Monday, October 31, 2011

Cyber spy campaign targets chemical industry: Symantec

SAN FRANCISCO — US Internet security firm Symantec on Monday exposed a cyber spying campaign targeting trade secrets at top chemical firms and linked the industrial espionage to a man in China.
At least 48 companies, including some that make advanced materials for military vehicles, were targeted in a campaign Symantec dubbed "Nitro" given the type of information at risk.
"Attacks on the chemical industry are merely their latest attack wave," Symantec security response team members Eric Chien and Gavin O'Gorman said in a report released on Monday.
The attacks targeted NGOs supporting human rights from late April to early May before switching to the motor industry, according to the report.
Major chemical firms, mainly in the United States, Britain, and Bangladesh, came under fire by cyber spies from late July to mid September, Symantec said.
Nitro was aimed at stealing intellectual property for competitive advantage, according to Chien and O'Gorman.
Attackers researched firms, sending selected workers booby-trapped emails that, once opened, secretly infected computers with malicious "Poison Ivy" software designed to steal information.
While various ruses were used to trick workers into opening email attachments to unleash spy software in machines, a typical pretext was to fake a meeting invitation from an established business partner.
Another tactic used by cyber spies was to send employees email purporting to be a security software update that needed to be installed in computers, according to Symantec.
Poison Ivy code was written by a Chinese speaker and Nitro attacks were traced to a server located in the United States but owned by a "20-something male" in the Hebei region of China, the report said.

FBI releases video, papers on Russian spy ring


WASHINGTON — FBI surveillance tapes, photos and documents released Monday show members of a ring of Russian sleeper spies secretly exchanging information and money during a counterintelligence probe that lasted about a decade and ended in the biggest spy swap since the Cold War.
The tapes show a January 2010 shopping trip to Macy's in New York City's Herald Square by former New York real estate agent Anna Chapman, whose role in the spy saga turned her into an international celebrity. She bought leggings and tried on hats at the New York department store, investigators wrote in a document, and transmitted coded messages while sitting in a coffee shop.
On another occasion, Chapman is visible in a video setting up her laptop computer at a Barnes and Noble. "Technical coverage indicated that a computer signal began broadcasting at the same time," noted part of a heavily redacted FBI report on the incident, apparently showing an effort by Chapman to communicate with her handlers.
Other photos and video from the surveillance operation, which the FBI called "Ghost Stories," show some of the 10 other conspirators burying money in a patch of weeds, handing off documents in what looks like a subway tunnel, meeting during a stroll around Columbus Circle or just taking their kids for a walk.

Olive Branch Man Caught Peeping with 'Spy Pen'

OLIVE BRANCH, Miss. - An Olive Branch man is accused of using a hidden camera to videotape a woman in the shower, and she's not the only victim.
Sam Allen Nuckolls of Olive Branch was a recent house guest of a woman and her husband who live in Gosnell, Arkansas. According to the woman, she had noticed that when she went to take a shower, her house guest had several items laid out on a bathroom counter, including a pen.
On closer inspection, it turned out to be a lot more than an ink pen. It's sold by the name "Video Spy Pen," and it can shoot HD video and audio or high resolution still pictures. It even writes, just in case someone gets suspicious. However, a small flashing light on the side of the pen shows that it is recording. If you open the pen, you will see the USB input device that plugs into a computer for downloading.
That's what tipped off this victim.
She said she left the bath room, then Nuckolls re-entered the bathroom and took his belongings, including the spy pen. Later, when Nuckolls left her home, the woman took the suspicious pen, plugged it into her computer and saw the video that had been recorded in her bathroom.
Her house guest was arrested by Gosnell police. He admitted he had set up the spy cam pen and also admitted he had done it before in Olive Branch, Mississippi, and even gave names of the victims.

Hudson Woman Charged With Felony in Alleged Eavesdropping Incident


A Hudson woman has been charged with a felony in an alleged eavesdropping incident at the St. Croix County Government Center on May 2, 2011.
Patt A. Colten of Hudson was formally charged on Friday, Sept. 30, with intercepting wire/electronic communication, a Class H felony. Her initial appearance was Oct. 27 and she posted a $1,000 signature bond.
The charge stems from a May 2 incident at the St. Croix County Government Center in which two individuals allege that Colten was listening to and recording a conversation they were having with an attorney in one of the building's conference rooms, according to the criminal complaint.
Colten and the two complainants have been involved in a property dispute over their lot boundaries for at least two years, and on May 2, all three of them were in court for a pretrial conference with Judge Edward Vlack. After the conference, the complainants met with an attorney in a conference room just outside the courtroom to discuss the case's developments. That's when Colten allegedly eavesdropped on their conversation, according to the criminal complaint.

