Thursday, 30 April 2015

Cyber attacks are the new “Cold War”

US President Obama characterized foreign cyber-threats as a “national emergency”. During the State of the Union address, he said that “if the US government does not improve cyber defenses, we leave our nation and our economy vulnerable”.

The President and CEO of IDG Communications wrote an article about cybersecurity, stating “significant data breaches at Anthem, Sony, Home Depot, eBay, JPMorgan Chase, Target and many more have caused headline-grabbing business upheavals that worry customers, affect profit margins, and derail corporate careers”.

Cyber-threats or crimes can be orchestrated in various ways. Targets can be aimed at critical infrastructure, manufacturing, power grids, or water supplies. They could be aimed at disrupting the availability of websites and networks, or at stealing trade secrets and financial information. Others could be driven by espionage, vandalism, terrorism, sabotage, or any form of criminality. Activities of the US and British governments have focused on surveillance and hacking of telecommunications.

Warfare today (and in the future) is (and will be) fought differently.In the 1950’s with the creation of more destructive bombs and weaponry, the idea was ‘Mutually Assured Destruction’ (MAD).The movie War Games helped us learn that there are no winners. The warfare ideology today is ‘Multilateral Unconstrained Disruption’ (MUD). This unrestrictive warfare is meant to disrupt societal functioning; to ‘poison’ information to elevate distrust of all computer information.


from cyber war desk

China says worried by new U.S. cyber strategy

China’s Defence Ministry expressed concern on Thursday at the Pentagon’s updated cyber strategy that stresses the U.S. military’s ability to retaliate with cyber weapons, saying this would only worsen tension over Internet security.

The strategy presents a potentially far more muscular role for the U.S. military’s cyber warriors than the Pentagon was willing to acknowledge in its last strategy rollouts in 2011 and singles out threats from Russia, China, Iran and North Korea.

China is frequently accused by the United States and its allies of engaged in widespread hacking attacks, charges Beijing always vociferously denies.

Defence Ministry spokesman Geng Yansheng said that as the world’s most technologically advanced nation when it came to the Internet, the United States was only worsening tension over cybersecurity with its new strategy.

“This will further exacerbate contradictions and up the ante on the Internet arms race. We are concerned and worried about this,” Geng said.

The United States should stop blackening China’s name when it came to cybersecurity, and was in any case hypocritical in its criticism because of the U.S. National Security Agency’s Prism snooping program, he added.

The militaries of the world’s two largest economies have had a rocky relationship despite efforts by both sides to improve ties.

Geng also took aim at recent drills between the United States and the Philippines in the South China Sea, a strategic waterway 90 percent of which is claimed by China.

Large-scale drills will only create tension and are not helpful for regional peace and stability, he said.

“In the present situation, with the holding of such large-scale drills, we have to ask, who is it really who is creating regional tensions, and who is it really threatening regional peace and stability?”


from cyber war desk

Former commander says taking nukes off high alert could protect missiles from cyberattacks

A former commander of U.S. nuclear forces is leading a call for taking U.S. and Russian nuclear missiles off high alert, arguing that keeping them less ready for prompt launch would reduce the risk of miscalculation in a crisis.

It also could keep a possible cyberattack from starting a nuclear war, he said, although neither Washington nor Moscow appears interested in negotiating an agreement to end the practice of keeping nuclear missiles on high alert.

Retired Gen. James Cartwright said in an interview that “de-alerting” nuclear arsenals could foil cyber intruders by reducing the chance of firing a weapon in response to a false warning of attack.

Essentially adding a longer fuse can be done without eroding the weapons’ deterrent value, said Cartwright, who headed Strategic Command from 2004 to 2007 and was vice chairman of the Joint Chiefs of Staff before retiring in 2011.

The Obama administration has considered and rejected the idea before of taking nuclear missiles off high alert. There appears to be little near-term chance that Moscow would agree to pursue this or any other kind of nuclear arms control measure, given the deteriorating U.S.-Russian relations after Russia’s intervention in eastern Ukraine.

The U.S. and Russia also are at odds over a U.S. accusation that Moscow is violating a treaty banning medium-range nuclear missiles.

Robert Scher, the Pentagon’s top nuclear policy official, told Congress this month that “it did not make any great sense to de-alert forces” because the administration believes the missiles “needed to be ready and effective and able to prosecute the mission at any point in time.”

An example of the high alert level of U.S. nuclear weapons is the land-based nuclear force. These are the 450 Minuteman 3 missiles that are kept ready, 24/7, to launch from underground silos within minutes after receiving a presidential order.

A study led by Cartwright proposes to adjust the missile command and control system so that it would take 24 hours to 72 hours to get the missiles ready for launch.

Cartwright said cyberthreats to the systems that command and control U.S. nuclear weapons demand greater attention. While the main worry once was a hacker acting alone, today it is a hostile nation-state, he said, that poses more of a threat even as the Pentagon has improved its cyberdefenses.

“The sophistication of the cyberthreat has increased exponentially” over the past decade, he said Tuesday. “It is reasonable to believe that that threat has extended itself” into nuclear command and control systems. “Have they been penetrated? I don’t know. Is it reasonable technically to assume they could be? Yes.”

Cyberthreats are numerous and not fully understood, officials say.

Could a hacker spoof early warning networks into reporting attack indications that lead to overreactions by national leaders? Could they breach firewalls to transmit unauthorized launch orders to crews in nuclear missile launch control centers?

Defense officials are tight-lipped about countering this type of cyber threat.

Last week the No. 2 official at the National Nuclear Security Administration, Madelyn Creedon, was asked at a Senate hearing about progress against this threat to nuclear command and control. She said the government is “doing better,” but she declined to publicly discuss details.

Two years ago the Pentagon’s Defense Science Board, an advisory group, reported that “most of the systems” in the U.S. nuclear arsenal had not been fully assessed to understand possible weak spots in the event of an all-out cyberattack.

Cartwright is the lead author of a report published Wednesday by the Global Zero Commission, an international group co-founded by a former Air Force nuclear missile launch control officer, Bruce Blair, now a research scholar at Princeton. The report calls for a phased approach to taking U.S. and Russian missiles off high alert, with 20 percent of them off launch-ready alert within one year and 100 percent within 10 years, under a legal or political agreement.

The report argues that lowering the alert levels should be preceded by both Russia and the U.S. ending a strategy known as a “launch on warning” — being prepared to launch nuclear missiles rapidly after early warning satellites and ground radar detect incoming warheads. In the interview, Cartwright said Russia’s warning systems are particularly problematic due to aging and deterioration.

The Global Zero report argues that vulnerability to cyberattack against the warning systems or the missile control systems is “a new wild card in the deck.”

“At the brink of conflict, nuclear command and warning networks around the world may be besieged by electronic intruders whose onslaught degrades the coherence and rationality of nuclear decision-making,” the report says.

Lisbeth Gronlund, co-director of the Union of Concerned Scientists’ global security program, said Wednesday her group, which favors abolishing nuclear weapons, endorses de-alerting.

“Keeping missiles on hair-trigger alert makes them more vulnerable to an unauthorized launch, including one resulting from a cyberattack,” Gronlund said.


from cyber war desk

5 cybersecurity lessons on reputation, defence and terrorism

What we learnt from the latest security conference in Amsterdam.

Check Point’s last few months have been among the most significant in its 22 year history.

In a twin change of tack the company has not only been on a recent spending spree, it is seeking to broaden its product range across every potential device and network.
For one of cybersecurity’s biggest players the moves indicate where this fast heading industry could be headed.

As we connect our factories, fridges and feelings to the Internet, such forecasts will become ever more pertinent.

Here’s what you should know:

1. US cyber-insecurity reputation is due to regulation
Of all the countries which cybercrime has hit, the US stands most prominently. Target, eBay and Sony Pictures are just a few of the American firms that have had their reputations damaged after hackers corrupted their systems over the last year or so.
Clearly the power of the American economy and the country’s quick adoption of technology are some of the reasons why they have been affected. But, contrary to the staunch free market image of the US, regulation has also played its part.
Thierry Karsenti, European VP of engineering and new technologies at Check Point, said: “The reasons you tend to hear more about cases in the US is because of the regulation that gets them to responsibly disclose things.” This is contrasted with Europe, where public disclosure obligations are less common.

2. Cybersecurity’s problems are ancient
Observers of the cybersecurity industry will be used to claims that the sector is among the fastest moving in all of technology. Though the view is self-serving, it is not entirely unjustified given the industry is constantly challenged to respond to Silicon Valley’s bleeding edge.
But some dispute just how novel the behaviour of cybercriminals is, even accounting for the rise of the Internet of Things and increased use of mobiles in business. Misha Glenny, British journalist and author of DarkMarket, an exposé of cybercrime, is just one such dissident. “The threats we face today are pretty much the same as we faced in 1990: A combination of social engineering, hacking and malware deployment,” he said. “The main vulnerability in organisations is human beings. It’s not the digital side, it’s us.”

