This section is devoted to featuring late-breaking cyber security news stories.
Sept. 30, 2008
The USA's National Cybersecurity Initiative
Recent years have seen cyber-security rise as a defense industry and national security issue. The frequency of cracking attempts against security-related systems from Chinese sources has grown to the point where it is being acknowledged in the Pentagon’s annual “Military Power of the People’s Republic of China” publications. Estonia found itself the subject of politically motivated cyberattacks from Russia in May 2007. In 2008, cyber-assaults on Georgia operated in tandem with a buildup of Russian troops within Georgian territory, prior to the recent invasion.
Governments respond slowly, but responses are now beginning to get underway.
Related Stories:
FCW.com:
Unlocking the National Cybersecurity Initiative
Defense Industry Daily: China's Official Military Budget to Grow by 17.6% in 2008
WindsOfChange.net: China's Stresses, Goals, Military Buildups...and Futures
Information Week: Under Cyberattack, Georgia Finds "Bullet-Proof" Hosting With Google and Elsewhere
Sept. 30, 2008 - John E. Dunn
Police "Find" Author of Notorious Virus
The infamous Gpcode 'ransomware' virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld.
The individual is believed to be a Russian national, and has been in contact with at least one anti-malware company, Kaspersky Lab, in an attempt to sell a tool that could be used to decrypt victims' files.
Sept. 29, 2008 - Shaun Waterman
Analysis: U.S. Needs Cyber-Offensive
The United States needs to do more to develop an offensive cyberwar capability, rather than just focus on defending its networks from attack, says the chairman of the House Cybersecurity Subcommittee.
"The best defense is a good offense, and an offensive (cyberwar) capability is essential to our national defense," Rep. James Langevin, D-R.I., told United Press International last week, calling it "a necessary deterrent."
Sept. 29, 2008
Defense Industries Assailed By Hackers
Korea - The country's defense industry faces a serious security risk from hackers. Grand National Party lawmaker said Sunday based on data provided by the National Security Research Institute that LIGNex1, a guided missile manufacturer, uncovered malicious codes in its major computer systems planted by hackers in March, and Hyundai Heavy Industries, which makes naval vessels, found them in September.
Sept. 26, 2008 - Daryl Slade
Accused Hacker Freed On Bail in $1.8M Theft Case
The alleged mastermind of a $1.8-million theft from a Calgary financial company has been granted bail.
Provincial court Judge John Bascom ordered Ehud Tenenbaum -- who spent time in jail for hacking into the U.S. Defence Department's computer system -- released on $30,000 cash following a bail hearing Thursday.
Sept. 26, 2008 - Brian Krebs
Wigle.net: The 411 On Wireless Access Points
If you thought your wireless network was too remote or obscure to find, you might want to think again. There's a non-trivial chance that the name of your network and its precise geographic coordinates are already mapped out and searchable by anyone with a Web browser.
Sept. 25, 2008 - Kelly Jackson Higginis
Tiger Team Member Attacks Developers, Not Apps
Chris Nickerson can gain access to a Web application without ever touching it -- with just the right amount of reconnaissance, the so-called Tiger Team hacker can infiltrate the development team and compromise their machines.
“I can get into the application from the back side while on the outside, without touching” the app, says Nickerson, who gave attendees of the Open Web Application Security Project (OWASP) USA conference in New York today a taste of what he considers the big-picture cyber threats to organizations, targeted attacks for money or corporate espionage. “Closing all the holes in a Web application doesn’t make you secure,” he says.
Sept. 25, 2008 - Dan Goodin
World's Electrical Grids Open to Attack
A serious vulnerability has been found in yet another computerized control system that runs some of the world's most critical infrastructure, this time in a product sold by a vendor known as the ABB Group.
According to researchers from C4 - a firm specializing in the security of so-called SCADA, or Supervisory Control And Data Acquisition, systems - ABB's Process Communication Unit (PCU) 400 suffers from a critical buffer overflow bug.
Sept. 24, 2008 - Peter Veness
Cyber Storm Shows Ferocity of Virtual Attack
The quick and ferocious nature of cyber attacks on government must be recognised in the next generation of security, a previously unreleased report from the Attorney-General's Department urges. In March this year governments from Australia, the UK, New Zealand, Canada and the US ran the largest-ever cyber war games, Cyber Storm II.
