It's an attractive object,
on-line security,
but, like unicorns, it doesn't exist
on-line security,
but, like unicorns, it doesn't exist
by
David Moss
October
2010
updated November 2010
updated December 2010 updated January 2011 updated April 2011 updated May 2011 updated June 2011 updated July 2011 updated October 2011 updated November 2011 updated December 2011 |
updated January 2012
updated February 2012 updated March 2012 updated April 2012 updated May 2012 updated June 2012 updated August 2012 updated September 2012 updated November 2012 updated December 2012 |
updated January 2013
updated February 2013 updated March 2013 updated May 2013 updated June 2013 updated September 2013 updated October 2013 updated November 2013 updated December 2013 updated January 2014 |
Around about the Harvest Festival here in the UK
there was a sudden crop of articles in the media about breaches of website
security:
• Stuxnet Worm computer virus 'aims to sabotage
Iran's nuclear plant', said the Times:
"A computer virus that has infected more than 60,000 machines in Iran may
be a sophisticated cyber-warfare attack on Iran’s clandestine nuclear arms programme".
• E-crime detectives as vital as bobbies on beat, said the Telegraph:
"Online fraud generated £52 billion worldwide in 2007 – a staggering sum.
We believe there is major under-reporting of all types of cyber crime".
• In the light of the ACS:Law leak, how safe is our
data?, asked the Guardian:
Late on 24 September an archive containing
thousands of emails from solicitors ACS:Law appeared on the internet ... This
year the Information Commissioner's Office (ICO) was granted powers to levy
fines of up to £500,000 for serious breaches of data protection 'principles'.
This contrasts with the powers of the Financial Services Authority, who this
summer levied a £2.27m fine on insurance firm Zurich for its failure to
adequately protect customer data.
Nothing new, it's been going on for years.
Back in 2003, the BBC reported that a
"computer hacker has gained access to more than 5 million Visa and
Mastercard credit card accounts in the US".
You need a certain amount of expertise to carry out
these crimes and luckily, if that's the word, the inventiveness of the free
market being what it is, training is available:
"the websites shared tips on how to commit fraud and provided a forum by
which people could buy the information and tools they needed to commit such
crime".
Which could account for the increase in the
magnitude of cyber crime that we are seeing now: "Albert
Gonzalez ... is currently awaiting sentencing on charges that he and others
hacked into TJX, Office Max, Heartland Payment Systems and numerous other
companies to steal data on more than 100 million credit and debit card
accounts".
It's not just banks and insurance companies and
retailers and solicitors and Iranian power plants that are affected. So are UK government websites.
Back in 2006, we read that:
Forty organised tax credit frauds involving the
theft of thousands of identities and worth at least £5 million are being investigated
by Revenue and Customs inspectors, it was disclosed yesterday ... This is the
latest problem to hamper Gordon Brown's beleaguered tax credit scheme, which
was criticised this week by an influential committee of MPs after it overpaid
£4 billion to claimants in two years ... Richard Bacon, the Tory MP whose
inquiries uncovered the illegal activities, said he understood that
manufacturers and large retailers were targeted. People's identities were being
stolen on 'an industrial scale' ...
What with the increase in supply, the price of stolen identities has
collapsed.
In 2005, a chap could get $60 a pop:
Cummings, who worked for Teledata Communications -
a New York-based software company which helps lenders access major credit
databases - had access to clients' codes and passwords. He would steal people's
credit reports and pass them on to an accomplice, who would sell them on and
share the profits with Cummings. The stolen identities, bought by
intermediaries for about $60 per name, were then used to access the victims'
bank accounts and use their credit cards.
A year later, the Sunday Times told
us that "the stolen identities of Britons – including their credit card
details, home addresses and security passwords – are being sold on Russian
websites for as little as £1 each".
You have to buy in bulk, of course, to get prices
that low but, apparently, you can sometimes get your money back if you're not
satisfied – this is a professional and mature business with
standards to maintain, international brands to build, customer satisfaction to
consider, loyalty and amour propre.
The police do have their successes. In 2005, they
"smashed"
a £25 million cheque fraud and they "foiled" a £220 million
bank theft. Which is good but it's an uphill struggle when you consider the geo-political
scale of the threat:
American officials have been holding secret talks
with Russia and the United Nations in an attempt to strengthen internet
security and rein in the growing threat of cyberwarfare ... The potential for
online warfare has become a hot topic in recent years, after a string of major
incidents. Large-scale cyberattacks took place during last year's conflict
between Russia and Georgia while
the Estonian
government came grinding to a halt after an internet assault in
2007.
Wherever you
see that a new application has been found for the web, you need to be
sceptical.
One last example. Washington DC,
for the most democratic of reasons, are trying to ensure that temporarily
absent residents do not lose their vote. The proposed web-based voting system
was "hijacked" by well-meaning (white hat) computer scientists who
demonstrated how easily black hat hackers could take over and ensure the
election result of their choice. The system has been scrapped. As a spokesman
for the Washington DC Board of Elections and Ethics says: "This is an
abundance-of-caution sort of thing".
Naturally the more punctilious website operators
all proceed with an abundance of caution. They all conform to an alphabet
spaghetti of security standards. But it doesn't seem to help – the general
impression remains that if the hackers want to invade your website, they will,
whoever you are.
Organisations which put their business applications
and data on the web take part in what is known as "cloud computing".
It follows from the evidence adduced above that anyone who can avoid putting
their head in the clouds should avoid it, it is a dangerous thing to do,
imprudent and inadvisable. Contra-indicated. Deprecated ...
Cloud computing sounds modern and exciting and is
often promoted as efficient and green and it sounds Luddite to attack it but
just how modern, excited, efficient and green will you feel when your bank
account details are sold for £1 and all your money disappears?
And with that question, finally, we get to the
point, which is that the UK government is currently considering civil service
proposals – the G-Digital Programme – to
rain down public services on us from a G-Cloud.
There are 10 million people in the
UK who, God bless them, have never used the web. That's 10 million people who
would be excluded by the G-Digital Programme. It is dangerous to put public
services on the web. And, arguably, pointless – they won't reach the people who
need them most.
It is to be hoped that Rt Hon Francis Maude MP,
Cabinet Office Minister, will keep the G-Cheque book securely locked in his
G-Plan desk.
Whatever else you may say about Mr Maude, he is not
Tony Blair.
The Cabinet Office promised the credulous Mr Blair
four years ago that they would transform government if
only he gave them all the Christmas presents they asked for. Which he did and
yet there is nothing to show for their promises today, there is no reason to
give them a second chance, we know they can't deliver, they've proved it.
And that's just as well, as we would all promptly
be defrauded if they ever did deliver, and the country would be brought to a
halt by any of our enemies who could be bothered.
"It's stupidity. It's worse than stupidity:
it's a marketing hype campaign" ... The 55-year-old New Yorker said that
computer users should be keen to keep their information in their own hands,
rather than hand it over to a third party.