3. Catastrophic cyber-terrorism is now possible
Increased automation in heavy industry and public utilities has in the past prompted warnings about the potential for cyberattacks that do not merely steal data, but can also cause cars to crash, pacemakers to stop working, and planes to fall out the sky.
The rise of the Internet of Things – a broad term for the greater connectedness of all sorts of objects – now means we are nearing scenarios where cyber-terrorists and professional armies will be able to carry out such attacks, at least according to Check Point.
Gil Shwed, chief executive and founder of the firm, told the conference that such violence now is but “one click” away. “One attack today can shut down the entire power grid, can shut down the transportation system in a country,” he said. “That’s very scary and very risky in our world today.”

4. Cyberattacks are becoming personal
The great cyber-attacks of 2014 (sometimes dubbed “The Year of the Mega-Breach”) were largely mass assaults on a given company. Though firms like Target may have been deliberately chosen, much of the data stolen was taken simply because it was there, not because it belonged to anyone in particular.
Phishers and spammers have in the past followed similar lines of attacking people en masse without much thought for who the victim might be. But recent evidence has shown cybercriminals are becoming more particular about who they target, a trend Check Point has confirmed.
Marie Hattar, CMO of Check Point, said: “This year I like to call ‘It’s getting personal’ because attacks were against people.” Hackers now routinely profile their targets, allowing them to craft specific attacks, in a departure from the mass mailing of the past.

5. As cybersecurity fragments, firms want to do it all
Cybersecurity has gone through periods of fragmentation and consolidation for years. Like much of IT, large security vendors are regularly outflanked by their younger, smaller brethren better suited to developing technologies to tackle the latest problems.
Last year Chris Young, who recently moved from Cisco to head up Intel Security, claimed that of late the proliferation of vendors and products had become a problem for the industry. Products were failing to talk to one another and as such hackers were slipping through the gaps.
Nathan Shuchami, head of threat prevention at Check Point, told CBR that pressure to adopt new technology in business means that cybersecurity firms have to broaden their range to cater to their customers. This is why his company has bought Hyperwise and Lacoon this year, defending against CPU and mobile cyberattacks respectively.


from cyber war desk

Verizon Data Breach Report Reveals Cyberthreats Increasing in Sophistication

Verizon’s “2015 Data Breach Investigations Report” reveals that cyberattacks are becoming increasingly sophisticated, but that many criminals still rely on decades-old techniques such as phishing and hacking. According to this year’s report, the bulk of the cyberattacks (70 percent) use a combination of these techniques and involve a secondary victim, adding complexity to a breach.

Another troubling area singled out in this year’s report is that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. In fact, many of the vulnerabilities are traced to 2007 — a gap of almost eight years.

As in prior reports, this year’s findings again pointed out what Verizon researchers call the “detection deficit” — the time that elapses between a breach occurring until it’s discovered. Sadly, in 60 percent of breaches, attackers are able to compromise an organization within minutes.

Yet the report points out that many cyberattacks could be prevented through a more vigilant approach to cybersecurity.

This year’s comprehensive report offers an in-depth look at the cybersecurity landscape, including a first-time overview of mobile security, Internet of Things technologies and the financial impact of a breach.

The report indicates that, in general, mobile threats are overblown. In addition, the overall number of exploited security vulnerabilities across all mobile platforms is negligible.
While machine-to-machine security breaches were not covered in the 2014 report, the 2015 report examines incidents in which connected devices are used as an entry point to compromise other systems. The report also examines the co-opting of IoT devices into botnets — a network of private computers infected with malicious software and controlled without the owners’ knowledge — for denial-of-service attacks.
This data reaffirms the need for organizations to make security a high priority when rolling out next-generation intelligent devices.

Verizon security analysts used a new assessment model for gauging the financial impact of a security breach, based on the analysis of nearly 200 cyberliability insurance claims. The model accounts for the fact that the cost of each stolen record is directly affected by the type of data and total number of records compromised, and shows a high and low range for the cost of a lost record (i.e. credit card number, medical health record).

For example, the model predicts that the cost of a breach involving 10 million records will fall between $2.1 million and $5.2 million (95 percent of the time), and depending on circumstances could range up to as much as $73.9 million. For breaches with 100 million records, the cost will fall between $5 million and $15.6 million (95 percent of the time), and could top out at $199 million.

Nine Basic Patterns Make Up 96 Percent of Security Incidents
Verizon security researchers explained that the bulk (96 percent) of the nearly 80,000 security incidents analyzed this year can be traced to nine basic attack patterns that vary from industry to industry. This finding, first presented in last year’s report, is again central to Verizon’s “2015 Data Breach Investigations Report.” This approach can help enterprises effectively prioritize their security efforts and establish a more focused and effective approach to fighting cyberthreats.

As identified in the 2014 DBIR, the nine threat patterns are: miscellaneous errors, such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial-of-service attacks, cyberespionage; point-of-sale intrusions and payment card skimmers.
This year’s report found that 83 percent of security incidents by industry involve the top three threat patterns, up from 76 percent in 2014.

Enterprise Organizations Must Act Now
The longer it takes for an organization to discover a breach, the more time attackers have to penetrate its defenses and cause damage. In more than one quarter of all breaches, it takes the victim organization weeks, or even months, to contain the breaches.

This year’s report is packed with detailed information and improvement recommendations based on seven common themes:

The need for increased vigilance.
Make people your first line of defense.
Only keep data on a need-to-know basis.
Patch promptly.
Encrypt sensitive data.
Use two-factor authentication.
Don’t forget physical security.


from cyber war desk

Logical Operations Launches New Websites Dedicated to Groundbreaking Cybersecurity Training and Certification Programs, CyberSec First Responder and CyberSAFE

Logical Operations, the world’s leading provider of information technology instructor-led courseware, launches new websites for their CyberSec First Responder: Threat Detection and Response and CyberSAFE training and certification programs to help organizations worldwide prevent and mitigate increasing cybersecurity threats.

Logical Operations, the world’s leading provider of information technology instructor-led courseware, launches new websites for their CyberSec First Responder: Threat Detection and Response and CyberSAFE training and certification programs to help organizations worldwide prevent and mitigate increasing cybersecurity threats.

The new CyberSec First Responder and CyberSAFE websites, and, respectively, help organizations worldwide gain critical information about how these two Logical Operations courses and certifications can strengthen their security capabilities to prevent loss of company data at the end-user level as well as prepare IT employees to analyze threats and mitigate risks associated with cyber-attacks.

“People are the key to protecting an organization’s network; no amount of investment in technology alone will totally protect your network against cyber-attacks without properly trained employees,” said Bill Rosenthal, CEO, Logical Operations. “Our CyberSec First Responder and CyberSAFE training and certification programs ensure that employees are trained to recognize and prevent security threats at the end-user level, and that higher-level IT professionals have the skills to protect their organizations’ network and defend against sophisticated cyber-attacks.”

Visit and to learn more about the CyberSec First Responder and CyberSAFE training programs as well as to see where you can sign up for these classes.

About Logical Operations
Logical Operations helps organizations and individuals maximize training with an adaptable expert-facilitated learning experience. Its more than 4,600 titles are available globally through flexible delivery platforms that are designed for any learning environment. Logical Operations also offers a growing portfolio of high-stakes certifications such as Logical Operations Certified CyberSec First Responder and certificates including Logical Operations Certified CyberSAFE. For more information, connect with Logical Operations at and on Twitter @logicalops.


from cyber war desk

Russian cyberwar advances military interests in Ukraine, report says

As troops prepare to move, cyber activity flares.

Cyberwar does not take place in vacuum. When a geopolitical showdown is underway, nation states have every incentive to advance their interests using digital means.

One of the latest examples? Russia hacking Ukrainian systems.

A report out of Arlington, Va.-based cyber security firm Lookingglass reveals a cyber campaign, allegedly Russian, waged against Ukrainian targets, such as the government, law enforcement, and military. The purpose of the state-sponsored espionage has apparently been to gather intelligence on its adversary, bolstering Russian war efforts.

The researchers dubbed the campaign “Operation Armageddon” after the nom de guerre of an author (according to file metadata) of the Microsoft Word documents used in the attacks. (Misspelled “Armagedon” in the “last saved by” field.) The attackers sent the documents to victims as attachments in targeted spear phishing emails.

“For the most part the technologies were not advanced,” says Jason Lewis, chief collection and intelligence office at Lookingglass. “It’s not super sophisticated, but it’s certainly persistent.”

The campaign has been active since the middle of 2013, according to the report. And it may have been catalyzed by trade talks between Ukraine and the European Union, which Russia condemned.

Lookingglass researchers worked with neither Ukraine nor Russia in its investigation, sourcing its materials rather from proprietary methods and through sites like VirusTotal, a public database where people can upload and scan files for known viruses. The firm’s researchers obtained 11 “lure” documents, files that serve to trick their recipients into clicking a malicious link or opening a malicious email attachment, that way.

Often, the researchers found, the hackers stole documents relevant to the outside conflict from victims’ machines, and then used those files to compromise future targets.