The participants, which included the private sector, were surprised by the "borderless nature" of cyber attacks and the "speed with which they can escalate", according to Freedom of Information documents obtained by AAP.
Sept. 24, 2008 - Emeka Aginam
Hackers and Nigeria Vulnerability to Cyber Terrorism
Cyber terrorism and challenges posed by hackers have brought their ugly faces in the Nigerian economy and a nation with record porosity in cyber space is reeling in pain as to the devastation that can be caused in macabre time.
The ugly trend, according to findings, has left majority of corporate organizations and IT firms across the globe in perpetual fears as a result of dangers associated with it. Just like the spam mail, how best to protect IT infrastructures of organizations against cyber attacks has become a serious challenge to government of the world, internet service providers, corporate bodies among others.
(Click here to read news.) (Related Story)
Sept. 23, 2008 - John E. Dunn
What the Security Industry Can Learn From Wall Street
If you have nothing to fear but fear itself, rationally speaking what is left to worry about?
On the face of it, the workings of financial markets are a world away from the security industry, and yet there are instructive parallels if you stare a little harder.
Sept. 23, 2008 - Robert Vamosi
No Indictment in Palin Hacking Case
A grand jury in Chattanooga, Tenn., investigating who hacked Republican vice presidential candidate Sarah Palin's Yahoo e-mail ended its meeting on Tuesday without indicting a Tennessee lawmaker's son.
Speculation on the Internet has centered on 20-year-old David Kernell, a University of Tennessee student.
(Click here to read news.) (Related Story)
Sept. 23, 2008 - Kenneth Denby
Junta In Cyber War Against Dissidents
A year after emailed images of Burma's brutal crackdown against democracy demonstrations were transmitted across the world, the junta has launched a ferocious "cyber war" against dissidents who use the internet. In the past few days, anti-government websites run by exiled Burmese have been inundated by artificially generated traffic that has forced them to shut down.
The attacks coincided with the first anniversary of the "saffron uprising" -- 10 days of demonstrations by Buddhist monks and students that culminated in a crackdown in which dozens were killed and thousands arrested.
Sept. 23, 2008 - William Jackson
U.S. Tops List As Source For Botnet Attacks
The United States was the top source of distributed attack traffic, originating nearly three times as many attacks as second-place China, according to a recent study by security service provider SecureWorks Inc.
The figures are based on identified attacks attempted against the company’s 2,000 customers so far in 2008. The bad guys launching the attacks were not always based in this country, but they used compromised computers in the United States to form botnets as platforms for the attacks.
Sept. 23, 2008 - Robert Vamosi
Second of 11 Alleged TJX Hackers Pleads Guilty
A second criminal hacker accused of involvement in the massive data breach targeted at T.J. Maxx's parent company, one of the largest security breaches to date, reportedly pleaded guilty on Monday.
As part of a plea bargaining arrangement Christopher Scott, 25, of Miami, has admitted to computer hacking, access device fraud, and identity theft, according to the Associated Press. He could face a sentence of up to 22 years in jail and a fine of up to $1 million for his crimes.
Sept. 22, 2008 - Brian Robinson
Unlocking the National Cybersecurity Initiative
The cybersecurity initiative launched by the Bush administration earlier this year remains largely cloaked in secrecy, but it’s already clear that it could have a major and far-reaching effect on government IT operations in the future.
Everything from mandated security measures and standard desktop configurations across government to a recast Federal Information Security Management Act (FISMA) could influence the way agencies buy and manage their IT.
(Click here to read news.)
Related articles from FCW.com:
Upcoming Transition Creates Uncertainty
States Expect Perks From the Plan
from nextgov.com 8/1/08:
National Cyber Security Initiative Will Have a Dozen Parts
from the Washington Post 1/26/08:
Bush Order Expands Network Monitoring
See also: Department of Homeland Security Fact Sheet
Protecting Our Federal Networks Against Cyber Attacks
Sept. 22, 2008 - Carolyn Duffy Marsan
Feds Tighten Security On .gov
When you file your taxes online, you want to be sure that the Web site you visit -- www.irs.gov -- is operated by the Internal Revenue Service and not a scam artist. By the end of next year, you can be confident that every U.S. government Web page is being served up by the appropriate agency.
That’s because the feds have launched the largest-ever rollout of a new authentication mechanism for the Internet’s DNS. All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites.
