| |
U.S. Report Cites 'Persistent' Chinese, Russian Spying for Economic Gain
Wall Street Journal (11/03/11) Gorman, Siobhan
According to a U.S. intelligence report, the Chinese are the world's "most active and persistent" perpetrators of economic espionage. Additionally, the report made claims that Russian intelligence officials are participating in extensive spying efforts to collect information on the U.S. economy and technology. The report also found that the majority of the spying activity is present in cyber space. "Cyber has become the great game-changer ... our research and development is under attack," said a senior intelligence official. Economic cyber spying is affecting several portions of the U.S. economy including information technology, military technology, clean energy and medical technology. The report said that the threat is likely to increase in the next few years and that it poses "a growing and persistent threat" to the country's security. The report noted that Russia's spying campaigns are being driven by its dependence on natural resources, its goal of diversifying its economy and its belief that the West has more economic advantages than the rest of the world. Additionally, the report said the Chinese see espionage as a way to spur economic growth.
One Million UK Workers Have Experienced Violence in the Workplace
Guardian Unlimited (UK) (11/02/11) Snowdon, Graham
Researchers at Britain's Cardiff and Plymouth universities have found that workplace violence is more prevalent in the U.K. than previously thought. Researchers conducted interviews of almost 4,000 employees working in a variety of different roles and in a number of different industries, and found that nearly one in 20 had been the victims of workplace violence. This translates to more than 1 million workers throughout the U.K., the researchers noted. Of those that said that they had been the victims of workplace violence, nearly 4 percent said that they had suffered injuries as a result of those incidents. In addition, researchers found that 13 percent of workplace violence victims were assaulted on a daily basis. Nearly three-quarters of the attackers were from outside the workplace, including customers, clients, or members of the general public. One of the study's authors, Cardiff University Professor Ralph Fevre, urged managers to take steps to protect workplace violence by adopting standards for the proper treatment of employees. Employees, meanwhile, should be patient with their managers and give them time to take steps to make their workplaces fairer, Fevre said.
Will Online Piracy Bill Combat 'Rogue' Web Sites or Cripple the Internet?
PC Magazine (11/01/11) Albanesius, Chloe
A new House bill, entitled the Stop Online Piracy Act (SOPA) is designed to shut down Web sites that provide pirated content. If passed, the bill would, among other things, allow copyright holders to contact the financial institutions that work with a particular Web site to ask them to shut down service to the site. The Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), and the National Cable Telecommunications Association have all voiced their support for the bill, but other groups have been more critical. The Consumer Electronics Association and the Computer & Communications Industry Association wrote that the bill "puts lawful U.S. Internet and technology companies at risk by creating new liabilities." The Electronic Frontier Foundation went further, saying "Despite all the talk about this bill being directed only toward 'rogue' foreign sites, there is no question that it targets U.S. companies as well."
First Piracy Notices Issued for Music Downloads
New Zealand Herald (11/01/11) Fletcher, Hamish
The Recording Industry Association of New Zealand (RIANZ) has sent out copyright notices to Internet providers in the country whose users are believed to have illegally downloaded copyrighted music. The Internet service provider Telecom, for example, received 42 copyright infringement notices overnight, while TelstraClear received 27 such notices. The ISP Orcon, meanwhile, received six notices. Under New Zealand's so-called "three strikes" law, which took effect Sept. 1, Internet companies are required to send warnings to users who are suspected of illegally downloading copyrighted material if the owner of the copyright asks them to do so. Copyright holders can bring a case against the alleged infringer to the Copyright Tribunal, which can levy fines as high as $15,000.