The crux of the report ties Russia’s kinetic tactics to its digital intrusions. When the researchers compared the timestamps on modified documents and malware to roughly 300 news events pertaining to Russo-Ukrainian relations, they noticed a correlation. When troops were preparing to move, cyber activity flared.

Once Ukraine’s interim President announced the start of an “anti-terrorist operation” against pro-Russian separatists in mid-April 2014, the conflict’s cyber activities significantly increased. From this point onwards, waves of cyber attacks from the Russians directly correlated with the timing of military events and were geared towards gathering intelligence to empower themselves on the physical battlefield – a digital method of espionage in its truest of forms.
A damning, though inconclusive, timeline of the attacks can be found in the report. (See page 5, available here.)

The Lookingglass researchers, convinced that Russia is the culprit, agree with the Security Service of Ukraine (SBU) that the Russian Federal Security Service (FSB, descendant of the KGB) is to blame. (SBU, too, has called out FSB as being responsible for recent phishing attacks.) “We’re highly confident that the claims the SBU made are accurate,” Lewis says. “We didn’t find any evidence to the contrary to dispute those claims.”

He admits, however: “A lot of it is circumstantial evidence—but this is a pattern that continues to occur throughout the campaign.” Lewis believes the timing of attacks and motivations are more than just a coincidence.

That nation states are using cyber attacks to achieve geopolitical ends should come as no surprise.

Last year, CrowdStrike associated Chinese cyber espionage campaigns with China’s movement into disputed territory in the South Pacific as well as with an ISIS-led takeover of an Iraqi oil refinery. The security firm FireEye FEYE -0.09% found state actors using attack methods similar to those outlined above to target rebel forces during conflict in Syria. The security firm Cylance recently implicated Iran as having probed critical U.S. energy infrastructure, just prior to nuclear negotiations. And then, of course, there are the claims about Sony Pictures Entertainment and North Korea.

Espionage and cyber attacks can give countries that engage in the practice an upper hand in international affairs. “Nation states need to be able to asses how seriously people will take their threats and what they’ll do as result of a threat,” says Adam Meyers, vice president of intelligence at the security firm CrowdStrike, presenting a rationale for digital incursions. “It puts them in a better position to make a credible threat if they know what the response is going to be.”

(Although Meyers had not had time to assess the quality of the Lookingglass report’s attribution claims, he offered: “Russians are definitely known for making spelling errors for English words in their code.” He added, “spear phishing is certainly a favorite of nation state hackers.”)

Now that the report is public, Lewis hopes to exchange information with Ukrainian authorities next, he says. Though his team had earlier reached out to the Ukrainian computer emergency response team, known as CERT-UA, he says Lookingglass found it difficult to collaborate.

“Part of the problem is that the Russians are not interested in cooperating with anybody,” he says. “And in Ukraine finding a contact that’s trustworthy seems to be a challenge.”

“There are rumors of infiltration by Russian agents,” he clarifies, “so it’s hard to know if who you’re dealing with is actually Ukrainian.”

Indeed, recent reports suggest that Russian spies have penetrated deep inside Ukraine’s intelligence apparatus.

When Fortune spoke with Lewis on Tuesday afternoon, he had no updates as yet on the operation, which remains ongoing (although he did mention that his team has discovered more “lure” documents since releasing the report). He expects the attackers will change their tactics soon.

“There may be parts we haven’t uncovered yet,” Lewis says. “We hope by releasing indicators, other people can have a look.”


from cyber war desk

Colleges in a cyber war with hackers; open networks vulnerable to attacks

The cyberattack that crippled Rutgers University for the past three days was part of a string of attacks that attempt to exploit weaknesses that are unique to the way colleges operate.

The attack, which was the third at Rutgers since November, came as institutions of higher education try to make it as easy to use a computer at school as at home, allowing students to do everything from downloading a song to accessing information from around the globe, all while keeping vast computer networks operating.

“It’s not to say we don’t also protect,” said Neal Sturm, chief information officer at Farleigh Dickinson University, which also was hit by a cyberattack last month. “But a university has students and has faculty, and it becomes much more challenging for universities to completely lock the door from a security perspective because universities are supposed to be open by their very nature.”

Related:  Internet service at Rutgers improving but isn’t fully retored

In the attempt to infiltrate colleges and universities, cyber criminals are using smarter, more sophisticated methods than ever. They set out to steal financial information, make a splash or a statement or carry out a vendetta against a school. School employees update programs and block suspicious users daily while they plead with staff and students not to open those links that pretend to be from a bank or a friend.

At Rutgers this week, Internet service was crippled just nine days before finals were to begin. Students couldn’t finish papers, take online classes or register for courses. The university has made no public statements on the attack except to tell students two to three times a day that they were working on the problem.

Outside Internet traffic bombarded the university, overwhelming its network and making it difficult for legitimate users to get online or access pages on the Web. To carry out the “denial of service” attack, a cyber criminal builds up a “botnet,” or an army of computers that they infiltrate and set up to do repetitive tasks, like flood a school’s server with requests.

Botnets are built when computer users click links sent by spam email that lead spyware and viruses to be installed on their computers.

It has gotten easier and cheaper to launch a denial of service attack, and infected computers can be rented for that purpose, experts say. It’s hard to prevent them and even large companies, like Sony and Microsoft, have been victims.

No comment from FBI

A spokeswoman for the FBI, which is investigating, declined to comment.

The attacks are intended to make a statement or make demands like ransom and not to steal data, although they can be used as a diversionary tactic.

In a spate of attacks last year at schools, including Indiana University and the University of Maryland, student and staff data were exposed. The hackers gained access to the names, addresses and Social Security numbers of thousands of current and former students.

The FBI has also warned that foreign interests are trying to steal research from universities for political and economic gain.

Even when personal data aren’t stolen, there are financial costs and damage to a school’s reputation. It costs thousands of dollars to remove a computer infection because the technology staff has to reinstall programs at every workstation, said Peter Streips, president of the Network Security Group, a business that consults with colleges in the Northeast on security matters.

Certainly, Rutgers’ reputation has taken a hit, with its problems being aired in the media as high school seniors are deciding which colleges to attend.

Students have vented in hundreds of online comments. They complained that they couldn’t get their work done and that they needed to use their own phones at their own expense for Internet service. A few said on Twitter that they felt like switching schools.

Crime rings and hackers are going after universities because they view them as easy targets, security experts say. Colleges and universities want to promote learning and want students living on campus to feel like they’re home. At the same time, they store a wealth of information, like credit card and Social Security numbers and faculty research papers.

“All those file-sharing applications — while it’s nice to be able to share information, this is basically a back door for hackers to be able to access other people’s computer remotely,” Streips said.

Meanwhile, thousands of students and faculty are using the networks on their own laptops and tablets and are linking up with organizations across the globe — giving hackers and criminals plenty of ways to break in. More than 30 percent of cyberattackers infiltrate networks through a computer that belongs to a student or employee, Streips said.

“The uneducated user is just as risky as the person in China trying to track your network,” he said.

And the threats are constant and ever-changing with new methods of attack being devised every day, college security professionals say.

“We’re growing in our abilities to monitor and prevent and mitigate it, but it’s going to be a never-ending challenge,” said Candace Fleming, vice president of information technology at Montclair State University.

Schools also are often limited by how much they are willing to spend, especially compared with the private sector, said Kim Milford, executive director of the Research and Education Networking Information Sharing and Analysis Center. So they often use free, open-source programs to improve security and share information.

Two-thirds of the higher education institutions surveyed last year by the SANS Institute, which specializes in cyber security, said they needed more staff while 43 percent said they couldn’t compete for highly skilled workers against higher-paying organizations and businesses.

New protections

Universities are taking steps to improve security. They are adding new password protections and hiding personal information in code. They are keeping sensitive information, like financial records, on networks separate from the ones used by students. They run programs all day long to check for suspicious online traffic and to make sure computer controls are working.

Many universities, including Fairleigh Dickinson and Montclair State, also have created response teams that can be activated in case of a breach.

Rutgers, meanwhile, put an advertisement in the student newspaper that appeared online this week urging students not to share their passwords. “Don’t be the weakest link to security,” the ad said.

But more can and should be done, experts say.

In the SANS Institute survey, only about half the respondents reported that they encrypt sensitive information that can identify students and faculty members, like Social Security numbers and credit card information. And just 57 percent said they classify and create special guidelines for sensitive data.

In response to the growing threat, schools have to revise their plans constantly and be prepared for a crisis, Streips said.

“It’s not if it happens, it’s when,” he said.


from cyber war desk

Lookingglass Report: Russia Backed Cyber Attacks on Ukrainian Gov’t Leaders

A report by Lookingglass Cyber Solutions‘ cyber threat intelligence group claims Russia is behind a cyber warfare and espionage campaign against government, law enforcement and military officials in Ukraine.

The company said Tuesday the “Operation Armageddon: Cyber Espionage as a Strategic Component of Russian Modern Warfare” report discusses findings from its independent investigation of the “state-sponsored” attacks.

