Archive for September, 2013

Selling Cybersecurity As A Sexy And Socially Conscious Career Choice For Young Hackers

From: Forbes

When Hamed Al-Khabaz found a security flaw in his college’s records system, he thought he was doing a good deed by bringing it to the administration’s attention. The school disagreed and Al-Khabaz was expelled. Faced with what he deemed a hostile learning environment at school, his friend and future business partner, Ovidiu Mija, quit in solidarity. “After reporting the flaw to the administration, we felt like we did the right thing. We weren’t expecting anything in return other than their appreciation towards our well-intended actions,” Mija says.\

Japan, US to discuss strengthening cyber-security – reports

From: Voice of Russia

Japan and the United States will discuss strengthening defences against cyber-attacks, reports said Monday, as Tokyo looks to play a more active role in global security.

At talks in Japan later this week, the foreign and defence ministers from both countries will undertake their first review for 15 years of how their security alliance operates.

Measures to counter cyber-attacks will be high on the agenda, the Yomiuri Shimbun said.

The Sankei Shimbun carried a similar story, adding “cooperation in space will be another important issue”.

London schoolboy secretly arrested over ‘world’s biggest cyber attack’

Editor’s Note:  The Wikipedia entry for William Gaddis’ novel JR is available here.

From: London Evening Standard

Martin Bentham

A London schoolboy has been secretly arrested over the “world’s biggest cyber attack” as part of an international swoop against a suspected organised crime gang.

The 16-year-old was detained by detectives at his home in south-west London after “significant sums of money” were found to be “flowing through his bank account”. He was also logged on to what officials say were “various virtual systems and forums” and had his computers and mobiles seized as officers worked through the night to secure potential evidence.

Data Broker Giants Hacked by ID Theft Service

From: Krebs on Security

An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.

The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Customers pay for their subscriptions using largely unregulated and anonymous virtual currencies, such as Bitcoin and WebMoney.

Capital’s best-kept secret: Super-fast pipes powering a data revolution

From: London Evening Standard

Gideon Spanier

In the early days of the internet, it was quaintly called the information superhighway — the thousands of miles of super-fast cabling that allows electronic data to speed around the world.

Now, as I stand near Old Street Roundabout, staring into an open manhole at a row of ultra-thin, coloured cables belonging to Colt Telecom, the wonder is that the 21st Century information superhighway looks so small and flimsy.

Canada Keen To Collaborate With India On Cyber Security

From: SiliconIndia News

New Delhi: Canada is keen to collaborate with India on cyber security by training its workforce so that both the countries utilize their strengths to tackle the issue, Canadian envoy said.

Canadian High Commissioner Stewart Beck, while speaking in a function here said, India would require 5,00,000 people in cyber security while Canada has ten educational institutions in the province of Ontario alone that provide programmes on cyber security.

“We believe both the countries have some strengths and we need to work together utilizing them…We have ten educational institutions in the province of Ontario alone that provide programmes on cyber security. This is how we can collaborate with India,” Beck said.

Cybersecurity Group Raises IE Threat Level To Yellow

From: Sci-Tech Today

The Internet Explorer vulnerability may corrupt memory in a way that could allow a hacker to execute arbitrary code in the context of the current user within Microsoft’s browser. An attacker could then host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and convince a user to view the Web site.

The Internet Storm Center, an analysis and warning service to Internet users and organizations, on Saturday set its threat level to Yellow, regarding attacks exploiting a vulnerability in all versions of Microsoft’s Internet Explorer (IE) browser that was reported last week.

DOE Gives $4.7M to Rural Electric Co-ops for Cybersecurity

From: Power

Gail Reitenbach

The Department of Energy (DOE) has awarded the National Rural Electric Cooperative Association (NRECA) $3.6 million to research and develop virtual, cloud-based cybersecurity management tools for small, resource-constrained utilities. NRECA and Honeywell Corp. will provide matching funds for a total of $4.7 million.

NRECA will collaborate with Pacific Northwest National Laboratories, Carnegie Mellon University, Honeywell Corp. and Cigital Inc. to create and demonstrate an automated network configuration and management device that will enable small utilities to monitor, analyze, and securely manage their systems.

Goals of the project, “Energy Sector Security through a System for Intelligent, Learning Network Configuration Management and Monitoring,” include:

Energy Sector Companies Targeted in Watering Hole Attack, Cisco Warns

From: Softpedia

Security researchers from Cisco have identified a watering hole campaign targeting various energy and oil sector companies. Experts have spotted several compromised domains that serve a purpose in the attacks. Some are designed to redirect visitors, while others act as a malware host.

The impacted organizations are an oil and gas exploration firm that does business in Brazil, Morocco, and other African countries; a natural gas power station in the UK; a hydroelectric plants company with facilities in Bulgaria and the Czech Republic; and a France-based gas distributor.

Cyber War: Why More May Be Better

From: The Diplomat

By  Zachary Keck

In a 1981 Adelphi Paper, Kenneth Waltz famously argued that the spread of nuclear weapons might be a good thing. His reasoning, while highly controversial, was fairly straightforward: the sheer destructiveness of nuclear weapons, as well as the speed and certainty of that destruction, made nuclear weapons the ultimate deterrent. As a result, countries possessing survivable nuclear arsenals don’t fight major wars against each other. Thus, Waltz’s reasoned, the more nuclear dyads there were in the world, the less potential for major war there would be. Nuclear weapons, in other words, “are the only peacekeeping weapons that the world has ever known.”