His comments echo those made last week by Larry Ellison,
the founder of Oracle, who criticised the rash of cloud computing announcements
as "fashion-driven" and "complete gibberish".
"The interesting thing about cloud computing
is that we've redefined cloud computing to include everything that we already
do," he said. "The computer industry is the only industry that is
more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no
idea what anyone is talking about. What is it? It's complete gibberish. It's
insane. When is this idiocy going to stop?"
INTELLIGENCE chiefs have warned that China may have
gained the capability to shut down Britain by crippling its telecoms and
utilities.
They have told ministers of their fears that
equipment installed by Huawei, the Chinese telecoms giant, in BT’s new
communications network could be used to halt critical services such as power,
food and water supplies.
The warnings coincide with growing cyberwarfare
attacks on Britain by foreign governments, particularly Russia and China ...
Ministers expressed concern that replacing the
Chinese components with British parts would clash with government policy on
competition.
Urgent warnings have been circulated throughout
Nato and the European Union for secret intelligence material to be protected
from a recent surge in cyberwar attacks originating in China.
The attacks have also hit government and military
institutions in the United States, where analysts said that the West had no
effective response and that EU systems were especially vulnerable because most
cyber security efforts were left to member states.
Nato diplomatic sources told The Times:
"Everyone has been made aware that the Chinese have become very active
with cyber-attacks and we’re now getting regular warnings from the office for
internal security." The sources said that the number of attacks had
increased significantly over the past 12 months, with China among the most
active players.
In the US, an official report released on Friday
said the number of attacks on Congress and other government agencies had risen
exponentially in the past year to an estimated 1.6 billion every month.
For decades the possibility of a cyberwar has
fascinated experts. After land, sea and air engagements, battles in cyberspace
could require the rewriting of military doctrines for an era in which a country
could be brought to its knees by a few strokes of a laptop. That moment appears
to have arrived.
According to security experts, a computer worm that
has infested Iran’s Bushehr nuclear plant was launched by another state. It has
disrupted the production of nuclear material, proving that a cybermissile can
have as much impact as an airstrike.
The UK's critical infrastructure - such as power
grids and emergency services - faces a "real and credible" threat of
cyber attack, the head of GCHQ says.
The intelligence agency's director Iain Lobban said
the country's future economic prosperity rested on ensuring a defence against
such assaults.
... it emerged today that the Organisation for
Economic Co-operation and Development (OECD), said it had been under sustained
cyber attack for the last few months and is still battling to get its computers
cleaned up.
OECD spokesman Stephen Di Biasio told EUobserver
that the organisation had a team trying to close entry points, but wasn't able
to definitely say that hackers were not still accessing its systems.
He said: "What we know is it's quite a
sophisticated attack. We've got quite high levels of security protocols at the
OECD and this has been able to bypass those security measures ..."
The navy's website was shut down this morning after
a self-confessed security enthusiast claimed to have hacked into the site and
its databases.
In a new post on his blog the hacker, a Romanian
national known only as TinKode, claims to have penetrated the security of the
navy's site late on Friday night.
The shocking breach comes just weeks after the
coalition Government announced plans to make countering cyber-terrorism a major
defence priority.
China "hijacked" 15 per cent of the
world's internet traffic for 18 minutes earlier this year, including highly
sensitive email exchanges between senior US government and military figures, a
report to the US Congress said.
Britons will be forced to apply online for
government services such as student loans, driving licences, passports and
benefits under cost-cutting plans to be unveiled this week.
Officials say getting rid of all paper applications
could save billions of pounds. They insist that vulnerable groups will be able
to fill in forms digitally at their local post offices.
The latest batch of documents to be released by
Wikileaks is made up of diplomatic messages sent from US embassies around the
world.
The whistle-blowing website says it has obtained
more than 250,000 cables passed between the US State Department and hundreds of
American diplomatic outposts - but it has so far only published a small sample
of those messages.
Hackers have attacked the websites of credit card
giants Mastercard and Visa.
The attacks came after the Anonymous group of
hackers pledged to pursue firms that have withdrawn services from Wikileaks.
Mastercard payments were disrupted but the firm
said there was "no impact" on people's ability to use their cards.
Visa's website also experienced problems. The
attacks came after both companies stopped processing payments to the
whistle-blowing site.
Quarter of a million passwords published and
Twitter feed used to taunt 'arrogant' management in audacious security breach.
The 24-hour attack penetrated deep into Gawker's
computer systems, shattering its security shield and catching its executives
off guard.
Websites holding the personal data of British
taxpayers could be targeted by the computer hackers who are attacking
organisations seen as enemies of WikiLeaks, the national security adviser has
warned.
Sir Peter Ricketts told senior civil servants that
Whitehall should be prepared to come under fire from "hacktivists"
angry at British authorities over the arrest of Julian Assange, the anti-secrecy
site's editor ...
He said there was particular concern about sites
belonging to the Department for Work and Pensions, which holds information on
benefits claimants, and HMRC, which has data on all taxpayers.
The e-mail account details of government officials,
civil servants and defence company staff have been leaked online after computer
hackers attacked a prominent group of gossip and news websites, a Times
investigation shows.
The work e-mail addresses and passwords of senior
staff at the Crown Prosecution Service, officials at the Charity Commission and
employees of BAE Systems are among those in a file of more than one million
user names that is circulating online, putting highly sensitive correspondence
at risk.
The leaked details belong to people who used their
work e-mail to access websites run by the Gawker Media group, founded by Nick
Denton.
Supporters of the English Defence League (EDL) are
facing potential embarrassment after a database containing their personal
details was hacked into.
Police are believed to be investigating the
security breach, which also included the far-Right groups’s payment system
being illegally accessed.
Amid fears of violence toward members, the EDL said
it will support vulnerable people. They also urged members to change their
online shopping details after concerns were raised that they would be published
on the internet.
Hackers had access to the gossip site Gawker's
content management system (CMS) and password files for around six months,
rather than the few days suggested by the company, the Guardian has learnt from
sources connected to the break-in ...
The hacking of Gawker and its associated sites led
to the usernames, email addresses and passwords of 1.3 million registered users
of the sites being made available – among them, those for Gawker staff
including its chief Nick Denton ...
The Guardian's sources insist that the Gnosis
attack was not a short-term thing. "They didn't just crack it in a day,
they spent a fair bit of time working on it and they had full access for at
least a month. Mind you, when the database leak rumour was going around, Gawker
publicly announced that they weren't compromised. Either they were lying to the
public and trying to fix the hole, or they didn't even notice Gnosis in there –
given the proper tools it's very easy to hide yourself on a Linux system."
“In the future I don’t think state-to-state warfare
will start in the way it did even 10 years ago,” he said.
“It will be cyber or banking attacks — that’s how
I’d conduct a war if I was running a belligerent state or a rebel movement.
It’s semi-anonymous, cheap and doesn’t risk people.”