“In terms of ‘Operation Armageddon,’ we honestly expected to see more outages based on prior actions from the Russians against Estonia, but this time it seems they leveraged the Internet to gain a more intel-specific advantage,” said Lookingglass CEO Chris Coleman.

The report, which confirms claims by Ukraine’s security service, states the campaign has been active since mid-2013 and targets information on Ukrainian military strategies to give a decision-making advantage to Russia.

Lookingglass said it also found a direct correlation between the ongoing war and the attack timing, particularly around the signing of the Ukraine-European Union Association Agreement.

The attacks begin with a spear phishing email that appears to come from the same group due to the reuse of infrastructure, malware samples and passwords, the company added.

Lookingglass noted that Russian military doctrine points to increased information warfare as a modern tactic to support kinetic warfare and political objectives.


from cyber war desk

Europe’s Largest Airline Falls Prey to $5 Million Cyber-Theft

- Europe’s largest airline says $5 million (€4.5m) taken from bank accounts
- Ryanair confirms hackers stole via Chinese bank
- Cash siphoned from one of its bank accounts
- Allegation that robbed in Chinese banking scam
- Hackers transfer $5 million from a Ryanair dollar account to Chinese bank
- Highlights growing risks of cyber-crime and lack of protection
- Cyberattacks as the “New Cold War” and risk to all our wealth
- Cash no longer king – deposits more risky due to cyber-crime 


Europe’s largest airliner in terms of passengers, Ryanair, has had $5 million siphoned from one of its bank accounts. It is alleged that Ryanair were hacked by cyber-criminals and had the cash illegally transferred to a bank account in China.

Cyber thieves managed to initiate a single fraudulent transaction using a Chinese bank when stealing the money from the airline according to reports. The hacked account held dollars which the Irish company uses for fuel purchases.

In a statement Ryanair said the following:

“The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5 million – have now been frozen.”

“The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur.”

Although the sum stolen was relatively small in corporate terms and appears to have been tracked and frozen quite quickly, the incident – yet again – highlights the threat posed by cybercrime to today’s banking and financial systems.

Legislation to deter cyber-theft is only as effective as the means to enforce it. It is a relatively new phenomenon that a theft could be committed without the thief having to set foot in the jurisdiction from where the asset is stolen.

If the perpetrators are above the law or reside in a different jurisdiction legislation is not an effective deterrent.

In February, we covered how Moscow based cyber security firm Kaspersky Lab had uncovered the operations of an international group of cyber criminals who stole up to $1 billion from “over 100 banking and financial institutions in 30 different countries across the world”.

To date, there appears to have been no progress in identifying the hackers demonstrating the comfort and impunity with which very savvy cyber-thieves can operate.

Guy Haselmann from Scotiabank has described cyber attacks as the “New Cold War.” In his piece “The Invisible Enemy” he refers to President Obama’s recent State of the Union address where he described “foreign cyber-threats as a ‘national emergency’.”

Obama said that the “if the US government does not improve cyber defenses, we leave our nation and our economy vulnerable”.

Haselmann goes on to suggest that warfare ideology has moved from the insane doctrine of Mutually Assured Destruction (MAD) through nuclear weaponry to “Multilateral Unconstrained Disruption” – MUD.

“This unrestricted warfare”, he says, “is meant to disrupt societal functioning; to ‘poison’ information to elevate distrust of all computer information.”

That governments are involved in this type of warfare is beyond dispute. We previously covered how a broad spectrum of countries had perpetrated cyber-attacks against their rivals.

The outcomes of such attacks, while not on a par with a nuclear holocaust, should not be taken lightly. It is believed that the deployment of the stuxnet virus by the U.S. and Israel against an Iranian nuclear facility almost caused a major environmental catastrophe.

Trojan malware, apparently of Russian origin, was found in on Nasdaq’s central servers which was capable, according to the NSA, of “wiping out the entire exchange”. The knock-on effects of such an action would likely have led to stock market crashes, recession and possibly depressions and social upheaval across the world.

The new cold war may indeed be one of cyber-warfare. If so we can expect an escalation of such attacks should relations between Washington and NATO and Russia, Iran and other Middle Eastern nations deteriorate further.

The fact that cyber theft can occur demonstrates the abstract nature of modern currency. By manipulating digits on a computer screen and through hacking, wealth can be transferred from one part of the world to another and from one bank account to another.

The means to acquire goods and services is now almost entirely determined by an intangible and virtual medium of exchange. This renders cash little better than crypto currency, although in theory crypto currency should not and cannot be printed and electronically created with reckless abandon as is happening to the dollar, euro, pound and other paper and electronic currencies today.

The risks posed by cyber-crime, cyber-warfare and cyber-terrorism to this type of monetary system should not be underestimated.

If the system were to become severely compromised or even collapse – through cyber-attacks or any of the myriad risks to the system that exist today – it is highly likely that in the ensuing panic gold and silver buying, prices would surge to levels never seen before.

That would see gold and silver rise well above the inflation adjusted record highs or real record highs above $2,500 per ounce and $150 per ounce.

Owning physical gold in segregated, allocated accounts is essential financial insurance to protect wealth today.

Important Guide: 7 Key Gold Storage Must Haves


Today’s AM LBMA Gold Price was USD 1,204.80, EUR 1,095.45 and GBP 783.99 per ounce.
Yesterday’s AM LBMA Gold Price was USD 1,201.40, EUR 1,100.56 and GBP 788.17 per ounce.

Gold climbed 0.82 percent or $9.80 and closed at $1,212.20 an ounce yesterday, while silver rose 1.4 percent or $0.23 closing at $16.61 an ounce.

Gold in US Dollars - 1 Year

In Asia overnight, Singapore gold prices ticker marginally lower and hovered at $1,209 an ounce near the end of day trading after gaining almost 3 percent the two previous trading sessions. Gold eked out small gains this morning to trade to its highest price in three weeks as a weak U.S. data and a weak dollar have lowered expectations for a U.S. interest rate hike in June.

Today’s focus will primarily be on the U.S. Federal Open Market Committee statement at 1900 GMT and the U.S. GDP data out earlier at 1330 GMT.

Most analysts are expecting a dovish statement from the Fed especially if the GDP data published today is weak. A softer dollar will should help the yellow metal’s safe haven appeal and boost prices.

China’s gold bullion imports from Hong Kong fell this March to its lowest level in seven months. Q1 saw a 9 percent fall in Chinese physical gold buying cited an industry report. Although demand as seen on the Shanghai Gold Exchange withdrawals remains near record highs.

Iran and the U.S. Navy appear poised for a battle that could degenerate into another theatre of war in the Middle East.

Yesterday, a cargo ship was shot at, boarded and confiscated by Iranian naval forces and taken to the Persian Gulf port of Bandar Abbas, on the Strait of Hormuz. 34 sailors on board the vessel are American, although U.S. officials later said that the ship, bearing the flag of the Marshall Islands, has no American sailors on board.

Iran’s FARS news agency said the vessel had been detained “for trespassing in Iran’s territorial waters.” The Pentagon said the action was “provocative.”

Some 17 million barrels per day – about 30 percent of all seaborne-traded oil – passed through the Straits of Hormuz in 2013, according to the US Energy Information Administration.

Just last week, the president directed the USS Theodore Roosevelt to the Gulf of Aden to “ensure the freedom of navigation” through its strait, US officials said, as Iranian ships approached Yemen’s shores.

Geopolitical risk remains underestimated by markets. There are a number of geopolitical Black Swans out there – from the Ukraine to the Middle East which could flare up and be the catalyst for the next stage of gold’s bull market.

Gold in late morning trading in London is down 0.53 percent at $1,205.28 an ounce. Silver is off 0.83 percent at $16.46 an ounce while platinum has dipped 0.32 percent at $1,151.49 an ounce. 

Source :

from cyber war desk

Wednesday, 29 April 2015

AIG partners with cybersecurity experts

American International Group (AIG) has partnered with a number of cybersecurity experts in a bid to expand its risk mitigation and prevention services. 

The insurer has developed partnerships with K2 Intelligence, BitSight Technologies, RSA, and Axio Global to complement its CyberEdge risk management and insurance product.

K2 Intelligence, an investigative and intelligence firm, will provide customised threat intelligence, while BitSight Technologies will provide security ratings.

RSA, the security division of EMC and developer of governance, risk and compliance solution RSA Archer, will help companies identify key functional areas of improvement to achieve an improved cybersecurity risk posture.

In addition, AIG has consulted with Axio Global, experts in developing complete cyber risk management solutions.

“The threat of cyber attack continues to grow. Companies are becoming more aware that the costs can be steep for those that fail to understand, mitigate, and transfer cybersecurity risk,” said Tracie Grella, global head of professional liability, AIG. “Partnering with leading cybersecurity firms provides our clients with another layer of expertise and protection to help mitigate and manage this growing and evolving risk.”


from cyber war desk

ASIC gets cyber war cabinet

The corporate regulator is setting up a special advisory committee to help it better respond to technological challenges, including the threat of cyber attacks.

