‘Big intelligence’ to tackle cyberthreats

Πηγή: FT
By Richard Waters
Feb 27 2013

There aren’t many markets where, when the old products have failed, customers flock back for more.

That could explain why the leading lights of computer security – who have converged on San Francisco this week for their industry’s biggest gathering – have been struggling to strike the right tone.

Something between humility, Schadenfreude and a wary self-confidence seems to be the order of the day. A Queen cover band may have launched the event with a blasting rendition of “We are the Champions”, but the triumphalism was otherwise in short supply.

Recent headlines suggest that even the best-defended computer networks resemble Swiss cheese. But, if the old approaches to security have been discredited, there’s no shortage of new companies springing up with promises of better ways to plug the gaps – or at least make a lot of money trying.

The IT security market, worth some $65bn this year, is set to grow at 9 per cent annually for the foreseeable future, according to Gartner – which is a lot faster than the IT industry as a whole. Since large parts of the security market are barely growing, that leaves plenty of opportunity to cash in on new approaches.

The dirty secret that the security professionals can no longer keep to themselves is that their old defences – which were aimed at protecting PCs and other devices that comprise the endpoints of computer networks – no longer work.

Anti-virus software has proven ineffective against the most sophisticated attacks – and therefore the ones likely to cost most in terms of damage inflicted or intellectual property lost.

Hopes for a fightback are now pinned on two very different approaches.

One involves spotting so-called malware long before it reaches its intended targets. Companies such as Palo Alto Networks, one of last year’s hottest tech IPOs, and FireEye, tipped to follow it, specialise in appliances that sit at the gateway to corporate or government networks, looking out for such threats.

Pulling suspicious-looking email attachments and testing them in ringfenced “sand boxes” before allowing them to be delivered offers the promise of filtering out many of these malware threats, almost in real time, according to Asheem Chandna, a former security industry executive and now venture capital investor at Greylock.

This may sound like a natural market for networking companies such as Cisco and Juniper. But, as so often in technology, it is start-ups that have set the pace so far. With Palo Alto trading at 10 times revenues, some high-priced acquisitions seem likely as the industry giants add to their arsenal of defences.

The second approach begins with an acceptance that even the best-secured networks will be penetrated. If the attackers are assumed to be already on the inside, then the focus shifts to identifying their tracks as they move around – while making sure a company’s most important digital assets are harder for the intruders to locate and extract.

Latching on to another of the tech industry’s big promises, the security purveyors have discovered big data. Pattern-recognition – using reams of data to identify normal types of behaviour on a network, in order to spot the anomalies – is becoming the order of the day.

The result is what Francis deSouza, president of products and services at Symantec, calls “big intelligence” – in which a stronger situational awareness and a better sense of behavioural norms are the main lines of defence.

Yet the big data promise can only go so far. The extent of the architectural shift in computing, as the client-server age gives way to the cloud, raises profound challenges to the old methods of securing data. The number and variety of computing endpoints is multiplying almost exponentially, as mobile devices and, increasingly, machine-to-machine communications proliferate. A tide of data is starting to flow out of corporate networks to tap services that live in the cloud, turning the old defensive barriers into virtual Maginot Lines.

At least the security industry, accused alternately of alarmism and complacency, now has a more realistic way to talk to its customers. The big data promise is that, although the enemy is wily and will find ways to break in, the defenders have smarts of their own. They may sometimes lose this cat-and-mouse game, but at least there is a chance of minimising the damage.

And, besides the improved rhetoric, there’s another benefit to these new approaches: some of them might even work.

U.S. Investigating White House Cyber Attack

Πηγή: Free Beacon
By Bill Gertz
Oct 2 2012

Officials: President Obama was not informed at the time the White House Military Office hack was discovered.

Law enforcement and national security agencies are investigating the hacking of a White House computer last month that penetrated a network inside the White House Military Office that handles top-secret data, U.S. officials said.

On Capitol Hill, House Republicans this week asked the White House to provide details of the attack on the White House Communications Agency, which runs the Situation Room and classified communications and teleconferences.

Meanwhile, officials said President Barack Obama was not notified about the cyber attack—which was traced to China when it was first discovered—but was informed about the incident later.

The FBI is conducting the investigation with support from the U.S. Secret Service, which is in charge of White House security, said officials familiar with the probe. The National Security Agency is also involved in the investigation.

White House National Security Council spokesman Tommy Vietor declined to comment when asked about the probe into the hacking. An FBI spokesman also declined comment.

White House Press Secretary Jay Carney on Monday officially confirmed the cyber attack, which he described as “spear phishing”—the use of fraudulent email that often results in an attacker gaining unauthorized access to a computer network.

Carney told reporters in Las Vegas, “The attack … was what’s known as a spear-phishing attack against an unclassified network.”

He sought to play down the significance of the incident and declined to provide specifics when asked if the attacked computer network was located within the White House Military Office. That office is in charge of presidential communications, travel, and the nuclear command and control suitcase known as the “football.”

“Let’s be clear: this is an unclassified network,” Carney said. “These types of attacks are not infrequent, and we have mitigation measures in place.”

“In this instance, the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place,” he said, adding that the attack “never [had] any impact or attempted breach of any classified system.”

The cyber attack was first reported Sunday by the Free Beacon.

Rep. Dana Rohrabacher (R., Calif.), chairman of the House Committee on Foreign Affairs’ Oversight and Investigations Subcommittee, called on the president to take steps to punish China for the cyber attack.

