT. A challenge that is further complicated by the need to allow employees and other insiders access to the very network IT works so hard to block from outsiders..................."


 

 

Misconfigured networks are the easiest IT resource hackers exploit

IT Security Portal

http://www.itsecurityportal.com/itsecurity_news.asp?articleid=265225

 

Excerpt:

"...............This question was answered by Tufin's DEF CON18 research, which revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don’t always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role..................."


 

 

Internet Governance in an Age of Cyber Insecurity

Robert K. Knake

http://webcache.googleusercontent.com/search?q=cache:http://www.cfr.org/content/publications/attachments/Cybersecurity_CSR56.pdf

 

Excerpt:

"..............In pursuit of this objective, the United States should be guidedby three principles. First, it should take a networked and distributedapproach to a networked and distributed problem. No single forumcan adequately address this set of issues...................."


 

 

Police in Europe conduct raids over file-sharing sites

Jeremy Kirk

http://www.computerworld.com/s/article/9183800/Police_in_Europe_conduct_raids_over_file_sharing_sites

 

Excerpt:

".............The action comes just shortly after Swedish authorities conducted a series of raids over the last two weeks related to file sharing using the Direct Connect protocol. At least 20 other cases related to file sharing are under investigation. Sweden has stepped up its efforts to stop file sharing, including prosecuting four men related to the Pirate Bay search engine, which enabled users to find content shared using the BitTorrent protocol....................."


 

 

Facial recognition: Identifying faces in a crowd in real-time

Ms. Smith

http://www.networkworld.com/community/print/65955

 

Excerpt:

"................The CheckPoint.S [3] system "is a covert real-time facial identification system that acts as an automatic 24/7 security guard that never forgets a face." As well as alerting security teams if a suspect is near, the OmniPerception’s cameras can be "used to identify subjects with special privileges such us employees, security cleared personnel or, in different applications, VIPs" who are looking to enter premises such as hotels and casinos. The system works in a matter of seconds and in the near-infrared, working "in any lighting conditions, from pitch darkness to sunlight and everything in between."................."


 

 

DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network

Kevin Poulsen

http://www.wired.com/threatlevel/2010/09/us-cert

 

Excerpt:

"...............The United States Computer Emergency Readiness Team, or US-CERT, monitors the Einstein intrusion-detection sensors on nonmilitary government networks, and helps other civil agencies respond to hack attacks. It also issues alerts on the latest software security holes, so that everyone from the White House to the FAA can react quickly to install workarounds and patches..................."


 

 

 

The Perils of the Internet

Eugene Aseev

http://www.securelist.com/en/analysis/204792137/The_Perils_of_the_Internet

 

Excerpt:

"..............In Internet attacks, the primary aim of cybercriminals is to download and install a malicious executable file onto a victim computer. Naturally, there are attacks such as cross-site scripting, also known as XSS, and cross-site forgery requests, or CSRF), which do not involve downloading or installing executable files on victim machines...................."


 

 

Interview on ENISA’s first pan-European CIIP exercise

Evangelos Ouzounis, Panagiotis Trimintzios & Panagiotis Saragiotis

http://www.enisa.europa.eu/media/news-items/focus-interview-cyber-security-exercise

 

Excerpt:

"...............The main objective of the exercise is to bring the Member States together and enhance the Member States’ coordination efforts during a crisis. We also want to test the Member States’abilities to find the right contacts and assess the competences in the other Member States during a crisis. This is the first time we have a pan-European CIIP exercise, i.e. the first time that the Member States come together and work on a NIS related topic. We are all very much looking forward to this and we have been spending a lot of time analysing what the best approach for this kind of exercise is. Several Member States have already had national exercises..................."


 

 

Incentives and Challenges for Information Sharing in the Context of Network and Information Security

http://www.enisa.europa.eu/act/res/policies/good-practices-1/information-sharing-exchange/incentives-and-barriers-to-information-sharing/at_download/fullReport

 

Excerpt:

"...............Finally, the differing approaches to regulation and co-operation may also have an impact. This can be seen in the way in which the regulator and regulated entities interact. For example, in some countries there may be more of an outcome based regulatory approach, whereby both regulators and regulated jointly agree on outcomes to be achieved that are socially important, and work co-operatively to achieve them. .................."


 

 

Google Confronts China’s “Three Warfares”

Timothy L. Thomas

http://www.carlisle.army.mil/USAWC/Parameters/Articles/2010summer/Thomas.pdf

 

Excerpt:

"...............Initially, this article examines the context within which the Google attacks occurred and how Google’s response—abandoning censorship in China—was used by the Chinese to distract attention from their planned aggression. It then analyzes how a 2003 military regulation assisted China’s response to Google’s accusations. In short, these procedures are being used all too often by the Chinese and are causing US authorities to be more and more intolerant of Chinese behavior..................."