The first known incidence of state-to-state
cyberattacks came in Estonia in 2007 when Russia caused chaos in the tiny
Baltic state by disabling the websites of government ministries, political
parties, newspapers, banks and companies in retaliation for the removal of a
Soviet war memorial in Tallinn, the capital. Estonia has mobilised a
cyberdefence league to protect itself.
Moscow used the same tactic the following year
during the Russian invasion of Georgia. It disabled government and commercial
computer systems.
More damaging still was the Stuxnet computer worm
that was used to attack the Iranian nuclear programme in 2009. It disabled
hundreds of centrifuges used to enrich uranium for possible use in weapons.
Three current trends in the delivery of ICT
services give particular concern: World Wide Web portals are being increasingly
used to provide critical Government-to-citizen and Government-to-business
facilities. Although these potentially offer cost savings and increased
efficiency, over-dependence can result in repetition of the problems faced by
Estonia in 2007. A number of OECD governments have outsourced critical
computing services to the private sector; this route offers economies and
efficiencies but the contractual service level agreements may not be able to
cope with the unusual quantities of traffic that occur in an emergency. Cloud
computing also potentially offers savings and resilience; but it also creates
security problems in the form of loss of confidentiality if authentication is
not robust and loss of service if internet connectivity is unavailable or the
supplier is in financial difficulties
7. ... The cloud computing business model, on the
one hand, has the potential to offer public administrations substantial benefits
and improvements over current IT provisioning ...
On the other hand, it still shows weaknesses and
exposures to significant threats that could undermine the full exploitation of
all the benefits that such a model could offer. Weaknesses and threats are
mainly linked to the lack of governance and control over IT operations and the
potential lack of compliance with laws and regulations ...
The public cloud option is already able to provide
a very resilient service with an associated satisfactory level of data
assurance and is the most cost effective. Moreover public cloud offers
potentially the highest level of service availability, but due to the current
regulatory complexity of intra-EU and extra-EU trans-border data transfer, its
adoption should be limited to non-sensitive or non critical applications and in
the context of a defined strategy for cloud adoption which should include a
clear exit strategy.
Cyber-thieves have stolen as much as €30m in carbon
allowances from the European Union’s emissions trading system, authorities
said, as exchanges across Europe halted trading on Thursday.
Exchanges including ICE Futures Europe, Nasdaq OMX
Commodities Europe and London-based LCH.Clearnet stopped trading of emissions
contracts, which are central to the bloc’s fight against global warming.
Cyber thieves are cashing in after stealing credit
cards in a hack attack on the website of cosmetics firm Lush.
The online shop was shut down on 21 January and its
home page replaced with a message revealing the attack.
Lush said anyone who placed an online order between
4 October and 20 January should contact their bank in case their card details
had been compromised.
Last night Zuckerberg’s fan page on the website was
attacked by hackers, who took over his page and posted the following message,
pretending to be him...
The hacker attack comes just days after French
President Nicolas Sarkozy’s Facebook account was also breached.
Stock exchanges in Britain and the US have turned
to the security services for help after discovering they were the victims of
terrorist plots and attempted cyber attacks that aimed to spread panic in
leading global financial markets.
Computer hackers have stolen the names and email
addresses of millions of people in one of the largest internet security
breaches in US history.
Sony has warned that the names, addresses and other
personal data of about 77 million people with accounts on its PlayStation
Network (PSN) have been stolen.
Sony said hackers have stolen the personal
information from a further 25m users in a second massive breach of its online
games system ... The theft comes on top of the 77 million PlayStation accounts
taken in a cyberattack revealed last week.
China today admitted for the first time the
existence of a super-elite unit of cyberwarriors – a team supposedly trained to
protect the People’s Liberation Army from outside assault on its networks.
The revelation of the 30-strong crack unit, known
as the “Blue Army" ...
In what appeared to be one of the most audacious
acts of cyber-warfare conducted so far, the breach came against a backdrop of
repeated attempts by rivals of the US, chiefly China and Russia, to infiltrate
information networks and glean details of major weapons systems.
A "toolbox" of offensive cyber weapons is
being assembled to fight hackers targeting military facilities, secret
databases, critical emergency services and Whitehall departments.
Tensions between the US, UK and China over the
issue of cyber-attacks were set to escalate after it emerged that Chinese
hackers have stolen the login details of hundreds of senior US and South Korean
government officials as well as Chinese political activists.
In an effort to lay down military guidelines for
the age of internet warfare, President Barack Obama's administration has been
formalising rules on cyberspace amid growing concern about the reach of
hackers.
Defence company Lockheed Martin, the biggest
supplier to the Pentagon, admitted over the weekend that its computer networks
had been subjected to a sustained attack, though it said security had not been
seriously compromised.
The White House's strategy statement on
cybersecurity said the United States "will respond to hostile acts in
cyberspace as we would to any other threat to our country".
The International Monetary Fund has been the target
of a significant and sustained cyber attack by hackers working on behalf of a
nation state aiming to establish a “digital insider presence” on its network.
The CIA has become the latest target of self-styled
"pirate ninja" hackers LulzSec.
The Central Intelligence Agency website was
unavailable for a few minutes on Wednesday evening as the group announced the
attack via Twitter: "Tango down – cia.gov – for the lulz".
"We are looking into these reports," a
CIA spokeswoman said.
The hackers, who describe themselves as "the
world's leaders in high-quality entertainment at your expense", have
gained international notoriety this month with a series of security breaches.
Over the weekend LulzSec broke into a public
website of the US Senate and released data stolen from the legislative body's
computer servers.
Last week they hacked the website of an unnamed NHS
organisation – one of England's primary care trusts. The Department of Health
said no patient's medical records were accessed during the incident, which it
described it as "a local issue" and "quite a low-level"
lapse in IT security.
Earlier this month LulzSec broke into the website
of Sony Pictures Entertainment and exposed information from 37,000 users,
including names, passwords, birthdates and email addresses. It also hacked into
a webserver belonging to Nintendo in the US.
The name of the group is derived from
"LOL" (laugh out loud) and "security".
In Malaysia, at least 51 state-linked websites have
been hit by cyber-attacks in recent days, the country's telecommunications
regulator has confirmed.
The sites are believed to have been targeted by the
Anonymous group of hackers, who had threatened to disrupt Malaysian sites in
protest at a crackdown on entertainment piracy.
The International Cybercrime Security Protection
Alliance (ICSPA) will be a coalition of businesses, the Government and
international police forces such as Europol. Chaired by David Blunkett, the
former Home Secretary, the new body aims to stem the exponential growth of
cybercrime, which it is estimated will cost the UK £27 billion this year.
An arm of the online collective Anonymous said it
had broken into the computer systems of Booz Allen Hamilton and then posted the
details on the internet ...
The hackers also wiped out four gigabytes of Booz
Allen source code in an attack they called “Military Meltdown Monday.”