“How can this president continue to smile and gloss over significant differences with Chinese Communist leaders as they are hacking into the White House’s most sensitive systems? It is totally unacceptable,” Rohrabacher told the Free Beacon.

Carney declined to discuss the specifics of “classified and unclassified networks, except that there are distinctions between those networks that contain classified information and those that don’t, and the attack was against an unclassified network.”

Defense and intelligence officials said the cyber attack was traced to a server in China, although the precise identity of the attackers is not known.

One official called the digital strike one of the most brazen cyber attacks by the Chinese, who have both civilian and military hacker forces. These forces are known to conduct large-scale cyber espionage and preparation for sabotage against both government and private sector computers.

The spear phishing in the latest case allowed the hacker to gain access to a computer within the White House Communications Agency, the agency in charge of presidential communications, according to a law enforcement official discussing the case with Fox News.

Regarding presidential notification, the cyber attack was not considered serious enough to interrupt the president’s schedule. In recent weeks Obama has been traveling throughout the country while campaigning for reelection.

The cyber attack was mentioned during one of the president’s intelligence briefings several days after it was discovered and halted, said officials who spoke on condition of anonymity.

Asked if the president was informed of the cyber attack when it was discovered, Vietor, the White House spokesman, said: “The president is constantly apprised of potential cyber security threats.”

“As a general matter, we don’t get into specifics about what is briefed to him or not, but as you know with this incident there was never any impact on or attempted breach of any classified system.”

The White House cyber attack took place in late September and coincided with Chinese cyber attacks against Japanese government and private sector computers amid heightened tensions between Beijing and Tokyo over the Senkaku islands. The islands have been under Japanese control for decades and China, which refers to them as the “Diaoyu islands,” is now claiming them as its territory.

The Pentagon has moved two U.S. aircraft carrier strike groups to waters near the islands that are located south of Okinawa and north of Taiwan. A Marine Corps amphibious group is also in the region near the Philippines.

China’s military conducted live-fire naval drills in the East China Sea recently in what state television called practice for improving capabilities against “island targets.”

Richard Fisher, a specialist on the Chinese military, said China’s military would seek to penetrate the White House Military Office for several intelligence and operational reasons.

“Spear phishing attacks can potentially spread within a system very rapidly yielding data, new targets, and placing ‘doors’ for future access,” Fisher said.

Fisher said a key strategic goal for the Chinese in seeking to gain access to the office is “to affect the president’s ability to exercise military command” as well as to learn about continuity of government operations.

“China may calculate that a president less able to command may also be less likely to respond to a Chinese attack,” Fisher said.

China’s government was linked to a sophisticated spear phishing attack on the online giant Google and other U.S. companies that was discovered in late 2009.

The attack, code-named Operation Aurora, combined human-intelligence gathering techniques with technical elements to gain access to valuable corporate secrets.

The attack led Google to move its search-engine and other online operations from the mainland to Hong Kong amid concerns about Chinese government hacking.

U.S. government officials were able to confirm with moderate confidence that the attack was linked to China’s military.

That attack used email that targeted corporate engineers, quality assurance developers, and people with high levels of access to information within the company, according to security specialists who investigated Aurora.

The Chinese used social media such as Facebook to find targets for emails, which were then sent disguised as coming from a trusted associate urging the recipient to click on a link.

The recipient’s computer was then directed to a server in Taiwan that was under control of Chinese hackers, who then planted malicious code “payload” within the computer that allowed repeated covert access to the infected system.

The Google attack was based on research that identified a security flaw in the web browser Internet Explorer.

U.S. intelligence agencies believe China has a force of about 2,000 people engaged in cyber warfare efforts, including digital espionage designed to obtain secrets and clandestine efforts to plant “sleep agent” software inside systems that can be used to attack or sabotage computer networks in a crisis or wartime.

China pursuing steady military buildup, investing in cyber warfare — Pentagon

Πηγή: GMA news
By AFP
May 19 2012

WASHINGTON — China is exploiting Western commercial technology, conducting aggressive cyber espionage and buying more anti-ship missiles as part of a steady military buildup, the Pentagon said Friday.

Beijing aims to take advantage of "mostly US" defense-related technologies in the private sector as part of a concerted effort to modernize the country's armed forces and extend China's reach in the Asia-Pacific region, the Pentagon wrote in a report to Congress.

The annual assessment of China's military resembled previous reports but adopted more diplomatic language, possibly to avoid aggravating delicate relations with Beijing, analysts said.

"I am struck by the decidedly mellow tone," Christopher Johnson of the Center for Strategic and International Studies told AFP.

Chinese officials will privately welcome the report's wording, after having been irritated by a strategy document issued by President Barack Obama in January that portrayed China as a military rival, Johnson said.

The report said Beijing had a goal of leveraging "legally and illegally acquired dual-use and military-related technologies to its advantage," it said.

And China, which has the world's second-largest defense budget behind the United States, "openly espouses the need to exploit civilian technologies for use in its military modernization."

The Pentagon warned that "interactions with Western aviation manufacturing firms may also inadvertently benefit China's defense aviation industry."

Echoing recent warnings from intelligence officials, the Pentagon blamed China for "many" of the world's cyber intrusions over the past year that have targeted US government and commercial networks, including companies "that directly support US defense programs."

"Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report warned, predicting that those spying efforts would continue.

China's investments in cyber warfare were cause for "concern," said David Helvey, acting deputy assistant secretary of defense for East Asia and Asia Pacific security affairs.