 

 

Every week 57,000 fake Web addresses try to infect users

http://www.net-security.org/malware_news.php?id=1456

 

Excerpt:

"..............Those who do, will see their computers infected or any data they enter on these pages fall into the hands of criminals. To do this, they use an average of 375 company brands and names of private institutions from all over the world, all of them instantly recognizable...................."


 

 

UK plans increased spending on cyber-security

John Leyden

http://www.theregister.co.uk/2010/09/14/cyber_security_defense/

 

Excerpt:

"...............Investing in better cyber-security will not be an option for the United Kingdom. What is being considered under the National Security Council as part of the SDSR is how that occurs. We will face increasing threats in cyberspace in the years ahead-the question is how we identify the weakest areas, which need to be looked at first, and how we develop the technologies so that, as the other technologies that might affect us continue to evolve, we are best protected. That will require us to look at research across the board.................."


 

 

The Top Cyber Security Risks Report

http://dvlabs.tippingpoint.com/toprisks2010

 

Excerpt:

"...............Over the previous decade, the vulnerability threat landscape might be segmented into two distinct eras. Between 2000-2005 there was the era of the classic worm, generally leveraging a Microsoft or other widely used service level vulnerability. However, between 2005 and 2006 the landscape seemed to change and another large Internet worm did not arise until Conficker in late 2008..................."


 

 

U.S. cyber-security strategy yet to solidify

Ellen Nakashima

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/16/AR2010091606745.html

 

Excerpt:

".............."There's a degree of caution about what direction to move, how far to move," said James A. Lewis, a national security expert at the Center for Strategic and International Studies. "You've got a lot of agreement on what the problem is but very little agreement on the solution, both within the government and outside."..................."


 

 

Cybercrime is world's most dangerous criminal threat

http://economictimes.indiatimes.com/tech/internet/Cybercrime-is-worlds-most-dangerous-criminal-threat/articleshow/6571330.cms

 

Excerpt:

"..............."Cybercrime is emerging as a very concrete threat," he said at the opening ceremony of the first Interpol Information Security Conference at Hong Kong's police headquarters on Wednesday.  Considering the anonymity of cyberspace, it may in fact be one of the most dangerous criminal threats we will ever face." .................."


 

 

 

Intel CISO: The biggest threat to security is a misperception of risk

Joan Goodchild,

http://www.csoonline.com/article/615413/intel-ciso-the-biggest-threat-to-security-is-a-misperception-of-risk

 

Excerpt:

"..............From a psychology perspective, the greater people perceive a benefit, the greater the tolerance of risk. Some examples of this include organizational adoptions of technologies such as cloud computing, virtualization, and social media. All present great advantages to business, so the security risk they present are acceptable, noted Harkins...................."


 

 

Defence Review: Cyber-war – another new frontier for conflict opens

Paul Cornish

http://www.telegraph.co.uk/news/newstopics/politics/defence/8008520/Defence-Review-The-Services-have-a-fight-on-their-hands-but-who-is-the-biggest-enemy.html

 

Excerpt:

".............The “Clickskrieg” was especially disabling for a country that was a pioneer of electronic government and prompted the creation of Nato’s cyber defence centre in Tallinn. During the Russo-Georgian conflict over South Ossetia in 2008 it again became clear that private computing power had been coordinated for strategic effect....................."


 

 

Increased attacks on Malaysian websites detected

http://thestar.com.my/news/story.asp?file=/2010/9/8/nation/20100908115850&sec=nation

 

Excerpt:

"............There has been an increase in web defacement activities targetting Malaysian websites, says the Malaysian Communications and Multimedia Commission (MCMC).  It said in a statement that the number of defaced websites had increased from 168 cases for the whole of August to 262 cases recorded in the first week of September alone................"


 

 

 

Cyber Threats: Beyond Entertainment Value!

Dirk Zwart

http://www.sys-con.com/node/1523540

 

Excerpt:

"..............On June 8th, 2010 the National Public Radio (NPR) broadcast a debate by the public charity Intelligence Squared U.S. (IQ2US) entitled “The Cyber War Threat Has Been Grossly Exaggerated.” The show’s format is based on the traditional Oxford-style debate, with one side proposing and the other side opposing a sharply-framed motion..............."


 

 

India second worst victim of cyber crime

http://www.hindustantimes.com/StoryPage/Print/597642.aspx

 

Excerpt:

"............Computer security firm Symantec on Wednesday reported that about two thirds of the world's Internet users have fallen victim to cybercrime and few think crooks will be caught. China was tops when it came to online victims, with 83 per cent of Internet users there having been hit by computer viruses, identity theft, online credit card fraud or other crimes, according to a Norton Cybercrime Report................."