The group said: “We infiltrated a server on their
network that basically had no security measures in place.”
Booz Allen provides technological services
including cyber-security consulting to the military and other US government
agencies ...
Aviation Week also reported that [Deputy Defense
Secretary William Lynn] said one U.S. weapon system under development may have
to undergo redesign following a cyber breach in March. He did not identify the
system. More than 24,000 files containing an unspecified but large amount of
data were copied from a defense contractor’s internal databases, according to
Lynn. Whether and how much redesign will be necessary is still being studied.
The United States may be forced to redesign an
unnamed new weapon system now under development – because tech specs and plans
were stolen from a defence contractor's databases.
The Pentagon has disclosed that it suffered one of
its largest ever losses of sensitive data in March when 24,000 files were
stolen in a cyber-attack by a foreign government.
Hacktivists have posted "secret
documents" stolen from an Italian cybercrime unit.
The documents – 8GB of files – were extracted from
a system maintained by the Centro Nazionale Anticrimine Informatico per la
Protezione delle Infrastrutture Critiche (CNAIPIC), the organisation charged
with guarding the country's critical IT infrastructure.
The head of a group that helps the federal
government ward off computer attacks abruptly resigned Friday, amid a spate of
high-profile assaults hitting government agencies and contractors.
The departure of US Computer Emergency Readiness
Team director Randy Vickers was first reported Monday by InformationWeek, which
cited an internal email sent to US-CERT staff. The email gave no reason for the
resignation, which is effective immediately.
Over the past six months, security breaches have hit a variety of government contractors and partners, including Lockheed Martin, L3 Communications, and affiliates of the FBI. Attacks have also successfully targeted the CIA, the US Senate, and the Oak Ridge National Laboratory.
Jake Davis, 18, used a network of 16 machines at
his home in the Shetland Islands, prosecutors said this morning. The
information held on the network included web log-in details of hundreds of
thousands of people, it is alleged ...
In June, Ryan Cleary, a 19-year-old from Wickford
in Essex, was also charged in relation to the attack on Soca's website. A
further arrest, of a 16-year-old boy from south London, followed in July. He
was released on police bail pending further inquiries.
Millions of online banking customers are at risk of
fraud because of a "fundamental" flaw in key security software, The
Times has learnt.
Major British banks, including HSBC and Santander,
strongly advise customers to install specialist software called Trusteer
Rapport in order to protect themselves from fraudsters when logging into
banking websites ...
Times Money
has seen evidence that the software's keylogger protections — designed to
prevent fraudsters recording users' login and credit card details — can be
hacked by computer security specialists with "minimal effort" in less
than a minute ...
Neil Kettle, a computer security researcher who
discovered the problem, says that it was "almost inevitable" that
criminals would start exploiting the weakness, particularly because the
software allows them to identify online banking customers.
... while Stuxnet was created to cause physical
damage to Iran’s uranium enrichment facilities by surreptitiously adjusting
machinery, Duqu is an intelligence-gathering tool.
The new virus’ precise targets have not been
disclosed, but they include European firms that make the software that controls
power stations and other industrial facilities. By infiltrating their computer
networks, it aims to steal confidential information and potentially reveal
vulnerabilities that could be exploited in later attacks.
Chinese hackers are suspected of having interfered
with the operation of two US government satellites on four occasions via a
ground station, according to a report being prepared for the US Congress.
The volume of e-crime and attacks on government and
industry systems continue to be disturbing. I can attest to attempts to steal British
ideas and designs — in the IT, technology, defence, engineering and energy
sectors, as well as other industries — to gain commercial advantage or to
profit from secret knowledge of contractual arrangements. Such intellectual
property theft doesn’t just cost the companies concerned: it represents an
attack on the UK’s continued economic wellbeing.
We are also aware of similar techniques being
employed to try to acquire sensitive information from British government
computer systems, including one significant (but unsuccessful) attempt on the
Foreign Office and other government departments this summer.
Criminals are using cyberspace to extort money and
steal identities, as well as exploit the vulnerable. Increasingly sophisticated
techniques target individuals. We are witnessing the development of a global
criminal market place — a parallel black economy where cyber dollars are traded
in exchange for UK citizens’ credit card details ...
Iain Lobban is the Director of GCHQ
US homeland security and FBI officials are
investigating an apparent cyber-attack on a water utility near Springfield,
Illinois.
The attack may have been the cause of a water pump
shutdown, and could be the first case of foreign hackers successfully targeting
a US industrial facility.
US press reported that the company's database was
compromised with hackers retrieving the supervisory control and data
acquisition (Scada) software. During the attack the Scada system was turned on
and off, burning out the water pump.
The world’s largest defence company is to establish
a cyber security division in Britain to counter the growing threat from digital
attacks.
Lockheed Martin will open its Security Intelligence
Centre at Farnborough in Hampshire next week and expects to employ up to 300
people there by 2015.
The American company is hoping to challenge rivals
such as BAE Systems, EADS and Thales, which already provide cyber protection in
the UK.
Cyber attack has been identified as one of the four most serious threats to national security as amateur hackers and criminal gangs, as well as nations, look to exploit system weaknesses.
Cyber attack has been identified as one of the four most serious threats to national security as amateur hackers and criminal gangs, as well as nations, look to exploit system weaknesses.
According to a recent report from the Cabinet
Office, cyber crime costs British business about £21 billion a year.
25 November 2011:
UK cyber security strategy due to be
unveiled
UK cyber crime unit to launch attacks on ‘enemies’
GCHQ to sell off spy expertise
GCHQ to offer British firms expertise in cybercrime
UK cyber crime unit to launch attacks on ‘enemies’
GCHQ to sell off spy expertise
GCHQ to offer British firms expertise in cybercrime
Cybercrooks and patriotic state-backed hackers in
China are collaborating to create an even more potent security threat,
according to researchers ...
The Wall Street Journal reported last
Tuesday that US authorities have managed to trace several high-profile hacking
attacks, including assaults against RSA Security and defence contractor
Lockheed Martin, back to China. Information obtained during an attack on
systems behind RSA's SecurID tokens was later used in a failed attack against
Lockheed Martin.
Hackers with the loose-knit movement
"Anonymous" have claimed to have stolen a raft of emails and credit
card data from US-based security think tank Stratfor, promising it was just the
start of a weeklong, Christmas-inspired assault on a long list of targets ...
Hours after publishing what it claimed was
Stratfor's client list, Anonymous tweeted a link to encrypted files online. It
said the files contained 4,000 credit cards, passwords and home addresses
belonging to individuals on the think tank's private client list.
Thousands of British email addresses and encrypted
passwords, including those of defence, intelligence and police officials as
well as politicians and Nato advisers, have been revealed on the internet
following a security breach by hackers.
