Everything related to Computer Security - Security Audits, Security Vulnerabilities, Intrusion Detection, Incident Handling, Forensics and Investigation, Information Security Policies, and a whole lot more.
Senate Dems Say GOP Budget Exposes Electric Grid to Hackers The Hill (07/16/15) Bennett, Cory
Democratic senators Debbie Stabenow and Martin Heinrich noted during a conference call with reporters July 14 that the GOP budget is short-changing the US electrical grid millions of dollars that could protect it from cyberattacks. The claims come as the parties argue over an Energy and Water Development funding bill. Stabenow and Heinrich believe using sequestration-level funding is dangerous and could leave the US falling behind its international counterparts in defending the grid. "The reality is that this is a system that is not as well protected as it should be," Heinrich said. "This is a grid that evolved over 100 years and much of it is based on fairly simple technology." According to Stabenow, the GOP budget would strip $11 million from the Cybersecurity for Energy Delivery Systems program, which develops tools to shield the grid from digital threats. In the light of the recent Russian and Chinese hacks, security researchers say that there is an ongoing attempt to poke and prod the US for vulnerabilities before launching a larger attack against the country's infrastructure. Republicans are standing behind their Energy and Water Development Appropriations bill, which passed out of the Senate Appropriations Committee in May by a 26-4 vote.
Over 200 Cyberattacks Occur on a Daily Basis, Says Report FierceCIO (07/10/15) Weldon, David
Nearly 200 significant security incidents occur on a daily basis, with nearly six actual breaches occurring every day, according to a new Centri report. The report says 2,122 confirmed data breaches occurred in 2014, as well as 79,790 security incidents. In 60 percent of the cases, the report says attackers were able to compromise their target organizations within minutes. The report found the average total cost of a data breach amounted to $3.79 million. Distributed denial-of-service attacks were found to cost banks as much as $100,000 per hour. The number of attacks is likely to grow, as the report notes Gartner has predicted there will be more than 26 billion Internet of Things (IoT) devices by 2020, with each device a possible target for hackers. The report notes the way data is stored and manipulated has changed as well, saying this is "as it should be: companies use these scenarios because they provide value to the business and improve customer satisfaction. But the way they think about protecting data has to change – and sooner rather than later."
It's Not Just OPM: Cybersecurity Across the Federal Government Is Pretty Awful Washington Post (07/13/15) Peterson, Andrea
Government audits reveal the entire federal government is struggling to protect its computer systems. The U.S. Government Accountability Office (GAO) found 19 of 24 major federal agencies have declared cybersecurity a "significant deficiency" or a "material weakness." Issues range from a need for better oversight of information technology contractors to improving how agencies respond to breaches of personal information, according to the GAO. "Until federal agencies take actions to address these challenges—including implementing the hundreds of recommendations GAO and agency inspectors general have made—federal systems and information will be at an increased risk of compromise from cyber-based attacks and other threats," warns a GAO report from earlier this month. In recent years, there also has been a sharp increase in the number of information security incidents reported by federal agencies, growing from 5,503 in 2006 to 67,168 in 2014.
Privacy Advocates Ask Regulators to Take a Closer Look at Gadgets That Are 'Always On' Washington Post (07/10/15) Tsukayama, Hayley
The Electronic Privacy Information Center (EPIC) would like regulators to more closely examine the privacy implications of devices that are "always on." The group posted a letter to the Federal Trade Commission and the Justice Department asking for an investigation into always-on technologies present in devices. The average person is probably not thinking about privacy implications when they buy these devices, and it is unreasonable to expect consumers to monitor their activities in front of their home electronics, according to the EPIC letter. In the letter, EPIC pointed to recent reports that developers believe Google Chromium, an open-source version of Goolge's Chrome browser, appeared to be recording without their knowledge. EPIC asked regulators to organize a workshop that looks at always-on devices to ask more probing questions about how data is collected and stored.
The Soaring Cost of Malware Containment Help Net Security (07/14/15) Zorz, Mirko
Although organizations are dealing with nearly 10,000 malware alerts a week, only 22 percent of these are considered reliable, according to a Ponemon Institute survey of 551 IT security practitioners in Europe, the Middle East, and Asia. In addition, only 3.5 percent of all alerts are deemed worthy of further investigation, suggesting IT teams are struggling with the resources to block or detect serious malware. "The 3.5 percent of malware alerts that are being analyzed could also suggest that these are actually critical alerts that have been filtered by these various security technologies and have been deemed of serious risk," says Bitdefender's Catalin Cosoi. Teams spend an average of 272 hours a week responding to false positive cyber alerts, which equates to an average cost of 515,964 pounds annually for each organization in lost time, according to the report. The report also found 57 percent of respondents said the severity of malware infections has significantly increased or increased in the past year, and 47 percent said volume has significantly increased or increased in the same time frame. "The cost of malware containment is not only money, but time wasted chasing after incidents and working out who, what, when, where and why," says Malwarebytes' Christopher Boyd.