 

 

Internet Censorship, Here and Over There

Michael Scott Moore

http://www.miller-mccune.com/politics/internet-censorship-here-and-over-there-22052/

 

Excerpt:

"..............Uproar this year over an “Internet Kill Switch” bill has largely subsided because the legislation has stalled in the Senate. The summer controversy focused on a proposed presidential power to declare a national emergency and shut down parts of the Web dealing with “critical infrastructure,” for up to four weeks — which under a willing White House legal adviser, critics said, might lead to Chinese-style Web censorship for political enemies..............."


 

 

Symantec: Nearly Two-Thirds of Users Hit by Cyber-Crime

Brian Prince

http://www.eweek.com/c/a/Security/Symantec-Nearly-23-of-Users-Hit-by-CyberCrime-792448/

 

Excerpt:

".............According to "The Norton Cybercrime Report: The Human Impact" 65 percent of about 7,000 users globally that were surveyed reported falling victim to cyber-crimes ranging from online credit card fraud to having their machines infected with malware. In the United States that figure was 73 percent. China led the way with 83 percent, while Brazil and India were tied at 76 percent................"


 

 

Microsoft Releases Free Cyber-Security E-Book

Jason Fitzpatrick

http://www.lifehacker.com.au/2010/09/microsoft-releases-free-cyber-security-e-book/

 

Excerpt:

".............Microsoft has released a free — and lengthy! — e-book covering a wide range of security topics. Although intended for teenagers, the book offers a solid enough look at using the internet safely, and it’s suitable for anyone who needs a primer on internet security................"


 

 

 

70 percent of S'pore Net users hit by cybercrime

Tyler Thia

http://www.zdnetasia.com/70-percent-of-s-pore-net-users-hit-by-cybercrime-62202807.htm

 

Excerpt:

"............70 percent of Internet users in Singapore have fallen prey to cybercrimes, which is slightly higher than the global average of 65 percent. Four in 10 people have never fully resolved the issue, and many are suffering in silence, according to a new report by security vendor Symantec................."


 

 

 

Fake website 'takes seconds' to set up

Kevin Peachey

http://www.bbc.co.uk/news/business-11372689

 

Excerpt:

"................Mr Holman said that it was "extremely simple" for people to clone a legitimate website in order to sell fake products, but there were different levels of sophistication to trick internet users.  Other fraudsters have used links to "bargains" sent via social networking sites, internet forums and in e-mails, which also prove to be fake or are used to fish for people's banking details.............."


 

 

Norman Describes Cyber Criminal Behavior at Cyber Security 2010

John Callahan

http://www.prnewswire.com/news-releases/norman-describes-cyber-criminal-behavior-at-cyber-security-2010-103282079.html

 

Excerpt:

"..............Norman ASA, a leading security company, today announced that Righard Zwienenberg, Chief Research Officer, will speak on cyber criminal behavior and strategies at the Cyber Security 2010 event, Sept. 22-23, Brussels, Belgium. The theme of the conference is "Protecting Critical National Infrastructure from the Cyber Threat." The event will be attended by leaders from government, international organizations and the private sector................"


 

 

US eyes NATO-powered cyber shield

AHARON ETENGOFF

http://www.tgdaily.com/security-features/51627-us-wants-nato-powered-cyber-shield

 

Excerpt:

".............US Deputy Defense Secretary William Lynn believes NATO must construct a "cyber shield" to protect critical Alliance infrastructure from hostile digital threats.  "Cyber security is a [vital] element [and] the Alliance has a crucial role to play in extending a blanket of security over our networks," Lynn explained during a recent conference in a statement quoted by AFP................"


 

 

Nations, Companies Should Prepare for Cyberwar, Experts Say

Grant Gross

http://www.pcworld.com/businesscenter/article/205773/nations_companies_should_prepare_for_cyberwar_experts_say.html

 

Excerpt:

"..............Many people have called the 2007 attacks on Estonian banks, media outlets and government ministries an early example of cyberwar, but using a legal definition, they were not, said Eneken Tikk, head of the legal and policy branch of the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. She defined cyberwar as an attack that would cause the same type of destruction as the traditional military, with military force as an appropriate response..............."


 

 

 

SCADA worm a 'nation state search-and-destroy weapon'

Dan Goodin

http://www.itworld.com/government/121315/was-stuxnet-built-attack-irans-nuclear-program

 

Excerpt:

'.....he cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something. At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat....."


 

 

 

Information security and the balanced scorecard

Jamil Farshchi and Ahmad Douglas

http://www.itworld.com/print/121196

 

Excerpt:

"..............But can an excellent information security program create value? Perhaps the first step to implementing a successful plan is defining success. Many organizations, especially those harshly constrained by regulatory compliance and public scrutiny, define success as the absence of a significant, widely publicized event. Los Alamos National Laboratory was in the same situation: Our security program was deemed a success as long as it kept incidents to a minimum and those that did occur were of low enough severity to satisfy our regulating authority................"


