• If South Korea’s nuclear plant staff are vulnerable, then so are the reactors

    Does it matter that a South Korean nuclear plant was hacked and plans of the complex stolen? As it is South Korea that’s the subject of this latest attack, everyone tends to assume it must have had something to do with North Korea. With a target as sensitive as a nuclear power plant, not unreasonably people are asking if safety could be compromised by a cyberattack. Could hackers cause the next Chernobyl or Three Mile Island? This points to an important and infrequently discussed problem, the vulnerability of critical national infrastructure. Cyber-attacks like these are a great way of levelling the playing field: why invest in massively expensive nuclear weapons program if you can simply shut down your enemies’ power, gas, water, and transportation systems? Increasingly more and more infrastructure is connected to the Internet, with all the security risks that entails.

  • DHS-funded app-vetting firm shows market promise

    DHS recently announced it would continue funding technology company Kryptowireso the company could further pursue private sector clients. Kryptowire sells software which identifies security vulnerabilities in mobile applications and archives the results. Kryptowire already has a client list that includes the Justice Departmentand a few entertainment and gaming companies, many of which use Kryptowire to review the safety of their apps before offering it to staff and customers.

  • Obama signs five cybersecurity measures into law

    Last week President Barack Obama signed five cybersecurity-related pieces of legislation, including an update to the Federal Information Security Management Act(FISMA) — now called the Federal Information Security Modernization Act — the law which governs federal government IT security. Other cyber legislation the president signed includes the Homeland Security Workforce Assessment Act, the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act (NCPA), and the Cybersecurity Enhancement Act.

  • U.S. says evidence ties North Korea to Sony cyberattack

    U.S. intelligence agencies said they have concluded that the North Korean government was “centrally involved” in the attacks on Sony’s computers. This conclusion, which will likely be confirmed today (Thursday) by the Justice Department, was leaked to the media only hours after Sony, on Wednesday, canceled the Christmas release of the comedy — the only known instance of a threat by a nation-state pre-empting the release of a movie. Senior administration officials, speaking on condition of anonymity, said the White House was still debating whether publicly and officially to accuse North Korea of the cyberattack.

  • view counter
  • Sony hackers threaten attacks against movie goers who plan to see “The Interview”

    The hackers who attacked Sony networks are now threatening an attack on people who plan to go to see the movie “The Interview.” The hackers write in their message that they “recommend you to keep yourself distant” from movie theaters showing the movie. The hackers earlier promised to deliver a “Christmas gift.” It was not clear what they had in mind – some suggested they would release another batch of embarrassing data from Sony’s files — but it now looks as if the “gift” might well be a cyberattack on movie theaters.

  • 2008 Turkish oil pipeline explosion may have been Stuxnet precursor

    The August 2008 Baku-Tbilisi-Ceyhan (BTC) oil pipeline explosion in Refahiye, eastern Turkey, was ruled at the time to be an accident resulting from a mechanical failure, which itself was a result of an oversight by Turkish government’s supervisors. Western intelligence services concluded that the explosion was the result of a cyberattack. According to people familiar with an investigation of the incident, hackers had infiltrate the pipeline’s surveillance systems and valve stations, and super-pressurized the crude oil in the pipeline, causing the explosion.

  • view counter
  • FBI moves cyberthreats to top of law-enforcement agenda

    FBI director James Comey said combatting cybercrime and other cyber threats are now top FBI priority. “It (the Internet) is transforming human relationships in ways we’ve never seen in human history before,” Comey said. “I see a whole lot of hacktivists, I see a whole lot of international criminal gangs, very sophisticated thieves,” he added. “I see people hurting kids, tons of pedophiles, an explosion of child pornography.” In October Comey urged Congress to require tech companies to put “backdoors” in apps and operating systems. Such a move would allow law enforcement officials to better to monitor suspected criminals who often escape the law using encryption and anti-surveillance computer software.