Beijing was clearly "looking at ways to use cyber for offensive operations," Helvey told reporters.

The American military has long worried that China could potentially limit the reach of US naval ships in the western Pacific with new weapons, and the Pentagon report underlined those concerns.

China "is also acquiring and fielding greater numbers of conventional medium-range ballistic missiles (MRBMs) to increase the range at which it can conduct precision strikes against land targets and naval ships, including aircraft carriers, operating far from China's shores beyond the first island chain," said the report.

Beijing is pouring money into advanced air defenses, submarines, anti-satellite weapons and anti-ship missiles that could all be used to deny an adversary access to strategic areas, such as the South China Sea, it said.

US strategists -- and some defense contractors -- often refer to the threat posed by China's so-called "carrier-killer" missiles but Helvey said the anti-ship weapons currently have "limited operational capability."

China's military budget officially reached $106 billion in 2012, an 11.2 percent increase.

But the US report said China's defense budget does not include major expenditures, such as improvements to nuclear forces or purchases of foreign-made weapons. Real defense spending amounts to $120 to $180 billion, the report said.

US military spending, however, still dwarfs Chinese investments, with the Pentagon's proposed budget for 2013 exceeding $600 billion.

Despite a sustained increase in defense spending over the past decade, China has experienced setbacks with some satellite launches and ambitious projects to produce a fifth-generation fighter jet and modern aircraft carrier still face challenges, the report said.

Although looking to expand its traditional missions to include counter-piracy and humanitarian efforts, the top priority of the People's Liberation Army's remained a possible conflict in the Taiwan Strait, with China focused on preventing the United States from intervening successfully in support of Taiwan, according to the report.

The document was released as the House of Representatives voted to force the US government to sell 66 new fighter jets to Taiwan.

President Barack Obama's administration, anxious to keep ties with China on track, is only planning to upgrade existing planes. The measure still needs Senate approval.

Anonymous claims attacks on MI6, CIA and Department of Justice

Πηγή: Computing
By Stuart Sumner
April 16 2012

Hacktivist collective Anonymous has today claimed responsibility for cyber attacks on MI6 in the UK, and the CIA and Department of Justice in the US.

The group claimed the attack on the site of the UK spy agency MI6 today via its Twitter account @AnonCentral.

"Tango Down: http://www.mi6.gov.uk #Anonymous," stated the post.

At the time of writing the public-facing MI6 website was accessible, but MI6.gov.uk was not.

No reason was given for the attack and the group failed to respond when asked.

Earlier today the group also claimed that it was behind this morning's outages at the CIA's website, and that of the US Department of Justice. The message came from a different Twitter account, claiming to be based in Brazil.

These attacks were apparently perpetrated purely 'for the lulz [laughs]', as the Anonymous member later stated on the micro blogging site.

Being a loosely affiliated group where membership is seemingly unrestricted and unmoderated, the collective has struggled in the past to present a unified front, with internal disagreements over targets, motivations and ownership of attacks.

Earlier this month the group also attacked the Downing Street and Home Office websites. The group said the attacks were in protest against the government's "draconian" surveillance proposals, and also the UK's extradition treaty with the US.

Anonymous' preferred method of attack is Distributed Denial of Service (DDOS), where a number of computers fire a large volume of requests to a webserver over a short space of time. This uses all available bandwidth or processing power, meaning that legitimate requests to those sites are unable to be served.

The result is that the site appears offline.

Graham Cluley, senior technology consultant at security firm Sophos likens this attack to a flood of people attempting to use the same door.

"The Distributed Denial of Service (DDOS) attack isn't terribly sophisticated. It's like a whole bunch of fat guys trying to get through the same revolving doors. They bombard the website with requests until it can't cope and goes offline."

Anonymous makes a freeware tool available to its members to carry out these attacks, which it calls the Low Orbit Ion Cannon.

'Iran Cyber Army' hits Azerbaijan state TV site

Πηγή: yahoonews
By AFP
Feb 23 2012

BAKU (AFP) - Hackers calling themselves the 'Iranian Cyber Army' have attacked the website of mainly Muslim neighbour Azerbaijan's state television station, the communications ministry said on Thursday.

In the overnight attack, the hackers replaced AzTV's homepage with the message: "Life is a game. Game over!"

The state airline AZAL was also hit by hackers calling themselves 'Cocaine Warriors from Persia'.

The attacks came a month after anti-Israeli hackers broke into the sites of several ministries and the governing party, leaving messages calling the Azerbaijani authorities "servants of the Jews".

Azerbaijani media later reported that the attacks were believed to originate from Iran and that Azerbaijani hackers had responded by hitting several Iranian sites.

Tensions between Israeli ally Azerbaijan and the Islamic republic have risen in recent months, with Baku arresting several people with alleged links to Iran who the authorities said were planning to attack Israelis in the ex-Soviet state's capital.

AzTV reported the latest arrests on Tuesday, saying police had detained attack plotters with links to Iran's Revolutionary Guards and the Lebanese militant group Hezbollah.

Tehran has responded angrily, accusing Baku this month of collaborating with Israel's spy services and helping assassins who have killed Iranian nuclear scientists -- claims which Azerbaijan rejected as "absurd".The uneasy relations between the neighbours are complicated by the presence of a huge ethnic Azeri minority in Iran, which far outnumbers Azerbaijan's own population of 9.2 million.

CIA website offline, Anonymous takes credit

A man crosses the Central Intelligence Agency (CIA) logo in the lobby of CIA Headquarters in Langley, Virginia, in 2008. The website of the Central Intelligence Agency was unresponsive on Friday after the hacker group Anonymous claimed to have knocked it offline.

