FISMA News

Editor’s Note:  The Norman report is attached here

From: Operation Hangover: Unveiling an Indian Cyberattack Infrastructure

Background

On Sunday March 17th 2013 the Norwegian newspaper Aftenposten reported that the telecommunications giant Telenor had filed a case with Norwegian criminal police (“KRIPOS”) over what was perceived as an unlawful intrusion into their computer network. The infection was reported to have been conducted via “spear phishing” emails sent to people in the upper tiers of management.

Initially, we had no information or visibility into this case. However, after some time Norwegian CERT (NorCERT) shared some data from the event, which included md5 hashes of malicious files and information about which Command and Control servers were used.

From: FierceGovernmentIT

By Molly Bernhart Walker

With the goal of building a cadre of highly-skilled cyber security experts, the Commerce Department tripled role-based training completion in three years and implemented an award-winning personally-identifiable information training program department wide.

“IT security training is a real big, big push for us at the department,” said Commerce Department Chief Information Security Officer Rod Turk during a May 20 panel discussion at ACT-IAC’s Management of Change Conference in Cambridge, Md.

But ensuring cybersecurity at the department depends on more than just technology, he said.

From: Baltimore Business Journal

Bethesda-based Lockheed Martin has a strategy in place to win new work internationally and in growing sectors such as cybersecurity, the defense contractor’s new chief of information systems and global solutions told the Washington Post.

In a wide-ranging interview with the Post, Sondra L. Barbour, who took over the challenged unit late last month, told the business editors, “The strategy we have is one of looking at our traditional core customers and ensuring that we are performing, but then we also focus internationally.”

From: Xinhua

The recent snooping scandal involving global financial information and news provider Bloomberg LP has sounded an alarm for the Chinese financial industry and its heavy reliance on foreign data services.

Bloomberg LP announced on Friday the appointment of former IBM Chairman and Chief Executive Officer Samuel J. Palmisano as an independent adviser regarding privacy and data standards.

It was the company’s latest move to placate client concerns after it acknowledged that Bloomberg reporters had long been able to access information on clients’ use of Bloomberg’s data terminals, including their login history and functions used.

From: Al Arabiya

From: Spiegel Online

By Martin U. Müller, Marcel Rosenbach and Thomas Schulz

Forget Big Brother. Companies and countries are discovering that algorithms programmed to scour vast quantities of data can be much more powerful. They can predict your next purchase, forecast car thefts and maybe even help cure cancer. But there is a down side.

From: New Europe

By Nerea Rial

From: New Era

From: Infosecurity-Magazine.com

The European Union could soon consider a proposal that would give law enforcement the ability to engage in “offensive hacking,” i.e., compromise private infrastructure and systems to gather information via spyware, delete data or even take servers offline completely when there is probable cause to suspect cybercriminal activity.

From: Los Angeles Times

By Ken Dilanian

WASHINGTON — A Chinese military unit that a private U.S. computer security company accused of launching more than 115 cyber attacks against American companies over seven years has resumed hacking after a three-month hiatus, the firm’s chief security officer said Wednesday.

The clandestine army unit, known as Unit 61398, “went quiet for a while — they changed the nature of their activities, they removed some of the tools that they had been using inside of different companies,” said Richard Bejtlich of Mandiant, which specializes in defending companies from cyber attacks and purging malware from computer networks that have been breached.