Australian Securities and Investments Commission chairman Greg Medcraft said yesterday the Digital Finance Advisory Committee would comprise members of the fintech community and “help inform how we focus our efforts in this area”.

The initiative was announced as ASIC fleshed out details of its “innovation hub” to supposedly help fintech businesses better navigate the regulatory system.

Mr Medcraft said the commission would also “make ourselves more accessible” to new tech companies and “where appropriate” participate in independent fintech initiatives, such as Stone & Chalk, a tech accelerator program backed by the likes of Amazon, Oracle and Amex.

ASIC has previously highlighted cyber attack as a systemic risk, with Mr Medcraft warning that companies’ survival would depend on the quality of their risk management.

“The links between market players and infrastructure mean the impact of a cyber attack can spread quickly . . . (with) the potential to dangerously affect the integrity and efficiency of global markets, the protection of investors and trust and confidence in the financial system,” he said.


from cyber war desk

Tesla to open the electric car doors to hackers at Defcon 2015

At the Defcon convention in Las Vegas this summer, one of Elon Musk’s Tesla electric cars will be made available to hacker attendees, so they can tinker with any piece of the vehicle they like.

“The benefits for Tesla will be twofold: they will be made aware of any bugs in the vehicle and of any hackers who are worth hiring,” writes Thomas Fox-Brewster at Forbes. “At Defcon last year, Tesla scouts were on the prowl, finding plenty of talent whilst meandering the halls of the Rio Hotel & Casino.”

Here’s the talk summary. Tesla won’t comment on it, and no Tesla people are listed as being officially part of the talk. But it does appear that Tesla is loaning one of their vehicles, and Forbes reports that a source close to the planning who asked for anonymity says they’re involved. Makes sense.

Remote Exploitation of an Unaltered Passenger Vehicle
Charlie Miller Security engineer at Twitter

Chris Valasek Director of Vehicle Security Research at IOActive

Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks.

Charlie Miller is a security engineer at Twitter, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as “It’s complicated”.


from cyber war desk

Hackers Crash Website of Controversial Thirty Meter Telescope Project

A hacker group known as Operation Green Rights has claimed responsibility for crashing the website of the Thirty Meter Telescope, a controversial project that Hawaiian natives claim is desecrating sacred ground.

In a statement posted on their website, the group said: “Nothing will ever justify the destruction of ecosystems; filthy money can never replace them. Stand with the Hawaiian natives against #TMT”.

The website was taken offline for several hours on Sunday evening after the group launched a Distributed Denial of Service attack, which overwhelmed the website’s server and prevented legitimate access to the website.

Although 13 telescopes already exist on sacred Mauna Kea, the project’s opponents claim that construction of the massive 18-story Thirty Mile Telescope is a detriment to local ecosystems.


from cyber war desk

Cybersecurity Software Startup ThreatQuotient Raises $1.5M Seed

Dulles, Va.-based cybersecurity software startup ThreatQuotient has raised a $1.5 million seed round led by Blu Venture Investors, the state of Virginia’s Center for Innovative Technology (CIT), and the Virginia Tech Investor Network (VTIN). Founded in 2013, ThreatQuotient is the developer of a Threat Intelligence Platform (TIP) that aggregates, organizes and further analyzes critical threat intelligence data. The capital will be used to catalyze the company’s go-to-market reach through what they call both “direct and channel partner activities” and it was also help fund further TIP development.

ThreatQuotient’s TIP is called ThreatQ. The system enables cybersecurity and IT teams to collaborate more easily while giving them the information to make better informed decisions based on the stage and context of a cyberthreat. ThreatQ provides a repository for threat intelligence used to track indicators of compromise (IOC), like malicious malware activity.

Todd Headley, the former Chief Financial Officer at Sourcefire, is an angel investor involved with the VTIN — who assisted in funding the seed raise.

Headley said in a statement, “As an investor I was drawn to this opportunity where an innovative technology better enables cybersecurity operations to mitigate the risk of harmful cyberattacks … I believe ThreatQuotient’s early success and long term vision positions them to become a market leading solution that can bridge the cyber industry gap between the providers of intelligence and the tools that consume this data.”

Several of the startup’s investors this round are heavily connected to the Mach37 program, who’s campus is based out of Virginia’s CIT. Vienna, Va.-based Blue Venture Investors is an active local venture capital firm, which has participated in early financial rounds for McLean-based, Sterling-based and Reston-based Avizia. Principal at Blu Venture Investors Steven Chen is on the board of directors for ThreatQuotient and is the founder of PFP Cybersecurity as well as a mentor for the Mach37 cybersecurity accelerator program.

“As cyber attacks continue to escalate across the globe and security teams are challenged to aggregate and distill massive amounts of threat intelligence these security teams require an enabling platform to make faster, better informed decisions on how to best protect themselves,” said Wayne Chiang, CEO and co-founder of ThreatQuotient, in a statement. “We’re excited to partner with these leading early-stage investors as we breakout of stealth mode and continue delivering on our innovative platform which is fast becoming a core tool for security teams to lean on.”


from cyber war desk

Cyber security summit looks at how business can tackle cyber attacks

Obama Administration Expands Cyber Defense Strategies

President Barack Obama pledged to put cyber issues at the core of his legislative agenda. He’s sought to change how the public and private sectors share information about online threats and bolster some privacy protections for citizens while maintaining a robust NSA.

Now the administration is turning its attention to Washington’s two central pillars of national security: the military and espionage services.

In the last month, both the Pentagon and the CIA have issued broad strategy statements, vowing to assertively move and expand their operations into the cybersphere to protect and defend vital U.S. security interests.

In April, CIA Director William Brennan released an unclassified version of what he calls the Agency’s “Blueprint for the Future.” Saying that digital technologies hold as much promise as they do threats, he vowed to place “the digital domain at the very center of all our mission endeavors.”

In an April 23 speech at Stanford University, Secretary of Defense Ashton Carter laid out the Pentagon’s cyber strategy, warning potential adversaries that the U.S. is ready to respond to any act of cyberwar, using digital weapons of “blunt force trauma” as well as, potentially, conventional force.

Amid these and similar developments by other nations around the world, a larger conversation is taking hold among researchers, military strategists, cyber security specialists, privacy activists and others.

Among the questions:

What’s gained and what’s lost with the Internet’s militarization? What are the rules of cyberwar? Does the development of nuclear arms, and the resulting decades-long détente, have anything to teach the cybersphere? And if cyberwar comes, what exactly will it look like, and who will be hurt?

Rules of cyberwar

When asked a few years ago about concerns of militarizing the Internet, Chairman of the Joint Chiefs of Staff General Martin Dempsey said, “We have a Navy, but we’re not being accused of militarizing the oceans.”

That may be true as far as it goes, said Colin Clark, editor of the online defense industry news-site Breaking Defense. The Internet, Clark said, is most likely a “global common,” or a space like the sea or space that’s shared equally among nations.

“But the problem with the Internet when you look at it in terms of a civilian and military divide is that there is no divide for practical purposes because the Internet goes everywhere,” he said. “So if you’re going to operate on the Internet in a military fashion, you’ve got to come up with rules that make sense and work technically.”

Over a period of centuries, nation-states developed something called ‘Jus in Bello,’ or the international Law of War.

It sets out, in fairly codified fashion, the rules of warfare, including what’s generally considered acceptable and what isn’t regarding the start and end of war, the treatment of civilians and prisoners, and general principles to prevent unnecessary suffering and destruction.

When a new military technology – such as nuclear weapons – comes along, the rules need to be rewritten.

Nations do that, Clark said, in part by “signaling” to each other through public statements, speeches and policies, their willingness to use such weapons and under what circumstances.

“That’s exactly what’s happening here with Secretary Carter’s speech at Stanford,” he said. “He’s telling in particular the Russians and the Chinese, who commit the great majority of hacks and other attacks against the U.S., that we know what you’re doing, we’re watching what you’re doing, that we’re capable of stopping you and, in the end if necessary, we can destroy you via the Internet.”

The problem with that, said Bob Twitchell, the CEO and President ofDispersive Technologies, a cybersecurity firm based in Alpharetta, Georgia, is that there is as yet no agreed-upon rulebook of cyberwar. That makes it more unpredictable and dangerous, he said.

“Technology can do many different things, but it always comes back to policy: what’s the technology, what do you want to do with it, what’s fair and not fair, and what’s completely unacceptable,” said Twitchell, a longtime consultant and developer of electronic weapons for the Department of Defense.

Signals like Carter’s speech or Brennan’s blueprint, Twitchell said, could help begin a serious international discussion, but that would take time. Meanwhile, he said, the U.S. has thrown down the gauntlet.

“The U.S. coming out and saying they’re going to protect American citizens and companies from the world’s cyberbullies is absolutely the right thing,” he said. “I think letting them know that’s the policy will stop some of the hacking because they know what we could do to them.”

Cyberwar preparation

Both Twitchell and Clark, as well as other analysts VOA has spoken with, say that when it comes to cyberwar, it isn’t a case or if, or even when, but rather what is happening now.