Πηγή: TerraNet
By AFP
Feb 12 2012

The website of the Central Intelligence Agency was unresponsive on Friday after the hacker group Anonymous claimed to have knocked it offline.

"CIA Tango down," a member of Anonymous said on @YourAnonNews, a Twitter feed used by the group. "Tango down" is an expression used by the US Special Forces when they have eliminated an enemy.

Attempts to access the CIA website at cia.gov were unsuccessful.

A CIA spokesman had no immediate comment.

Anonymous last month briefly knocked the websites of the US Justice Department and the Federal Bureau of Investigation offline.

Those attacks were in retaliation for the US shutdown of file-sharing site Megaupload.

There was no immediate explanation from Anonymous for the targeting of the CIA site.

Most Anonymous cyberattacks are distributed denial of service attacks in which a large number of computers are commanded to simultaneously visit a website, overwhelming its servers.

Israeli hacker team brings down Iranian websites

Πηγή: Jerousalem Post
By Yaakov Lappin
Jan 26 2012

English-language Iranian media outlet Press TV, Iranian Ministry of Health and Medical Education are hacked and taken are offline, feature Israeli flag.

Israeli hackers brought down Iran's Press TV website and two websites belonging to the Ministry of Health and Medical Education on Thursday.

The hackers, who call themselves "IDF Team," said their actions were a response to a series of attacks on Israeli sites the previous day.

Three additional Iranian sites were hacked and their servers altered to display an Israeli flag and anti-Arab text in English.

The website of Press TV, the Iranian regime's English-language satellite channel, was unavailable for a short period of time following the hackers' announcement.

"At 16:30 Israel Clock the Iranian Ministry of Health and Medical Education website will be down until further notice. In addition to Iran's television network, broadcasting in English round-the-clock, based in Tehran that [is] called Press TV will be down until further notice," the hackers wrote in a message.

"Ahmadinejad what do you have to say about that?" theyadded.

The attack represents the latest chapter in an Internet feud that began at the start of the month when an Arab hacker published tens of thousands of Israeli credit card numbers.

Earlier, IDF Team told The Jerusalem Post it was preparing a response after the websites of two Israeli hospitals - Sheba Medical Center at Tel Hashomer and the private Assouta hospital network - were taken offline on Wednesday.

IDF Team has played a pivotal part in Israeli counter-strikes on high-profile Arab websites following attacks by Arab hackers. They appear to have employed a combination of attacks to disable the Iranian websites on Thursday, by launching dedicated denial-of-service attacks (DDOS) attacks and breaking into Iranian servers.

On Wednesday, the Haaretz newspaper's Hebrew-languagewebsite was downed by pro-Palestinian hackers. Haaretz said it saw a message claiming responsibility for the attack by hackers calling themselves "Anonymous Palestine." Thewebsite of the financial newspaper The Marker was also unavailable on Wednesday.

Last week, Israeli hackers brought down the Saudi Arabian Monetary Agency website and the Abu Dhabi Stock Exchangesite, in retaliation for a DDOS attack on the Tel Aviv Stock Exchange and the El Al websites.

US water system hacked from Russia

Πηγή: nzherald
By AAP
Nov 19 2011

A cyber strike launched from outside the United States has hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert says.

"This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage," Applied Control Solutions managing partner Joseph Weiss told AFP on Friday.

"That is what is so big about this," he continued. "They could have done anything because they had access to the master station."

The Illinois Statewide Terrorism and Intelligence Center disclosed the cyber assault on a public water facility outside the city of Springfield last week but attackers gained access to the system months earlier, Weiss said.

The network breach was exposed after cyber intruders burned out a pump.

"No one realised the hackers were in there until they started turning on and off the pump," according to Weiss.

The attack was reportedly traced to a computer in Russia and took advantage of account passwords stolen during a hack of a US company that makes Supervisory Control and Data Acquisition (SCADA) software.

There are about a dozen or so firms that make SCADA software, which is used around the world to control machines in industrial facilities ranging from factories and oil rigs to nuclear power and sewage plants.

Stealing passwords and account names from a SCADA software company was, in essence, swiping keys to networks of facilities using the programs to control operations.

"We don't know how many other SCADA systems have been compromised because they don't really have cyber forensics," said Weiss, who is based in California.

The US Department of Homeland Security has downplayed the Illinois cyber attack in public reports, stating that it had seen no evidence indicating a threat to public safety but was investigating the situation.

Word also circulated on Friday that a water supply network in Texas might have been breached in a cyber attack, according to McAfee Labs security research director David Marcus.

"My gut tells me that there is greater targeting and wider compromise than we know about," Marcus said in a blog post.

"Does this mean that I think it is cyber-Armageddon time?" Marcus continued. "No, but it is certainly prudent to evaluate our systems and ask some questions."

FBI working with NSA, CIA on cyber threats

Πηγή: FT
Nov 18 2011

The FBI must work more closely with the major US intelligence agencies in order to combat threats in cyberspace, its director said on Thursday, likening the government response to that against terrorism.

Director Robert Mueller said in a speech to San Francisco’s Commonwealth Club that the FBI had begun coordinating cases through task forces that included representatives of the National Security Agency and Central Intelligence Agency, among others.

When a company is first attacked, he said, neither it nor enforcement can tell whether it was part of another government’s espionage effort–which would be handled by the US spy agencies–or the work of an organised crime group in Eastern Europe, or a breach by an American high school student.