Spouse Spy’s on the case

Tailing a philandering mate used to be so messy, complicated – and expensive. Private detectives aren’t cheap, after all, and someone always seems to end up dead – at least in the movies. But nowadays, suspicious spouses don’t need to call on Philip Marlowe. You can shadow your significant other just by installing Spouse Spy, or one of many similar apps, onto his or her cell phone.
A simple download lets you track comings and goings, read text messages, ogle photos, even listen in on conversations – all in real time. And of course, it’s all on the Q-T. – these apps are designed to be undetectable. But are they legal? A bipartisan group of senators, led by Al Franken (D-Minnesota) and Charles Grassley (R-Iowa) has asked the Department of Justice to look into whether these so-called “stalking apps” violate any laws.

Saturday, October 29, 2011

Facebook hack attacks strike 600,000 times per day, security firm reports

Social media company admits to massive lapse in security

Facebook accounts are hacked 600,000 times daily during users’ log-in, the social networking site conceded this week.
The Internet powerhouse said that it records more than 1 billion log-ons each day, and that .06% of those log-ons are compromised.
The shocking lapse in security was first reported by UK-based computer security firm Sophos.
Facebook could not be reached late Friday, although a note that accompanied the startling statistic said, “At Facebook, we take the privacy and safety of the people who use our site very seriously.
“Using a combination of technological innovations...we’re working 24/7 to ensure everyone’s information is safe and secure.”
The scary scope of the security breach was conceded by Facebook on a hard-to-find graphic accompanying a note dilating on its newest efforts to combat Internet piracy.
The post, authored by “Facebook Security” is entitled, “National Cybersecurity Awareness Month Updates,” and can be found on the site.


Over 700 Companies Infiltrated by Cyber-Attack

At least 760 companies' networks were compromised by the same breach that affected security firm RSA, elevating concern over data security.

Bedford, Mass.-based RSA, the security division of EMC, provides security, risk and compliance solutions to major corporations and disclosed a data breach in March.
Security analyst Brian Krebs' blog identifies hundreds of business and organizations, including 20 percent of Fortune 500 companies, believed to be affected by the RSA security breach.
Krebs' list includes Abbott Labs, Cisco Systems, eBay, the European Space Agency, Facebook, Google, IBM, Intel, the IRS, Motorola, Research in Motion and Wells Fargo.
His list reveals the RSA attack was greater than previously understood, underscoring the challenges of detecting a breach and identifying the parties behind it, especially when the intrusion goes unnoticed until activated.
Shortly after hackers compromised RSA's network, it became clear the security firm wasn't the only corporation victimized in the attack, as dozens of other multinational companies were infiltrated using many of the same tools.

Friday, October 28, 2011

German secret police arrest elderly Spies "Mr. & Mrs. Smith"

Last week, the German counterintelligence arrested the spouses, who were suspected of industrial espionage. It was said that the spouses were working for Russia's Foreign Intelligence Service.
The German media do not have the right to expose the last name of the suspects. The spies, named only as Heidrun and Andreas A., have not been charged yet. Russian mass media say that the last name of the spouses is Anschlag. It was said that the two spies arrived in the Federative Republic of Germany 20 years ago from South America. It just so happens that the KBG recruited them during the time when officer Vladimir Putin was serving in Germany.
We would like to remind here that the Foreign Intelligence Service declared itself to be the official successor of the First Principal Directorate of the KGB in December 1991. It was a foreign intelligence department, whereas Putin always served in counterintelligence. To put it simply, Putin's job was to neutralize the colleagues of the detainees - he did not recruit and infiltrate anyone. Therefore, the sitting prime minister knew nothing about the activities of the two spies.
Heidrun and Andreas, who held Austrian passports, were living in the south-west of the FRG, in Landau, from 2002 to 2010. According to the Rheinpfalz newspaper, Andreas was collecting industrial secrets and sending them to Russia's Foreign Intelligence Service. Andreas, a professional machine-builder, was working at the firm called Faurecia (car supplies). He also owned an innovation center in Rheinland-Pfalz province. 
At the end of 2010, the spies were supposed to move to Marburg, where they rented a one-room house. Heidrun, 51, was arrested in that house. The woman was supposedly sitting in front of the transmitter and was about to receive a code telegram. Andreas, 45, was conducting his illegal activities at the time when he was officially serving as a car supplier in Heuchelheim in the state of Hesse. The man was arrested last week on Tuesday night by the federal department of criminal police and GSG 9 antiterrorist department.
The Rheinpfalz reporters found out that the married couple spoke German with an east-European accent. The couple also has a 20-year-old daughter, a student of a medical college in Marburg.

