| Wall St. and Law Firms Plan Cooperative Body to Bolster Online Security New York Times (02/24/15) Goldstein, Matthew Wall Street banks and major law firms are working together to share basic information about digital security issues in an attempt to stop online attacks. The discussions involve setting up a legal group that would be affiliated with the Financial Services Information Sharing and Analysis Center, the industry's main forum for sharing information about threats from hackers, online criminals, and nation states. Federal authorities, including President Obama, are pressing companies to share information about hackings with one another and law enforcement as way to deter the theft of information about consumers and employees. Law enforcement agencies have long been concerned about the vulnerability of United States law firms to online attacks because they are seen by hackers and nations bent on corporate espionage as a rich repository of company secrets, business strategies and intellectual property. But attacks on law firms often go unreported because the firms are private and not subject to the same kind of data-breach reporting requirements as public companies that handle sensitive consumer information. The law firm group under consideration would be set up as an organization to share and analyze information and would permit firms to share anonymously information about hackings and threats on computer networks in much the same way that bank and brokerage firms share similar information with the financial services group. While the two groups would not necessarily share information with each other, the law firms would have access to some of the resources of the financial center, which has existed since 1999 and is one of the better-funded industry threat-sharing organizations. Gemalto Hack Report Raises Questions About Payments Security American Banker (02/20/15) Heun, David A new Intercept report that the U.S. National Security Agency and its U.K. peer breached EMV chip and SIM card maker Gemalto's network five years ago and stole keys for encrypting conversations, messages, and data traffic casts doubt on payments security, according to Aite Group analyst Julie Conroy. Keys such as those allegedly compromised are employed in point-to-point encryption, standards for which are being developed by the payments industry. Consultant Greg Coogan says the Gemalto hack "doesn't really [directly] address tokenization and EMV and the types of standards expected out of the people who provide those services." Conroy notes the incident will likely not spur the same kind of anxiety resulting from the RSA Security breach in 2011, yet she cautions no data is really safe "if there is a sufficient amount of monetary, corporate espionage, or state secret incentive" to obtain it. Conroy says one way the Gemalto event differs from the RSA intrusion "is that theoretically these were the good guys trying to access information. But people view privacy differently in different countries." Conroy stresses ongoing network monitoring and multiple security layers as still the most valuable data protection measures for businesses. Big Oil’s Fight for Keystone XL Includes Tracking Critics, Activists Seattle Times (02/25/15) Arnsdorf, Isaac Calgary-based TransCanada, which has long tried to to sell America on the 1,700-mile Keystone XL pipeline, has revealed documents to law enforcement about radical groups that it said threatened oil workers and may vandalize equipment. The pipeline, which connects the oil sands of Alberta to U.S. refineries, had been opposed by environmentalists, and President Barack Obama vetoed Congress’ approval of extending the pipeline. Documents suggest that the alarms TransCanada raised in an April 2013 briefing at the Nebraska State Patrol’s training center were part of a campaign in which the company claimed that peaceful, constitutionally protected protesters were actually dangerous radicals. A TransCanada representative provided the names and photographs of 27 activists, some of which have filed a lawsuit saying that police used excessive force to arrest them on behalf of TransCanada. Other companies have been criticized for how they address opposition; political consultant Richard Berman has recommended that members of the Western Energy Alliance discredit opponents by researching how they are financed and mocking them in ads. The FBI has been criticized for improperly targeting Greenpeace, PETA, and anti-war groups in supposedly baseless domestic-terrorism investigations. The FBI agrees with TransCanada that some Keystone opponents are members of the radical fringe, and in 2014 issued a warning against “environmental extremists” who may target rail shipments of oil from fracking sites or Canadian oil sands. Charlotte Sees a Rise in ATM 'Skimming' Crimes Charlotte Observer (NC) (02/23/15) Roberts, Deon The U.S. Secret Service says skimming incidents are on the rise in the Charlotte, N.C., metro area. The agency has investigated 11 skimming incidents involving more than nine suspects in the region since October, up from four incidents involving three suspects during the prior year. The Secret Service says skimming -- which often targets ATMs and gas pumps -- is the most common type of cyber crime in the region, driven primarily by Eastern European criminal groups. The interstates that criss-cross the metro area make it a prime target for these criminals, who can "hit a