Archive for November, 2012

South Carolina Info Intrusions Traced to Overseas Hacker

From: American Forces Press Service

By Terri Moon Cronk

WASHINGTON, Nov. 30, 2012 – South Carolina Gov. Nikki Haley said an international hacker is responsible for illegally obtaining 4 million social security numbers from electronically filed state tax returns dating back to 1998.

Defense Department and South Carolina officials are notifying U.S. service members of the recently discovered cyber intrusions, Haley said today in an interview with The Pentagon Channel. Defense officials said the intrusions also involve several hundred thousand credit and debit card numbers and other information.

What does your cyber signature say about you?

From: The Guardian (UK)

Do your citizens hover over the help button? Tracking online mouse movements can support behavioural change

Ben Darlington and Tim Pitts

Changing the behaviour of citizens to reduce the demand placed on public services is now a top priority for both central and local government. From voting or volunteering more, to simply accessing council services online, new habits must be developed to meet the financial challenges the government faces.

Study: Keep Investing in Spec Ops, Cyber

From: DefenseNews


The Pentagon should continue to invest in special operations forces, offensive and defensive cyber capabilities, new manned and unmanned long-range strike aircraft and undersea vessels even as defense spending declines in the coming decade, according to a new think tank report.

The Defense Department should also reduce the buy of Lockheed Martin F-35 joint strike fighters to protect other investments as defense spending declines, the report said.

The study — conducted this summer by Todd Harrison and Mark Gunzinger of the nonpartisan Center for Strategic and Budgetary Assessments (CSBA) — focused on protecting U.S. investments in military capabilities that might be necessary in future conflicts. Researchers announced the study’s findings on Nov. 27.

Sharp increase in authorities accessing private data

From: The Age (Australia)

Philip Dorling

AUSTRALIAN law enforcement and government agencies have sharply increased  their access without warrant to vast quantities of private telephone and  internet data, prompting new calls for tighter controls on surveillance  powers.

Government agencies accessed private telecommunications data and  internet logs more than 300,000 times during criminal and revenue investigations  in 2011-12, a 20 per cent increase on the level of surveillance activity in the  year before.

Figures from the federal Attorney-General’s  Department show that on average, these agencies obtained private data from  telecommunications and internet service providers 5800 times every  week.

Cloud computing: Data protection issues

From: Shoosmiths (UK)

Author: Aisling Duffy

According to a recent article by Shoosmiths, the cloud software market generated $22 billion in revenue in 2011, and expects growth to $67.3 billion by 2016

Alongside the benefit of cloud computing, however, lies a lack of transparency for cloud customers, causing legitimate concerns about how they can comply with the Data Protection Act 1998 (DPA).

Thrown into this mix, of course, is the latest attempt by the European Commission (EC) to protect privacy rights and provide a uniform approach to data protection with the General Data Protection Regulation.

Financial Breaches Increase Amid Global Cyber Crime Wave

Editor’s Note:  McAfee Threats Report: Third Quarter 2012 is attached here.

From: Government Technology

By Hilton Collins

Extortion-enabling malware and online fraud rings are on the rise, according to McAfee researchers, whose discoveries highlight a trend: that cyber crime growing and evolving worldwide.

Earlier this month, McAfee Labs released the McAfee Threats Report: Third Quarter 2012, which analyzes global hacking activity across public and private networks. As criminal network infiltration incidents increased, various malware strains also grew in prominence.

However, Adam Wosotowsky, a messaging data architect for McAfee and report author, doesn’t think readers should be alarmed at this point.

How In-Q-Tel Helps CIA Scout For Innovative Technology – A Model For Other Agencies?

From: AOL Government

By Bridget Mintz Testa

US Government agencies often face a Catch-22 trying to adopt innovative technologies: Procurement rules designed to promote fairness can effectively preclude federal buyers from seeing – or influencing – developments that could eventually help agencies work more effectively.

The Defense Department and intelligence agencies, of course, have been fueling innovative technologies on their own for decades. But as commercial markets have exploded with new ideas, and learned to bring those ideas to market with greater speed, government agencies increasingly find themselves racing to keep up with innovations in the commercial sector.

NIST Crypto Reading Club

From: NIST

NIST Computer Security Division is hosting Crypto Reading Club talks, to foster research and collaboration. Talks are held biweekly on Wednesday in Room B341, Building 222, from 10:00 AM to 12:00 PM, unless noted otherwise.

Reminders will be sent to subscribers of the Crypto Reading Club List which is open to all. If you want to be included to the Crypto Reading Club List and/or give a talk, please contact Morris J. Dworkin or Meltem Sonmez Turan.

Upcoming Talks

NEW Stefan Lucks, Meltem Sonmez Turan and Morrie Dworkin will give a talk on authenticated encryption, on December 12, 2012.

Pacemakers, other implanted devices, vulnerable to lethal attacks

Editor’s Note: The imperative of medical cybersecurity is discussed on Regulatory Cyber Security/FISMA Focus here, here and here.

From: Homeland Security Newswire

IT experts reported that security flaws in pacemakers and defibrillators could be putting lives at risk; the experts say that many of these devices are not properly secured and therefore are vulnerable to hackers who may want to commit an act that could lead to multiple deaths

IT experts reported that security flaws in pacemakers and defibrillators could be putting lives at risk. The experts say that many of these devices are not properly secured and therefore are vulnerable to hackers who may want to commit an act that could lead to multiple deaths.

As leadership changes, cyber security remains critical issue for Congress

From: Government Security News

By: Mark Rockwell

The lack of electronic protection for America’s critical infrastructure remains the most critical homeland security issue for the next Congress, said a key Senate homeland security committee chairman in a farewell address.

Sen. Joe Lieberman (I-CT), who will relinquish the chairmanship of the Senate Homeland Security Committee in January, told a standing-room only audience in a speech at George Washington University on Nov. 28, that work on cyber security, as well as reining in radicalized domestic terrorists, were two mostly unresolved issues that nag at him as he prepares to leave office.