Israel Convicts Conspirator Who Wiretapped Michael Cherney

Jerusalem, Israel --- October 26, 2011 .... On October 24th the Jerusalem Magistrate's Court in Israel convicted far-right activist Avigdor Eskin of ordering the illegal wiretapping of associates of Israel businessman and philanthropist Michael Cherney (Mikhail Chernoy).
The plea bargain consists of a penalty of six months of community service, probation and a fine of NIS 20,000.

According to the original indictment, filed in January 2011 by the Israel State Attorney's office, Eskin was contacted in 2007 by a Russian citizen, Alexei Drobashenko, who asked him to gather information about Michael Cherney in order to use it in a smear campaign.
At that time Alexei Drobashenko was the head of the External Relations Department at Basic Element, a financial and industrial group that belongs to Oleg Deripaska. Deripaska and Cherney are former partners in an aluminum business. In 2006 Cherney filed a law suit against Oleg Deripaska in the UK's High Court.
Cherney is seeking a 20 percent stake in RUSAL, a multinational aluminum producer. The trial is expected to go ahead in April 2012.
In February 2008, Cherney filed a suit in a Tel Aviv court, accusing a group of 10 conspirators, allegedly funded by Oleg Deripaska, of illegal wiretapping, hacking the computers of his charity fund - The Michael Cherney Foundations, publishing slanderous articles, harassing him with insulting graffiti and leaflets, hiring a UK PR company to plant hoaxes about Cherney into the UK media and Wikipedia.
The purpose of that smear campaign was allegedly to derail Cherney's lawsuit against Deripaska in UK's Commercial Court.
Aviv Mor, an Israel private investigator, together with another PI, Rafael Pridan, carried out wiretaps against Cherney's secretary Elena Skir and another of Cherney's associates, the indictment contended.
The indictment further charged that Eskin was the link between Mor and Pridan and Drobashenko, that he paid them each NIS 50,000 in cash for their services and that he also received translations of the wiretapped conversations.

Russian spies suspected of stealing auto secrets from Germans

A married couple was arrested in the German town Michelbach, suspected of stealing secrets from German car manufacturers, after it emerged one of them worked in the auto industry for the past 20 years.
German prosecutors stated that the couple had been arrested on accusations of spying for an unspecified foreign intelligence service, which media identified over the weekend as Russia’s Foreign Intelligence Service.
According to English-language German newspaper The Local, …
“intelligence service sources say the man, named only as Andreas A., had worked for Faurecia, one of Germany’s top car part manufacturers which supplies major companies including Volkswagen, Renault, Toyota and Ford,” where he is thought to have engaged in “industrial espionage.”
Andreas A., who was identified by the Daily Mail as Andreas Anschlag, 45, is believed to have been living in Germany for the past 20 years with his wife Heidrun, 51, “having used fake passports to enter the country, and then setting themselves up as a family, even having a daughter who is now said to be 20 years old and studying medicine in Marburg.”
The Moscow Times reports that Heidrun Anschlag “was caught by investigators while listening to encrypted radio messages” from Russia on a short-wave, which experts tell the paper is “bizarre” in this day and age, when internet and other forms of communication are available.
Russian newspaper Iswestija (via The Local) quotes a “Russian intelligence agent [as] saying the couple were long retired from the spy business and that they may have been used to transfer information, ‘like a kind of letter box.’”