Among the huge database of private information
exposed by self-styled "hacktivists" are the details of 221 British
military officials and 242 Nato staff. Civil servants working at the heart of
the UK government – including several in the Cabinet Office as well as advisers
to the Joint Intelligence Organisation that acts as the prime minister's eyes
and ears on sensitive information – have also been exposed.
The exposure of the database came after hackers –
who are believed to be part of the Anonymous group – gained unauthorised access
over Christmas to the account information of Stratfor ...
Hackers disrupted online access to the Tel Aviv
stock exchange, El Al airlines and three banks on Monday, in what the
government described as a cyber-offensive against Israel.
The attacks came just days after an unidentified
hacker, proclaiming Palestinian sympathies, posted the details of thousands of
Israeli credit card holders and other personal information on the internet in a
mass theft.
Stock trading and El Al flights operated normally
despite the disruption, which occurred as Israeli media reported that
pro-Palestinian hackers had threatened at the weekend to shut down the Tase
stock exchange and airline websites.
While apparently confined to areas causing only
limited inconvenience, the attacks have caused particular alarm in a country
that depends on high-tech systems for much of its defence against hostile
neighbours. Officials insist, however, that they pose no immediate security
threat ...
A recording of a confidential conference call
between the FBI and UK law enforcement officers at the Metropolitan Police has
been released by Anonymous on the internet.
The inference has to be that hackers were able to
secretly access the call because they have compromised a police investigator's
email account.
The world's most notorious computer hacker has been
working as an informer for the FBI for at least the last six months, it emerged
on Tuesday, providing information that has helped contribute to the charging of
five others, including two Britons, for computer hacking offences.
CHINESE spies hacked into computers belonging to
BAE Systems, Britain’s biggest defence company, to steal details about the
design, performance and electronic systems of the West’s latest fighter jet,
senior security figures have disclosed. The Chinese have exploited
vulnerabilities in BAE’s computer defences to steal vast amounts of data on the
£200 billion F-35 Joint Strike Fighter (JSF), a multinational project to create
a plane that will give the West air supremacy for years to come, according to
the sources. The attack has prompted fears that the jet’s radar capabilities
could have been compromised.
China is stealing a "great deal" of
military-related intellectual property from the United States and was
responsible for last year's attacks against cybersecurity company RSA, U.S.
Cyber Command commander and National Security Agency director Gen. Keith
Alexander told the Senate Armed Services Committee on Tuesday ...
"The ability to do it against a company like
RSA is such a high-order capability that, if they can do it against RSA, that
makes other companies vulnerable ..."
Hackers have stolen the details of millions of
credit cards in the US, exposing customers of Visa, Mastercard and American
Express to fraud.
The US Secret service confirmed it was
investigating a major cyber intrusion at Processor Global Payments, an
Atlanta-based payment processor which said it had discovered “unauthorised
access” on its system early this month ...
Individual banks and processors said they had not
yet determined the full extent of the breach, but the blog Krebs on Security,
which first reported the breach, said it was “massive” and could affect more
than 10 million cardholders.
A comment kindly posted on the DMossEsq blog brings
attention to a paper on cyberwarfare written by Dr Thomas Rid, Reader in the
Department of War Studies at King's College London. According to Dr Rid in his
February 2012 paper Cyber War Will Not
Take Place, cyber attacks do not amount to acts of war. Sabotage,
espionage and subversion – yes. But not war. Dr Rid also downplays the impact
of distributed denial of service attacks (DDoS) such as those carried out by
Anonymous. Are we all talking nonsense when we talk about the dangers of
cyberwar/sabotage/espionage/subversion? No. Dr Rid gives the following example
of the consequences of defective web seurity:
... A second example is Anonymous’ perhaps most
striking operation, a devastating assault on HBGary Federal, a technology
security company. HBGary’s clients included the US government and companies
like McAfee. The firm with the tag-line detecting tomorrow’s malware
today had analyzed GhostNet and Aurora, two of the most sophisticated
known threats. In early February 2011, Aaron Barr, then its chief executive
officer (CEO), wanted more public visibility and announced that his company had
infiltrated Anonymous and planned to disclose details soon. In reaction,
Anonymous hackers infiltrated HBGary’s servers, erased data, defaced its
website with a letter ridiculing the firm with a download link to a leak of
more than 40,000 of its emails to The Pirate Bay, took down the company’s phone
system, usurped the CEO’s twitter stream, posted his social security number,
and clogged up fax machines. Anonymous activists had used a number of methods,
including SQL injection, a code injection technique that exploits faulty
database requests. ‘You brought this upon yourself. You’ve tried to bite the
Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face’,
said the letter posted on the firm’s website. The attack badly pummeled the
security company’s reputation.
Some revisionism going on here?
In 2007, the government infuriated its
Russian-speaking minority by moving a Soviet war memorial from central Tallinn
to a cemetery on the city's outskirts. Violence flared on the streets, and
later reached the internet. The first cyberattack was simplistic, and easily
dealt with: thousands of unknown individuals bombarding government, media and
banking websites with "denial of service" (DoS) attacks.
"It was like an internet riot," said
Hillar Aarelaid, who led Estonia's response, at the time.
But what started as an emotional backlash soon
became a far larger, longer and better co-ordinated assault on Estonia's very
being.
It lasted three weeks and could only be contained
by restricting internet traffic in and out of the country. It was, in effect, a
cybersiege.
"This is how a lot of myths were
created," remembered Pärgmäe. "Those outside the country couldn't
access Estonian websites, but they didn't realise that people inside still
could."
Rumours circulated about the collapse of the
Estonian online banking system, and how people were struggling to buy
groceries. "But actually the longest downtime for a bank's website was
just one and a half hours."
Iran's oil ministry has called a crisis meeting
after its main website and internal communications system were hit by an
apparent cyber-attack that forced authorities to cut off the country's oil
export terminal from the internet.
Local news agencies reported on Monday that a virus
had struck the computer and communication systems of Iran's main oil export
facilities on Kharg Island as well as the internal network and the websites of
its oil ministry and subsidiary organisations.
The website of the UK's Serious Organised Crime
Agency (Soca) has been taken offline following a cyber-attack.
Soca confirmed to the BBC that soca.gov.uk had
suffered a Distributed Denial of Service (DDoS) attack.
A spokesman said the site was taken offline at
22:30 on Wednesday, but that the attack did not "pose a security risk to
the organisation".
Soca has recently shut down 36 websites believed to
be selling stolen credit card information.
Computer hackers have managed to breach some of the
top secret systems within the Ministry of Defence, the military's head of
cyber-security has revealed.
Major General Jonathan Shaw told the Guardian the
number of successful attacks was hard to quantify but they had added urgency to
efforts to beef up protection around the MoD's networks.
"The number of serious incidents is quite
small, but it is there," he said. "And those are the ones we know
about. The likelihood is there are problems in there we don't know about."
Government computer systems come under daily
attack, but though Shaw would not say how or by whom, this is the first
admission that the MoD's own systems have been breached.
