FBI chief warns that cyber crime is on par with terrorism

Posted on March 2, 2012 by admin

FBI director Robert Mueller warned a gathering of Internet security specialists that the threat of cyber attacks rivals terrorism as a national security concern.

The only way to combat cyber assaults is for police, intelligence agencies and private companies to join forces, Mueller said during a presentation at an annual RSA Conference in San Francisco on Thursday.

“Technology is moving so rapidly that, from a security perspective, it is difficult to keep up,” Mueller said. “In the future, we anticipate that the cyber threat will pose the number one threat to our country.”

It’s essential that private corporations and government agencies across the globe coordinate on cyber crime, Mueller said, in part because nefarious hackers are already forming alliances.

“We must work together to safeguard our property, to safeguard our ideas and safeguard our innovation,” Mueller said. “We must use our connectivity to stop those who seek to do us harm.”

Gone are the “good old days” of teenage boys hacking into websites for fun, Muller said. Today’s hackers are savvy and often work in groups, like traditional crime families.

Private sector computer security researchers have attributed waves of cyber assaults to nations out to steal government or business secrets.

“Once isolated hackers have joined forces to form criminal syndicates,” Mueller said.

More from RawStory.com: http://www.rawstory.com/rs/2012/03/02/fbi-chief-warns-cyber-crime-on-par-with-terrorism/

Posted in Cybersecurity Memo - Insiders Edition | Leave a comment

NASA Inspector Gen. Says Stolen Laptop Contained Space Station Control Codes

Posted on March 2, 2012 by admin

NASA “reported a loss or theft” of 48 computers between April 2009 and April 2011 including a laptop that was stolen in March 2011 containing “algorithms used to command and control the International Space Station.”

That laptop, like 99 percent of NASA’s portable computing devices, wasn’t encrypted.

But the case of the stolen laptop containing Space Station control codes is hardly the only cyber security issue plaguing NASA. In fact, the agency appears to be rife with security flaws.

“Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA’s Constellation and Orion programs. Moreover, NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the Agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files.”

More from TalkingPointsMemo.com @ http://idealab.talkingpointsmemo.com/2012/03/nasa-inspector-gen-says-stolen-laptop-contained-space-station-control-codes.php?ref=fpnewsfeed

Posted in Cybersecurity Memo - Insiders Edition | Leave a comment

White House and NSA weigh cybersecurity vs personal privacy

Posted on February 29, 2012 by admin

The National Security Agency has pushed repeatedly over the past year to expand its role in protecting private-sector computer networks from cyber-attacks, but has been rebuffed by the White House, largely because of privacy concerns.

The most contentious issue was a legislative proposal last year that would have required hundreds of companies that provide such critical services as electricity generation to allow their Internet traffic to be continuously scanned using computer threat data provided by the spy agency. The companies would have been expected to turn over evidence of potential cyber-attacks to the government.

NSA officials portrayed such measures as unobtrusive ways to protect the nation’s vital infrastructure from what they said are increasingly dire threats of devastating cyberattacks.

But the White House and the Justice Department argued that the proposal would permit unprecedented government monitoring of routine civilian Internet activity, according to documents and officials familiar with the debate. They spoke on the condition of anonymity to describe administration deliberations. Internal documents reviewed by The Washington Post backed these descriptions.

White House officials cautioned the NSA that President Obama has opposed cybersecurity measures that weaken personal privacy protections.

More at the Washington Post: http://www.washingtonpost.com/world/national-security/white-house-nsa-weigh-cyber-security-personal-privacy/2012/02/07/gIQA8HmKeR_story.html

Posted in Cybersecurity Memo - Insiders Edition | Leave a comment

Google announces privacy changes across products with no opt-out

Posted on January 24, 2012 by admin

Google said Tuesday it will follow the activities of users across e-mail, search, YouTube and other services, a shift in strategy that is expected to invite greater scrutiny of its privacy and competitive practices.

The information will enable Google to develop a fuller picture of how people use its growing empire of Web sites. Consumers will have no choice but to accept the changes.

The policy will take effect March 1 and will also impact Android mobile phone users, who are required to log in to Google accounts when they activate their phones.