Chattanooga Shootings Leave Four Marines, Sole Gunman Dead Wall Street Journal (07/17/15) McWhirter, Cameron; Barrett, Devlin; Nissenbau, Dion
Four Marines were killed and three others injured on Thursday when a 24-year-old Kuwaiti-born man opened fire on two separate military facilities in Chattanooga, Tenn. The first shooting occurred at 10:50 a.m., when Mohammod Youssuf Adbulazeez opened fire on a military recruitment center located in a strip mall east of downtown Chattanooga. Abdulazeez drove up to the facility and fired 25 to 30 shots, wounding one Marine, before driving off again. Then, at 11:30 a.m., Abdulazeez rammed his car through the security gate at a Navy Operations Support Center 7 miles away and opened fire, killing four Marines and injuring a police officer and a sailor. Abdulazeez died at the scene of a gunshot wound, though it is not publicly known whether or not the wound was self-inflicted. FBI Special-Agent-in-Charge Edward Reinhold says that several weapons were found in Abdulazeez’s possession. While the case is currently being investigated as a potential terror attack, Reinhold says he cannot speculate on what the shooter’s motive may have been. He had no apparent ties to any international terror organization and authorities currently believe he acted alone. Adbulazeez was born in Kuwait, but had lived with his family in the U.S. for many years. He was a naturalized U.S. citizen and had graduated from the University of Tennessee in Chattanooga with a degree in electrical engineering in 2012.
TSA's Response to Criticism: Longer Airport Lines Politico (07/15/15) Scholtes, Jennifer
After a 96-percent failure rate in a covert security audit of the Transportation Security Administration (TSA), the agency has been ordered to pursue an improvement plan that will probably lengthen security lines at airports. The plan ordered by Homeland Security Secretary Jeh Johnson will require more hand-wanding of passengers, bomb-sniffing dogs, and random testing of luggage. This also could reduce travelers' chances of being sent through expedited PreCheck lines. Johnson said he has directed TSA to rethink the performance standards for screening equipment, and said that the company that manufactures the machines may help make the technology more effective. The report of the audit is still classified, so TSA has not disclosed exactly which types of equipment were involved in the test or how they failed, but they have been identified as the millimeter-wave body scanners that require passengers to stand inside a booth and raise their arms. Rep. Bennie Thompson (D-Miss.) of the House Homeland Security Committee expressed support for more manual screening and being more selective about the travelers sent through expedited security. He is also concerned, however, about how the changes will affect the work that TSA has done to move away from slower procedures and speed up the screening process.
Mexico Drug Lord's Escape Was Foretold Wall Street Journal (07/14/15) Althaus, Dudley; Barrett, Devlin
New information suggests that the Mexican government failed to act on a number of warning signs that the infamous drug lord Joaquin “El Chapo” Guzmán would attempt to escape from his cell in a maximum-security prison. Neighbors of the prison said they witnessed dump trucks carting away tons of rubble from a house in a nearby pasture, and U.S. intelligence had picked up chatter that Guzmán might be planning a breakout, and shared the tips with their Mexican counterparts. The failure of Mexico's government to attempt to prevent Guzmán's escape from Altiplano federal prison raises questions about incompetence and corruption in Mexico's security institutions. Although U.S. authorities pledged to help Mexico recapture Guzmán, some U.S. law-enforcement officials believe there should be changes in how the two countries coordinate on anti-cartel efforts. “What it does is strain the relationship between U.S. and Mexican law enforcement on sharing of intelligence,” said Jimmy Gurulé, a University of Notre Dame law professor. If Guzmán is recaptured, Mexico may agree to extradite him to the United States. Mexican officials said Monday that they were searching the countryside, and trying to determine whether and how corrupt jailers or others helped him escape Saturday night.
In Texas, a Military Exercise Is Met by Some With Suspicion New York Times (07/15/15) Fernandez, Manny
About 1,200 Special Operations troops this week will begin conducting an eight-week military exercise, dubbed “Jade Helm 15,” in Texas, Arizona, Florida, Louisiana, Mississippi, New Mexico, and Utah. While off-base training exercises and role-playing are not new for the military, Jade Helm 15 has an unusual size and scope that make it suspicious for many locals. Officials say that the exercise will be conducted largely on remote, undeveloped land and will not be a major disruption to most residents. Some Texas residents, however, have become fearful of the exercise, largely due to bloggers and activists who claim that the drills are part of a secret plan by the Obama administration to impose martial law, confiscate firearms, and invade the state. Gov. Greg Abbott has ordered the Texas State Guard to monitor Jade Helm 15 from Camp Mabry in Austin, and at least one national group of unofficial monitors and protesters plans to have volunteers follow Army vehicles and post their locations online. Army planners and local elected officials have been answering residents' questions and holding briefings about the exercise. The military has told local officials that some Jade Helm 15 participants “may conduct suspicious activities” as part of their training and others “will be wearing civilian attire and driving civilian vehicles."
Iran, Big Powers Clinch Historic Nuclear Deal Reuters (07/14/15) Hafezi, Parisa; Charbonneau, Louis; Irish, John; et al.