Somali Piracy: Armed Guards to Protect UK Ships
BBC News (10/30/11)
British Prime Minister David Cameron has announced that vessels sailing under the British flag will be able to use armed guards to protect themselves from pirates. Under Cameron's plan, the British home secretary would be granted the authority to license armed guards for merchant vessels. The plan is designed to combat piracy off the coast of Somalia, which was the scene of nearly all the maritime hijackings that took place last year. Officials believe that roughly half of the 200 vessels that fly under the British flag would apply to have armed guards on board. But Cameron's plan would only allow ship owners to use armed guards while sailing through dangerous areas like the Red Sea or the Gulf of Aden. Armed guards would not be allowed at all on ships sailing through the Suez Canal, due to Egyptian laws. Other countries may also have laws that would prohibit the use of armed guards on board ships. Cameron's plan has been praised by some who say that it will help deter piracy, at least in the short term, though others have said that pirates will simply respond by using better weapons.
U.S. Tightens Drone Rules
Wall Street Journal (11/04/11) Entous, Adam; Gorman, Siobhan; Barnes, Julian E.
Changes have been made to the CIA's drone campaign against terrorists in Pakistan. The changes were made following a debate among officials in the Obama administration over the scope of the program earlier this year. During that debate, officials at the CIA defended the use of so-called "signature" drone strikes, which go after militants who are thought to be associated with terrorist groups but whose identities may not be known. However, Secretary of State Hillary Clinton, then-Joint Chiefs of Staff Chairman Adm. Mike Mullen and then-Defense Secretary Robert Gates said that more caution needed to be used with the drone program. Mullen said that the CIA needed to be more selective in who it targets for drone strikes, while Gates and Clinton warned about the consequences of increased Pakistani opposition to the drone campaign. Following a White House review of the program, President Obama said that he supported the continued use of drones but that some changes were needed. For instance, an appeals procedure has been created to give the State Department more authority in deciding when and if to attack a suspected terrorist. The changes also call for the CIA director or the deputy director to try to assuage any concerns the U.S. ambassador to Pakistan may have about a drone strike. The secretary of state would appeal directly to the director of the CIA in the event the conflict with the ambassador could not be resolved, though the CIA director would still be given the final word on drone strikes if an agreement could not be reached with the State Department. Administration officials have said that the changes have lessened internal conflicts over the drone attacks and have resulted in agencies working together more closely.
U.S. Backs Away From Sanctions on Iran Central Bank
Los Angeles Times (11/04/11) Richter, Paul
Officials say that the Obama administration is backing away from plans to sanction Iran's central bank in order to punish Tehran for its alleged involvement in a plot to assassinate Saudi Arabia's ambassador to the U.S. Those sanctions would have prevented any firm that does business with the Central Bank of Iran from engaging in transactions with U.S. financial institutions, which in turn would have made it more difficult for the Iranian government to sell crude oil. The Obama administration has reportedly backed away from such sanctions due to concerns that they could disrupt the world's oil markets and damage the economy. There were also concerns that other countries, namely Russia and China, may not have been willing to support the sanctions. The U.S. is now hoping to persuade countries that engage in trade with Iran to enforce sanctions that are already in place. Additional sanctions that are more narrowly focused could also be put in place.
Riot Police Fire Projectiles, Arrest Dozens of Occupy Oakland Protesters
Los Angeles Times (11/03/11) Romney, Lee
Violence once again broke out in Oakland, Calif., on Thursday morning following the conclusion of the general strike that had been called by members of the Occupy Oakland movement the day before. The general strike and subsequent march to the Port of Oakland attracted more than 7,000 demonstrators. Although the overwhelming majority were non-violent, police said that roughly 60 or 70 demonstrators committed acts of vandalism, including spraying graffiti and breaking the windows of several banks. A small number of demonstrators are also believed to have broken into a coffee shop. Despite the vandalism, Wednesday's general strike appeared to be coming to a peaceful ending when protesters celebrated the fact that their actions had resulted in the cancellation of the 7 p.m. shift at the Port of Oakland. However, demonstrators then began to gather at the City Hall plaza, which they had been evicted from last week. Protesters took over a building that once housed a non-profit organization and set up a barricade around the building. That barricade was then set on fire. Police, meanwhile, began putting on riot gear as protesters started throwing rocks, explosives, bottles, and other objects at them. Police responded by firing tear gas at the protesters, who were asked to leave the area at around 2 a.m. Thursday. Oakland Mayor Jean Quan has said that police will maintain a minimal presence at the plaza, which has once again been opened to the Occupy Oakland encampment, but said that law enforcement will move in again if property is endangered or safety is compromised.