Sept. 22, 2008 - Brian Krebs
Internet Shuns U.S. Based ISP Amid Fraud, Abuse Allegations
A California based commercial Internet service provider whose clients included a laundry list of spammers and scammers is now offline, after the last of the company's upstream Internet providers decided to the pull the plug.
Atrivo, a.k.a "Intercage," of Northern California, ceased to be reachable from any points on the Internet early Sunday morning when the ISP's sole remaining provider - Pacific Internet Exchange (PIE) - stopped routing traffic for the troubled company.
Sept. 22, 2008
McAfee, Inc. Agrees to Acquire Secure Computing
McAfee, Inc. today announced the execution of a definitive merger agreement to acquire Secure Computing Corporation for approximately $465 million.
Secure Computing is a leading provider of network security with a product portfolio that spans businesses of all sizes. Through the pending acquisition of Secure Computing, McAfee(R) expects to take another step toward its goal of strengthening its leadership position in security risk management (SRM).
Sept. 22, 2008 - Stephanie Condon
FBI Searches Apartment of Alleged Palin Hacker
Federal authorities are ramping up an investigation of a 20-year-old college student for allegedly hacking into Alaska Gov. Sarah Palin's e-mail account.
The FBI searched the apartment of alleged hacker David Kernell on Sunday morning, and three of Kernell's roommates could testify this week about the case before a grand jury in Chattanooga, according to local news reports.
(Click here to read news.) (Related Story)
Sept. 19, 2008 - Ellen Nakashima
Cyber Attack Data-Sharing Is Lacking, Congress Told
U.S. intelligence agencies are unable to share information about foreign cyberattacks against companies for fear of jeopardizing intelligence-gathering sources and methods, cybersecurity expert Paul Kurtz told lawmakers Thursday.
Kurtz, who served on the National Security Council in the Clinton and Bush administrations, spoke at the first open hearing on cybersecurity held by the House Permanent Select Committee on Intelligence.
He and other experts discussed President Bush's Comprehensive National Cybersecurity Initiative, disclosed in January, which focuses on cyber espionage against government systems and, they said, does not adequately address the private sector. There is no coordinated strategy or mechanism for sharing intelligence about intrusions with companies, nor is there a systematic way for companies to share information with the government, said the panelists, who are members of the Center for Strategic and International Studies commission on cyber security, set up last year to advise the next administration.
(Click here to read news.) (More on Paul Kurtz)
Sept. 18, 2008 - Byron Acohido
Companies Can Learn From Hacking of Palin's E-mail
A precocious hacker cracks into Republican vice presidential candidate Sarah Palin's private e-mail account, looking for dirt. In doing so, he opens a Pandora's box of tech security concerns for the presidential candidates — but perhaps even more so for Corporate America.
(Click here to read news.) (Related Story)
Sept. 17, 2008
Nigeria Shuts TV Over Hoax Report
A Nigerian TV station has been shut down by the security services after it reported the president would step down due to his poor health. Managers at Channels TV were arrested on Tuesday night, following the broadcast of a hoax report attributed to the national news agency.
The New Agency of Nigeria (Nan) denied the report had come from them and said a false e-mail address had been used.
Sept. 17, 2008
67 Percent of Responding Businesses Detected Cybercrime in 2005
Among 7,818 businesses responding to the National Computer Security Survey (NCSS), 67 percent detected at least one cybercrime in 2005, the Justice Department's Bureau of Justice Statistics (BJS) announced today. Nearly 60 percent of businesses detected one or more cyber attacks, 11 percent detected cyber thefts and 24 percent detected other computer security incidents. Computer viruses were the most common type of cyber attack, detected by 52 percent of reporting businesses.
Sept. 17, 2008 - Mary Mosquera
Senate Panel Rejects Weakening FISMA Bill
The Senate Homeland Security and Governmental Affairs Committee today considered a bill that would raise the bar for agencies to prove that they adequately protect sensitive information, and rejected an amendment that would weaken the measure.
Sept. 17, 2008 - Dan Goodin
Memo to US Secret Service: Net Proxy May Pinpoint Palin E-mail Hackers
Memo to law enforcement investigators tracking down who broke into Sarah Palin's Yahoo email account: Gabriel Ramuglia might be a good place to start.
The 25-year-old webmaster and entrepreneur is the operator of Ctunnel.com, the browsing proxy service used by the group that hacked into the vice presidential candidate's personal email account and exposed its contents to the world. While he has yet to examine his logs, he says there's a good chance they will lead to those responsible, thanks to some carelessness on their part.