“We have had to adjust our organising structure” to share information and hand off cases, Mr Mueller said. Likewise, the overall fight is dependent on intelligence gathered domestically under greater legal restrictions and abroad, where the NSA and CIA garner much more.

Mr Mueller repeated his previous calls for law enforcement to have easier access to internet communications over social networks that may be encrypted and not stored. Google and other big technology companies, on the other hand, have joined with civil liberties advocates in asking that warrants be required for digitally stored emails and other content.

Hacking is now the FBI’s third priority, after terrorism and espionage, and he said the agency needs intelligence to learn about impending crimes rather than just responding afterward.

Because the targets and techniques change so rapidly, Mr Mueller said, “It is going to be a huge challenge in the years to come.”

China hits out at US cyber spying accusations

Beijing hit out at a US intelligence agency report accusing the Chinese of extensive cyber spying, saying it was unprofessional and irresponsible.

Πηγή: Terranet

By AFP
Nov 6 2011

Beijing on Friday hit out at a US intelligence agency report accusing the Chinese of extensive cyber spying, saying it was unprofessional and irresponsible.

The unusually blunt report on foreign cyber spying submitted to the US Congress on Thursday said the Chinese were the world's "most active and persistent perpetrators" of economic espionage.

"Cyber attacks are transnational and anonymous," Chinese foreign ministry spokesman Hong Lei told reporters.

"Without investigation, to prejudge the origin of the attack is neither professional nor responsible."

The report was compiled by the office of the National Counterintelligence Executive, which is responsible for defending against foreign intelligence threats to the United States.

It said cyber spies were interested in information and communications technology, business information, military technologies, particularly marine systems and drones, and medical and pharmaceutical secrets.

While emphasising that it was difficult to prove state sponsorship in cyberspace, the report said "Chinese actors are the world's most active and persistent perpetrators of economic espionage.

"US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the (US intelligence community) cannot confirm who was responsible," it said.

Between 2009 and 2011, "computer networks of a broad array of US government agencies, private companies, universities, and other institutions -- all holding large volumes of sensitive economic information -- were targeted by cyber espionage," the report said.

"Much of this activity appears to have originated in China," it said, adding that Russia?s intelligence services were also conducting activities to collect economic information and technology from US targets.

Hong said China hoped the international community would "discard prejudice and work together with the Chinese side to maintain cyber security."

Report: Cyber attacks targeted U.S. satellites

A draft government report details several occasions in 2008 when the NASA Earth-observation satellite, Terra EOS AM-1, seen here during its launch in 1999, was targeted by cyber attacks, presumably by the Chinese military. (NASA)

Πηγή: Federal Times
By NICOLE BLAKE JOHNSON
Oct 28 2011

Cyber hackers "achieved all steps required to command" a NASA satellite, which put the satellite at risk of being destroyed or damaged, according to a draft report by the U.S.-China Economic and Security Review Commission.

The Terra EOS AM-1 satellite, used to study climate and environmental changes, experienced nine or more minutes of interference in October 2008, according to the draft report, obtained by Federal Times.

The report also notes an earlier incident in June 2008 when the NASA satellite experienced two or more minutes of interference. The report did not say explicitly that the hackers were Chinese, but it said the techniques of the hackers "appear consistent with authoritative Chinese military writings."

A final version of the report will be sent to Congress on Nov. 16.

NASA spokesman Trent Perrotto confirmed that there was a "suspicious event" with the spacecraft in the summer and fall of 2008, but no data was manipulated.

Perrotto said no commands were successfully sent to the satellite, but NASA could not say whether hackers gained command of the satellite. NASA notified the Defense Department of the incidents, he said. DoD is responsible for investigating any attempted interference with satellite operations.

The draft report noted that hackers did not issue commands to the satellite, but the interference "poses numerous potential threats."

For example:

• Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite.

• The attacker could deny or manipulate the satellite‘s transmission.

• An attacker could reveal the satellite‘s capabilities or information, such as imagery, gained through its sensors.

The U.S. Geological Survey was also a victim of cyber attacks, the report said.

In 2007 and 2008, a USGS satellite called the Landsat-7 experienced 12 or more minutes of interference, according to the report.

"The satellite continued its normal operations," USGS' Jon Campbell said, in reference to the 2007 incident. "There was no interruption of what the satellite would do normally."

Campbell said "interference" is not an accurate description of what the agency believes to have been a radio signal from the ground that was detected by the satellite. The signal "seemed to be an attempt to lock on to the satellite, a procedure that must be completed successfully before a command from a ground station can be received."

"In each case, the attempt failed," Campbell said.

Anonymous and Antisec Attack Law Enforcement Websites

Πηγή: Wired
Oct 22 2011

Anonymous and Antisec factions dumped files on the net Friday detailing data from the computer systems of multiple law enforcement agencies and a law enforcement vendor, including the International Association of Chiefs of Police, Boston Police Patrolmen’s Association and the Baldwin County Sheriff’s office in Alabama.

Additionally, the groups took down a number of law enforcement domains hosted together. According to the notice, the site’s homepages were defaced, replaced with an anti-police rap video. At the time of publication, the domains simply failed to load, sending a “Bad Request (Invalid Hostname)” message.

The notice says the attack is in support of the so-called 99% movement, a reference to the Occupy Wall Street protests spreading around the world. The action is described as retaliation against law enforcement for mistreatment of #occupywallstreet, particularly in Boston.