A cyber-attack that targeted Iran's oil ministry
and main export terminal was caused by the most sophisticated computer worm yet
developed, experts have warned ...
Orla Cox, a senior analyst at Symantec, the
international computer security firm, said: "I would say that this is the
most sophisticated threat we have ever seen" ...
Analysis now shows that the worm has been around,
undetected, for at least two years, and experts are confident it was
responsible for the disruption to Iran's oil industry last month.
According to reports, the cyber-attack forced Iran
to convene a "crisis committee" that ordered the disconnection of six
of its main oil terminals from the internet, to stop the worm spreading.
The Iranian Students' News Agency said that the
virus had successfully erased information on hard disks at the oil ministry's
headquarters.
Though the oil ministry insisted that the worm had
been contained and that no significant data had been erased, the likelihood is
that W32.Flamer had been inside the network for many months and may already
have completed its primary mission. Cox said the worm was designed to gather
and send information covertly – unlike Stuxnet, which was built to identify and
destroy equipment.
"Once the attacker has that level of access,
then all bets are off," she said. "Once the worm has infected a
system, it would be possible to add new commands over time, to add an element
of disruption" ...
A computer worm designed to cripple Iran’s uranium
enrichment programme was the result of a joint operation between the US
National Security Agency and a secret Israeli cyberwarfare unit, American
officials have confirmed for the first time.
The officials, interviewed by a reporter from the
New York Times, say that the Stuxnet worm was originally commissioned by
President Bush but has been enthusiastically embraced by his successor, Barack
Obama.
Social networking website LinkedIn has said some of
its members' passwords have been "compromised" after reports that
more than six million passwords had been leaked onto the internet.
Hackers posted a file containing encrypted
passwords onto a Russian web forum.
They have invited the hacking community to help
with decryption.
Internet dating mainstay eHarmony bills itself the
"No 1 Most Trusted Dating Site," but the company confirmed Thursday
that an unspecified number of its users' passwords were compromised and
allegedly posted to a hacker network this week.
Hours later the music website Last.fm announced
that it, too, is investigating the leak of "some" of its members'
passwords.
The new findings reveal that the teams shared
source code of at least one module prior to 2010. “What we have found is very
strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected,” said
Alexander Gostev, Chief Security Expert at Kaspersky Lab.
AMERICAN companies under siege from hackers
increasingly taking “retaliatory action” against their assailants, cyber
experts claim.
Frustrated by their inability to stop breaches or
use the law to punish attackers, a number are using “active defence” or “strike
back” reprisals, which range from steps to distract and delay a hacker to more
radical measures.
Iran is to move key ministries and state bodies off
the worldwide internet next month in an effort to shield them behind a secure
computer wall from disruptive cyber attacks like the Stuxnet and Flame viruses.
GCHQ, the UK's nerve-centre for eavesdropping
spooks, has established what's billed as Blighty's first academic research
institute to investigate the "science of cyber security".
The lab - which was set up with the Research
Councils' Global Uncertainties Programme and the government's Department for
Business, Innovation and Skills - is a virtual organisation involving several
universities ...
Chinese hackers have taken up cyber arms and
followed up widespread anti-Japan protests in the People’s Republic over a set
of disputed islands by attacking at least 19 Japanese government and other web
sites ...
Things got even worse for the the Tokyo Institute
of Technology, whose site was defaced endured an attack that saw names and
telephone numbers of over 1,000 members of staff leaked.
New evidence that Iran is following through on its
dramatic plan to move large
parts of its networked computer systems off the web reflects
how the global struggle for the internet has reached a new intensity over the
last 12 months ...
Two months ago the situation had become
sufficiently grave to lure Jonathan Evans,
the head of MI5, out of his traditional obscurity. "The extent
of what's going on is astonishing with industrial scale processes involving
many thousands of people" he said, pointing out that one British company
had lost a staggering £800m as a consequence of a recent hack.
Name and email addresses of Facebook users are
available online at prices as low as $5 per million.
The dodgy trade was
uncovered by Bogomil Shopov, an internet marketeer and blogger in the Czech
Republic. Shopov said he approached the social network about the problem. He said
Facebook asked him to forward and then delete the data, which came in the form
on a compressed spreadsheet. Facebook representatives also wanted to know where
he'd bought the data and what payment systems were used, he said, adding that
he had been happy to answer.
However, the Czech blogger said he objected to
requests he says were made by the Facebook representatives to keep his
conversations with with them about the matter a secret ...
Crooks attempted to defraud the UK government after
swiping sensitive details on tens of thousands of civil servants, postmen, BT
staff and public-sector workers, The Register has learnt ...
The non-profit sports body, which organises
activities and leisure facilities, was alerted to the breach when a criminal
investigation into fraud attempts on central government traced the data used in
the scams to CSSC's [Civil Service Sports Council] database.
A group of hackers leaked email contact information
of experts working with the International Atomic Energy Agency (IAEA) after
breaking into one of the agency's servers ...
The hacker group calls itself Parastoo and wants
the IAEA to investigate Israel's nuclear activities at the Negev Nuclear
Research Center near Dimona, an Israeli city located in the Negev desert.
"Israel owns a practical nuclear arsenal tied to a growing military body
and it is not a member of internationally respected nuclear, biochemical and
chemical agreements," the group said ...
India’s government and military have suffered one
of the worst cyber attacks in the nation’s history, after over 10,000 email
accounts belonging to top officials were compromised, despite a warning from
the country’s cyber security agency ...
Pendant plusieurs semaines, les données
personnelles de millions de clients de la SNCB Europe Ă©taient librement
accessibles sur Internet. Si l'on ignore les termes exacts de la requĂŞte
effectuée par l'internaute à l'origine de la divulgation, les données étaient
bel et bien accessibles via une simple requĂŞte dans un moteur de recherche ...
CUST_ID, CONTACT_STATE, ACTIVE, DISTRIBUTOR,
CUST_TYPE, GENDER, FIRSTNAME, LASTNAME, BIRTHDATE, LOGON_ID, REGISTERED,
CONTACT_LANGUAGE, CONTACT_LANGUAGE_XX, STREET, HOUSE_NR, ADDITIONAL_NR,
POSTAL_CODE, CITY, COUNTRY, PRIVATE_FIXED_TELEPHONE, PRIVATE_MOBILE_TELEPHONE,
BUSINESS_TELEPHONE, EMAIL ...
... le fichier comporte 1 460 734 entrées. Chaque
ligne concerne un client de la SNCB Europe ...
6 Threat Trends: The Emerging Threat Landscape
6.1 Threat Trends in Mobile Computing
6.2 Threat Trends in Social Technology
6.3 Threat Trends in Critical Infrastructures
6.4 Threat Trends in Trust Infrastructure
6.5 Threat Trends in Cloud Computing
6.6 Threat Trends in Big Data
6.1 Threat Trends in Mobile Computing
6.2 Threat Trends in Social Technology
6.3 Threat Trends in Critical Infrastructures
6.4 Threat Trends in Trust Infrastructure
6.5 Threat Trends in Cloud Computing
6.6 Threat Trends in Big Data
The chairman of one of the world’s biggest mining
companies was targeted by hackers who disguised themselves as Wikipedia
researchers in order to retrieve explosive confidential documents from his
computer, according to documents seen by
The Times.