(Click here to read news.) (Related story below)
Sept. 17, 2008 - Declan McCullagh
Feds Probe Hack of Palin's E-mail Account
Now we know the real reason why John McCain doesn't use e-mail.
Hackers have broken into the Yahoo e-mail account of Republican VP candidate Sarah Palin. And, as you might expect, some snippets have appeared on Wikileaks.org in a convenient ZIP file.
"This is a shocking invasion of the governor's privacy and a violation of law. The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them," the McCain campaign said in a statement on Wednesday.
Sept. 17, 2008 - Stephanie Condon
Critics: Homeland Security Unprepared for Cyberthreats
When politicians got together six years ago and decided to glue together a medley of federal agencies to create the U.S. Department of Homeland Security, one of the justifications was a better focus on cybersecurity.
"The department will gather and focus all our efforts to face the challenge of cyberterrorism," President Bush said when signing the 500-or-so-page bill into law in November 2002. "This department will be charged with encouraging research on new technologies that can detect these threats in time to prevent an attack."
That was then. Now, Homeland Security is weathering a deluge of criticism of its lackluster cybersecurity efforts on grounds that they have proven to be inefficient, bureaucratic, and not even able to do a decent job of monitoring federal computer networks.
(Click here to read news.) (Related Story)
Sept. 17, 2008 - Dan Goodin
US Retailer Forever 21 Hit By Payment Card Breach
Almost 99,000 payment cards used by people shopping at Forever 21 stores may have been lifted over a four-year period by people linked to the heist of 45.6 million payment cards from customers from stores owned by TJX Companies.
On Friday, the company issued a statement on its website that said it learned of the theft from law enforcement officials more than a month earlier. The theft took place on nine specific dates from March 2004 to August of last year as part of crimes alleged in an August 5 indictment charging 11 individuals of engaging in wholesale credit card theft against stores owned by TJX and others.
Sept. 15, 2008 - Charles Cooper and Elinor Mills
Video: Daily Debrief: Russian Hackers Target Business Week -
Who's Next?
It sounds like a Cold War tale out of a John leCarre novel. But security researchers have unearthed a real world example of Russian hackers conducting cyberwarfare against unsuspecting Western capitalists. Charles Cooper talks with security reporter Elinor Mills on the CNET News Daily Debrief to get the full scoop.
Sept. 15, 2008 - Ben Bain
Officials Talk Cyber Initiative With Industry
Senior government officials today discussed details of the Bush administration’s largely classified, multibillion-dollar national cybersecurity initiative, emphasizing the private sector’s role in those efforts.
Officials from the Homeland Security Department, the Office of the Director of National Intelligence (ODNI), the White House and other agencies involved in the governmentwide effort to secure cyberspace told an industry group today about counterintelligence, supply chain security and research and development portions of the plan.
Sept. 15, 2008
NASCIO Brief Emphasizes Critical Requirements for Protection of Government Data
The National Association of State Chief Information Officers (NASCIO) is announced the release of its issue brief "Protecting the Realm: Confronting the Realities of State Data at Risk."
"Protecting the Realm" underlines the criticality of managing states' digital assets and identifies key, high-level elements for establishing better data security programs within states. The brief covers data ownership and governance issues, recommends grounding data protection efforts in states' enterprise architecture frameworks, and outlines nine primary elements that a comprehensive data protection program must incorporate or address.
Sept. 15, 2008 - Alice Lipowicz
IG: Coast Guard Needs to Improve Security
The Coast Guard is doing a good job of securing its computer networks, but it still has vulnerabilities that must be addressed, according to a new report from Homeland Security Department Inspector General Richard Skinner.
The audit found that the Coast Guard has implemented network security controls but is falling short in some areas.
Sept. 15, 2008 - Sara Hansard
LPL To Pay $275K Fine For Hacking Incidents
LPL Financial has agreed to pay a $275,000 penalty for violating customers' privacy, the Securities and Exchange Commission said Thursday.
In July 2007, at least 10,000 customers were left vulnerable to identity theft following a series of hacking incidents into Boston-based LPL's online trading platform as a result of the brokerage firm's failure to adopt policies and procedures to safeguard customers' personal information, the SEC said in a statement.
Sept. 15, 2008 - David Konow
WarGames: 25 Years Later
"Shall We Play a Game?"