“Cyberwar? It’s already happening,” said analyst Twitchell. “We’ve already seen the damage it can do. I think it’s increasing exponentially, but a lot of people are just being quiet about it, so you don’t give your enemies situational awareness.”

There’s an old phrase among those who’ve seen military combat: “The battle plan survives until first contact with the enemy.” At that point, once reality meets theory, all bets are off.

Clark said the U.S. is already in contact with the enemy, both on the military and espionage fronts, and it’s critical to begin establishing policies that dictate when a response is called for, and more importantly, what that response should look like.

“This is the most interesting part of the cyber discussion: the balance between direct retaliation using the same weapons you were attacked with – cyber – or using another mix,” he said.

“One of the things you’ll hear, especially from the people in the space domain, is that if we’re attacked – say, someone tries to hack a satellite – instead of using cyber to retaliate, we should retaliate with missiles, rockets, bombs, and take out their command and control,” Clark said.

Generally speaking, Chinese hack attacks have tended to focus more on espionage than actual damage, such as when a unit of the People’s Liberation Army allegedly tried to pry open and steal millions of secret files from U.S. corporate and government computers.

In contrast, hackers based in Russia have shown a greater willingness to create damage and havoc, such as their massive cyberattacks on Estonia and the Republic of Georgia.

But those distinctions are blurring, as well as what some analysts see as increasingly sophisticated cyberattacks coming from smaller belligerent nations, such as Iran and North Korea.

“On a daily basis I’m most concerned about the use of the Internet to commit espionage,” said journalist Clark. “On a strategic basis, I’m a lot more worried about smaller actors who may receive state sponsorship to develop cyberweapons. If Iran or North Korea or the Chinese really wanted to get serious, they could make it very difficult for us to say ‘Aha, we know who did this.’ That’s what keeps me up at night.”

Cybersphere clarity

If, in fact, the U.S. is “signaling” its friends, allies and putative enemies about its intent to use the cybersphere offensively as well as defensively, analyst Twitchell said not to expect much clarity about what, exactly, those intents are.

“You never tell your enemy what you’re going to do to them; you let the wonder what you’ll do,” he said. “If you say where the line is, then everyone’s going to go right up to that line every time. Keeping the line fuzzy and making it a choice is part of diplomacy today.”

Clark said the Pentagon and intelligence services are busy running various war-game scenarios to best figure out what those lines may be.

“This gets to the basic separation between espionage and waging war,” he said.

“We’re under attack all the time. In that sense, cyberwar is just a part of daily life,” he said. “But when you talk about the actual use of the Internet to inflict serious and sustained damage on our country with the intent of either taking life or destroying the economy. That’s a whole other level and one that we’ll only recognize when it happens.”


from cyber war desk

Lookingglass Cyber Threat Intelligence Group Links Russia to Cyber Espionage Campaign Targeting Ukrainian Government and Military Officials

Report findings provide fully documented cases and timeline showing cyber warfare and espionage being used in coordination with Russian military activities

ARLINGTON, Va.–(BUSINESS WIRE)–Lookingglass Cyber Solutions today released a report by its Cyber Threat Intelligence Group (CTIG) corroborating the Ukrainian government and Security Service of Ukraine’s (SBU) claims that “Operation Armageddon” is a Russian state-sponsored cyber espionage campaign targeting Ukrainian government and military officials. The report, Operation Armageddon: Cyber Espionage as a Strategic Component of Russian Modern Warfare, is one of the first to fully document cases of a cyber campaign and provides a timeline to show how cyber warfare and espionage have been used in coordination with kinetic warfare, battlefield planning, and troop movement, along with other strategic military tactics and assets.

The Ukrainian government and SBU are actively investigating this threat and have issued at least two known official statements in September 2014 and March 2015. Lookingglass started investigating after the SBU first publicly announced the attacks in September 2014.

According to Lookingglass’ CTIG, “Operation Armageddon,” has been an active campaign since at least mid-2013. The campaign reveals a Russian state-sponsored cyber espionage campaign that is designed to give decision-making advantage to the Russian leadership by targeting Ukrainian government, law enforcement, and military officials in order to steal information that can provide insight into near term Ukrainian intentions and plans. Temporal analysis of the campaign indicates a direct correlation between the cyber attacks and the ongoing war in addition to highlighting an alarming blend between cyber espionage, physical warfare, and the driving political forces behind them. Although continuously developed, the campaign has been intermittently active at a small scale, and uses unsophisticated techniques.

The attack timing suggests the campaign initially started due to Ukraine’s decision to accept the Ukraine-European Union Association Agreement (AA), designed to improve economic integrations between Ukraine and the European Union. Russian leaders publicly stated that they believed this move by Ukraine directly threatened Russia’s national security. Although initial steps to join the Association occurred in March 2012, the campaign didn’t start until much later (mid-2013), as Ukraine and the EU started to more actively move towards the agreement.

Each attack in the campaign started with a targeted spear phishing email convincing the victim to either open a malicious attachment or click a link leading to malicious content. The attackers use “Lure Documents” either previously stolen from, or of high relevance and interest to Ukrainian targets, often government officials, in order to lure their victims into opening the malicious content.

“To ensure we fully understand the cyber landscape, we constantly monitor global events to determine the impact they may have on the infrastructure of the Internet; such as new threats, adversaries, outages, etc. In terms of ‘Operation Armageddon’ we honestly expected to see more outages based on prior actions from the Russians against Estonia, but this time it seems they leveraged the Internet to gain a more intel-specific advantage,” stated Chris Coleman, CEO at Lookingglass. “What is unique and exciting about our report is that we have mapped out a timeline correlating the use of cyber espionage to kinetic warfare. Much like during the ‘Cold War’ when everyone knew nuclear submarine war games were going on even though it was not exposed until much later; we all believe that cyber tactics are currently being used to support war efforts. This report simply takes away the uncertainty and adds credence to those beliefs.”

Key Takeaways:

  • “Operation Armageddon” is a Russian state-sponsored cyber espionage campaign active since at least mid-2013 and targeting Ukrainian government, law enforcement, and military officials for the purpose of identifying Ukrainian military strategies to aid Russian warfare efforts.
  • Russia is a leading nation-state cyber threat actor that uses offensive cyber operations in tandem with kinetic attacks in pursuit of political and military objectives.
  • Russia’s 2010 Military Doctrine acknowledges the intensification of information warfare activities as a feature of modern warfare.

The CTIG’s analysis techniques and correlation of attacks to real world events support the notion that the attackers are Russian state sponsored, although they cannot be certain which groups. Further analysis has shown consistent evidence that the malware used in the attacks came from the same group of attackers. Reuse of attacker infrastructure, TTPs, and identical malware samples used in different waves supports this. Also, the password used by the attackers to connect to the infected machines never changed throughout the waves of the campaign.

The CTIG is constantly looking at global events to stay ahead of the curve on what the Internet infrastructure looks like and how different events impact that infrastructure. Lookingglass prides itself on being aware of activities so they can learn from them and share their unique threat comprehension with clients. In the case of “Operation Armageddon,” it started with a curiosity and resulted in very informative findings as to the impact and prevalence of nation state sponsored cyber attacks/initiatives. For more information on these findings or to download the full report, please visit our website.

Lookingglass’ threat intelligence management system delivers content, context and confidence in risk and security operations decision support. The Lookingglass product portfolio increases visibility within and beyond the network perimeter, allowing customers to continuously assess and mitigate threats. Lookingglass products are data and feed agnostic, supporting commercial and open source threat intelligence feeds, while delivering proprietary threat and Internet intelligence.


from cyber war desk

Budget Increase: Check — Now how do you build out an effective security program and team?

HP Security StrategistsBy HP Security Strategist Stan Wisseman

The constant stream of security incidents have convinced your executive leadership and Board to take action – they’ve asked you to build out an information security program and provided the funding to do so. Where to start? It’s possible to spend a lot of money on information security enhancements that are ineffective against today’s threats. What are the most important cyber-related risks to address? How can the information security program support the mission of the organization? How can the program get properly resourced?

Baselining against a Framework

A good place to start is by leveraging a cyber-security control framework. Use of a framework isn’t a silver bullet, but it gives you a vetted reference model of best practices to work with. There are several frameworks to consider, including: ISO/IEC 27001:2013, NIST Cyber Security Framework (CSF), and the SANS Critical Security Controls for Effective Cyber Defense. I’ve used ISO 27001/2 as a framework with some success. The difficulty with all ISO standards, in my opinion, is that the revision cycles are long and the standards may not adapt quick enough to the evolving threat landscape. Also, ISO standards can be bloated with excessive wording, long lists, and unnecessary prescriptive text. SANS helpfully prioritizes their list of 20 critical controls to help you focus on what they view as the most effective measures. Some prefer the SANS top 20 due to its practical nature. The NIST CSF leverages existing cybersecurity best practices (ISO 27001, COBIT, ISA 99, etc.) and is divided into five “core functions” with sub-categories. Chart

The CSF was built with the flexibility to add new categories and subcategories as new requirements arise. You can also use more function-specific frameworks like Cigital’s Build Security In Maturity Model(BSIMM) for software security, or HP’s Security Operations Maturity Model (SOMM) for security operations.