Attack on French Satirical Paper Charlie Hebdo
BBC News (11/02/11)
The offices of the French satirical magazine Charlie Hebdo were destroyed by a gasoline bomb on Wednesday after it featured the Prophet Muhammad as its "editor-in-chief" for an upcoming issue. The bomb was thrown in the early hours of the morning, and no one was reported injured in the attack Hebdo Editor-in-Chief Stephane Charbonnier called the attackers "idiot extremists," saying that Islam could not be excluded from freedom of the press. Charbonnier said the magazine received several threats on Twitter and Facebook prior to the attack. The magazine's Web site has also been hacked with a message in English and Turkish criticizing the magazine. The French government and the French Council of Muslim Faith have both condemned the attack. Hebdo was previously sued for incitement to racism by two French Islamic groups, but was acquitted in a Paris court. Media observers say that it has a record of satirizing all religions.
FBI Says Russians Were a 'New Breed' of Spy
Wall Street Journal (11/01/11)
New information has come to light about the 11-member Russian spy ring that was broken up last year. For instance, some members of the spy ring--including 29-year-old Anna Chapman and Mikhail Semenko--had high levels of technical skills and were able to fit into U.S. culture using their own names, according to FBI Assistant Director for Counterintelligence C. Frank Figliuzzi. Both Chapman and Semenko used high-tech wireless computer communications, including burst transmitters that sent messages in an encrypted form via radio waves in less than a second. The older members of the spy ring, meanwhile, used more conventional spying techniques, such as invisible ink, discreet handoffs of money, and forged documents. These spies used false identities, some of which were taken from people who were dead. Figliuzzi said that the use of the two different approaches shows that Moscow was experimenting with its spying techniques. However, neither proved successful, as none of the spies were able to steal any secrets or achieve their goal of penetrating the president's inner circle of close advisers. It is believed that Russia was trying to determine what U.S. officials were thinking and planning with regard to international events.
Screen-Spy Program Can Read Texts and Emails
New Scientist (11/02/11) Fellet, Melissae
Sneaky snoops could steal private text messages or sensitive email from mobile devices used in a public space, up to 60 meters away, according to researchers from the University of North Carolina at Chapel Hill. To prove that such an attack is realistic, the team developed iSpy, software that can pick up text messages remotely, using only known techniques. Exploiting the magnified keys feature of smartphones, the software analyzes video footage and identifies letters based on how they pop up in larger bubbles on small touchscreens when pressed. The program assigns an accuracy probability to each detected letter, and correctly identifies them more than 90 percent of the time. The software then identifies words, both individually and in the context of the message being sent; to capture passwords, it collects letters and does not perform any word recognition. The program can identify messages from video taken from an ordinary mobile phone camera from a distance of three meters away, and from video taken with a digital single-lens reflex camera from 12 meters. "We were surprised at how well that worked," says researcher Jan-Michael Frahm.
Stuxnet Raises 'Blowback' Risk in Cyberwar
National Public Radio (11/02/11) Gjelten, Tom
Cyber security experts are continuing to express concern about the Stuxnet computer worm, more than a year after it was discovered. Stuxnet, which was released in 2009, appears to have been designed to damage the centrifuges that are used to enrich uranium at a nuclear facility in Iran. The worm appears to have succeeded, setting back Iran's nuclear program by a number of years. It is believed that the complexity of the worm is an indication that it was the work of the U.S. government, possibly in collaboration with Israel. Experts believe that the U.S. government played a role in developing Stuxnet despite the fact that the worm could be altered so that it could be used in a cyber attack on critical infrastructure in the U.S., including electric or telecommunications grids, oil refineries, or water treatment facilities. The damage that such an attack could cause was illustrated in a recent training program at the Idaho National Laboratory in Idaho Falls. In that program, a worm similar to Stuxnet was used to attack a pumping station like those that are in use at chemical plants or water treatment centers. The results of the mock attack showed that a worm similar to Stuxnet could cause hazardous liquids to spill at chemical plants or cause turbines at an electric facility to spin out of control. Experts say that the attack used in the training scenario may not be preventable. "Some of these [systems] can't be protected," said Joseph Weiss, who is an expert on industrial control systems. "We're going to have to figure out how to recover from events that we simply can't protect these systems from."