 

 

Botnet operators shift locations

Shaun Nichols

http://www.v3.co.uk/v3/news/2270261/botnet-operators-shift

 

Excerpt:

'....M86 Security said that 5,000 new spam domains have been traced back to two Russian registrars in the past month. Among those who have moved to Russian providers are the operators of the Zeus malware.  "It used to be Chinese registrars, and now it has been a pretty dramatic shift," Bradley Anstis, vice president of technology strategy at M86 Security, told V3.co.uk......'


 

 

Kaspersky Lab provides its insights on Stuxnet worm

Kaspersky Lab

http://www.kaspersky.com/news?id=207576183

 

Excerpt:

'.....Kaspersky Lab's experts believe that Stuxnet manifests the beginning of the new age of cyber-warfare.We believe this type of attack could only be conducted with nation-state support and backing.  "I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyber-weapons and cyber-wars," said Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab. Speaking at the Kaspersky Security Symposium with international journalists in Munich, Germany, Kaspersky described Stuxnet as the opening of "Pandora's Box.".....'


 

 

 

Stuxnet Under the Microscope

ESET

http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf

 

Excerpt:

'....A high volume of detections in a single region may mean that it is the major target of attackers. However, multiple targets may exist, and the promiscuous nature of the infective mechanism is likely to targeting detail. In fact, even known infection of a SCADA site isn’t incontrovertible evidence that the site was specifically targeted. It has been suggested that malware could have been spread via flash drives distributed at a SCADA conference or event (as Randy Abrams pointed out in a blog http://blog.eset.com/2010/07/19/which-army-attacked-the-power-grids. Even that would argue targeting of the sector rather than individual sites, and that targeting is obvious from the payload. Distribution, however, is influenced by a number of factors apart from targeting, such as local availability of security software and adherence to good update/patching practice. Furthermore, our statistics show that the distribution of infections from the earliest days of detection shows a steep decline even in heavily-affected Iran in the days following the initial discovery of the attack, followed by a more gradual decline over subsequent months. ......'


 

 

The Rise of PDF Malware

Karthik Selvaraj and Nino Fred Gutierrez

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_rise_of_pdf_malware.pdf

 

Excerpt:

'....The amount of malicious PDFs seen in the wild has increased dramatically over the last 3 years. This is due to the success that malware authors are attaining via PDF distribution. The threat landscape is not homogenous in that there are many different types of PDFs and different ways in which malicious PDFs are used to compromise computers. To really understand the PDF threat landscape we need to discuss different methods of distribution for these malicious PDFs as well as the different types of PDFs that are being seen in the wild.......'


 

 

Saudi Arabians Will Soon Need A License To Blog

Alexia Tsotsis

http://techcrunch.com/2010/09/23/saudi-arabians-will-soon-need-a-license-to-blog/

 

Excerpt:

'....While the Saudi government has arrested bloggers critical of Saudi life and censored activist Twitter pages in the past, this is the first attempt at regulating online media as a whole. As blogging becomes more popular, Saudi Arabian authorities are starting to treat it with the same caution and restriction applied to traditional media in the country.......'


 

 

Israel used cyber weapon to disrupt Iran's nuclear reactor

Homeland Security Newswire

http://homelandsecuritynewswire.com/experts-israel-used-cyber-weapon-disrupt-irans-nuclear-reactor

 

Excerpt:

'....The reason the Israeli planes, commandos, and several rescue helicopters were able to enter Syria, accomplish their mission, and retreat without notice was that Israel opened a new chapter in warfare: it used sophisticated software attacks on Syria’s electrical grid – made more effective by Israeli-designed microchips with “back doors” planted in Syria’s radar and command-and-control computers – completely to blind the Syrian military and government for about an hour an half.......'


 

 

Seeing The Internet As An 'Information Weapon'

Tom Gjelten

http://www.npr.org/templates/story/story.php?storyId=130052701

 

Excerpt:

'....So why is there no arms control measure that would apply to the use of cyberweapons?  It is not for lack of attention to the issue. Government and military leaders around the world have warned that the next world war is likely to be fought at least partly in cyberspace, and cyber "disarmament" discussions have been under way at the United Nations for more than a decade and more recently at the International Telecommunications Union, the leading U.N. agency for information technology issues.......'


 

 

Google Warning Gmail Users: China Spied on Your Account

Athima Chansanchai

http://gawker.com/5646498/google-warning-gmail-users-china-spied-on-your-account

 

Excerpt:

'....Threatpost says the users affected seem to be pretty randomly distributed—they found everyone from a privacy advocate, to the editor of a marketing blog, to doctors and gamers had been affected. The warning includes the IP address used to access the user's account, and a recommendation to change their password. (You've been able to check a log of who's accessed your account for a while, but Google has taken an extra step by actively warning users whose accounts have specifically been accessed by a Chinese IP address.).....'