Iran and six major world powers on Tuesday reached a nuclear deal under which sanctions would be lifted in return for Iran agreeing to long-term curbs on a nuclear program suspected of trying to build a nuclear bomb. The main negotiations were between the United States and Iran, as well as Britain, China, France, Russia, and Germany. Israeli Prime Minister Benjamin Netanyahu said the deal was a mistake, and other Israeli officials vowed to try to stop it from being ratified. Congress has 60 days to review the agreement, in which it could vote to disapprove of it, although President Barack Obama could veto a rejection.
More Than 70 Targeted in Global Takedown of Hacker Forum Darkode Wall Street Journal (07/15/15) Barrett, Devlin
Police in 20 countries have charged, arrested, or searched dozens of alleged hackers belonging to a group known as Darkode. One of the alleged associates is an intern at FireEye Inc., a computer security firm that works closely with FBI, U.S. officials said. At least 70 alleged participants around the world were targeted for operating what police described as an online marketplace for malicious computer code. Darkode's password-controlled website, where hackers bought and sold malware or hacking skills, was seized by authorities. Darkode is only one of an estimated 800 such websites, but U.S. Attorney David Hickton said it was “the most sophisticated English-speaking forum for criminal computer hackers.” At least 12 people have been arrested in the United States, with more likely, for charges that include conspiracy to commit computer fraud and conspiracy to send malicious computer code.
Automobile Cyber Threats Sharing Group Expected to Operate by Year's End Wall Street Journal (07/14/15) King, Rachael
The automotive industry is seeking to combat the growing number of cyber threats facing their increasingly connected vehicles with the formation of a new automotive information sharing and analysis center (ISAC). "The launch of the auto ISAC will serve as a central hub for intelligence and analysis that will provide timely sharing of cyber threat information and potential vulnerabilities in motor vehicle electronics and their associated in-vehicle networks," said Rob Strassburger, vice president of vehicle safety and harmonization at the Alliance of Automobile Manufacturers. The hope is that the new ISAC will help carmakers address cybersecurity issues in their vehicles before they lead to situations like the recent recall of 65,000 Range Rovers by Jaguar Land Rover due to a software bug affecting the vehicles' keyless entry. The Obama Administration has pushed for the development of voluntary industry standards and groups like ISACs to address cybersecurity issues and several industries have followed that route, most notably the financial industry. The new automotive ISAC is expected to be operational late this year. It will start small, at first being open only to automakers and eventually opening up to include auto suppliers and other strategic partners like telecom and technology companies.
NSA Chief Expects More Cyberattacks Like OPM Hack Wall Street Journal (07/15/15) Wall, Robert; Flynn, Alexis
Navy Adm. Mike Rogers, director of the National Security Agency (NSA) and head of the U.S. military's Cyber Command, warned that the United States could see more cyberattacks like one on the Office of Personnel Management. The U.S. government reported last week that two cyberattacks on the agency compromised more than 21 million Social Security numbers, 1.1 million fingerprint records, and 19.7 million forms with personal data. As a result, the government is reviewing cybersecurity policies, Rogers said. He compared the hacking to last year's attack on Sony Pictures Entertainment, which unleashed sensitive company information. Rogers called on private companies and the government to work together to protect networks. David Omand, former head of the U.K. Government Communications Headquarters, said that the average cost of a data breach for major U.S. companies could be around $20 million.
A Successful Cyber Sprint, With a Questionable Finish Line Federal Computer Week (07/10/15) Noble, Zach
The federal government's 30-day cybersecurity sprint formally ended on July 12, but assessment data will come out slowly in the following weeks, notes U.S. CIO Tony Scott. He says initial findings appear good, including a 20 percent government-wide increase in two-factor authentication. However, Chris Edwards at Intercede notes that agencies may leave "username/password 'back doors' to support certain legacy systems," which undermines two-factor authentication. He advocates the use of PIV cards to encrypt sensitive email content in transit as well as the use of "enhanced derived credentials on mobile devices." Tanium's Ralph Kahn praises the fact that the sprint's memo called for improvements without setting any quotas because the open language is likely to spur fuller participation from agencies. He believes the patch issue is one of the most crucial problems to emerge from the sprint. "In many cases, agencies just don't know" where they stand with software patches, with many relying on legacy systems for which regular patches are not available or on "incomplete tools" that might report issues have been patched when they have not. Edwards and Kahn both advocate continuous monitoring rather than periodic reviews of agencies' security.
Italian Cyber-Security Firm Suspects Foreign Government Was Behind Mass Attack Reuters (07/12/15)
Hacking Team, an Italian cyber-security firm, has said a government entity may be responsible for a massive hack of its systems which resulted in the download of 400GB of data from the firm last week. The company, which makes surveillance software that allows law enforcement and intelligence agencies to tap into the phones and computers of suspects, has now advised clients to halt their use of its programs until they can upgrade the compromised software, and has also cautioned that all computer system may now be at risk, as the hack utilized "sufficient code...to permit anyone to deploy the software against any target of their choice." David Vincenzetti, CEO of Hacking Team, has stated that "given its complexity...the attack must have been carried out at a government level, or by someone who has huge funds at their disposal," but did not share any guesses about who it might have been.