Advanced Threats Touch Two-Thirds of Enterprises
InformationWeek (11/01/11) Schwartz, Mathew J.
Advanced persistent threats (APTs) have affected or will affect many organizations, according to an Enterprise Strategy Group study. Of the roughly 250 U.S. information security professionals who took part in the study, nearly 66 percent said that their organization had been attacked by APTs. In addition, the study found that 72 percent of IS professionals believed that APTs will continue to be used in attacks in the future. Nearly one third of security managers at large organizations said that their businesses would be vulnerable to such attacks. Researchers also examined the strategies that were being used by organizations that felt they were best prepared to stop APTs. Of those 52 organizations, 69 percent used network management tools, while 58 percent used security incident and event management tools. Log file analysis and intrusion detection or prevention system alerts were used by 46 percent and 44 percent of respondents, respectively. However, many organizations are not training their employees to identify social engineering attacks, which are a type of APT. Training is thought to be the best way to protect against social engineering attacks.
Hackers Press the 'Schmooze' Button
Wall Street Journal (10/31/11) Kapner, Suzanne
As firewalls and other security technologies have become harder to penetrate, hackers have increasingly turned to low-tech methods of attack such as pretexting, which is also known as social engineering, to break into accounts or an organization's network. In a pretexting attack, a hacker tries to trick an organization's customer service representatives into providing the information that he needs to carry out his attack. An example of this type of attack could be seem in the recent Schmooze Strikes Back hacking contest. The winner of that contest was able to convince an employee at an Oracle satellite office to give him information about the company's operating systems and anti-virus technology--information that could have allowed him to steal sensitive customer data. The contest winner was able to obtain this information by surfing the Internet to obtain enough information about Oracle to allow him to pose as an employee of the company. In an other example, cybersecurity expert Chris Patten was able to obtain the account numbers for an account at an investment-management firm by telling a customer service representative that he was concerned that his soon to be ex-wife had established an account under a false name. Some banks, including Bank of America, are countering this threat by asking customers to provide them with additional information before allowing them to retrieve lost usernames and passwords.
U.K. Touts Its Cybersecurity Cred
Wall Street Journal (10/31/11) MacDonald, Alistair; Michaels, Daniel
The U.K. government has recently made significant efforts to improve cybersecurity for both public and private entities. Despite an overall decrease in the government budget, Britain reports it will spend an additional £650 million, about $1 million, on cybersecurity over the next several years. The country is also hosting the first global conference on cyberspace, which is expected to include attendees from 60 countries. However, unlike many of its counterparts, Britain dedicates significant resources to protecting all companies. Other countries, including the United States, focus most of their cybersecurity efforts on military and national infrastructure, leaving much of the private sector undefended. British officials hope these efforts will not only improve the overall security of the country's networks, but also help attract more business to its shores. To this end, some U.K. agencies, including the Intellectual Property Office, are already advertising their ability to protect confidential company data. The government also offers risk analysis to large companies to help them identify their vulnerabilities. Whether or not this strategy proves effective, research indicates the money is well-spent. According to a study conducted by the British government and defense contractor Detica, cyber crime costs the U.K. £27 billion annually, and that British companies lose an average £17 billion worth of data each year.
Abstracts Copyright © 2011 Information, Inc. Bethesda, MD |
No comments:
Post a Comment