Man Charged With Unlawfully Video Taping Woman at Counseling Center

A custodian at the Healing Hearts Counseling Center in Occoquan has been arrested for allegedly video taping a woman three times with a hidden camera while she was in the shower at the center.
On Oct. 25, a staff member at the center reported to police that she discovered a video camera hidden in one of the facility's showers. When police investigated after 10 p.m. that evening, they found that custodian Americo Rudolpho Rodriguez-Zabalbeascoa had allegedly hidden the camera and taped the 37-year-old Alexandria woman three times. 
Rodriguez-Zabalbeascoa, 53, of Woodbridge, has been arrested and charged with three counts of unlawful taping. His court date is unavailable. He is being held without bond.

School employee caught with secret camera

RAYMOND, NH -- An employee at a New Hampshire high school is accused of looking for trouble. Police said he used a hidden camera to violate a secretary’s privacy.

The apparent victim said she caught him in the act.

The 27-year-old computer technician, Daniel Malo, was arrested for allegedly shooting video of a female colleague from under her desk at Raymond High School.

According to the police report, Malo admitted he has a “boot fetish.”

“I think that’s totally wrong, a boot fetish?” said Jessica Harris, a concerned citizen.

Police said Malo was called to the school guidance office to fix a woman’s computer. Malo allegedly took his digital camera out of his pocket and placed it on the floor shooting video in “movie mode.”

Police said the woman was wearing a skirt with knee high boots and asked Malo, “Is that a camera?”

Malo allegedly said it was.

There was no comment from a woman that opened the door at Dan Malo’s Manchester home.

Raymond residents that read about the arrest on the town’s website were appalled.

“Oh wow, that’s crazy,” one resident said.

“No, he shouldn’t be around children or anything like that, especially women,” added Jessica Harris.

The alleged victim was sad to be concerned and upset.

School officials said they met with the woman and assured her she was safe, they also said that no students were involved.


Sunday, October 23, 2011

FBI: Tech firms face spy risk

Kexue Huang, a scientist and native of China, pleaded guilty last week in a federal court to swiping millions of dollars worth of trade secrets from Dow Chemical Co. and Cargill Inc. for other people doing research in Germany and China.

A federal jury last month ordered South Korea's Kolon Industries to pay DuPont Co. $920 million for stealing trade secrets regarding synthetic fibers used in such products as Kevlar body armor. A former DuPont engineer hired by Kolon, Michael Mitchell of Virginia, was sentenced in March last year to 18 months in prison for theft of trade secrets for passing on key DuPont data to Kolon.

And area technology companies are likely fooling themselves if they think they're not in the cross-hairs of such spy efforts, according to the Federal Bureau of Investigation. "If you haven't been a victim yet, it's because you have been and you don't know it, or you will be," Barry W. Couch, a special agent with FBI's Buffalo division, told a conference room full of area optics industry executives last week. "Don't be blindsided."

Chili's Sydor Optics played host as the FBI spent a handful of hours talking about counterintelligence and economic espionage issues, with handouts and a video presentation all revolving around the message that companies are under siege by foreign economic competitors, often with explicit help from foreign governments.

Optics in particular "is a targeted industry," said FBI special agent Chad Kaestle. Other frequently targeted technologies include sensors, aeronautics and marine systems.

Wednesday, October 19, 2011

U.S. DHS expects Anonymous to attack infrastructure
Anonymous is eyeing industrial control systems for future attacks, says the U.S. Department of Homeland Security, but its members have yet to demonstrate a capability to inflict damage to these systems.

"The information available on Anonymous suggests they currently have a limited ability to conduct attacks targeting ICS," says in thesecurity bulletin recently compiled by DHS' National Cybersecurity and Communications Integration Center. "However, experienced and skilled members of Anonymous in hacking could be able to develop capabilities to gain access and trespass on control system networks very quickly."

Aware that vulnerabilities in industrial control systems are plentiful, the DHS warns that common penetration testing software already uses control system exploits and packet inspection tools now support industrial protocols, so they can be taken advantage of for mounting attacks.

"In addition, there are control systems that are currently accessible directly from the Internet and easy to locate through internet search engine tools and applications," says the DHS experts. "These systems could be easily located and accessed with minimal skills in order to trespass, carry out nefarious activities, or conduct reconnaissance activities to be used in future operations."