number of cities on their way through Charlotte," says Glen Kessler, a special agent with the Secret Service's Charlotte office. Experts say the ease with which criminals can obtain skimming equipment online and the black market demand for stolen consumer data have prompted criminals to set their sights on ATMs. Doug Johnson, senior vice president of payments and cybersecurity policy at the American Bankers Association, says banks are using anti-skimming technology, but it is too costly to put such devices on every machine. He says banks determine which ATMs to equip based on their location and customer traffic volume. Bank EMV Upgrades Pit Cost Control Against Risk Control American Banker (02/19/15) Peters, Andy While the new EMV technology should minimize data breaches and credit and debit card fraud, banks are finding it difficult to cover the costs of implementation all at once. However, spreading out the costs exposes them to greater liability for counterfeit cards in the interim. James Sills, CEO of the $289 million-asset Mechanics & Farmers Bank in Durham, N.C., says small banks cannot afford to record the entire expense in a single quarter. Although banks are not required to adopt EMV cards, Aite Group retail banking research director Julie Conroy says they are "very effective at getting rid of counterfeit-card fraud," which costs the banking industry about $3 billion annually. However, Sills says it costs $3.50 to $4 for each EMV card, and the Aite Group estimates that upgrading ATMs to accept the cards will cost $2,000 to $3,000 per machine. Gil Mermelstein, managing director in the banking practice of West Monroe Partners, says banks will benefit from gradually delaying EMV implementation, as replacing all cards at once could overwhelm their call centers and replacing cards as they expire would save money. ISIS Onslaught Engulfs Assyrian Christians as Militants Destroy Ancient Art New York Times (02/27/15) Barnard, Anne Islamic State has begun to capture and kill Assyrian Christians of northeastern Syria, one of the world's oldest Christian communities. Assyrian leaders say hundreds of people have been taken captive, including women and children, along with civilian men and fighters from Christian militias. Dawoud Dawoud, an Assyrian political activist, said thirty villages have been emptied. The Islamic State militants are seeking to destroy anyone or anything that does not conform to their vision of Islamic rule, even archaeological traces of pre-Islamic antiquity. A recent Islamic State video showed militants smashing statues with sledgehammers inside the Mosul Museum in northern Iraq. Islamic State militants seized the museum, which has not yet opened to the public, when they took over Mosul in June and have repeatedly threatened to destroy its collection. In the video, a man says "the monuments that you can see behind me are but statues and idols of people from previous centuries, which they used to worship instead of God.” Amr al-Azm, the Syrian anthropologist and historian, said "it's all provocation," and that the Islamic State wants to fight with the West because that is how they gain credibility and more recruits. Additionally, the group has demanded Christians living in its territories pay the jizya, a tax on religious minorities dating to early Islamic rule. Social Media Emboldens Islamists, Challenges Law Enforcement Wall Street Journal (02/27/15) Grossman, Andrew; Hong, Nicole U.S. law-enforcement officials are concerned that social media is making recruitment easier for Islamic State (ISIS) and its supporters, but it is also a way to spot and track potential militants. This was crucial in the arrest of three Brooklyn men charged on Wednesday with plotting to join ISIS in Syria. One of the men posted on an Uzbek-language website, vowing allegiance to ISIS and volunteering to shoot President Barack Obama, which attracted the attention of federal law enforcement. Law enforcement tracked one of the defendants through his Internet protocol address, but officials have expressed concern that they cannot always breach the growing number of tools and hardware designed to keep users anonymous. They also remain concerned that more sophisticated, rapidly growing extremist propaganda is attracting a broader, younger audience. The FBI has increased monitoring of mainstream social media sites and more extremist-focused sites, but it can be overwhelming, as users post about 500 million messages a day on Twitter alone. The New York Police Department is investing in new platforms to scan and analyze social-media conversations and is hiring younger people to help with investigations, said Zachary Tumin, the department's deputy commissioner for strategic initiatives. 