Monday, January 19, 2015

The Dragon's Eyes and Ears: Chinese Intelligence at the Crossroads

A little over a week ago, Hong Kong media reported and, on January 16, Beijing confirmed investigators had detained Chinese Ministry of State Security Vice Minister Ma Jian as part of China’s ongoing anti-corruption campaign. While Ma’s detention gives Xi Jinping and political analysts the opportunity to boast, his dismissal from the Ministry of State Security (MSS) opens a void at the top of China’s civilian intelligence service.

Ma is the third vice minister to be shown the door in recent years, and each could have succeeded Geng Huichang, the current Minister of State Security, who is due to retire in the next two to three years. With an open playing field, the choices made by Xi Jinping and his colleagues will go a long way toward deciding the future of Chinese intelligence.

Read more here.

Thursday, January 15, 2015

New report: DHS is a mess of cybersecurity incompetence

Summary:A large, embarrassing, and alarming Federal oversight report finds major problems and grave shortcomings with Department of Homeland Security cybersecurity programs and practices which are "unlikely to protect us".

Assessing DHS performance 12 years after its creation, a new Federal report called "A Review of the Department of Homeland Security's Missions and Performance" contains a blistering summary on the state of DHS cybersecurity practices and programs.
The January 1 report reveals and concludes that DHS's cybersecurity practices and programs are so bad, the DHS fails at even the basics of computer security and is "unlikely" able to protect both citizens and government from attacks.
The report's section on cybersecurity is all bad news -- especially for fans of Obama's planned legislative cyberattack protections.

Read more here.

Wednesday, January 14, 2015

‘Enemy within’: BBC spied on staff nearly 150 times, investigation claims

The BBC “monitored” 148 staff email accounts in 2013 and 2014, leading one BBC insider to accuse the corporation of treating employees like “the enemy.”
Some 56 staff email accounts were monitored in 2014, up from 46 the previous year, according to a report by the Press Gazette.
Of the 56 snoops last year, 27 were conducted to investigate information leaks, 17 were related to fraud investigations and 12 were concerning disciplinary procedures.
The sharp increase in staff surveillance has been criticized by the National Union of Journalists (NUJ) and a BBC insider.
It is thought the increase in information leaks is related to the BBC’s Delivering Quality First plan, which has resulted in significant job cuts in the name of budget savings.
BBC News announced plans to cut 415 jobs last year, expecting to save £48 million by 2017 as a result.
Of the 148 snoops from 2013 to 2014, 46 email accounts were accessed in order to comply with Data Protection and Freedom of Information (FOI) requests, leaving 102 cases of monitoring for internal reasons.
This is a stark increase on previous figures, with the Mail Online reporting in December 2013 the BBC spied on staff emails 140 times between 2009 and 2013.

Read more here.

Obama Unveils Cyberthreat Info Sharing Plan

Republicans Pledge Cooperation with President

It looks like 2015 is beginning where 2014 left off regarding cyberthreat information-sharing legislation.
See Also: Mobile Banking Success Criteria: Scalability, Outsourced & In-The-Cloud
President Obama on Jan. 13 unveiled his legislative proposal to promote cybersecurity information sharing between business and government, a proposal Congress has debated for years, but has been unable to enact.
Obama's proposal, according to a summary released by the White House, would provide stronger privacy protections than did the Cyber Intelligence Sharing and Protection Act, the bill passed in the last Congress by the Republican-controlled House of Representatives and which the administration threatened to veto (see White House Threatens CISPA Veto, Again). Cyberthreat information-sharing legislation never came up for a vote in the then-Democratic-controlled Senate.

Read more here.


'Skeleton Key' malware unlocks corporate networks

The newly-discovered "Skeleton Key" malware is able to circumvent authentication on Active Directory systems, according to Dell researchers.
The Dell SecureWorks Counter Threat Unit (CTU) team published their findings in an advisory notice this week.

According to the security researchers, the "Skeleton Key" malware allows cybercriminals to bypass AD systems which only implement single factor authentication -- in other words, systems that rely on passwords alone for security. The team says that hackers can use a password of their choosing to authenticate as any user -- before diving into the network and doing as they please.

Skeleton Key was discovered on a client's network which uses passwords for access to email and VPN services. The malware, once deployed as an in-memory patch on a system's AD domain controller, gave the cybercriminals unfettered access to remote access services. However, legitimate users were able to carry on as normal -- blissfully unaware of the malware's presence or impersonation.
"Skeleton Key's authentication bypass also allows threat actors with physical access to login and unlock systems that authenticate users against the compromised AD domain controllers," CTU researchers say.

Read more here.

Tuesday, January 6, 2015

Frmr. HHS cyber security head sentenced to 25 years in child porn ring

The former head of cyber security for the United States Department of Health and Human Services is going to prison for 25 years in an online child porn ring linked to a suburban Chicago native.

In 2012 when the FBI discovered a secret child pornography network in Nebraska, they could not have imagined where it would lead. Federal authorities found the anonymous network called "Tor" that was on the so-called dark net that could only be accessed by navigating through layers of security.
That investigation has resulted in prison for the man who was once a top federal lawman.
Timothy DeFoggi was in charge of cyber security for HHS, the federal agency responsible for protecting the health of all U.S. citizens.

But when DeFoggi was supposed to be protecting Americans, a federal jury found that he was pre-occupied with something else. He was part of a small group of men who were regulars on a nasty network that was accessible only via the dark side of the web, a secret place where wanna-be pedophiles converged.

Read more here.

Drug dealer caught after police bugged his van

A DRUG trafficker has been caught red-handed talking about major heroin deals after police surveillance teams bugged his van.

Jason Forbes, 30, and co-accused Edmond Reid and their associates became the target for an extensive surveillance operation, a court heard yesterday.

A listening device was deployed in Forbes’ Volkswagen Caddy van during the monitoring operation which was carried out within the Inch and Niddrie areas.

Officers from the Organised Crime Counter Terrorism Unit later seized around £50,000 of heroin from lock-up garages and a kilo of cannabis worth around £11,000.
Advocate depute Sheena Fraser told the High Court in Edinburgh that conversations were recorded which demonstrated Jason Forbes’ involvement in the supply of heroin.
“Amounts of drugs referred to varied from eighths to quarter kilos and kilos,” she said.

Read more here.

NOAA Weather Employee May be Part of FBI Probe of Chinese Hacking

A federal weather service employee arrested and charged last year with stealing sensitive information from a federal database for the nation's dams and lying about the breach to federal agents may be part of a wide-ranging FBI probe of Chinese economic and other forms of espionage.

The FBI probe into China’s involvement in the case adds fodder to the growing fear that China could carry out a cyber attack on the national electrical power grid, which federal cyber authorities believe China has obtained sensitive information about through hacking and outright espionage, which the Chinese government has engaged in in the United States for decades. For example, classified State Department cables from the late 1980s suggested China had obtained detailed schematics on the US Shuttle design through espionage. 

Read more here.