Tag Archives | cybersecurity

USB Thumb Drives Are Greatest Security Threat

USB flash drivesYou’d think that IT professionals would know better, but no, if they find a thumb drive lying in a parking lot, they’ll plug it into their network reports Paul Hyman for CIO Insight:

Savvy CIOs have policies in place to protect their networks against infected USB flash drives. That’s because most IT professionals know the amount of damage that can be caused by plugging in such a device.

For instance, Stuxnet, one of the world’s most sophisticated cyberweapons, is said to have gained access to its target system through a USB drive that someone found.

Yet having policies—and making sure they are followed—can be two very different things.

In a recent study of 300 IT professionals—many of whom are security experts—conducted at the RSA Conference 2013, 78% admitted to having plugged in a USB flash drive that they’d found lying around. To make matters worse, much of the data discovered on those drives included viruses, rootkits and bot executables.

Read the rest
Continue Reading

Court Rules Google’s Relationship With The NSA Can Remain Secret

relationship with NSA

Be careful what you search? Via Forbes one week ago:

In the ruling Friday, the DC Circuit court decided that the National Security Agency doesn’t need to confirm or deny its relationship with Google in response to a Freedom of Information Act (FOIA) request filed by the Electronic Privacy Information Center, ruling that a FOIA exemption covers any documents whose exposure might hinder the NSA’s national security mission.

After Google revealed in early 2010 that it had been hacked by cyberspies seemingly based in China, the Washington Post reported that Google and the NSA had partnered to help bolster the company’s defenses against future attacks. NSA director Mike McConnell [stated] that a partnership with Google was “inevitable.”

The ruling comes as controversy has been growing around CISPA, a bill that passed the House last month that would allow private firms like Google to share a wide range of information with government agencies like the NSA for cybersecurity reasons.

Read the rest
Continue Reading

JoyCamp: Internet “Kill Switch”

Did Obama declare a national state of emergency and shut the internet off? Or is it just a router that needs to be reset? In this shocking episode, two handsome friends are forced to face a world without the world wide web... What would you do without the internet???
Continue Reading

“Weev” Auernheimer on Free Speech versus Exploitation

Photo Courtesy: Wikipedia

Via The Internet Chronicle

Andrew Auernheimer, an American gray hat hacker better known as “weev,” tells The Internet Chronicle that his indictment in a New Jersey district court over a June 2010 AT&T data breach is at its root an important free speech issue. Speaking to Chronicle.su’s Gray Phone, Mr. Auernheimer, a 27-year-old associate of Goatse Security, claims he made certain AT&T was aware of the breach in time to patch it, he never sought financial gain from what was in effect the the extraction of 114,000 iPad users’ email addresses, and that he never personally possessed more customer data than enough to communicate that the breach was bona fide. While prosecutors imply Mr. Auernheimer’s actions and statements may constitute computer fraud and foreknowledge of possible insider trading, he and his fellow Goatse Security associates saw themselves as merely tarnishing a company’s reputation due to its own reckless mishandling of customer data.

Read the rest
Continue Reading

No Such Agency (NSA) Teams With Providers To Monitor Your Email

NSA logoSurely they were doing this anyway? Ellen Nakashima reports for the Washington Post:

The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.

The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.

“We hope the . . . cyber pilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”

The prospect of a role for the NSA, the nation’s largest spy agency and a part of the Defense Department, in helping Internet service providers filter domestic Web traffic already had sparked concerns among privacy activists.

Read the rest
Continue Reading

U.S. Government: ‘Hack Us And We’ll Bomb You’

Strategy for CyberspaceI’m not sure that they’ll really bomb China, which seems to be where most hacks on American corporations and government originate, but it could be a good excuse for another Middle East intervention. Nate Anderson reports for ArsTechnica:

The US revealed its “International Strategy for Cyberspace” (PDF) yesterday. It’s mostly blather about how terrific “cyberspace” is, but it gets more specific on a few key issues like national defense. Could our next war start because of a hack? The government says it’s possible.

“States have an inherent right to self-defense that may be triggered by certain aggressive acts in cyberspace,” says the policy. Indeed, such aggressive acts might compel a country like the US to act even when the hacking is targeted at an allied country.

“Certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners,” says the document.

Read the rest
Continue Reading

Albert Gonzalez: America’s Top Hacker?

NYT MagThe New York Times Magazine devotes its cover and many, many column inches to a profile of the man Times’ writer James Verini describes as “America’s most notorious computer hacker”:

One night in July 2003, a little before midnight, a plainclothes N.Y.P.D. detective, investigating a series of car thefts in upper Manhattan, followed a suspicious-looking young man with long, stringy hair and a nose ring into the A.T.M. lobby of a bank. Pretending to use one of the machines, the detective watched as the man pulled a debit card from his pocket and withdrew hundreds of dollars in cash. Then he pulled out another card and did the same thing. Then another, and another. The guy wasn’t stealing cars, but the detective figured he was stealing something.

Indeed, the young man was in the act of “cashing out,” as he would later admit. He had programmed a stack of blank debit cards with stolen card numbers and was withdrawing as much cash as he could from each account.

Read the rest
Continue Reading

Blogetery And The FBI’s War On Terror

FBI_logoGreg Sandoval writes for CNET News:

The U.S. war on terror may have inadvertently stripped as many as 70,000 people of their blogs, but those bloggers may get their work returned to them.

Blogetery.com, a small blogging platform based in Toronto, was abruptly shut down on July 9 by Burst.net, its Web host, after FBI agents alleged Blogetery was home to links that led to bomb-making tips and the names of Americans targeted for assassination by al-Qaeda. Joe Marr, Burst.net’s chief technology officer, said Wednesday that the company is considering its options and there’s a chance executives there could hand over a copy of most of the information found on Blogetery’s server–it won’t be returning anything created by al-Qaeda. That means the service’s users could see their blogs again. What they won’t see is Burst.net hosting Blogetery in the future, said Marr. That relationship is severed.

After the FBI requested information about Blogetery, Scranton, Pa.-based Burst.net cut off Internet access for the service.

Read the rest
Continue Reading

False Flag Cyber Attack

Steve Watson warns of false flag attacks in cyberspace that could take down the Internet, at InfoWars:
An increasing clamour to restrict and control the internet on behalf of the government, the Pentagon, the intelligence community and their private corporate arms, could result in a staged cyber attack being used as justification. Over recent months we have seen a great increase in media coverage of inflated fears over a possible “electronic Pearl Harbor” event, with reports claiming that the U.S. could be "felled within 15 minutes". Vastly over-hyped (and in some cases completely asinine) claims that the power grids and other key infrastructure such as rail networks and water sources are wired up to the public internet have permeated such coverage.
Is the United States government or outside forces the real threat to cyber security? Alex Jones says that the government is trying to silence free speech in America by expanding their reach on the internet. He also says his own personal sites have been censored, even deleted.
Threats against computer networks in the United States are grossly exaggerated...
Continue Reading

NSA Launches ‘Perfect Citizen’ Surveillance Program

NSA logoSiobhan Gorman reports on the NSA’s latest Big Brother scheme, for the Wall Street Journal:

The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.

Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.

An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.

Read the rest
Continue Reading