Whichever framework(s) you select, it’s a good practice to assess your organization’s current security posture against the framework to establish a baseline capability and identify functional gaps. Don’t get discouraged by the results! We are all on a journey to enhance the maturity of our security control environments. As reflected in a recent post by Brian Krebs, understanding where your organization is on the maturity scale is valuable reference as you develop your program roadmap. You will want to focus on the most impactful enhancements to mitigate gaps and enhance program maturity. As was shown in HP’s 2015 Cyber Risk Report, these could be a combination of dealing with the basics (e.g., secure platform configurations) as well as more advanced capabilities (e.g, user behavioral analytics). I recommend development of a multi-year roadmap that aligns with overall organization goals and manages InfoSec risks within the risk appetite of the organization. Now you’ve got to resource the plan.

Developing a Cybersecurity Workforce

Resourcing, however, is the next challenge – developing a workforce with the abilities to execute the roadmap. It’s difficult to find individuals with a balance of technical skills and necessary soft skills to constructively engage with business partners. I recommend a competency-based talent approach rather than one solely based on experience or certifications (the NICCS National Cybersecurity Workforce Framework is a useful reference). You also need to be open minded when recruiting given the demand for cybersecurity skilled professionals has outstripped supply in the US with an estimated 209K jobs going unfilled. You may need to develop from within through professional development programs, or consider outsourcing some functions.

Once you’ve captured your workforce requirements, you can determine which roles are better filled by employees or which can be provided by external parties. In certain cases, outsourcing cyber security functions provide benefits which include lower costs, additional expertise, operational efficiencies and lower burden on management. For small to medium businesses, outsourcing makes it possible to have many of the same capabilities as larger organizations, but at a lower cost than building the capability in house.

It is critical that you have a flexible and well-rounded team, whether they are in-sourced, outsourced, or a hybrid. A great analogy is NASA’s Mission Control Center (MCC). The MCC has an integrated team of flight controllers certified in particular disciplines such as electrical power, thermal control, trajectory, payload, or medical. All of them have a general understanding of the mission parameters but each team member has a unique knowledge. If a mission incident does occur, combining their collective wisdom, a comprehensive and effective plan can be developed (think of the MCC of Apollo 13). NASA

Likewise, you need a battle hardened team composed of SME’s in various domains (e.g., software security, network defense, cyber operations, digital forensics) and they should be well versed in their respective domains.  Most importantly, you need to see how the whole program hangs together in order to create a “mission plan” as well as a team that effectively responds when there is a newly discovered vulnerability, breach or attack.

Learn more about HP Enterprise Security.

View the original content and more from this author here:

from cyber war desk

Rise of the Rest – Spring 2015 Edition: Pitch Competition Participants Revealed!

By Revolution Team

In just one week, we’ll kick off the third installment of the Rise of the Rest Tour, which will traverse through the Southern U.S. from May 4th-8th. Hot off the presses, we’re excited to briefly introduce the 40 startups who will line up to pitch Steve Case for a chance to win a $100,000 investment. Which promising young startup will rise to the top in Richmond, Raleigh-Durham, Charleston, Atlanta, and New Orleans? Follow our live Road Trip Journal on to find out.

We’re excited to once again be joined by Google for Entrepreneurs and UP Global as presenting partners for the tour, with support from both new and previous tour partners including Salesforce for Startups, Engine, Tech Cocktail, Startup Grind, Village Capital, and Seed Here Studio.

This promises to be one of the liveliest Rise of the Rest tours thus  far – we’ll be joined by public and private sector luminaries like Governors Nikki Haley and Pat McCrory, Senators Mark Warner and Tim Kaine, Sallie Krawcheck, Walter Isaacson, and jazz legend Irvin Mayfield.  And in addition to the startup crawls, fireside chats and pitch competitions that are the hallmark of every Rise of the Rest stop, on this swing we will tour the Atlanta Belt Line to discuss redevelopment, hold the first ever pitch competition aboard a Navy Ship (the USS Yorktown in Charleston), a live pitch fest on a Mardi Gras style float as it travels through the streets of New Orleans with music playing and beers served (for those over 21), a first pitch at a Durham Bulls Game, and a gathering of college students in Research Triangle – to name a few.

Our tour through the Southern U.S. will put new miles on the Rise of the Rest bus, which has already traveled more than 2,000 miles by bus to nine U.S. cities: Detroit, Pittsburgh, Cincinnati, Nashville, Madison, Minneapolis, Des Moines, Kansas City, and St. Louis.  We’ve met incredible startups and visionary leaders in each of these startup ecosystems who understand the important role that all sectors – public and private – play in helping the entrepreneurial economy thrive. And, Steve has personally invested $1 million in great startups along the way.

So, without further ado, we’re excited to share the list of companies who will have the opportunity to join our growing Rise of the Rest portfolio, along with the names of some of the all-star judges who will join us.


  • Guest judges include: Steve Case, Revolution, Aneesh Chopra, Hunch Analytics and former Chief Technology Officer of the United States, Ting Xu, Evergreen Enterprises, Aaron Montgomery, Carlotz, Tige Savage, Revolution Ventures, and Eric Edwards, Kaleo.
  • Pitching companies:
    Rockin’ Baby – premium baby carriers and clothing brand
    Marilyn & Michelle – products to help comfort women with breast issues
    Painless 1099 – smart bankling platform to help freelance workers save for and file taxes
    Nutriati – plant-based ingredient nutrition company
    WealthForge – solution to make private placement transactions more efficient
    Luminary – multichannel CRM platform
    Hourwise – on-demand back office support for trades-people
    Vibeats – mobile web platform for dining reservations


  • Guest judges include: Steve Case, Revolution, Frank Stasio, NPR correspondent, J.D. Harrison, The Washington Post, Talib Graves-Manns, and Sarah Yarborough, Raleigh Denim
  • Pitching companies:
    Tom and Jennys  – cavity-preventing, sugar-free candy
    Personalized Learning Games – social and emotional learning platform for K-8 students
    ELXR Health – platform for behavioral patient consent and data exchange
    Archive Social – social media archiving, monitoring, and analytics for legal compliance
    Stealz – social media engagement tool that turns customers into brand ambassadors.
    Reveal Mobile – mobile audience platform that improves mobile ad targeting
    Antenna – platform to react to any content or product on the internet
    RocketBolt – platform for intelligent lead tracking throughout a customer’s experience


  • Guest judges include: Steve Case, Revolution, Eric Bowman, Sparc, Sallie Krawcheck, Elevate Network, Bobby Ocampo, Revolution Ventures, Herbert Drayton III, Vertical Holdings, Bobby Hitt, South Carolina Secretary of Commerce
  • Pitching companies:
    Dynepic – creating a playground for smart toys
    Good Done Great – revolutionizing the way corporations and people give back
    Eatabit – API that prints electronic food orders inside restaurants
    Bidr – platform to help fundraiser’s increase performance
    Charleston Gourmet Burger – unique, all natural gourmet burger seasonings
    OpenAngler – platform to find and book fishing charters
    Bublish – cloud-based tools, metrics and resources for authorpreneurs
    Echovate – replicating top performers through data-science machine learning


  • Guest judges include: Steve Case, Revolution, Tom Foster, Inc. Magazine, Bridgette Beam, Google, David Cummings, Pardot and Atlanta Tech Village, Paul Judge, Pindrop Security and Monsieur, and David Hall, Revolution Ventures
  • Pitching companies:
    Partpic – visual search technology for replacement parts
    Groundfloor – lending club for real estate
    Cooleaf – employee engagement software for top workplaces
    LocalRoots – mobile marketplace for local farms to sell direct to consumers
    eCredable – leverages alternative credit to connect “no credit” consumers to creditors
    Zyrobotics – provide personalized technology that makes the world accessible to everyone
    Reveal Estate – Turbo Tax-like platform that empowers home buyers and saves them money
    The Village Microfund – helps develop the economic landscape of low-income communities in the US.


  • Guest judges include: Steve Case, Revolution, Jean Case, The Case Foundation, Irvin Mayfield, American jazz trumpeter and bandleader, Zach Strief, New Orleans Saints
  • Pitching companies:
    GoToInterview – on-demand video interviewing platform for high-turn industries
    PlantBid – business to business marketplace for the professional horticulture products industry
    WhereY’Art –  marketplace and social network connecting artists/buyers
    Servato – industrial internet of things solution provider
    Get Healthy – software and services powering direct primary care revolution
    Million Dollar Scholar – transforming how schools and parents prepare students to pay for college
    Welcome to College – helps colleges optimize the college visit and enroll optimal fit students
    Community Health TV – multicultural, multi-platform health media company

The tour is part of a national effort to shine a spotlight on one of the most important trends shaping the U.S. economy moving forward: a confluence of factors ranging from technological innovation to public policy reforms that are making it easier for high-growth startups to launch and create jobs in cities and towns nationwide, not just in Silicon Valley. Learn more about the previous winners from the tours HERE

For a full schedule and to RSVP to public events on the Spring 2015 tour, visit, and follow us on Twitter @RiseOfRest and Instagram.