Anonymous has still not targeted industrial control systems, but the DHS expects them to start in the near future as the collective has already made it known that its members should be targeting energy companies that don't seem to make an effort towards a "greener" production.


Friday, October 14, 2011

Welcome to the World of Cyber-Terror Vulnerability
Did you open your BlackBerry Wednesday or even Thursday morning and find – nothing? No new e-mails, or tweets. No new text messages. Just blackness and that familiar screen saver photo of your child, spouse or dog? Welcome to the world of cyber-terrorism vulnerability.

The mysterious, world-wide virus that crippled BlackBerrys this week and spread like the plague – more on that threat later – across crossing oceans and five continents may spell financial catastrophe for the struggling Research In Motion aka RIM, whose stock shares have lost 60 percent of their value since the start of the year.

An RIM spokesman has said that the outage was caused by what Security Week called “a core switch failure within RIM’s infrastructure,” and not by a deliberate disabling attack. But the outage highlights the threat that determined cyber-warriors could pose to the nation’s communications systems if they target them.

For over a decade cyber-experts have urged the U.S. to upgrade critical infrastructure to protect vital dams, power plants, and communications systems from cyber-crime or cyber-attacks from rival countries. But the country remains complacent and highly vulnerable, as the BlackBerry outage shows.

During a recent cyber-security summit in New York, numerous experts warned that cyber-attacks could not only cause billions of dollars in damage to such vital systems, but endanger national security.

Read more:

Thursday, October 13, 2011

FBI Arrests Man Who Allegedly Hacked Celebrities to Steal Nude Photos


Federal authorities have arrested and charged a 35-year old Florida man for allegedly hacking dozens of Hollywood celebrities, including breaking into Scarlett Johansson’s phone and leaking nude pictures of her to the internet.

Christopher Chaney of Jacksonville, Florida, was charged with 26 counts of accessing protected computers without authorization, identity theft, damaging protected computers without authorization, and wiretapping.
Other prominent victims included Christina Aguilera, Mila Kunis, Simone Harouche and Renee Olstead. The FBI says Chaney hacked into the accounts of more than 50 people in the entertainment industry.
The FBI says Chaney used publicly available data about his victims to help him break into their e-mail accounts. For most victims he would then secretly set a forwarding address so every incoming e-mail would be forwarded to an account he controlled.
Chaney allegedly broke into Johansson’s Yahoo account in December 2010, just a month after he’d gotten into Harouche and Augilera’s accounts at Apple’s email service.
Photos that Johansson took of herself in the nude appeared online in early September, as did photos showing Kunis and Justin Timberlake in intimate settings. Chaney allegedly offered the photos to celebrity-focused blogs, though the indictment doesn’t say if Chaney attempted to sell the photos.

Florida Man Arrested in “Operation Hackerazzi” for Targeting Celebrities with Computer Intrusion, Wiretapping, and Identity Theft

LOS ANGELES—A man accused of targeting the entertainment industry by hacking into the personal e-mail accounts of celebrities was arrested today after being charged with a range of cyber-related crimes, announced AndrĂ© Birotte Jr., the United States Attorney in Los Angeles; and Steven Martinez, the Assistant Director in Charge of the FBI’s Los Angeles Field Office.
Christopher Chaney, 35, of Jacksonville, Florida, was arrested this morning by FBI agents without incident. A federal grand jury in Los Angeles returned a sealed indictment yesterday charging Chaney with violations under Title 18 of the U.S. Criminal Code, including: accessing protected computers without authorization; damaging protected computers without authorization; wiretapping; and aggravated identity theft.
According to the indictment, which was unsealed this morning, Chaney used several aliases while illegally obtaining personal information of numerous celebrities through a series of computer intrusions. The aliases used include: “trainreqsuckswhat,” “anonygrrl,” and “jaxjaguars911.”
Investigators believe that Chaney used publicly available sources to mine for data about his female and male victims, all of whom are associated with the entertainment industry. Once Chaney gained access and control of an e-mail account, he would obtain private information, such as e-mails and file attachments, according to the indictment. In addition, investigators believe that Chaney was led to new victims by accessing the address books of victims whose computers he already controlled.