 

 

Iran nuclear experts race to stop spread of Stuxnet computer worm

Peter Beaumont

http://www.guardian.co.uk/world/2010/sep/26/iran-stuxnet-worm-nuclear

 

Excerpt:

'....Computer security experts who have studied Stuxnet since it emerged two months ago believe it was designed specifically to attack the Siemens-designed working system of the Bushehr plant and appears to have infected the system via the laptops and USB drives of Russian technicians who had been working there.  Western experts say the worm's sophistication – and the fact that some 60% of computers infected appeared to be in Iran – pointed to a government-backed attack.  Although the worm has turned up in other countries since first appearing in July – including Indonesia and the US – the frequency of its appearance in Iran has suggested the country was the intended victim of the cyber-warfare attack, with some analysts speculating that Israel might be behind it.......'


 

 

 

Iran successfully battling cyber attack

Iranian news agency Mehr

http://www.mehrnews.com/en/NewsDetail.aspx?NewsID=1158506

 

Excerpt:

'....According to Associated Press, a complex computer worm dubbed Stuxnet has infected many industrial sites in Iran and is capable of taking over power plants.  The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday.  “An electronic war has been launched against Iran,” Mahmoud Liaii added. “This computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,” he said.......'


 

 

Cyberfraud Ring Dismantled in Ukraine

Lucian Constantin

http://news.softpedia.com/news/Cyberfraud-Ring-Dismantled-in-Ukraine-157991.shtml

 

Excerpt:

'....A group of five hackers were arrested by Ukrainian authorities this month under suspicion of stealing millions from the bank accounts of foreign companies.HostExploit reports that local authorities believe the group might be responsible for stealing $1 million from the accounts of Sony Europe alone.  When raiding the hackers' hideout, the police seized servers, computers, printers, stamps, forms, credit cards, fake documents, fake passports and 350 thousand dollars.......'


 

 

Cyber Attacks Test Pentagon, Allies and Foes

SIOBHAN GORMAN and STEPHEN FIDLER

http://online.wsj.com/article/SB10001424052748703793804575511961264943300.html

 

Excerpt:

'....More than 100 countries are currently trying to break into U.S. networks, defense officials say. China and Russia are home to the greatest concentration of attacks.  The Pentagon's Cyber Command is scheduled to be up and running next month, but much of the rest of the U.S. government is lagging behind, debating the responsibilities of different agencies, cyber-security experts say. The White House is considering whether the Pentagon needs more authority to help fend off cyber attacks within the U.S.......'


 

 

Malware Infections Market

Team Cymru

http://www.team-cymru.com/ReadingRoom/Whitepapers/2010/Malware-Infections-Market.pdf

 

Excerpt:

'....What happens however if a third-party application like winzip, Flash or the PDF reader contains vulnerabilities? In some cases the application itself might have asked the user to update to a newer version. Not everyone might realize that the programs on their system, whether it is a desktop computer or phone, pose an equal security risk as the operating itself. Just recently Apple found a vulnerability on their IOS platform where the PDF implementation could cause the iPhone or iPad to become compromised. ......'


 

 

USB drive identifies and extracts data, leaving no footprint

Help Net Security

http://www.net-security.org/secworld.php?id=9915

 

Excerpt:

'...."This is a true breakthrough for the military, intelligence, and law enforcement communities that provide advanced computer forensics in the field without leaving a telltale footprint behind," said Richard White, vice president, Advanced Information Solutions, Harris Government Communications Systems. "The BlackJack solution is lightning-fast, durable and has the potential for application in other markets, including corporate computer forensics."......'


 

 

DHS Launches Cyber Attack Exercise

J. Nicholas Hoover

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500797

 

Excerpt:

'....With cybersecurity continuing to heat up as a national defense priority, Cyber Storm III will give the government a chance to see how ready it's processes and people really are in protecting the nation and Internet against malicious hackers. "So much of the cyber mission space is about collaboration, and every once in a while you've got to kick the tires to see how well it works," Bobbie Stempfley, director of DHS' National Cyber Security Division, said in a meeting with reporters last week.......'


 

 

Mass cyber attack paralyses Burmese media

FRANCIS WADE

http://www.dvb.no/elections/mass-cyber-attack-paralyses-burmese-media/11932

 

Excerpt:

'....t mirrors a similar incident in 2008 on the first anniversary of the uprising, also known as the Saffron Revolution, which became Burma’s biggest show of defiance since the 1988 student protests.  Websites belonging to The Irrawaddy magazine, Mizzima and DVB – all exiled media groups founded by former activists – were today attacked using DDoS, or distributed denial-of-service, which fires thousands of malformed web connections against the site.......'