The notice references a 600MB data dump which reportedly includes the IACP membership roster; 1000 names, ranks, addresses, phone numbers, and social security numbesr for police officers in Birmingham and Jefferson Counties; 1,000 names and cleartext passwords for the BPPA; and the client list and financials for Matrix Group, a DC-based web design and marketing firm with law enforcement customers.

The BPPA website has a notice under current events that reads: “* Please Note: Starting Monday October 17th 2011 all Users who access the secure section of the site will have to re-register for a NEW Username and Password.”

But the site doesn’t say why, or warn users that usernames and passwords, which users commonly re-use on other sites, may have been compromised.

The notice contains a details about the compromised servers, but Wired has not been able to locate a publicly available dump of the data, which may not have been released yet.

Matrix Networks, Boston Police Patrolmen’s Association, and Boston PD did not respond to requests for comment by press time.

U.S. Considered Hacking Libya’s Air Defense to Disable Radar

Πηγή:Wired 
By Kim Zetter

Oct 17 2011

Officials in the Obama administration considered launching a cyber offensive against Libya’s computer networks last March as part of the NATO-led air strikes against the Qaddafi regime.

The cyberattack would have involved breaking through the firewalls protecting Libyan computer networks in order to disrupt military communications and thwart early-warning radar systems that would detect planes coming in for a strike.

The officials and military officers ultimately decided against the plan out of fear that it would set a precedent for other nations to use similar techniques, according to the New York Times. There were also unresolved questions about whether President Obama had the power to approve such an attack without first informing Congress, and whether there was sufficient time to conduct digital reconnaissance and write the attack code that would have been required to pull off such an attack.

Weeks later, there was talk of using similar techniques to thwart Pakistani radar when U.S. Navy Seals were preparing to launch a kill-mission against former al Qaeda leader Osama bin Laden, who had been hiding out in a compound in Pakistan that was surrounded – some say protected – by Pakistani military troops. In the Pakistan case, the administration nixed the idea again, opting instead to use specially modified helicopters designed to evade radar detection.

“These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,” an unidentified Obama administration official told the Times.

Had the computer-network attack against Libya gone ahead, administration officials told the Times they were confident the attack code could have been contained within Libya’s networks and not spread to other networks to cause collateral damage.

Such questions have become central to cyberwarfare discussions in the wake of the Stuxnet computer worm – a piece of malware that was launched in 2009 against computers in Iran to disrupt that country’s uranium enrichment program.

Stuxnet spread beyond the targeted systems, however, infecting more than 100,000 computers throughout Iran, India, Indonesia and elsewhere. Because the worm was skillfully crafted to affect only systems operating at one of Iran’s nuclear enrichment plants, it did not harm the other systems it infected.

Chinese military mobilises cybermilitias

Πηγή: FT
By Kathrin Hille

Oct 12 2011

Nanhao Group is, in many ways, an ordinary technology company. Its staff make online scoring systems, exam-mark scanners and other educational hardware and software.

But many of its 500 employees in Hengshui, just south-west of Beijing, have a second job. Since 2005 Nanhao has been home to a cybermilitia unit organised by the People’s Liberation Army.

“All staff under the age of 30 belong to the unit,” said Bai Guoliang, Nanhao vice-president. It is unclear what exactly the unit does, but according to a local government announcement when it was set up, it consisted of two groups tasked with cyberattack and cyberdefence.

The Nanhao operation is one of thousands set up by the Chinese military over the past decade in technology companies and universities around the country. These units form the backbone of the country’s internet warfare forces, increasingly seen as a serious threat at a time of escalating global cybertensions.

Governments, companies and internet security experts around the world have blamed China for many of the past year’s global hacking attacks. US officials point to the Chinese government or its supporters for the theft of neutron bomb designs, the defence secretary’s emails and private sector intellectual property worth many billions of dollars.

Western cybersecurity analysts look to matching patterns between malware which played a role in intrusions and codes discussed on Chinese hacker forums as evidence of Chinese involvement. US investigators say attacks on Google and other American companies originated from computers at Lanxiang, a vocational school in the Chinese province of Shandong, and Jiaotong University in Shanghai.

Major military contractors have been expanding into cybersecurity by acquiring smaller, specialist firms. This graphic highlights the deals shaping the emerging cyber-industrial complex

Attacks on companies have “a level of sophistication and are clearly supported by a level of resources that can only be a nation state entity,” said Mike Rogers, chairman of the House permanent select committee on intelligence, last week.

Mr Rogers describes these corporate attacks as “a massive and sustained intelligence effort by a government to blatantly steal commercial data and intellectual property”. Several US state department cables obtained by WikiLeaks and marked as secret elaborate on these theories.

Even if attacks clearly originate in China, it is much harder to prove that they were sponsored by the Chinese government or military. Beijing insists the state does not sponsor hacking and its cyberwarfare strategy is purely defensive.

“China is a victim of cyberattack,” Senior Colonel Geng Yansheng, spokesman of the ministry of national defence, said in May when announcing the PLA had set up a “cyber blue team” to “better safeguard the internet security of the armed forces”.

But the PLA’s actions over the past decade deliver a different message. As early as 1999, senior PLA officers argued that China should use electronic techniques to attack adversaries. Since 2002, the PLA has been searching for external talent to put that strategy into practice.

“The PLA is reaching out across a wide swath of the Chinese civilian sector to meet the intensive personnel requirements necessary to support its burgeoning information warfare capabilities,” said a 2009 report by Northrop Grumman, the US defence contractor, on China’s cyberwarfare capabilities.