In the late spring of 1983, a little-known movie hit the big screen and introduced audiences to a new world of technology filled with things that audiences had never heard of before: Hackers. Artificial intelligence. Supercomputers. Firewalls. Backdoor passwords. War dialing. Defcon. And of course, an interesting simulation called Global Thermonuclear War.
Sept. 15, 2008 - Ian Grant
TJX Hacker Pleads Guilty
Damon Patrick Toey last week became the first person to plead guilty to helping to steal more than 40 million identities and account details in the world's biggest criminal computer hack. US attorneys charged Toey and 10 others on 5 August with conspiracy, computer intrusion, fraud and identity theft.
They face charges of hacking into nine large US retailers, including TJX and its UK subsidiary, TKMaxx, to steal and resell more thn 40 million credit and debit card numbers. It is the largest hacking and identity theft case prosecuted so far by the Department of Justice.
Sept. 15, 2008 - Keith Epstein
U.S. Cybersecurity Is Weak, GAO Says
The federal government cybersecurity team with primary responsibility for protecting the computer networks of government and private enterprise isn't up to the job, according to a draft Government Accountability Office report obtained by BusinessWeek.
The U.S. Computer Emergency Readiness Team, known as US-CERT, mans the front line in any cyber-attack. The group monitors computer networks for hacker threats, investigates suspicious activity online, and is supposed to issue timely alerts to information technology security professionals from the White House to corporations and electric utilities. But the GAO draft report describes US-CERT as bedeviled by frequent management turnover, bureaucratic challenges that prevent timely sounding of alarms, a lack of access to networks across wide swaths of critical terrain, and an inability to fill large numbers of positions with qualified workers.
Sept. 13, 2008 - Mike Harvey and Mark Henderson
Hackers Claim There's a Black Hole in the Atom Smashers' Computer Network
Hackers have broken into one of the computer networks of the Large Hadron Collider (LHC).
A group calling itself the Greek Security Team left a rogue webpage describing the technicians responsible for computer security at the giant atom smasher as “schoolkids” — but reassuring scientists that they did not want to disrupt the experiment.
Sept. 12, 2008 - Bob Brewin
Clandestine World of Intelligence-Gathering Turns to an Open Market for Data
The global explosion in Internet-based new media has made open source information invaluable to intelligence agencies, CIA Director Michael Hayden said on Friday at the ODNI Open Source Conference in Washington.
Sections of the president's daily intelligence brief are "derived exclusively from open source intelligence" Hayden told the conference, which attracted more than 3,000 attendees from intelligence agencies, academia and industry.
Sept. 12, 2008 - Stephanie Condon
"Cybersecurity" Worries Spur Congress to Rethink Electrical Grid
The potential for "cybersecurity" attacks on the United State's electric power grids has spurred politicians to consider legislation to broaden federal authority over electric companies.
Congress already has been consulting with federal agencies and industry associations over how to craft such legislation. On Thursday, legislators sought further input at a hearing before the House Energy and Commerce's subcommittee on energy and air quality.
Sept. 12, 2008 - Robert McMillan, IDG News Service
Romanian Phishing Busts Were Years in the Making
The U.S. Federal Bureau of Investigation spent years laying the groundwork for an investigation that led to the arrest of dozens of people involved in illegal phishing scams operated from Romania and the U.S., a senior FBI official said Friday.
Shawn Henry, who was appointed assistant director of the FBI's Cyber Division earlier this week, said he began meeting with Romanian police and lawmakers, including the country's minister of technology and minister of justice, in 2003 to help tackle the country's growing cybercrime problem.
Sept. 12, 2008 - CNN video
How U.S. Targets Hackers
CNN's Barbara Starr reports how the military is considering establishing offensive cyber war tactics and procedures, in a real-life scenario similar to the movie "Live Free or Die Hard," starring Bruce Willis, in which he takes on an internet terrorist organization trying to take down the country.
(Click here to watch video.) (Related Story)
Sept. 12, 2008 - Declan McCullagh
U.N. Agency Eyes Curbs on Internet Anonymity
A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.
The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.
Sept. 11, 2008 - Juliana Gruenwald
Power Grid Vulnerable to Cyterattacks, Committee Told
A House Energy and Commerce subcommittee is aiming to take up legislation next week that would provide the Federal Energy Regulatory Commission with additional authority to help protect the nation's power grid from a cyberattack.
