Archive for February, 2013
From: the Daily Caller
“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations,” said Matt Thomlinson, general manager for Microsoft’s Trustworthy Computing Security unit, in the blog post.
From: Ottawa Citizen
By Jordan Press
OTTAWA — Governments should move to now to secure private networks in the name of national security — possibly even forcing standards upon the industry, two top experts in cyber-security said Thursday.
The end of that road could require Canada and other governments to legislate cyber-security standards, according to the former chief of Canada’s ultra-secretive cyber-spy agency, because voluntary standards can be ignored while legal requirements cannot.
About 90 per cent of critical infrastructure in Canada is owned and operated by the private sector.
Author: Miranda Alexander-Webber
Source: Operational Risk & Regulation
Review of 30 financial institutions will lead to first new guidance in seven years
The UK Financial Services Authority’s (FSA) review of cyber and technology practices in 30 major financial institutions may highlight serious weaknesses, a senior consultant warns.
“I am worried that it’s going to show that banks and insurance companies aren’t as good as we the customers think they are at protecting our data and our money,” warns Steve Holt, practice leader for financial services information security in Europe, the Middle East, India and Africa at Ernst & Young.
From: Voice of Russia
A new unit responsible for cyber security has been set up in Latvia’s Defence Security. Its distinguishing feature is the fact that it will recruit volunteers. With every passing day the topic of security on the networks is acquiring increased urgency for the world community, and the new exchange of accusations between China and the US over hackers’ attacks offers proof.
The Latvian unit will face the task of safeguarding the security of the country’s high-technology structure. 2 years earlier a similar volunteer unit of IT specialists was set up in Estonia’s Defence Ministry. There is nothing surprising about the fact that the Baltic countries have started to pay heightened attention to cyber security. All of them are following the world trend.
From: China Digital Times
China’s Ministry of National Defense quickly denied charges outlined in a widely circulated report from information security firm Mandiant that exposed a specific unit of the People’s Liberation Army as responsible for hacking against the U.S. and other countries.
Reuters reports a statement published on the Ministry’s official website called into question the evidence put forth by The New York Times, saying, “The report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof.”
From: H.M. Government
The growth of the internet has transformed our everyday lives and is an important part of our economy. The internet-related market in the UK is now estimated to be worth £82 billion a year. British businesses earn £1 in every £5 from the internet.
But with greater openness, interconnection and dependency comes greater vulnerability. The National Security Strategy categorised cyber attacks as a Tier One threat to our national security, alongside international terrorism. The threat to our national security from cyber attacks is real and growing. Terrorists, rogue states and cyber criminals are among those targeting computer systems in the UK.
From: The Daily Beast
by Michael Daly
The Chinese reportedly have been hacking into U.S. infrastructure, and Leon Panetta says future attacks could plunge the U.S. into chaos—shutting down the power grid, as well as electric, oil, gas, water, chemical, and transit systems. We’re not prepared.
If the nightmare scenario becomes suddenly real…
If hackers shut down much of the electrical grid and the rest of the critical infrastructure goes with it…
If we are plunged into chaos and suffer more physical destruction than 50 monster hurricanes, and economic damage that dwarfs the Great Depression…
From: Digital Dao
by Jeffrey Carr
Mandiant’s APT1 report is the latest infosec company document to accuse the Chinese government of running cyber espionage operations. In fact, according to Mandiant, if a company experiences an APT attack, then it is a victim of the Chinese government because in Mandiant-speak, APT equals China.
“We tend to perceive what we expect to perceive”
– Richard J. Heuer, “The Psychology of Intelligence Analysis
The fact that Mandiant refuses to acknowledge that other nation states engage in cyber espionage when the facts show otherwise demonstrates what Heuer calls an “expectation bias”, but it’s much worse than that.
From: Tea Leaf Nation
by David Wertime
As The New York Times reported yesterday evening, U.S.-based cybersecurity firm Mandiant has just released a deeply troubling report called “Exposing One of China’s Cyber Espionage Units.” The report alleges wide-spread hacking sponsored by the People’s Liberation Army, which is controlled by the Chinese Communist Party. The report states, “Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army [PLA] to commit systematic cyber espionage and data theft against organizations around the world.”
By Roger Runningen & Eric Engleman
President Barack Obama’s administration is preparing a strategy to counter theft of U.S. trade secrets by hackers in China and other countries, according to a former government official briefed on an administration report to be released today.
The report will outline a coordinated diplomatic effort to push back against other nations to enforce intellectual property rights and to lay out best practices for companies to protect their material, according to the former official, who asked not to be named before the official announcement.