The report added: “Sensitive documents and
communications, which have only resided on the chairman’s laptop, have since
been published in the public domain.” Investigators believe that the computer
was hacked using “suspicious” e-mails sent to Mr Tan during July and August
last year. The e-mails purported to have been sent by “Steve”, who falsely
claimed to be associated with Wikipedia, with a falsified account
steve@wikipedia.org.
Hacktivist group Anonymous said Saturday
it had hijacked the website of the US Sentencing Commission in a brazen act of
cyber-revenge for the death of internet freedom advocate Aaron Swartz ...
The website of the commission, an independent
agency of the judicial branch involved in sentencing, was replaced with a
message warning that when Swartz killed himself two weeks ago "a line was
crossed." In a message posted on the website and in an accompanying
YouTube video, the hackers said they had infiltrated several government
computer systems and copied secret information they threatened to make public.
The timing of the attacks coincided with the
reporting for a Times
investigation ... that found that the relatives of Wen Jiabao,
China’s prime minister, had accumulated a fortune worth several billion dollars
through business dealings ...
The hackers tried to cloak the source of the
attacks on The Times by first penetrating computers at United States universities
and routing the attacks through them ... the hackers stole the corporate
passwords for every Times employee ...
Last year, Bloomberg News was targeted by Chinese
hackers ... after Bloomberg published an article on June 29 about the wealth
accumulated by relatives of Xi Jinping, China’s vice president at the time ...
The intelligence-gathering campaign ...is as much about trying to control
China’s public image, domestically and abroad, as it is about stealing trade
secrets ...
AT&T informed The Times that it had noticed
behavior that was consistent with other attacks believed to have been
perpetrated by the Chinese military ... The Times notified and voluntarily
briefed the Federal Bureau of Investigation on the attacks ... when it became
clear that attackers were still inside its systems despite efforts to expel
them, The Times hired Mandiant ... Investigators still do not know how hackers
initially broke into The Times’s systems. They suspect the hackers used a
so-called spear-phishing attack, in which they send e-mails to employees that
contain malicious links or attachments. All it takes is one click on the e-mail
by an employee for hackers to install “remote access tools” — or RATs. Those
tools can siphon off oceans of data — passwords, keystrokes, screen images,
documents and, in some cases, recordings from computers’ microphones and Web
cameras — and send the information back to the attackers’ Web servers ...
In the case of a 2011 breach at the United States
Chamber of Commerce ... the trade group worked closely with the F.B.I. to seal
its systems ... But months later, the chamber discovered that
Internet-connected devices — a thermostat in one of its corporate apartments
and a printer in its offices — were still communicating with computers in China
...
hashed passwords can easily be cracked using
so-called rainbow tables ... the attackers cracked the passwords and used them
to gain access to a number of computers ... "They could have wreaked havoc
on our systems," said Marc Frons, the Times’s chief information officer.
"But that was not what they were after." ... What they appeared to be
looking for were the names of people who might have provided information to Mr.
Barboza ...
After Google was attacked in 2010 and the Gmail
accounts of Chinese human rights activists were opened, for example,
investigators were able to trace the source to two educational institutions in
China, including one with ties to the Chinese military ...
The security breach is one of the biggest to ever
affect Twitter, which has 200 million active users, and highlights growing
concerns over the danger of so-called cyber attacks ...
Eighteen people have been charged in what federal
prosecutors in New Jersey called one of the largest credit card fraud schemes
ever uncovered by the U.S. Department of Justice, spanning 28 states and eight
countries.
"The defendants are part of a massive
international fraud enterprise involving thousands of false identities,
fraudulent identification documents, doctored credit reports and more than $200
million in confirmed losses," FBI Special Agent James Simpson said in
court records ...
Apple Inc was recently attacked by hackers who
infected Macintosh computers of some employees, the company said Tuesday in an
unprecedented disclosure describing the widest known cyber attacks targeting
Apple computers used by corporations ...
The same software, which infected Macs by exploiting
a flaw in a version of Oracle Corp's Java software used as a plug-in on Web
browsers, was used to launch attacks against Facebook, which the social network
disclosed on Friday.
Microsoft has confirmed that Wednesday’s Windows
Azure outage that left some customers in the dark for more than 12 hours was
the result of a software bug triggered by the Feb. 29 leap-year date that
prevented systems from calculating the correct time.
Evernote is asking its millions of users to reset
their passwords following an attempt to hack the note-taking network.
In a blog post acknowledging the security breach
Evernote's chief technology officer, Dave Engberg, explained that usernames and
email addresses had been accessed along with encrypted password information.
Thirsty NatWest and RBS customers across the UK are
finding it difficult to get the last round in tonight, as the banks' systems
have failed.
The megabork, which began at around 9:30pm, has
taken down cash machines, online banking and telephone banking for the majority
of its customers across the UK ...
The failure is also affecting debit card payments,
according to multiple reports on twitter of problems processing transactions at
petrol stations and supermarkets.
The Australian central bank confirmed Monday that it
had been hit by cyberattacks, but it said no data had been lost or systems
compromised.
A US government computer vulnerability database and
several other websites at the National Institute of Standards and Technology
have been down for nearly a week after workers there found malware on two Web
servers.
It is recommended that you read the entire Ars Technica article:
(a) People need to test the defences of their
websites to see how well they can withstand attacks. So services grow up which
allow them to launch a test attack. It's all perfectly legitimate-looking, you
open an account, you pay $10 a month, or whatever, you get bulk purchase
discounts, etc ... It's all made easy, with simple drop-down menus from which
you choose the type of attack you would like to launch. But everything
in the web security world is double-edged and, if the test site isn't
too choosy, there's nothing to stop rogue account-holders from using the test
site to launch real attacks ...
(b) There is a great variety of attack tactics,
like chess gambits, which exploit the very virtues of web communications. When
a message is sent to a site, it responds and, as a matter of good housekeeping,
the site waits for an acknowledgement of its response. If you simply don't send
that acknowledgement, the site can sit there waiting forever. Do that over and
over again and the site's resources start to be eaten up ... Double-edged again,
the protocol for orderly communications is itself used to disrupt
communications.
(c) The attacker may be an engineer legitimately
testing the defences he or she has designed. Or a rogue. Or "simply"
someone playing competitive games trying to slow down his or her opponents. Double-edged,
the tools designed to gain an advantage in something as apparently trivial as
computer games are just the tools you need for carrying out the less trivial
exploits listed on this page ...