Friday, October 7, 2011

SpearTip’s Top Cyber Counterespionage Expert Gives TV Interview on TRICARE Data Theft

Doubts custodian’s assurances. Fears possible extortion of military employees whose personal medical data was taken.

St. Louis, Missouri (PRWEB) October 07, 2011
Jarrett Kolthoff, CEO of Cyber Counterespionage firm SpearTip, was interviewed by CBS-affiliate KMOV about the recent theft of two-decades-worth of medical data on nearly five million military personnel. Part of the interview was broadcast. An expansion of that interview is included here.
The custodian of the records, Science Applications International Corporation (SAIC), reported the data breach had occurred two weeks earlier, when numerous back-up tapes were assertively stolen in a break-in of an employee’s car, while the tapes were in transit across town.
SAIC downplayed the breach, saying no financial information was involved, although SAIC acknowledged the tapes contained sensitive medical information. SAIC discounted harm from the loss of this information, saying: “The risk of harm to patients is judged to be low despite the data elements involved, since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure.” Kolthoff said this statement is not an assurance that data was encrypted. The news report indicated that only “some” of the tapes were encrypted.

Wednesday, October 5, 2011

Mirage device to be used in espionage?

(CBS News)  
You don't have to be in the hot desert or on a long road in the summer to see an optical phenomenon - also known as a mirage - thanks to new scientific innovations.
Straight out of sci-fi novel, researchers from the University of Texas at Dallas have come up with a device that makes objects disappear using the mirage effect, a cool optical illusion that is often portrayed in classic, American western movies.
So how does it work? This device uses an optical phenomenon, in which light rays are bent to produce a displaced image of distant objects or the sky, according to the IOP (Institute of Physics blog).
"The most common example of a mirage is when an observer appears to see pools of water on the ground. This occurs because the air near the ground is a lot warmer than the air higher up, causing lights rays to bend upward towards the viewer's eye rather than bounce off the surface," explains the IOP.

Devices That Can Listen In on Cellphone Traffic, Control Your Phone

Law enforcement and military officials are increasingly using secret devices sometimes called “stingrays” to locate people via their cellphones, even when the phones aren’t in use, the Wall Street Journal reported recently. But finding people isn’t all that this type of gear can do.

These types of machines mimic a cell tower and cause your phone to connect to the machine instead of a real cellular site. Once that happens, there’s a lot that can be done to your phone.
For starters, “they can be set up to do wiretapping of the actual content,” said Matt Blaze, a computer science professor at the University of Pennsylvania and a former researcher at AT&T Labs.
Such devices also can jam phones, fake calls and text messages and drain the phone’s battery, according to documents available online for companies such as Advanced German Technology that sell these types of devices.
Other gadgets can listen to calls “passively,” meaning that instead of forcing the phone to connect to a fake base station, they simply grab signals transmitted between the mobile phone and the cellular network, allowing the operator to capture conversations.
One such device, available on the helpfully named, claims to be able to monitor a radius of up to about 3 miles and intercept 100 conversations simultaneously, according to the site. The device is “completely STEALTH – invisible and non-detectable, high performance and upgradeable,” the site says.

Social media for corporate networking or corporate espionage?

Today, corporates are looking at social media like Twitter, LinkedIn and Facebook to broaden their online outreach. In a session at INTEROP Mumbai 2011, Abilash Sonwane, Senior-VP, Elitecore Technologies, talked about how social media networks are the next frontier of corporate espionage

Around 13 percent of corporate losses occur due to corporate espionage, as per a recent KPMG report. The number is less as most of the companies usually don’t admit it. In a session at INTEROP Mumbai 2011, Abilash Sonwane, Senior-VP, Elitecore Technologies, talked about how social media networks are the next frontier of corporate espionage.
Today, corporates are looking at social media like Twitter, LinkedIn and Facebook to broaden their online outreach. As per Nielsen Online study, social networking is now officially more popular then e-mail. Considering the popularity of social media among corporates, Elitecore Technologies did a research on 20 companies to find out how social media can be used for corporate espionage.
To conduct the research, Elitecore selected companies that were active on social media from a mix of industries and geographies. The company found out that though on one hand social media can enable an enterprise to enhance its relationship with customers, on the other hand it can adversely affect a company’s reputation.