  • Cyber whodunnit: North Korea prime suspect but there are many potential culprits

    Many suspect North Korea to be behind the attack on Sony Pictures. North Korea quite possibly has motive, means, and opportunity to carry out this attack on Sony, but as with any successful prosecution, that isn’t enough. We need evidence. We will have to wait for the detailed forensic work to complete before we stand a realistic chance of knowing for certain. That may or may not be forthcoming, but in the meantime we should consider what this event tells us about the balance of power in cyberspace. In a world in which major disruption can be caused with scant resources and little skill, all enemies are a threat. North Korea might be the rogue state that everyone loves to hate but there are plenty of others who could have done it. There is no longer a tiered approach of superpowers fighting proxy wars in smaller, developing nations. Now those developing nations can fight back, and you might not even know it was them.

  • Quantum physics makes fraud-proof credit cards possible

    Credit card fraud and identify theft are serious problems for consumers and industries. Corporations and individuals work to improve safeguards, but it has become increasingly difficult to protect financial data and personal information from criminal activity. Fortunately, new insights into quantum physics may soon offer a solution, as a team of researchers has harnessed the power of quantum mechanics to create a fraud-proof method for authenticating a physical “key” which is virtually impossible to thwart.

  • Can a hacker stop your car or your heart? Security and the Internet of Things

    An ever-increasing number of our consumer electronics is Internet-connected. We’re living at the dawn of the age of the Internet of Things. Appliances ranging from light switches and door locks, to cars and medical devices boast connectivity in addition to basic functionality. The convenience can’t be beat, but the security and privacy implications cannot and should not be ignored. There needs to be a concerted effort to improve security of future devices. Researchers, manufacturers and end users need to be aware that privacy, health and safety can be compromised by increased connectivity. Benefits in convenience must be balanced with security and privacy costs as the Internet of Things continues to infiltrate our personal spaces.

  • FIDO 1.0 specifications published aiming to promote stronger authentication

    The FIDO (Fast IDentity Online) Alliance, an open industry consortium promoting standards for simpler, stronger authentication, the other day published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

  • McAfee Labs report previews 2015 cyber threats, exploits, evasions

    McAfee Labs November 2014 Threats Report offers an analysis of threat activity in the third quarter of 2014, and the organization’s annual 2015 Threats Predictions for the coming year. The report details a third quarter filled with threat development milestones and cyber events exploiting long-established Internet trust standards. McAfee Labs forecasts a 2015 threat landscape shaped by more attacks exploiting these standards, new attack surfaces in mobile and Internet of Things (IoT), and increasingly sophisticated cyber espionage capabilities, including techniques capable of evading sandboxing detection technologies.

  • Improving defense of the U.S. cyber infrastructure

    Florida Institute of Technology Associate Professor Marco Carvalho has been awarded a $730,000, two-year contract by DHS Science and Technology Directorate (S&T) to design a cyberdefense framework that will allow multiple organizations in both civilian and government sectors unprecedented levels of coordination in their efforts to protect the nation’s cyber infrastructure.

  • Coordinated cyberattacks by Iran-based hackers on global critical infrastructure

    Irvine, California-based cybersecurity firm Cylance last week released a report detailing coordinated attacks by hackers with ties to Iran on more than fifty targets in sixteen countries around the globe. Victim organizations were found in a variety of critical industries, with most attacks on airlines and airports, energy, oil and gas, telecommunications companies, government agencies and universities.

  • Growing cybersecurity threats offer opportunities for cybersecurity businesses

    A 2013 report from the U.S. Computer Emergency Readiness Team(US-CERT) noted that the number of cyberattacks reported by federal agencies had skyrocketed 782 percent since 2006, to nearly 49,000, in 2012. Today, the figure is much higher. The increasing threat of cyberattacks from domestic and foreign actors has opened up opportunities for cybersecurity professionals, many of whom held positions with the U.S. military or intelligence agencies. For the private sector, cybersecurity spending is expected to reach $71.1 billion this year, and expected to grow about 9 percent annually through 2016.