A co-ordinated cyberattack on the US electrical grid is high up the list of concerns for defence and intelligence officials

The most concrete result of this search for talent was the creation of specialised units – such as the one in Nanhao – in China’s 8m-strong militia, which is part of the PLA’s reserve force.

“[These militia] should preferably be set up in the telecom sector, in the electronics and internet industries and in institutions of scientific research,” said a paper by three officers from the Jiangsu provincial PLA command’s mobilisation department.

The paper was published in National Defense, the magazine of the Academy of Military Sciences (AMS). The cybermilitia’s tasks include “stealing, changing and erasing data” on enemy networks and their intrusion with the goal of “deception, jamming, disruption, throttling and paralysis”, the paper said.

Nanhao’s Mr Bai confirmed that its cybermilitia unit was led by the local PLA command and has “regular exchanges” with it, training PLA officers. Asked whether the group would carry out cyberattacks, he said: “That has nothing to do with you.”

This push to create cybermilitias could mean that even some of China’s largest and best-known technology companies could become part of the information warfare complex. An employee of China Telecom in the coastal province of Jiangsu said the state-owned carrier’s local affiliate had a cybermilitia unit and he believed similar groups had been set up in other provinces.

The PLA’s efforts to tap and foster civilian cyberwarfare talent also reach beyond the corporate sector.

The military sponsors hacking competitions in universities and information warfare research in academia. Tang Zuoqi, a lecturer at the College of Computer Science and Information at Guizhou University, secured his job after winning prizes in a 2005 internet warfare competition held by the Chengdu military command, according to his biography on the university’s website.

China already has a thriving hacking scene. Tightly knit groups of young hackers, mostly men, discuss code on online bulletin boards or even meet in offline classes, sometimes advertised on streets.

“Hacking for criminal purposes in China is growing, it is getting more professional and more organised,” says Liu Deliang, a professor at Beijing Normal University and one of China’s leading experts on cybercrime.

Although the Northrop Grumman report said it was difficult to establish firm links between the PLA and this criminal community, the military is trying to forge those links. The AMS paper says: “[We must] recruit experts who research internet technology, especially those who are good at ‘hacking’ attacks and virus technology.”

Saudi Arabia: 'Kingdom is facing cyber war from external forces, officials say"

Πηγή: Gulfnews
By Abdul Nabi Shaheen

Oct 8 2011

Riyadh: Saudi Arabia is under the onslaught of an external cyber war aimed at instigating violence and religious sectarianism, according to senior Saudi officials.

"There are about 6,000 websites engaged in spreading extremism across the world.
"The origin of these sites that have direct link with terrorism is the West,” said Dr Abdul Rahman Al Hadlaq, director general of the Intellectual Security Department at the Ministry of Interior.

Presenting a working paper at a seminar on Da’wa sites here on Friday, Dr Al Hadlaq said that there is a dubious attempt to target religion while introducing the concepts of terrorism through the Internet.

“The Western experts label some religious sites as sites engaged in promoting violence and extremism,” he said. Dr Al Hadlaq noted that the Ministry of Interior has worked out two separate strategies to confront terror and extremism.

“We have both tender and touch forces to implement these strategies. The tender force relies on confronting ideology with ideology while the tough force is performing such tasks as blocking or shutting up harmful sites in addition to take up trial procedures of those involved in terror acts thorough the Internet,” he said.

Meanwhile, Shaikh Abdul Monem Al Moshawwah, head of the “Silent Campaign” to Correct Extremist Thoughts under the Ministry of Islamic Affairs and Endowments, warned against the external sectarian agencies who misuse the social networking site of Facebook and other sites to provoke Shiites in the Kingdom in order to create sedition and unrest.

“About 98 per cent of those who work behind these acts are not Saudis.
It was revealed when tracked down their IDs that they are from either Iran or Iraq,” he said, while noting that all the websites that called for making troubles in the Shiite-dominated eastern region of Qateef were external forces and there were only two per cent of Saudis among them.

Shaikh Al Moshawwah noted that Saudi Arabia is facing a cyber war being waged by external forces who spread false reports with an objective of subversion.

“The Campaign headed by me tried its best to hold dialogue with these agencies but they refused to do so.
"This is because of their ulterior motive of instigating violence and unrest in the Kingdom,” he said.

Shaikh Al Moshawwah commended the Shiite community of Qateef for their loyalty to the leaders and nation of Saudi Arabia.

“Most of the Shiites in Qateef are peace-loving people. They are eager to maintain security and stability of Saudi Arabia. The intelligent people among them do not want to create any unrest or troubles in the region,” he added.

Biggest-ever series of cyber attacks uncovered, UN hit

Πηγή: Reuters

By Jim Finkle

BOSTON | Wed Aug 3, 2011 1:38pm IST

Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.

Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.

The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

In the case of the United Nations, the hackers broke into the computer system of its secretariat in Geneva in 2008, hid there for nearly two years, and quietly combed through reams of secret data, according to McAfee.

"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report released on Wednesday.

"What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."

McAfee learned of the extent of the hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a "command and control" server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.

It dubbed the attacks "Operation Shady RAT" and said the earliest breaches date back to mid-2006, though there might have been other intrusions. (RAT stands for "remote access tool," a type of software that hackers and security experts use to access computer networks from afar).

Some of the attacks lasted just a month, but the longest -- on the Olympic Committee of an unidentified Asian nation -- went on and off for 28 months, according to McAfee.