The changes comes as Google is facing stiff competition for the sometimes fleeting attention of Web surfers. It recently disappointed investors for the first time in several quarters, failing last week to meet earnings predictions. Apple, in contrast, reported record earnings Tuesday, blowing past even the most optimistic expectations.

Google’s move appears to be aimed squarely at Apple and Facebook — titans of the tech industry that have been successful in keeping people within their ecosystem of products. Google, which makes money by selling targeted ads, is hoping to do the same by offering a Web experience tailored to personal tastes.

“If you’re signed in, we may combine information you’ve provided from one service with information from other services,” Alma Whitten, Google’s director of privacy, product and engineering wrote in a blog post.

“In short, we’ll treat you as a single user across all our products which will mean a simpler, more intuitive Google experience,” she said.

Google can track users when they sign into their accounts. It can also use cookies or find out where people are if they use a Google phone or its maps program. The company will now attempt to mix all of that information together into a single cauldron for each person.

From the Washington Post at: http://www.washingtonpost.com/business/technology/google-tracks-consumers-across-products-users-cant-opt-out/2012/01/24/gIQArgJHOQ_story.html

Posted in Cybersecurity Memo - Insiders Edition | Leave a comment

Protecting the Nation’s Electric Grid from Cyber Threats

Posted on January 23, 2012 by admin

Protecting the electric system from cyber threats and ensuring its resilience are vital to our national security and economic well-being. This is exactly why cybersecurity is one of four key themes in the White House’s Policy Framework for a 21st Century Grid. For obvious reasons, the private sector shares our interest in a safe and secure electric grid. The Administration has benefited from working closely with industry, including to develop the Roadmap to Achieve Energy Delivery Systems Cybersecurity, released by the Department of Energy last September.

To continue that close cooperation, last week Deputy Secretary of Energy Dan Poneman and I, along with senior officials from Department of Homeland Security, hosted industry leaders to discuss a new initiative to further protect the electric grid from cyber risks. This initiative — the Electric Sector Cybersecurity Risk Maturity Model Pilot — is a new White House initiative led by the Department of Energy, in collaboration with the Department of Homeland Security, to develop a model to help us identify how secure the electric grid is from cyber threats and test that model with participating utilities. Gaining knowledge about strengths and remaining gaps across the grid will better inform investment planning and research and development, and enhance our public-private partnership efforts.

Read more the U.S. White House blog:

Posted in Cybersecurity Memo - Insiders Edition | Tagged | Leave a comment

Bradley Manning and the next Security Paradigm: Insider Threats

Posted on December 27, 2011 by admin

Bradley Manning Had Secrets from Animate Projects on Vimeo.

Bradley Manning is an Army intelligence analyst accused of leaking thousands of U.S. diplomatic cables to Wikileaks. Depending on your perspective, he’s become a symbol for high tech whistleblowing, or dangerous cyber-crime. Either way, you should be paying attention to his pre-trial hearing, which unfolded this week. Manning’s case represents a convergence of issues that shed light on the future of lawbreaking and punishment.

Manning’s case is about a novel, but increasingly normal, way that secrets will be leaked to the media. The datadump Manning’s alleged to have handed over to Wikileaks seemed to have been the result of simply running a script to snarf up every piece of classified information he had access to.

Leaks in the era of big data will probably look a lot more like what we see on Wikileaks. People who want to expose bad behavior in their companies or governments will grab what they can and post it. Just as online journalism of the future will be less edited than paper journalism of the twentieth century, online leaks will be unedited too.

Check out the video: http://vimeo.com/animateprojects/bradleymanning

Story From IO9: http://io9.com/5869209/bradley-manning-and-the-future-of-punishment?tag=futurism

Posted in Cybersecurity Memo - Insiders Edition | Tagged | Leave a comment

US Chamber of Commerce hackers went undetected for one year

Posted on December 21, 2011 by admin

The U.S. Chamber of Commerce, the largest business lobbying group in the world, was hacked and all of the information stored on its computer systems was accessible to the hackers, who are suspected to have operated out of China. This, according to a stunning report published Wednesday in The Wall Street Journal.

A Chamber spokesperson told TPM in a statement that the Chamber could “confirm that the quotes and background information provided by the Chamber to the Journal are accurate.”

Even more worrisome, the brazen hack might have remained undetected for up to a year, according to The Journal’s report, which notes that the Chamber only became aware of the intrusion when it was alerted by the FBI.

