Shuyuan Mary Ho Metcalfe

In June of 2009, someone silently unleashed a sophisticated and destructive digital worm that began slithering its way through computers in Iran with just one aim — to sabotage the country’s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear weapon.

But it would be nearly a year before inspectors would learn of this. The answer would come only after dozens of computer security researchers around the world would spend months deconstructing what would come to be known as the most complex malware ever written (Stuxnet) — a piece of software that would ultimately make history as the world’s first real cyberweapon.

From Wired Magazine: http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1

The Internet has never been a safe place, and since its inception, and introduction to consumers, privacy and security have been a major concern. Of course, now that the average person’s computer skills are many times over what they used to be, that only amplifies the problem. Couple this with the fact that millions and millions of people are uploading mass amounts of personal and sensitive data and you’ve got a recipe for some serious cyber-insecurity. The advent of hackers with a conscience has exacerbated the situation while also putting a new twist on Web ethics.

Anonymous and LulzSec have become household names, and their Internet antics have captured the attention of just about everyone, including the CIA. But as identities and opponents merge, the cyberwar landscape has become confusing. Here’s an introductory course on the “who’s who” of hackers.

From Digital Trends: http://www.digitaltrends.com/computing/identifying-the-hacktivists-of-the-emerging-cyberwar/

A hacker group has published what appears to be the address book and other private data of former British Prime Minister Tony Blair. The leak includes the names, phone numbers and addresses of numerous British politicians and personal contacts, as well as Blair’s National Insurance number, the equivalent of a Social Security Number in the US.

The data, published to Pastebin.com around 6:30pm EST Friday, was originally stolen “via a private exploit” in December 2010, according to the Team Poison post. The group says that they “still have access to the mail server.” According to a Blair spokesman, however, the data was not obtained from Blair himself, but rather the personal email account of a former staffer.

“This information has not been obtained from Tony Blair or any of his office systems,” the spokesman said in an email to CNN. “This appears to be information from the personal email account of a former member of staff from a few years ago.”

Team Poison member “TriCk” rebutted the claims, saying on Twitter that “Blairs [sic] sheep are lying about how we got the info.”

TriCk says that the leak is retribution for Blair’s role in the “War on Terror” and his support of the US-led war in Iraq. “Tony Blair is a war criminal, he should be locked up,” writes TriCk.

From Digital Trends: http://www.digitaltrends.com/computing/teamp0ison-hackers-hit-former-british-pm-tony-blair-leak-address-book

Most hacker victims use email passwords that are easy to decipher. A good password doesn’t have to be impossible to remember. Here are tips for protecting your accounts.

From the Los Angeles Times: http://www.latimes.com/business/la-fi-techsavvy-passwords-20110626,0,3456346.story

WASHINGTON (Reuters) – The Pentagon is about to roll out an expanded effort to safeguard its contractors from hackers and is building a virtual firing range in cyberspace to test new technologies, according to officials familiar with the plans, as a recent wave of cyber attacks boosts concerns about U.S. vulnerability to digital warfare.

The twin efforts show how President Barack Obama’s administration is racing on multiple fronts to plug the holes in U.S. cyber defenses.

Notwithstanding the military’s efforts, however, the overall gap appears to be widening, as adversaries and criminals move faster than government and corporations, and technologies such as mobile applications for smart phones proliferate more rapidly than policymakers can respond, officials and analysts said.

A Reuters examination of American cyber readiness produced the following findings:

* Spin-offs of the malicious code dubbed “agent.btz” used to attack the military’s U.S. Central Command in 2008 are still roiling U.S. networks today. People inside and outside the U.S. government strongly suspect Russia was behind the attack, which was the most significant known breach of military networks.

* There are serious questions about the security of “cloud computing,” even as the U.S. government prepares to embrace that technology in a big way for its cost savings.

* The U.S. electrical grid and other critical nodes are still vulnerable to cyber attack, 13 years after then-President Bill Clinton declared that protecting critical infrastructure was a national priority.

* While some progress has been made in coordinating among government agencies with different missions, and across the public-private sector gap, much remains to be done.

* Government officials say one of the things they fear most is a so-called “zero-day attack,” exploiting a vulnerability unknown to the software developer until the strike hits.

That’s the technique that was used by the Stuxnet worm that snarled Iran’s enriched uranium-producing centrifuges last summer, and which many experts say may have been created by the United States or Israel. A mere 12 months later, would-be hackers can readily find digital tool kits for building Stuxnet-like weapons on the Internet, according to a private-sector expert who requested anonymity.

From TPM IdeLab at: http://idealab.talkingpointsmemo.com/2011/06/special-report-government-in-cyber-fight-but-cant-keep-up.php#more

Three U.S. Internet service providers are working with the National Security Agency to filter the Internet traffic flowing to 15 defense contractors in an effort to block hacker attacks, according to The Washington Post.

The pilot program began last month on a voluntary basis and uses the high-tech spying agency’s data sets to identify malicious programs that hackers try to send to infect the contractors’ networks.

The network providers are AT&T, Verizon, and CenturyLink.

The defense contractors participating in the project include CSC, Lockheed Martin, Northrop Gruman and SAIC.

The Post quotes Deputy Defense Secretary William J. Lynn III as saying that he hopes that the program will be extended to protect other parts of critical U.S. infrastructure.

The program took a year to launch because both the NSA and the contractors had to work through privacy and national security issues.

Both sides say they had to make sure that the system complied with privacy concerns. The NSA was worried about classified information “getting in the hands of adversaries.”

The prime concern of civil liberties’ advocates and private sector companies is that a project focusing on monitoring networks for malicious code could be used as a surveillance program for other network traffic.

From TPM IdeaLab: http://idealab.talkingpointsmemo.com/2011/06/internet-providers-partnering-with-nsa-to-launch-massive-anti-virus-like-program.php?ref=fpb