"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch told Reuters.

"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."

CHINA CONNECTION?

Alperovitch said that McAfee had notified all 72 victims of the attacks, which are under investigation by law enforcement agencies around the world. He declined to give more details.

Jim Lewis, a cyber expert with the Center for Strategic and International Studies who was briefed on the hacking discovery by McAfee, said it was very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.

The systems of the IOC and several national Olympic Committees were breached in the run-up to the 2008 Beijing Games, for example.

And China views Taiwan as a renegade province, and political issues between them remain contentious even as economic ties have strengthened in recent years.

"Everything points to China. It could be the Russians, but there is more that points to China than Russia," Lewis said.

McAfee, acquired by Intel Corp this year, would not comment on whether China was responsible.

STONE AGE

Vijay Mukhi, an independent cyber-expert based in India, says some south Asian governments, including India, are highly vulnerable to hacking from China as it strives to broaden its influence and strategic interests in the region.

"I'm not surprised because that's what China does, they are gradually dominating the cyberworld," he said.

"I would call it child's play (for a hacker to get access to Indian government data) ... I would say we're in the stone age."

An Indian telelcommunications ministry official declined to say whether he was aware of the hacking on the government.

The UN said it was aware of the report, and that it has started an investigation to ascertain if there was an intrusion.

But Hwang Mi-kyung, with leading South Korean cyber security firm Ahnlab, cautioned against assuming China was the only one involved.

"I think we're beyond the stage where we should be focusing on the technical aspect of addressing individual attacks and instead we should think more in terms of what we can do policywise. For that, the involvement of Chinese government is very important," she said.

McAfee released the report to coincide with the start of the Black Hat conference in Las Vegas on Wednesday, an annual gathering of security professionals and hackers who use their skills to promote security and fight cyber crime.

In the scorching desert heat, they will meet to talk about a series of recent headline-grabbing hacks, such as on Lockheed Martin Corp, the International Monetary Fund, Citigroup Inc, Sony Corp and EMC Corp's RSA Security.

The activist groups Anonymous and Lulz Security have recently grabbed the spotlight for temporarily shutting down some high-profile websites and defacing others.

But attacks like Operation Shady RAT are far more costly and often undisclosed, as victims fear reputational damage or attention from other hackers. McAfee sees Operation Shady RAT as the tip of the iceberg.

"I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact," Alperovitch wrote in the report.

"In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they've been compromised and those that don't yet know."

Libyan Rebels Accused Of Attacking Civilians

Πηγή: Outside the Beltway

By Doug Mataconis · Wednesday, July 13, 2011

According to The New York Times, Libyan rebels are being accused of attacking civilians in several captured towns:


Rebels in the mountains in Libya’s west have looted and damaged four towns seized since last month from the forces of Col. Muammar el-Qaddafi, part of a series of abuses and apparent reprisals against suspected loyalists that have chased residents of these towns away, Human Rights Watch said Tuesday.

The looting included many businesses and at least two medical centers that, like the towns, are now deserted and bare.

Rebel fighters also beat people suspected of being loyalists and burned their homes, the organization said.

The towns that have suffered the abuses are Qawalish, which rebels seized last week, Awaniya, Rayaniyah and Zawiyat al-Bagul, which fell to the rebels last month. Some of the abuses, Human Rights Watch said, were directed against members of the Mashaashia tribe, which has long supported Colonel Qaddafi.

The organization’s findings come as support for the war has waned in Europe and in Washington, where Republicans and Democrats alike have questioned American participation on budgetary and legal grounds.

They also raise the prospect that the NATO-backed rebel advances, which have stalled or slowed to a crawl, risk being accompanied by further retaliatory crimes that could inflame tribal or factional grievances, endangering the civilians that NATO was mandated to protect.

Rebel officials in the mountains have played down the looting and arson in recent days. In an interview on Sunday, Col. Mukhtar Farnana, the region’s senior commander, said that reprisals were not sanctioned and that he did not know any details about them.

But Human Rights Watch said the same commander shared details with its investigators and conceded that rebels had abused people suspected of being collaborators as towns changed hands.

“People who stayed in the towns were working with the army,” the organization quoted him as saying. “Houses that were robbed and broken into were ones that the army had used, including for ammunition storage.” The commander added, “Those people who were beaten were working for Qaddafi’s brigades.”

This isn’t the first time there have been rumors of attacks on civilians by the rebels, so this shouldn’t be a surprise. Considering that the United Nations Security Council Resolutions that authorized the intervention in Libya speak to protection of civilians, this would seem to create a conflict between NATO’s support of the rebels and its supposed enforcement of the UNSCRs.

Anonymous vs. NATO: Get your popcorn ready

Πηγή: Foreign Policy

Anonymous vs. NATO: Get your popcorn ready
Posted By Joshua Keating Thursday, June 9, 2011 - 4:22 PM

Anonymous has responded to a recent NATO report which suggested that the "hacktivist" collective would be "infiltrated" and "persecuted" if its illegal actions continued, CNET reports. Among other measures, the NATO document, issued earliler this week, speculated about whether the organization's Article 5 on mutual defence could be invoked in response to a cyber attack. The groups responded with a warning:

Our message is simple: Do not lie to the people and you won't have to worry about your lies being exposed. Do not make corrupt deals and you won't have to worry about your corruption being laid bare. Do not break the rules and you won't have to worry about getting in trouble for it.

Do not attempt to repair your two faces by concealing one of them. Instead, try having only one face - an honest, open and democratic one.