During a hearing before the Energy and Commerce Energy and Air Quality Subcommittee, several witnesses and lawmakers argued that the threat to the nation's power grid from cyberattacks is real and urged lawmakers to enact legislation to give FERC additional powers to order utilities to take the necessary steps to address the problem.
Sept. 11, 2008 - Brian X. Chen
iPhone Takes Screenshots of Everything You Do
Your iPhone is watching you.
If you've got an iPhone, pretty much everything you have done on your handset has been temporarily stored as a screenshot that hackers or forensics experts could eventually recover, according to a renowned iPhone hacker who exposed the security flaw in a webcast Thursday.
Sept. 11, 2008 - Elinor Mills
Report: SF Officials Looking for Hidden Network Device
San Francisco officials are trying to find a device on the city's computer network that was allegedly left there by an IT worker who was jailed for refusing to divulge passwords to the city network, the IDG News Service reported on Thursday.
San Francisco network administrator Terry Childs was arrested in July on four felony charges of taking control of the city's computer network and locking administrators out. He remains in jail on $5 million bail despite giving up the passwords to the mayor in a secret jail cell meeting a week later.
(Click here to read news.) (Related Story)
Sept. 10, 2008 - Malcolm Wheatley
Investigations: Merge Ahead
Not long ago, the legal department at a financial services company in New York got a phone call from a hospital in London. The query: Why are you hacking us? With two known IP addresses, it wasn't difficult for the financial firm's information security staff to go back through the logs looking for traffic between the two organizations. And with the traffic identified, locating the computer from which the hacks were taking place didn't take long, either. The culprit: an individual who—as their human resources records soon confirmed—had formerly worked at that very hospital.
Sept. 10, 2008 - Scott Martindale
Tesoro Student Pleads Guilty to Computer Hacking, Gets Probation
One of the two Tesoro High School seniors accused of burglarizing their school in May and hacking into a teacher's computer has been sentenced to three years' probation and 200 hours of community service.
Sept. 9, 2008 - Roy Mark
Pump-and-Dump Hacker Gets 2 Years
The sentence comes in for a participant in a high-tech stock fraud scheme that involved hacking into U.S. brokerage accounts to make unauthorized purchases of thinly traded stocks to drive up the price. When the prices began to rise, hackers then dumped their own shares in the same stocks for a profit. The hack, pump and dump scheme hit at least 60 online stock traders and nine brokerage firms including TD Ameritrade, ETrade Financial, Firstrade Securities, ChoiceTrade, OptionsXpress, TradeKing and Terra Nova Financial.
Sept. 9, 2008 - Roland van Hek, Webwereld Netherlands
Security Agencies Rally Against Google Chrome
Government computer security agencies in Germany and The Netherlands are warning consumers against using Google's Chrome browser.
"This concerns a beta version of Chrome. Govcert.nl recommends that test versions are installed only in a test environment. For the duration of the beta test period, we recommend against computer owners using Chrome at home," a representative for the Dutch Computer Emergency Response Team cautioned in an email message on Monday that was sent to Webwereld, an IDG affiliate.
Sept. 9, 2008 - Bangladesh
4 IT Students Held as Suspected Hackers
The Rapid Action Battalion (Rab) arrested four students of a private technology institute in the city's Mirpur in connection with hacking its website after around 24 hours of the incident on Friday.
The youths, who are all fourth semester students of computer science at SAIC Institute and Technology Management, said they hacked the website of the elite crime-busting force for adventure.
Sept. 8, 2008 - Julian E. Barnes
Pentagon Debates Development of Offensive Cyberspace Capabilities
Igniting a provocative new debate, senior military officials are pushing the Pentagon to go on the offensive in cyberspace by developing the ability to attack other nations' computer systems, rather than concentrating on defending America's electronic security.
Under the most sweeping proposals, military experts would acquire the know-how to commandeer the unmanned aerial drones of adversaries, disable enemy warplanes in mid-flight and cut off electricity at precise moments to strategic locations, such as military installations, while sparing humanitarian facilities, such as hospitals.
Sept. 8, 2008 - Dan Goodin
Gas Refineries at Defcon1 As SCADA Exploit Goes Wild
Gasoline refineries, manufacturing plants and other critical facilities that rely on computerized control systems just became more vulnerable to tampering or sabotage with the release of attack code that exploits a security flaw in a widely used piece of software.