View the original content and more from this author here:

from cyber war desk

Study predicts global infosec workforce shortage of 1.5M by 2020

By George Jackson

In April, ISC(2) released their annual report on the global information security workforce. It predicts a perfect storm in cybersecurity — an escalating number of concerns coupled with a huge workforce shortfall.

Dan Waddell, ISC(2)’s director of government affairs for the National Capital Region, discussed trends in cyber with Government Matters from the RSA Conference in San Francisco.


View the original content and more from this author here:

from cyber war desk

Show time: 8 finalists to compete for $100,000 from Steve Case

By RICK SMITH, WRAL TechWire Editor

Steve Case’s “Rise of the Rest” tour is coming to the Triangle on May 5, and eight startups will be making pitches directly to the AOL founder. One of the eight will land $100,000 in financing.

Case starts his day with breakfast at the Governor’s Mansion. Then it’s on to the Triangle startup show.

This just in: Raleigh-based Groundfloor will be pitching Case in Atlanta.

Case has already invested in Triangle startups Mati Energy, Automated Insights and Windsor Circle.

Here are the finalists in the Raleigh-Durham Pitch Competition:

• Tom and Jennys – cavity-preventing, sugar-free candy
• Personalized Learning Games – social and emotional learning platform for K-8 students
• ELXR Health – platform for behavioral patient consent and data exchange
• Archive Social – social media archiving, monitoring, and analytics for legal compliance
• Stealz – social media engagement tool that turns customers into brand ambassadors.
• Reveal Mobile – mobile audience platform that improves mobile ad targeting
• Antenna – platform to react to any content or product on the internet
• RocketBolt – platform for intelligent lead tracking throughout a customer’s experience

The full schedule

Case will have a full day in the Triangle, starting with breakfast at the Go vernor’s Mansion with Gov. Pat McCrory.

Here’s the calendar with times and places:

8:30 AM – 9:00 AM:

Press availability, Governor’s Mansion, 200 N. Blount Street

9:00 AM – 10:30 AM:

Startup Crawl: American Underground (AU) @ Raleigh (213 Fayetteville Street, Raleigh, NC) and HQ Raleigh (310 S Harrington St, Raleigh, NC)

11:30 AM – 12:15 PM:   

Rise of the Rest discussion with Steve Case and college students at Frontier, 800 Park Offices Drive, Durham, NC

12:30 PM – 1:00 PM:

Startup Crawl (continued): American Underground @ Main (201 W Main St, Durham, NC)

1:00 PM – 1:30 PM:

Lunch with companies that Steve Case previously invested in (Mati Energy, Windsor Circle, Automated Insights), American Underground @ Main (201 W Main St, Durham, NC)

2:00 PM – 3:00 PM:            

Fireside Chat with Steve Case (Revolution), moderated by Frank Gruber, Tech Cocktail, Carolina Theatre, 309 W Morgan St, Durham, NC

3:00 PM – 5:00 PM:

Rise of the Rest Pitch Competition, Carolina Theatre, 309 W Morgan St, Durham

Judges: Steve Case (Revolution) Frank Stasio (NPR correspondent) Sarah Yarborough (Raleigh Denim) with more to be announced

5:00 PM – 7:00 PM:

Startup Celebration and Happy Hour to award $100,000 to pitch competition winner, American Underground, 201 W. Main Street, Durham, NC

7:00 PM:     

Steve Case throws first pitch at Durham Bulls game

View the original content and more from this author here

from cyber war desk

Russia Wages All-Out Cyberwar Against Ukraine

Russia has hacked the White House, gained access to President Barack Obama’s emails, and even infiltrated into Pentagon’s network. So, it’s little surprise that Moscow has been waging an all-out cyberwar against Ukrainian law enforcement agencies and military. According to a new report from security firm Lookingglass, the Russian gang of hackers is extracting classified documents that can help them (and probably Moscow-backed separatists) in on-the-ground combat.

Russian hackers are using ‘lure documents’

Lookingglass CEO Chris Coleman told NPR that the attacks were persistent, but not sophisticated. The Arlington, Virginia-based cyber security firm said that it tracked malware that was in emails. Russian hackers are getting the Ukrainian military, local police, counterintelligence, and border patrol to open these malicious emails that look legit.

They use “lure documents” to entice the recipient to open the email. Lookingglass lead researcher Jason Lewis cited an MS-Word file dated January 15, 2015. The file had “not for distribution” written on it in Ukrainian. It gives an overview of the situation on the Ukraine-Russia border. Lewis says hackers stole the document from Ukraine’s State Border Guard Service, inserted the malware, and sent it to another Ukrainian security agency.

Russia started collecting combat intel in April 2014

There would be at least one person who considers it legit and opens the email. Even military offers are human, says Lewis, who has previously worked at the National Security Agency. The malware then infects the computer, allowing hackers to extract all the information. Lookingglass said hackers started collecting combat Intel Corporation (NASDAQ:INTC) in April 2014 when the acting Ukrainian President launched a military operation against pro-Russia separatists.

It was just one example of Russian cyberattacks on Kiev. In September 2014 when Ukraine declared that Russian spy agency KGB was behind the attacks, hackers tweaked their malicious software. Lookingglass also found that the cyberattacks stopped for a brief period when Ukraine and Russia negotiated a ceasefire last June. It indicates that hackers see themselves as part of the battlefield rather than intelligence gathering, which goes on even during a ceasefire.

Lookingglass said neither Russia nor Ukraine was its client. It couldn’t investigate whether Ukraine was also hacking Russia.


from cyber war desk

Israel’s Army Claims Cyber Upper Hand in Technological Arms Race

Technology is becoming an essential part of modern warfare and, as such, the military must defend against cyber attacks just as it defends against physical threats. A successful attack against an army’s computers can cripple it, or release information the enemy can use to deadly effect. The Israeli navy, an often overlooked branch of the IDF, is on the cutting edge when it comes to technological warfare.

In an exclusive interview, The Jerusalem Post spoke to some Israeli soldiers involved in this new battlefield. The source, an officer from the navy’s Information Systems, Processes, and Computerization unit, known by its Hebrew acronym MAMTAM, stressed the importance of cyber-warfare for Israel’s defense.

“Today, all of our systems are based on computerization and databases. We have to bring things that are in the office out to sea and link the sea to the ground command room. Today, our linkage is much faster than in the past,” the source said.

MAMTAM is a small unit responsible for all Israeli Navy signal and IT systems, both logistic and operational. The soldiers that serve there are mainly programmers and university graduates in engineering, computer science and other technological professions.

“We are not just IT; we also deal with IP [Internet Provider] networks. We need cyber defenses, as does the C4i Branch, Military Intelligence, and Israel Air Force,” he added.

He explained that the navy’s ability to stay at sea is as dependent on the new technology as it is on the integrity of their hulls. “We have to be able to be there for a long time and enable the transmission of data. A navy commander in the control room will want this data flowing to the coast. The navy commander who speaks to the IDF chief of staff from far away – this is a technological event,” the officer explained.

Adding computers to their arsenal has also brought the navy into the battlefield in ways that simply were not possible before. The ability of computer networks to integrate vast amounts of information from divergent sources has brought the navy and infantry together.  In last year’s war in Gaza, the switch to network- based warfare brought practical results. Infantry battalion commanders on the ground in Gaza were able to send precise coordinates of an enemy target to a missile ship in the Mediterranean Sea. From an infantry initiated attack, a naval guided missile could destroy ground targets.

“The result is a new sea-based front that we created,” the source said. “All I have to know is the coordinates. This enables me to provide immediate firepower assistance. The battalion commander sends over what he sees. We bring our capabilities to the battle arena. We share visual intelligence,” he said.

But every weapon has a counter weapon and can be vulnerable to attack.

“Every IDF branch has its own fence, its network that it has to defend. Some sections are more exposed than others,” the source added. “The enemy is developing rapidly. An attacker could be a state or a lone hacker. He could be affiliated or unaffiliated but be sympathetic to an enemy, while sitting in a friendly state, far away. He can attack us from the other side of the world.”

“We have cyber warriors,” the source said. “They know our C4i patterns and supply a defensive system, while being able to identify any anomaly in the system. They can identify an effort by an enemy to infiltrate our systems, an effort that will not be accompanied by an announcement. From our perspective, the threat is always lurking on our perimeters – these are ‘borders’ made up of cables.”

When Israel goes to war, the enemy attacks. Last year, while the IDF was at was in Gaza, MAMTAM was defending the Navy’s computer from a wave of attacks.

“We were prepared. Yet we saw the technology they used. This has prompted an arms race on our side. The navy understands that cyber conflicts are wars in their own right, beyond conventional conflicts that we have grown accustomed to. In cyber war, one can engage without firing a single bullet. Attacks can come before a conventional war. There are no official cease-fires. It goes on all of the time.”


from cyber war desk