'Jihadi John' From ISIS Execution Videos Was Under Watch by British Intelligence New York Times (02/27/15) Erlanger, Steven Mohammed Emwazi was identified on Thursday as the infamous masked Islamic State fighter known as "Jihadi John." In the time since, his journey from computer student at the University of Westminster in England to a murderous spokesman for the Islamic State is starting to come into focus. Up for debate still is whether British intelligence services were to blame -- either dealing with him too harshly or not identifying him as a serious threat soon enough -- for his radicalization and subsequent freedom of movement. The question for security services all over the West is: "Given important constitutional and legal protections, how do counterterrorism and police officials draw the line when they find enough evidence to suspect someone, but do not have enough to prosecute them, or even to keep them under legal surveillance?" Emwazi reportedly first came to the attention of the British intelligence services in May 2009 when he was detained in Tanzania with two friends on what he described as a celebratory safari following his college graduation. British officials suspected that he and his companions were on their way to Somalia to fight with the terrorist group Al Shabab. The Brits allegedly tried to recruit him as an informant before sending him back home. Emwazi was dubbed "Jihadi John" by the foreign hostages he guarded, several of whom he apparently beheaded in widely circulated videos. He was first named yesterday by the Washington Post, and his identity was confirmed soon after by a senior British security official and by a senior U.S. military intelligence official. While information remains vague about Emwazi, he does appear in 2011 court documents obtained by the BBC as a member of a network of extremists who funneled equipment, money, and recruits "from the United Kingdom to Somalia to undertake terrorism-related activity." Furthermore, he is believed to be part of a group from West and North London, sometimes referred to as "the North London Boys," with ties to Al Shabab. Yahoo Debates NSA Over Digital Spying Wall Street Journal (02/23/15) Paletta, Damian A senior Yahoo Inc. official grilled National Security Agency (NSA) Director Mike Rogers over digital spying on Monday. The testy exchange came during a question-and-answer session at a summit in the nation's capital on cybersecurity, hosted by the New America think tank. Rogers, a Navy admiral, spent an hour at the conference answering a wide array of questions about his agency's practices and various global cyber threats. Alex Stamos, Yahoo's chief information-security officer, asked Rogers whether the Internet giant should acquiesce to requests from such countries as China, France, Russia, and Saudi Arabia to build a "backdoor" in some of their systems that would allow those and other nations to spy on certain users. "It sounds like you agree with [FBI Director James] Comey that we should be building defects into the encryption in our products so that the U.S. government can decrypt," Mr. Stamos stated. Rogers cut the Yahoo executive off, replying, "That would be your characterization." He then went on to say he believed it is "achievable" to create a legal framework that allows the NSA to access encrypted data without upending corporate-security programs. However, Rogers declined to provide any further details. Any such framework would have to be worked out ahead of time by policy makers and not the NSA. 3 Brooklyn Men Accused of Plot to Aid ISIS' Fight New York Times (02/26/15) Santora, Marc; Clifford, Stephanie Three men from Brooklyn were arrested Wednesday on charges that two of them had sought to leave the country to join the Islamic State (IS), while the third helped organize and plan their activities. Abdurasul Hasanovich Juraboev and Akhror Saidakhmetov, permanent U.S. residents from Uzbekistan and Kazakhstan, respectively, came to the attention of U.S. authorities last fall after expressing their support online for IS and a desire to travel abroad to join the group. Abror Habibov, an Uzbek citizen living in the U.S. on an expired Visa, employed Saidakhmetov at a cellphone repair kiosk and is alleged to have offered cover the younger man's expenses and helped make the arrangements for him to travel. Both Juraboev and Saidakhmetov had acquired plane tickets to travel out of the country and one of them was apprehended at John. F. Kennedy Airport, where he was attempting to board a flight to Istanbul, with plans to travel on to Syria from there. The two are alleged to have made threats to carry out attacks in the U.S. if their efforts to travel abroad were thwarted, though law enforcement officials say their plans were largely "aspirational" and neither had made serious plans to carry out such attacks. All three men are facing charges of providing material support to a foreign terrorist organization. FBI: NSA Reform Could Hurt Cyber Probes The Hill (02/24/15) Bennett, Cory FBI Cyber Division assistant director Joseph Demarest said Tuesday the FBI's cybercrime investigations will suffer if Congress does not reauthorize Section 215 of the Patriot Act. The FBI says Section 215's business records request program allows the agency to acquire customer records from technology firms without going through the public court system, which could alert possible accomplices to an investigation. "Are you going to want to reveal certain things that you found out in a criminal court of law if it means that you might prosecute one guy, but you could damage multiple other investigations going on?" asked Robert Anderson, who leads the FBI’s Criminal, Cyber, Response, and Services Branch. But privacy and civil liberties advocates argue that the lack of transparency can lead to abuse. A White House appointed independent review board last year concluded the program was borderline illegal, allowing the NSA too broad an authority to indiscriminately collect data. Anderson said the 215 program can help the FBI counter what it calls the "going dark" problem. As major companies adopt strong encryption, a growing number of criminals