National broadcasters KBS, MBC and YTN reported
shortly after 2pm that their computer networks had inexplicably come to a
complete halt. Editing equipment had also been affected, affecting broadcasts.
Shinhan Bank and Nonghyup Bank reported that their systems had also been
affected at the same time ...
To date, Seoul has identified 442 sites and
organisations that are dedicated to attacking South Korean interests through
the Internet, including Uriminzokkiri, the [North Korean] regime's main
Internet-based media and propaganda site ...
There is particular concern about the South's
nuclear energy facilities, which supply nearly 36 percent of the nation's
electricity and could be susceptible to viruses.
The report also indicated that South Korea's KTX
high-speed railway network is vulnerable as it is controlled from a single
command centre. A failure in the operating system would mean trains could no
longer control speeds, routes or signals and - in a worst-case scenario, the
report warned - they could be re-routed so they collide, causing hundreds of
deaths.
Air traffic is also at risk, while the South Korean
stock market could be immobilised or see fake transactions being made,
contributing to a crash in the market.
In recent weeks, the self-styled Syrian Electronic
Army (SEA) has launched hacking attacks on the BBC, the Associated Press (AP)
and most recently the Guardian. Last week the group succeeded in
hijacking AP's main Twitter account, with 1.9 million followers. It
falsely claimed that President Obama had been injured in an explosion. AP
corrected the message, but not before $130bn had been briefly wiped off the
value of stocks.
It is recommended that you read the entire Bloomberg article or the DMossEsq summary,
"When it comes to cyber security QinetiQ couldn’t grab their ass with both
hands".
It is recommended that you read the entire ElReg article or the DMossEsq summary,
"When it comes to cyber security QinetiQ couldn’t grab their ass with both
hands".
Inside the tightly controlled security area of
Symantec's Dublin headquarters, a screen on the wall flashes up hacking
hotspots as they are detected around the world. Last year the company estimated
it blocked nearly 250,000 cyber-attacks. One out of every 532 websites was
infected with viruses, it said, and 1.6 million instances of malware were
detected.
Overall, cyber-attacks were up 42% in 2012. They
range from "hacktivist" targeting of industries such as defence to
the fast-growing area of "ransomware" blackmail attempts, but more
than a third of attacks focused on small- to medium-size businesses employing
fewer than 500 people.
... there were now online toolkits hackers could
buy on the internet to enable them to break into bank accounts.
Designs for more than two dozen major US weapons
systems including programmes critical to missile defence and combat aircraft
and ships have been compromised by Chinese hackers, according to a Pentagon
report ...
Chinese hackers have also reportedly stolen
top-secret blueprints to the new $600 million (£385 million) headquarters for
the Australian Security Intelligence Organisation (ASIO) in Canberra.
China has shrugged off allegations by Australian
media that Chinese hackers have stolen the blueprints for the new Australian
spy headquarters ...
"In many cases, [the defence contractors]
don't know they've been hacked until the FBI comes knocking on their
door," an unidentified senior military official told the newspaper.
"This is billions of dollars of combat advantage for China. They've just
saved themselves 25 years of research and development. It's nuts."
The United States and China have agreed to hold
regular, high-level meetings aimed at setting standards of behaviour on
cybersecurity and commercial spying in the first diplomatic move to defuse
tensions over cyberattacks ...
However, officials said they did not expect the
meetings to lead immediately to a reduction in the daily attacks by China,
described by General Keith Alexander, head of the United States Cyber Command
and director of the National Security Agency, as “the greatest transfer of
wealth in history”.
An intruder hacked into a Vodafone Group Plc (VOD) server
in Germany, gaining access to 2 million customers’ personal details and banking
information.
A person with insider knowledge stole data
including names, addresses, birth dates, and bank account information, the
world’s second-biggest mobile-phone carrier said in a statement today.
The hacker had no access to credit-card information, passwords, PIN numbers or
mobile-phone numbers, Vodafone said ...
Vodafone, based in Newbury, England, is the latest
high-profile company to announce a security breach. Last month there were
hacker attacks onGoogle Inc. (GOOG),
Twitter Inc. and the New York Times.
KT Corp., South Korea’s largest phone and Internet company, fell the most in
seven months in July last year after saying customer data were leaked by
hackers.
A dozen men have been arrested after police foiled
a daring attempt to steal millions of pounds from a high-street bank armed with
nothing more deadly than a remote-control transmitter.
The raid, in which an electronic device was fitted
to a computer in the Surrey Quays branch of Santander, in East London, was
described by police as “a very significant and audacious” attempted cyber
robbery.
An identity theft service that sells Social
Security numbers, birth records, credit and background reports on millions of
Americans has infiltrated computers at some of America’s largest consumer and
business data aggregators, according to a seven-month investigation by
KrebsOnSecurity ...
Two of the hacked servers were inside the networks
of Atlanta, Ga.-based LexisNexis Inc., a company that according to Wikipedia
maintains the world’s largest electronic database for legal and public-records
related information ...
Two other compromised systems were located inside
the networks of Dun & Bradstreet, a Short Hills, New Jersey data aggregator
that licenses information on businesses and corporations for use in credit
decisions, business-to-business marketing and supply chain management.
An identity theft service that sold Social Security
and drivers license numbers — as well as bank account and credit card data on
millions of Americans — purchased much of its data from Experian, one of the
three major credit bureaus, according to a lengthy investigation by
KrebsOnSecurity.
(Reuters) - A British man has been arrested in
England and charged by the United States and Britain with hacking into U.S.
government computer systems, including those run by the military, to steal
confidential data and disrupt operations, authorities said.
Lauri Love and three co-conspirators allegedly
infiltrated thousands of systems including those of the Pentagon's Missile
Defense Agency, the U.S. Army Corps of Engineers, the U.S. space agency NASA
and the U.S. Environmental Protection Agency, according to a U.S. grand jury
indictment made public on Monday.
Hackers for hire are offering bespoke services at
an hourly rate of $100 to $300 depending on their reputation. For “Fullz” — a
dossier of personal information about an individual, usually including name,
address, phone numbers, e-mail addresses and passwords, date of birth, bank
account details and credit card information — the price is $25 in the US or $30
to $40 in the UK.
Payment details from up to 40 million credit cards
could have been stolen after they were used in the stores of US retail giant
Target ...
Target said the thieves had taken credit card
numbers, names, expiration dates and security codes for the cards ...
... sources at credit card payment processing firms
had told him the thieves had installed data-stealing code on to card-swipe
machines at tills in all 1,797 Target stores ...
The largest ever credit card breach at a US
retailer took place in 2007 when cyber-thieves managed to steal information
related to almost 46 million credit and debit cards from TJ Maxx and Marshalls
...
A smartphone app [Snapchat]
that can send potentially embarrassing photos and videos that are supposed to
disappear once viewed has been hacked, exposing the phone numbers of 4.6
million users ... The hacked phone numbers were posted online, with partially
edited user names ...
No comments:
Post a Comment