 

 

CIA used 'illegal, inaccurate code to target kill drones'

Chris Williams

http://www.theregister.co.uk/2010/09/24/cia_netezza/

 

Excerpt:

'....The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA's clandestine war against senior jihadis in Afganistan and Pakistan.  The dispute surrounds a location analysis software package - "Geospatial" - developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline.......'


 

 

 

The Big Picture of the Security Incident Cycle

Lenny Zeltser

https://blogs.sans.org/computer-forensics/2010/09/27/digital-forensics-security-incident-cycle/

 

Excerpt:

'....Speaking at the US Digital Forensic and Incident Response Summit 2010, Richard Bejtlich discussed the topic of CIRT-Level Response to Advanced Persistent Threat. His talk focused on the unique challenges of handling APT incidents that span years, not days. The presentation (PDF) included a slide that outlined the structure of the Computer Incident Response Team (CIRT) group that Richard built at General Electric to support the security incident cycle. I’ll refer to this diagram; however, my interpretation might differ from that of Richard, as I do not recall the specific details he shared with the audience when discussing this slide.......'


 

 

 

No govt defence against cyber attacks

Darren Pauli

http://www.zdnet.com.au/no-govt-defence-against-cyber-attacks-339306238.htm

 

Excerpt:

'...."To be honest, we struggle to defend our own systems from the current threats — the idea that we can extend the envelope to protect the mining industry's SCADA (Supervisory Control and Data Acquisition) or the banking industry just doesn't fly," Rothery said. "The people that will defend Westpac will be from Westpac, and Telstra will use people from Telstra. It won't be the Australian Army or Signals Corps.".......'


 

 

 

Cheap hardware infects govt agencies

Darren Pauli

http://www.zdnet.com.au/cheap-hardware-infects-govt-agencies-339306199.htm

 

Excerpt:

'....ohnston told ZDNet Australia that he intends to push a ban on government agencies shirking expensive but trusted technology brands for cheap white-box goods after unnamed departments had discovered backdoor malware in computers, servers and processor chips.  Backdoor malware can provide an access point through which criminals can access and steal data, often silently. Figures released by the Australian Communications and Media Authority last week point to over 30,000 computers reportedly taking part in botnet activity every day.......'


 

 

Australian Government

Information Security Manual

http://www.dsd.gov.au/_lib/pdf_doc/ism/ISM_Sep09_rev1.pdf

 

Excerpt:

'....The cyber security threat is not an emerging threat – it is here with us now.  Global Internet-connectivity provides the opportunity for our Internet-connected systems to be exploited from anywhere in the world. Furthermore, the Internet readily provides information about vulnerabilities and how to exploit them. Consequently, the capabilities of malicious entities on the Internet continue to grow, posing a serious and persistent threat to the security of government information and systems.  All government department and agency heads are responsible for the security of the information their personnel handle in their daily business and operations. Each department and agency is not only entrusted with the protection of its own information, but must also ensure information provided by private and government individuals and organisations, including international partners, is protected to the same standard as their own information.......'


 

 

Comcast takes free anti-botnet service nationwide

Elinor Mills

http://news.cnet.com/8301-27080_3-20018168-245.html

 

Excerpt:

'....Comcast is announcing today that it will be offering all of its Internet customers a free service that alerts them if it appears that their computer is infected with botnet malware. The cable giant, which is the largest residential ISP in the U.S., began a trial of the botnet detection service a year ago in Denver. Now, Comcast will be rolling it out to the rest of its more than 16 million Xfinity Internet customers over the next few months.......'


 

 

There is no Plan B: why the IPv4-to-IPv6 transition will be ugly

Iljitsch van Beijnum

http://arstechnica.com/business/news/2010/09/there-is-no-plan-b-why-the-ipv4-to-ipv6-transition-will-be-ugly.ars

 

Excerpt:

'.....Across the computing industry, we spend enormous amounts of money and effort on keeping older, "legacy" systems running. The examples range from huge and costly to small and merely annoying: planes circle around in holding patterns burning precious fuel because air traffic control can't keep up on systems that are less powerful than a smartphone; WiFi networks don't reach their top speeds because an original 802.11(no letter), 2Mbps system could show up—you never know. So when engineers dream, we dream of leaving all of yesterday's technology behind and starting from scratch. But such clean breaks are rarely possible......'


 

 

 

Brussels calls for tougher laws on cyber-crime

Business Video News

http://business-video.tmcnet.com/news/2010/09/30/5040037.htm

 

Excerpt:

'....The European Commission is therefore proposing that EU states update the rules by outlawing remote attacks -- the so-called "robot nets" or "botnets" -- and the creation of the software which runs them, and imposing a maximum jail term of two years on offenders.......'


