Archive for October 2011

4 Cyberattacks Cost DoE At Least $2 Million: Number of Identified Weaknesses Up by 60% in Year

The Department of Energy’s non-classified IT systems have recently come under successful cyberattacks at least four times, costing the department more than $2 million, the DoE inspector general said in an audit made public Monday.
The report, part of the department’s annual Federal Information Security Management Act review, didn’t provide details on the cyberattacks, except to peg the cost of three of the four breaches at over $2 million.

“As noted by recent successful attacks at four department locations, exploitation of vulnerabilities can cause significant disruption to operations and/or increases the risk of modification or destruction of sensitive data or programs, and possible theft or improper disclosure of confidential information,” Inspector General Gregory Friedman wrote in the report.

In July, a sophisticated cyberattack shut down Internet and e-mail services at the Pacific Northwest National Laboratory, an Energy Department facility that conducts IT security research.

Though DoE had expanded efforts to mitigate these risks in the last fiscal year, which ended Sept. 30, more steps must be taken to strengthen department IT from attackers seeking to exploit vulnerabilities in applicatons and products, the inspector general audit said.


Cyberattack Closes Energy Department Lab

A sophisticated cyberattack has shut down Internet and e-mail services at the Pacific Northwest National Laboratory, an Energy Department facility that conducts IT security research.

An Energy Department spokesman was unavailable for comment, but a posting on Twitter by the lab Wednesday stated: “A sophisticated cyberattack has shut down Internet and e-mail at PNNL. Full access will be restored once we can repel further attacks.”

As of midmorning Friday EDT, the Pacific Northwest website remained down.

According to the Department of Homeland Security’s Daily Open Source Infrastructure Report, citing local media, Pacific Northwest shuttered its website and blocked incoming e-mail after discovering on July 1 that it was targeted in a highly sophisticated cyberattack.

The report said no classified information was compromised. The lab’s website was backed up. Its external e-mail service was not scheduled to be restored until the lab staff fully diagnosed what occurred and added any needed security patch, the DHS report said.

The DHS report cites a Pacific Northwest spokesman as saying the lab’s external computer network averages 4 million unauthorized access attempts each day.


Whole new industries being created with vast amounts of new data becoming available

As computers, databases and networks come to intermediate almost every aspect of modern human life, the volume of electronic breadcrumbs generated from our daily activities and transactions has exploded. Academic researchers, marketers, governments, and social scientists are all clamoring to record, save and crunch all that information to gain new insights in order to move society, as well as their own interests, forward.

The big questions: How should they responsibly handle it all, and how can they intelligently interpret what they find?

It’s a question that is so profound that it’s going to take decades to figure out, if at all. Some people are calling this next stage of the information revolution the “industrial revolution of data.” The Economist notes, “The effect is being felt everywhere, from business to science, from government to the arts.”

Indeed, two influential researchers Danah Boyd of Microsoft Research and Kate Crawford of the University of New South Wales in Australia predict that “Big Data,” as the phenomenon is being called, will realign our fundamental assumptions and operations in life, just as Henry Ford’s revolutionary automation of making products “produced a new understanding of labor, the human relationship to work, and society at large.”

“Big Data,” and its implications for society are a big theme among the technorati these days. This week, for example, the theme for the big Web 2.0 Summit in San Francisco was focused on this very issue. When introducing the conference on Monday, conference co-chair and publisher Tim O’Reilly used a vivid example to illustrate the point: Google’s self-driving car is only able to do what it can do because all the equipment it is decked out with is gathering and processing huge amounts of information to navigate.

From TPM IdeaLab:

DARPA lets you design the next generation of miniature surveillance drones

At first glance it seems like a fairly routine military tech project: DARPA, the Defense Advanced Research Projects Agency, is developing a miniature unmanned air vehicle that can be carried into the field in a rucksack and sent out to a remote urban location, where it will find a spot from which to perch and transmit surveillance video.

The technology for this vulture-like “Perch and Stare” device is within reach, but DARPA has taken a rather extraordinary approach to getting the concept into production.

Rather than contracting out with domestic research institutions or defense industry companies, DARPA has extended a welcome mat to everyone around the world through an elaborately crowd-sourced competition called UAVForge, which launched last May.

From TPM:

American Drones Are Infected with a Computer Virus

Love the idea of the US being patrolled by the same type of pilot-less drones that keep accidentally attacking innocent people in Afghanistan? Then you should reaally appreciate this story…

A virus has infected America’s drone fleet, Wired’s Noah Shachtman reports. It logs every keystroke operators type from their base in Creech Air Force Base in Nevada, but that hasn’t halted their missions. Though the military hasn’t found any incidents of the virus sending information to an outside source, they haven’t been able to get rid of it. Shachtman explains:
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech.

The U.S. has increasingly relied on drones to carry out the war on terror in Afghanistan in recent years. Al Qaeda YouTube preacher Anwar al-Awlaki was killed last month by a drone strike in Yemen.

Coming to your neighborhood soon…
From Yahoo news:

Government and ISPs At Odds Over Fighting Malware “Botnets”

Both the U.S. government and the country’s internet service providers (ISP) agree that botnets are among the greatest threats facing Web users.

But they can’t yet agree on what to do about it, because the ISPs aren’t exactly the biggest fans of a government document calling for them to establish voluntarily, industry-wide standards for detecting and fighting threats.

That was the major, unfortunate conclusion that came out of a contentious panel discussion on Tuesday featuring the White House cyber security coordinator, cyber experts at the Department of Homeland Security and the Department of Commerce and an ISP industry trade representative.

The U.S. government defines botnets as collections of compromised computers that are remotely controlled by a malevolent party. The networks are often used to launch crippling attacks against third parties online.

A recent study by Microsoft found the U.S. leads the world in terms of the number of computers infected with botnet malware, 2.2 million, compared to second-place Brazil’s 500,000. Globally, McAfee reported in late 2010 that it was seeing an average of 6 million new botnet infections every month.

From TPM IdeaLab at