From the Wall Street Journal:http://online.wsj.com/video/china-hackers-attack-us-chamber-of-commerce/A4DF072E-BD65-4063-ABFF-ECB6A9C0312C.html

Posted in Cybersecurity Memo - Insiders Edition | Tagged | Leave a comment

As expected: Police start to employ Predator drone spy planes in US

Posted on December 12, 2011 by admin

Armed with a search warrant, Nelson County Sheriff Kelly Janke went looking for six missing cows on the Brossart family farm in the early evening of June 23. Three men brandishing rifles chased him off, he said.

Janke knew the gunmen could be anywhere on the 3,000-acre spread in eastern North Dakota. Fearful of an armed standoff, he called in reinforcements from the state Highway Patrol, a regional SWAT team, a bomb squad, ambulances and deputy sheriffs from three other counties.

He also called in a Predator B drone.

As the unmanned aircraft circled 2 miles overhead the next morning, sophisticated sensors under the nose helped pinpoint the three suspects and showed they were unarmed. Police rushed in and made the first known arrests of U.S. citizens with help from a Predator, the spy drone that has helped revolutionize modern warfare.

But that was just the start. Local police say they have used two unarmed Predators based at Grand Forks Air Force Base to fly at least two dozen surveillance flights since June. The FBI and Drug Enforcement Administration have used Predators for other domestic investigations, officials said.

“We don’t use [drones] on every call out,” said Bill Macki, head of the police SWAT team in Grand Forks. “If we have something in town like an apartment complex, we don’t call them.”

The drones belong to U.S. Customs and Border Protection, which operates eight Predators on the country’s northern and southwestern borders to search for illegal immigrants and smugglers. The previously unreported use of its drones to assist local, state and federal law enforcement has occurred without any public acknowledgment or debate.

Congress first authorized Customs and Border Protection to buy unarmed Predators in 2005. Officials in charge of the fleet cite broad authority to work with police from budget requests to Congress that cite “interior law enforcement support” as part of their mission.

From the LA Times: http://www.latimes.com/news/nationworld/nation/la-na-drone-arrest-20111211,0,324348.story

Posted in Cybersecurity Memo - Insiders Edition | Tagged | Leave a comment

Watch the software that may be watching you

Posted on December 2, 2011 by admin

Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control.

But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.

Eckhart labeled the software a “rootkit,” and the Mountain View, California-based software maker threatened him with legal action and huge money damages. The Electronic Frontier Foundation came to his side last week, and the company backed off on its threats. The company told Wired.com last week that Carrier IQ’s wares are for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”

The company denies its software logs keystrokes. Eckhart’s 17-minute video here clearly undercuts that claim.

From Wired magazine: http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/

Posted in Cybersecurity Memo - Insiders Edition | Tagged | Leave a comment

Hackers Leak Facebook Law Enforcement Data Access Guidelines

Posted on November 25, 2011 by admin

A group of hackers claiming to represent Anonymous’s Antisec movement hijacked two Gmail accounts belonging to a retired California Department of Justice cybercrimes investigator, now a private investigator, and on November 18 published 38,000 private emails and identifying contact information online.

Among the data published by the hackers in a torrent file were two versions of what appears to be Facebook’s guidelines for law enforcement agencies, according to Public Intelligence, a collaborative research website dedicated to the freedom of information.

Specifically, the documents include instructions on how different law enforcement agencies should submit subpoenas and requests for user data from the world’s largest social network.

Sources close to Facebook told TPM that the newly revealed guideline documents are “outdated,” and that an updated set of law enforcement guidelines is scheduled be made publicly available to all users on Facebook’s Help Center late Wednesday.

The Obama Administration was this year supposed to submit to lawmakers a bill that would allow federal law enforcement agencies the ability to use “back doors” to observe all online communications under wiretap orders, even encrypted communications, according to a New York Times report in October 2010. That legislation has yet to be introduced.

From TPM IdeaLab @: http://idealab.talkingpointsmemo.com/2011/11/hackers-leak-facebook-law-enforcement-guidelines-1.php?ref=fpnewsfeed

Posted in Cybersecurity Memo - Insiders Edition | Tagged | Leave a comment