 

 

 

Cyber[Crime|War] Linking State Governed Cyber Warfare with Online Criminal Groups

Iftach Ian Amit

https://media.blackhat.com/bh-eu-10/whitepapers/Amit/BlackHat-EU-2010-Amit-Cyber-%5BCrime_War%5D-Connecting-the-dots-wp.pdf

 

Excerpt:

Cyber warfare (i.e. government warfare conducted over the internet), on the other hand, hasn't drawn considerable media attention1, mostly because of lack of evidence connecting

cyber attacks with government policy or actions. In some circles cyber warfare is not even considered a serious topic of discussion, being closely associated with conspiracy theories......'


 

 

Man linked to stolen bank data found dead in Swiss prison

http://www.reuters.com/article/idUSLDE69019120101001

 

Excerpt:

'....A number of compact discs said to contain confidential data on tax evaders have been offered to German authorities.The most prominent case resulted in German investigators searching Credit Suisse (CSGN.VX)(CS.N) offices in the country in July after analysing a disc bought from a whistleblower said to have the names of 1,500 alleged tax cheats....'


 

 

More than 100 arrests, as FBI uncovers cyber crime ring

http://www.bbc.co.uk/news/world-us-canada-11457611

 

Excerpt:

'....More people were detained in Ukraine and the UK, local police said. The FBI said the arrests were part of "one of the largest cyber criminal cases we have ever investigated".....'


 

 

Cyber-War Gets Real, and a Beltway Brawl Begins

Robert McGarvey

http://www.internetevolution.com/author.asp?section_id=852&doc_id=197590

 

Excerpt:

'....The White House, per stories in The Washington Post and Reuters, has begin circulating draft legislation that would give the president authority to declare a national emergency in the event of a cyber-attack; and, in anticipation of that, the bill also gives the president authority to review the IT security plans of big corporations and force them to toughen up vulnerabilities before an attack occurs.....'


 

 

 

Chinese hackers to target games site

Shashank Shekhar

http://www.mid-day.com/sports/2010/sep/280910-Delhi-CWG-site-Chinese-hackers.htm

 

Excerpt:

'....Security agencies, which are aggressively patrolling the cyber space, have recently witnessed a sudden spurt in traffic coming from China and they expect hackers to start attacks when the Games begin as during this period citizens of Commonwealth countries will be visiting the CWG website. ......'


 

 

Gurgaon tops cyber crime list

Vineet Gill,

http://timesofindia.indiatimes.com/city/gurgaon/Gurgaon-tops-cyber-crime-list/articleshow/6674003.cms

 

Excerpt:

'....The city faces at least 40 cases of cyber crime every day and only about 10% get reported. To make it worse, the citys cyber cell has managed to register only 120-odd cases since January 2010. Pavan Duggal, a prominent cyber crime lawyer, blames the rise on the fledgling infotech sector.....'


 

 

DDoS Attack Knocks Out Gallant Macmillian, Ministry of Sound

Thomas Mennecke

http://www.slyck.com/news.php?story=2070

 

Excerpt:

'.....Why are these three sites targeted you ask?Because Anonymous has an axe to grind with UK solicitor Gallant Macmillan. In their statement preceding the attack, parallels were drawn between the file-sharing litigation work of Macmillan and ACS:Law's Andrew Crossley. For better or worse, Anonymous is using DDoS attacks as a way to fight back against the threat they perceive......'


 

 

European Commission Proposes New Anti-Cyber Crime Rules

http://ohsonline.com/articles/2010/10/03/10-european-commission-proposes-new-cyber-crime-rules.aspx

 

Excerpt:

'....The proposal will punish those who build, use, and sell tools and software designed to carry out cyber attacks, which have increased and grown more costly in recent years.......'


 

 

Canada's Cyber Security Strategy

http://www.publicsafety.gc.ca/prg/em/cbr/_fl/ccss-scc-eng.pdf

 

Excerpt:

'....Cyberspace is the electronic world created by interconnected networks of information technology and the information on those networks. It is a globalcommons where more than 1.7 billion people are linked together to exchange ideas, services and friendship.......'


 

 

Bill Aims to Close Cyber Infrastructure Vulnerabilities

Jim Langevin

http://langevin.house.gov/issues/homeland/2010/09/bill-aims-to-close-cyber-infrastructure-vulnerabilities.shtml

 

Excerpt:

'....“Much of our critical infrastructure lies in private hands that are often driven by profit motives, not security,” said Langevin, founder and co-chair of the House Cybersecurity Caucus. “A lack of regulation on the security of control devices has led to a system that discourages open reporting of problems and rewards ignoring potentially critical concerns. Unfortunately, our government currently lacks the authority to adequately protect ....'


