Archive for October, 2012

A look at the Russian underground cyber market


“The Russian shadow economy is an economy of scale, one that is service oriented and that has become a kleptocracy wherein crony capitalism has obtained a new lease on life in cyberspace,” says a new report into the cybercriminal Russian underground.

Russian Underground 101 is a Trend Micro study into the cybercriminal underground in Russia. It is based on data gathered from online forums and services and articles written by hackers. What it finds is a complete shadow economy of cybercriminality where virtually every form of online criminal activity can be bought and sold at surprisingly low prices.

Ensuring process cyber security

From: Engineer Live

Cyber security is becoming an increasingly important aspect of  plant management. Here we look at the strategies and technologies being  used by suppliers to ensure that process plants minimise their  vulnerability to cyber attacks. Eugene McCarthy reports.

Over the past two years, industrial infrastructure has been  identified as a key target for hackers and government-sponsored warfare,  attracting some of the most sophisticated cyber attacks on record.

Belden, a global leader in signal transmission solutions for  mission-critical applications, in coordination with Tofino Security –  part of Belden’s Hirschmann brand – has developed a product portfolio  and business processes to protect critical infrastructure against these  emerging threats.

Personal responsibility, not more government regulations, needed to keep Canada cyber-secure, senator says

Editor’s Note: Personal responsibility is a necessary but not sufficient condition for cybersecurity.

From: Vancouver Sun

By Jordan Press

OTTAWA — Canadians and the federal government don’t want more regulations  over how we use our mobile and Internet-connected devices all in the name of  cyber-security, a high-profile Tory senator says.

Sen. Pamela  Wallin, who chairs the Senate’s defence committee, told a room full of  security experts Tuesday it was up to businesses to be honest with their  customers about cyber-security breaches, and an older generation of Canadians to  educate a younger generation who are naïve about their safety from hackers about  how to stay safe from cyber-criminals.

FBI cybersecurity shift draws skepticism from experts

Editor’s Note: Law enforcement must continue to be an essential component of cybersecurity. The FBI’s expanded work in this field is critical and appreciated.

From: Network World

Kevin Mitnick, the former hacker turned security consultant, is one who doubts focusing on criminals rather than attacks would slow them

By Antone Gonsalves, CSO

The FBI has changed its cybersecurity strategy to place greater emphasis on identifying the criminals behind attacks, a shift   that some experts say won’t make a dent in hacking operations.

In a recent blog post, the bureau said it would dedicate more resources to “who is conducting the attack or the exploitation and what is their   motive.”

Georgia publishes photos of alleged Russia-based cyberspy

From: TechWorld

In an unprecedented move, Georgia reveals startling details of a hacker it says is stealing its confidential information

By Jeremy Kirk

In one of the photos, the dark-haired, bearded hacker is peering into his computer’s screen, perhaps puzzled at what’s happening. Minutes later, he cuts his computer’s connection, realising he has been discovered.

In an unprecedented move, the country of Georgia – irritated by persistent cyber-spying attacks – has published two photos of a Russia-based hacker who, the Georgians allege, waged a persistent, months-long campaign that stole confidential information from Georgian government ministries, parliament, banks and NGOs.

Killing the Computer to Save It

From: NYT

Profiles in Science Peter G. Neumann


MENLO PARK, Calif. — Many people cite Albert Einstein’s aphorism “Everything should be made as simple as possible, but no simpler.” Only a handful, however, have had the opportunity to discuss the concept with the physicist over breakfast.

One of those is Peter G. Neumann, now an 80-year-old computer scientist at SRI International, a pioneering engineering research laboratory here.

As an applied-mathematics student at Harvard, Dr. Neumann had a two-hour breakfast with Einstein on Nov. 8, 1952. What the young math student took away was a deeply held philosophy of design that has remained with him for six decades and has been his governing principle of computing and computer security.

Boosting data center trust with ISO27001

From: AsiaCloudForum

By Carol Ko

In the absence of cloud-specific industry standards, cloud data center operators are relying on widely accepted industry standards as the quality seals for the info-security practices at their data centers

One such standard is the ISO27001, short for “ISO/IEC 27001:2005 — Information technology — Security techniques — Information security management systems — Requirements” that was published in 2005 by the International Organization for Standardization.

The ISO27001 certification covers a broad range of security controls from the physical environment in which customer solutions are hosted, accessed and monitored through to the logical system-based controls employed to manage electronic access.

Insecure industrial control systems, hacker trends prompt federal warnings

From: CSO

By Antone Gonsalves

Security researchers fed up with what they see as the glacial pace with which vendors fix holes in industrial control systems have exposed vulnerabilities that raised concerns among federal officials.

The latest security weaknesses, as well as troubling trends in the hacker underground, led the Department of Homeland Security to warn late last week of an increasing security risk to the control systems used by power utilities, water treatment plants and manufacturing. The latest warning, issued Friday stemmed from a report of a vulnerability found in ICS equipment sold by 261 manufacturers.

GCHQ launches employee scheme to help protect UK from attack

From: Gloucestershire Echo

CYBER security professionals in the UK are to be assessed under a new scheme launched by GCHQ, to protect the UK from attack.

The CESG Certification for IA (Information Assurance) Professionals scheme is set to help businesses and the Government employ the right people for the job. It has been launched by CESG, the IA arm of GCHQ, for employees in the public and private sectors.

Jonathan Hoyle, GCHQ’s director general for Government & Industry Cyber Security, said: “Cyber Security and Information Assurance expertise is at the heart of protecting the UK from cyber attack and I am delighted that GCHQ’s scheme to certify IA professionals in both the public and private sectors is fully up and running.

You Can’t Terrorist-Proof the Internet, but the UN Wants to Try Anyway

From: The Philly Post

How this will affect your online world.

by Nick Valdala

If we have too free an Internet, the terrorists win—or at least according to a recent cyber-terrorism report put out by the United Nations. Dubbed “The Use of the Internet for Terrorist Purposes,” the 148-page report essentially urges world governments to surveil Internet users via their service providers all over the planet in an attempt to assuage global terrorism. The Internet in its current form is so free, the argument goes, that those pesky terrorists can more easily get online and spread their extremist messages and propaganda to a wider audience through Internet forums, open wi-fi hotspots and blog posts.