Tuesday, October 4, 2011

In face of massive cybersecurity threat, government security dawdles

Despite efforts to improve, GAO report says most government agencies are at risk of security attack.

At a time when the cyberthreat level is at its peak, many federal agencies continue to struggle with IT security.
Weaknesses in information security policies and practices at 24 major federal agencies continue to place the confidentiality, integrity and availability of sensitive information and information systems at risk. Consistent with this risk, reports of security incidents from federal agencies are on the rise, increasing more than 650% over the past five years, concluded a report from the watchdogs at the Government Accountability Office this week.
"Each of the 24 agencies -- including the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security and the IRS -- reviewed had weaknesses in information security controls. An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs. As a result, they have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise," the report stated.

McAfee reveals ‘Shady RAT’ espionage ring

The massive cyber espionage operation disclosed by the security company McAfee began with its 2009 discovery of a suspicious command-and-control server.
The server contained logs showing the Internet Protocol addresses for the firewalls and email gateways of dozens of companies and organizations around the world.
Intruders possibly working for a “state actor” used this server to steal secrets from at least 72 victims in 14 countries, according to McAfee’s new report, “Revealed: Operation Shady RAT.” Rat is the cyber industry’s term for the remote access tools used by the intruders.
McAfee will not say which country it suspects might be behind the intrusions or provide details about the server, except to say it was located in a Western country and that the IP logs were acquired legally.
After the 2009 discovery, the company began quietly notifying law enforcement agencies and signing nondisclosure agreements with some of the victims. McAfee said it has briefed foreign governments, congressional staff members and White House officials.
Because of countermeasures, the Shady RAT intruders have adjusted their tactics, but their operation is “still going on today,” McAfee’s Dmitri Alperovitch, vice president for threat research, said in a teleconference with reporters in August.

Sunday, October 2, 2011

Business travelers should be on alert for cyber-spying

Packing for business in China? Bring your passport and business cards, but maybe not that laptop loaded with contacts and corporate memos.

China’s massive market beckons to American businesses — the nation is the United States’ second-largest trading partner — but many are increasingly concerned about working amid electronic surveillance that is sophisticated and pervasive.

Security experts also warn about Russia, Israel and even France, which in the 1990s reportedly bugged first-class airplane cabins to capture business travelers’ conversations. Many other countries, including the United States, spy on one another for national security purposes.

But China’s brazen use of cyber-espionage stands out because the focus is often corporate, part of a broader government strategy to help develop the country’s economy, according to experts who advise American businesses and government agencies.

“I’ve been told that if you use an iPhone or BlackBerry, everything on it — contacts, calendar, emails — can be downloaded in a second. All it takes is someone sitting near you on a subway waiting for you to turn it on, and they’ve got it,” said Kenneth Lieberthal, a former senior White House official for Asia who is at the Brookings Institution.


Saturday, October 1, 2011

Pentagon seeks probe of the cost of hacking

The Pentagon is asking the nation’s 16 spy agencies to investigate the cost of theft of commercial secrets by foreign computer hackers, a loss some analysts say could be costing the U.S. economy hundreds of billions of dollars a year.

“We expect it is very substantial — substantial in monetary terms, substantial in security terms,” said James N. Miller, principal deputy undersecretary of defense for policy. “The nation has a substantial interest in protecting intellectual property.”

The Pentagon’s request for an estimate went to the National Intelligence Council, which produces National Intelligence Estimates (NIEs), said Deputy Secretary of Defense William J. Lynn, adding that its report will likely be classified when the assessment is complete.

Security specialists say that hackers, many thought to be operating on behalf of communist China, are stealing vast quantities of proprietary data from U.S. defense, energy and other firms every year, compromising the nation’s security and economic advantage.

“It is a massive transfer of wealth,” said Phyllis Schneck, chief technology officer for public-sector business at computer security firm McAfee Inc.“Things that would have created money and jobs for one company in one country are instead creating them for other companies in another country.”


Illinois Wiretapping Law Reaching A Boiling Point

Illinois police officers have to be the most smug cops in the nation knowing they have the power to arrest citizens on felony charges for recording them in public while they themselves have every right to record citizens.

That smugness is very evident in the latest case to emerge from the Land of Lincoln.

Watch the below video, and read more here...