The exploit code, published over the weekend as a module to the Metasploit penetration testing tool kit, attacks a vulnerability that resides in CitectSCADA, software used to manage industrial control mechanisms known as SCADA, or Supervisory Control And Data Acquisition, systems.
Sept. 8, 2008 - Tom Jowitt
Virtualization Users Should Expect More Attacks
VMware’s recent release of a large number of patches for its virtualization offerings is likely to be the first of many, as hackers increasingly focus their attention on virtualised environments.
That is according to security vendor, Fortify Software, which is urging caution among those companies looking to adopt virtualization technology.
Sept. 5, 2008 - Kim Zetter
Israeli Hacker Known As "The Analyzer" Suspected of Hacking Again
Canadian authorities have announced the arrest of a 29-year-old Israeli named Ehud Tenenbaum whom they believe is the notorious hacker known as "The Analyzer" who, as a teenager in 1998, hacked into unclassified computer systems belonging to NASA, the Pentagon, the Israeli parliament and others.
Tenenbaum and three Canadians were arrested for allegedly hacking the computer system of a Calgary-based financial services company and inflating the value on several pre-paid debit card accounts before withdrawing about CDN $1.8 million (about U.S. $1.7 million) from ATMs in Canada and other countries. The arrests followed a months-long investigation by Canadian police and the U.S. Secret Service.
(Click here to read news.) (Related Story) (See Also "Solar Sunrise" articles)
Sept. 4, 2008 - Mary Mosquera
TIGTA: The IRS Lacks Secure Web Servers
Unauthorized and insecure Web servers connect to the Internal Revenue Service’s network, which puts the agency’s computers and entire network at risk of unauthorized access to taxpayer and personally identifiable information, the Treasury Inspector General for Tax Administration said in a recent report.
Sept. 4, 2008 - Forrester Research, Inc.
Forrester: IT Security Spending On the Rise
Spending on IT security will continue to grow next year, according to new data unveiled by Forrester Research, Inc. on the first day of its Security Forum. The Forrester Business Data Services survey, which polled more than 1,200 North American enterprise and SMB security decision-makers, found that 21 percent of respondents expect to increase their IT security budgets in 2009, while nearly three-quarters of those surveyed expect no cutbacks in their security spending. Only 6 percent of respondents anticipate having to cut their security budget next year despite the current economic uncertainty.
Sept. 3, 2008 - Bruce Rolfsen
Vice Chief of Cyber Command Is Reassigned
The Air Force’s latest reassignment list for general officers reflects the service’s move away from an independent cyber command.
The provisional command’s vice commander, who has been on the job for one month, is being reassigned to the Pentagon, the Air Force said in an Aug. 29 statement. No replacement was named.
Sept. 2, 2008 - K.C. Jones
Security Top Network Concern Among IT Pros
IT professionals rank network data security as their primary network-related concern, according to a recent poll.
The Computing Technology Industry Association (CompTIA) announced this week that its Web poll, conducted from June 3 through Aug. 25, showed that one-third of IT professionals believe that securing their networks and data is their biggest concern.
Sept. 2, 2008 - Francis A. Clifford Cardozo
Lack of Cyber Laws Makes It Impossible to Fight Net Crimes
Internet-related crimes are on the rise in Kuwait and the lack of Cyber laws makes it impossible to tackle such fraudulent practices, says a Kuwaiti lawyer. Speaking to the Arab Times on Wednesday, Labeed Abdal added that hackers are increasingly targeting Kuwait and many other countries, knowing full well that they can get away with their crimes.
Sept. 2, 2008 - Nick Heath
UK Crime Fighters Grapple with iPhone Wipe Threat
Criminals can remotely destroy incriminating evidence by exploiting security features on the Apple iPhone, a leading digital forensics expert has warned.
The head of the Serious Fraud Office digital forensics unit Keith Foggon cautioned that the ability to remotely wipe the iPhone and other smart phones used by enterprises could be exploited by lawbreakers.
Sept. 2, 2008 - John Leyden
Zombie Network Explosion
The number of compromised zombie PCs in botnet networks has quadrupled over the last three months, according to figures from the Shadowserver Foundation.
Shadowserver tracks botnet activity and the number of command and control servers. It uses a variety of metrics to slice and dice its figures based in part on the entropy of botnet infections. The clear trend within these figures is upwards, with a rise in botnet numbers of 100,000 to 400,000 (if 30 day entropy is factored into equations) or from 20,000 to 60,000 (for five day entropy).