can operate with digital anonymity, he said. Congressional fights over reauthorizing the program are expected to begin in the coming months. CIA Looks to Expand Its Cyber Espionage Capabilities Washington Post (02/23/15) Miller, Greg CIA director John Brennan has proposed a major expansion of the agency's cyber espionage capabilities as part of a broad restructuring initiative. The plan calls for increased use of cyber capabilities in almost every category of operations, including penetrating Internet-savvy adversaries. Several officials said Brennan’s team has even considered creating a new cyber-directorate — a step that would put the agency’s technology experts on equal footing with the operations and analysis branches, which have been pillars of the CIA’s organizational structure for decades. U.S. officials emphasized that the plans would not involve new legal authorities and that Brennan may stop short of creating a new directorate. But the suggestion underscores the scope of his ambitions, as well as their potential to raise privacy concerns or lead to turf skirmishes with the National Security Agency, the dominant player in electronic espionage. Hackers Impersonating IT Staff Popular Tactic in Data Breaches, FireEye Finds ZDNet (02/24/15) Osborne, Charlie Research by FireEye reveals today's cyberattackers increasingly are targeting employees through such means as social engineering, phishing schemes, and impersonating legitimate IT personnel. The report by FireEye's Mandiant cyberforensics team found that through 2014, hackers impersonated IT staff in 78 percent of phishing schemes directed at companies, in comparison to just 44 percent in the previous year. Mandiant also found more attackers than ever using "complex" tactics to avoid detection, such as hiding through Windows Management Instrumentation. As chip-and-pin technology becomes more widespread, e-commerce attacks are rising as well. During 2014, Mandiant responded to an unprecedented number of requests for help due to compromised companies and payment processors. The report also found many companies are not using basic security safeguards such as two-factor authentication. Furthermore, FireEye observed a drop in the average time a company takes to detect a data breach, to 205 days in 2014 from a previously estimated 229 in 2013 and 243 in 2012, although some network intrusions can still remain undetected for years. Lastly, the report found in 2014 that just 31 percent of organizations discovered they were breached using their own resources, down from 33 percent in 2013 and 37 percent in 2012. Lenovo and Superfish Penetrate the Heart of a Computer’s Security New York Times (02/22/15) Perlroth, Nicole Last week saw two examples of a worrying new trend in cyber security: governments and companies embedding spyware at the most basic level of a computer's operating system. While news that the National Security Agency was using such spyware likely came as no surprise to many, less expected was the revelation that Chinese computer maker Lenovo had embedded spyware in the basic-input-output-system (BIOS) of several of their products. Technology expert Peter Horne discovered the spyware after noticing odd Internet traffic on a newly-purchased Lenovo Yoga 2 Notepad and later found it on several other Lenovo devices. The spyware scoops up a user's Internet browsing data and sends it to Superfish, an Israeli "visual advertising" service that uses that data to populate ads in the users's browser. Besides the clear violation of users' privacy, the spyware also creates a security risk as hackers could potentially hijack the data being collected and sent to Superfish. While security researchers and others are now developing tools to detect and remove the Superfish spyware, its placement in devices' BIOS made it extremely difficult to identify in the first place, potentially setting a worrying precedent for other consumer electronics. After the revelation, Lenovo claimed it had included the spyware in only a few of its consumer notebooks shipped between September and December 2014 and had stopped including it in January. Legacy Vulnerabilities Easy Route for Hackers ZDNet (02/23/15) Dignan, Larry The latest Cyber Risk Report from HP finds that 2014 was dominated by exploits of vulnerabilities that had already been known before 2014. Seven of the top 10 exploits of 2014 had been identified before 2013 and 40 percent of the known breaches were a result of vulnerabilities that were two to four years old. "Well-known attacks were still distressingly effective, and misconfiguration of core technologies continued to plague systems that should have been far more stable and secure than they in fact proved to be," the report says. The top 10 discovered exploits for 2014 largely affected Microsoft Internet Explorer and Abode Flash, while Oracle successfully curtailed vulnerabilities in Java. The report found the introduction of click-to-play functionality contributed to no Java zero-day exploits being discovered in the malware space. The report also found software as a service and middleware increasingly were being exploited via protocols such as HTTP, Simple Object Access Protocol, and JSON. In addition, the report notes the push and pull between Microsoft and Google when it comes to disclosing vulnerabilities before they have been patched for consumers. Abstracts Copyright © 2015 Information, Inc. Bethesda, MD |
No comments:
Post a Comment