Archive for July 2014

German utility says don’t underestimate threat of cyber attacks

In an interview with the news agency, Stadtwerke Ettlingen’s Eberhard Oehler said that a simulated attack on the utility had revealed how easy it would be to hack into the energy company’s network through its IT grid.

Felix Lindner, head of IT security company Recurity Labs, who conducted the cyber attack in November 2014, said he gained access to Stadtwerke Ettlingen’s control room and could have “switched off everything: power, water and gas” for the town of Ettlingen, home to 40,000 people in the south of Germany.

Mr Oehler said: ”The experiment has shown that sensitive, critical infrastructure is not sufficiently protected.”

As more components of an energy company’s infrastructure come online, including smart meters, concerns are increasing about the vulnerability of hackers tapping into customer and utility data.

Full story from Metering.com by clicking here…

Malware that fleeced banks for $100 million returns a month after U.S. crackdown

Malicious software used to steal millions from bank accounts has re-emerged a month after U.S. authorities broke up a major hacker network using the scheme, security researchers say.

The security firm Malcovery said it identified a new trojan based on the Gameover Zeus malware, which officials said infected up to one million computers in 12 countries, and was blamed in the theft of more than $100 million.  By infecting large numbers of computers, the cyber criminals were able to control the devices to steal passwords and send out emails to further spread the infection.  In a status report filed in court, officials said that “all or nearly all of the active computers infected with Gameover Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to court order.”

A blog post by the security firm Emsisoft said the new variant may be harder to combat, because it is using “an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers.”

Gameover Zeus, which first appeared in September 2011, stole bank information and other confidential details from victims.  The FBI blamed the Gameover Zeus botnet for the theft of more than $100 million, obtained by using the stolen bank data and then “emptying the victims’ bank accounts and diverting the money to themselves.”

Russian Evgeniy Mikhailovich Bogachev, 30, an alleged administrator of the network, was charged in Pittsburgh, Pennsylvania, with 14 counts including conspiracy, computer hacking, bank fraud and money laundering in the Gameover Zeus and Cryptoblocker schemes.

More from RawStory.com by clicking here

NSA Internet Monitoring Found Legal In Bipartisan Study

The first time the bipartisan Privacy and Civil Liberties Oversight Board dissected a National Security Agency surveillance program, it found fundamental flaws, arguing in a January report that the NSA’s collection of domestic calling records “lacked a viable legal foundation” and should be shut down.

But in its latest study, the five-member board takes the opposite view of a different set of NSA programs revealed last year by former NSA systems administrator Edward Snowden.

The new report, which the board was to vote on Wednesday, found that the NSA’s collection of Internet data within the United States passes constitutional muster and employs “reasonable” safeguards designed to protect the rights of Americans.

The board, whose members were appointed by President Barack Obama, largely endorsed a set of NSA surveillance programs that have provoked worldwide controversy since Snowden disclosed them. However, the board’s report said some aspects of the programs raise privacy concerns meriting new internal intelligence agency safeguards.

Under a provision of the 1978 Foreign Intelligence Surveillance Act known as Section 702, the NSA uses court orders and taps on fiber optic lines to target the data of foreigners living abroad when their emails, web chats, text messages and other communications traverse U.S. telecommunications systems.

Section 702, which was added to the act in 2008, includes the so-called PRISM program, under which the NSA collects foreign intelligence from Google, Facebook, Microsoft, Apple and nearly every other major American technology company.

More from TalkingPointsMemo.com by clicking here