 

 

EU responds to threat of 'zombie computers'

ANDREW RETTMAN

http://euobserver.com/13/30933

 

Excerpt:

'....EUOBSERVER / BRUSSELS - The EU's anti-cyber-crime agency Enisa will in future work with Europol to help track down hackers and the creation of botnets or "zombie computers" is to be made illegal under new proposals from the European Commission.....'


 

 

Botnets: the new battleground of cybercrime

Jon Thompson

http://www.techradar.com/news/internet/botnets-the-new-battleground-of-cybercrime-719804

 

Excerpt:

'....Cloaked by increasingly sophisticated security, these so-called botmasters dodge justice to claim bragging rights from their peers – and, of course, to make a fortune by renting their creations to hardened criminals......'


 

 

New Service to Protect Networks from Botnets

Thor Olavsrud

http://www.esecurityplanet.com/news/article.php/3906556/New-Service-to-Protect-Networks-from-Botnets.htm

 

Excerpt:

'...."With our threat data and algorithms, we can easily observe the impact of botnets," said Gopala Tumuluri, chief technology officer (CTO) at Nominum. "We've seen bots on the attack, instantly spiking DNS bandwidth consumption, and identified squadrons of bot-infected devices. Network owners can act on this information and sever connections to botnet command and control resources to improve the resistance of their DNS, the health of their network and the overall end-user experience."......'


 

 

Digital Agenda: Commission proposal to strengthen and modernise European Network and Information Security

http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/10/459&format=HTML&aged=0&language=EN&guiLanguage=en

 

Excerpt:

'......The main objective of today's proposal is to reinforce network and information security in Europe by enabling the EU, Member States and stakeholders to develop a high degree of capability and preparedness to prevent, detect and better respond to network and information security problems. A modernised ENISA will play an important role in boosting trust, which underpins the development of today's digital society and economy, by enhancing the security and privacy of users. This will help make European businesses more competitive and strengthen the development of the Single Market......'


 

 

Audit finds Vic SCADA systems vulnerable

Darren Pauli

http://www.zdnet.com.au/audit-finds-vic-scada-systems-vulnerable-339306439.htm?

 

Excerpt:

'....The report stated that Victoria's water agencies lack an effective means to manage or avert the risks posed to central infrastructure control systems. It says the security of SCADA systems is inadequate and must be upgraded to meet the threats posed by networked environments, which had not previously been a consideration when the systems were offline and isolated.......'


 

 

 

The growing security risk of fibre tapping

Stuart Sumner

http://www.computing.co.uk/computing/analysis/2270985/growing-security-risk-fibre

 

Excerpt:

'.....Corporate datacentres, with their vast stores of business-sensitive information, present a tempting target for criminal groups. Unfortunately for the would-be cyber crook, today’s enterprise security systems are so sophisticated that hacking into an enterprise datacentre is nigh on impossible.


 

 

Russia detains suspect in carding, online fraud scheme

Jeremy Kirk

http://www.computerworld.com/s/article/9189460/Russia_detains_suspect_in_carding_online_fraud_scheme

 

Excerpt:

'....The group -- whose members also included Russian and Armenian nationals -- stole money from the accounts of 17 Russian credit organizations as well as foreign banks, causing more than $660,225 in damages.......'


 

 

Inside the Pentagon's cyber war games

Tom Patterson

http://gcn.com/Articles/2010/10/07/Inside-Pentagon-cyber-war-game.aspx

 

Excerpt:

'....ust to be clear, these war games are about the real effects of a cyberwar, not bloody Call of Duty avatars or losing your Second Life. This is about clever bad guys using bits and bytes to confuse, dissuade or shut-down people and systems, on the battlefield and across America.......'


 

 

Russian talent turning to cybercrime

Anastasia Ustinova

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10679112

 

Excerpt:

'....The FBI last week charged 37 suspects from Russia, Ukraine and other eastern European countries of using a computer virus to hack into US bank accounts. "The number of hackers reflects how many good engineers we potentially have in this country," said Vladimir Dolgov, the president of Google in Russia.......'


 

 

U.S. implements president's cybersecurity recommendations

http://homelandsecuritynewswire.com/us-implements-presidents-cybersecurity-recommendations

 

 

Excerpt:

'....GAO reports that of the 24 recommendations included in the president's May 2009 cyber policy review report, 2 have been fully implemented and 22 have been partially implemented; the two fully implemented recommendations involve appointing within the National Security Council (NSC) a cybersecurity policy official (Special Assistant to the President and Cybersecurity Coordinator) responsible for coordinating the U.S. cybersecurity policies and activities, and a privacy and civil liberties official. Examples of partially implemented recommendations include.....'