Saturday, 30 April 2016

Cyber attacks – the illusion of a safe network

In the early years of the internet, it was often recommended, when addressing the question of security in the net, to disconnect the connected computer to the Internet from the rest of the working processes. That way, the malware from the net would not corrupt the data of the companies. It used to be a simpler and more efficient suggestion, obviously no longer practicable in the current era of almost total connections: rarely can a firm avoid having a computer network. However, the constant connection to the Internet – also from mobile devices – makes these nets easily vulnerable and this is why sensitive data must be more and more protected.

What are the threats?

Cybercriminals use unprotected web protocols to launch their attacks. These protocols are responsible for the exchange of data between computers and net providers, the most popular being the TCP/IP protocol. Under an insufficient protection, what is known as man-in-the-middle attacks can be started. If an attacker has obtained access to a computer network he or she can stand between two communication partners without being noticed. For the full article click here 

from cyber war desk

Weekend catch-up: Australia’s submarine bid, Manus Island, cyber strategy, Brexit and more

The winning foreign bidder for Australia’s long-anticipated future submarines was revealed on Tuesday – the French-owned DCNS. The announcement followed leaks in the Australian media last week that Japan had effectively been excluded from the deal, even while a Japanese Soyru-class submarine was visiting Sydney Harbour. Regardless, the press has latched on the potential geo-strategic pressure the Turnbull Government came under in choosing the French over the German, but especially the Japanese, bids.

But as Sam Roggeveen pointed out in his piece this week, the Defence White Paper is fairly unequivocal in what the government sees as the main strategic priority. First, Bruno Tertrais with the view from Paris:

Economic good news is rare these days for the current French Government. So earlier this week, when the announcement that Canberra had chosen the French option for what was termed in Paris the ‘contract of the century’, it made headlines throughout the day in French media…

Both Canberra and Paris understandably focused their initial comments on the economic dimension of the decision and the concrete domestic consequences in Australia and in France, and there is every reason to believe that these considerations — rather than international politics — were paramount in Australia’s decision. For the full article click here 

from cyber war desk

Ghost Squad DDoS Black Lives Matter Website Because ‘All Lives Matter’


Ghost Squad hacktivists have conducted a series of some powerful DDoS attacks on the official website of Black Lives Matter movement forcing it to go offline for the visitors. In the first phase of the attack which was conducted yesterday GS DDoSed the and The .org domain was later allegedly suspended by the hosting company. The screenshot posted below shows the .com domain had its home page completely damaged while the .org domain was suspended due to the DDoS attacks For the full article click here 

from cyber war desk

Spalding NFU joint agent offers tips on preventing cyber attack

With almost a third of the world’s population now online it is not surprising that internet-related crime is on the increase, writes NFU joint agent Phil Ingleby.

According to the Office of National Statistics cyber-related losses are now the largest recorded offence in the UK, overtaking physical crime. Indeed, data is now more valuable to criminals than physical assets.

Though many businesses are gradually improving their cyber security methods, significant risks still remain in interacting with third parties. This is of course not just a problem for those household names that have hit the headlines of late. A recent report by cyber security firm Symantec claimed that 52 per cent of all ‘phishing’ attacks were against small and medium-sized businesses. Clearly south Lincolnshire is not immune to this problem with many businesses firmly in the sight of criminals. ‘Hackers’ often prey on smaller business as they tend to have lower defences, and thus, with a simple inadvertent click of a mouse, the door can be opened to the hacker’s viral software, which has the potential to bring down any business, large or small. For the full article click here 

from cyber war desk

Cyber Warfare – Who are you going to call?

If your organization is connected to the Internet, you are very likely engaged in cyber warfare whether you like it or not.

Nation States, organized crime, terrorist and hacktivists are either attacking or exploiting your systems, or they are using your organization’s systems as a platform to conduct cyber warfare.

The question you need to ask is, “Does my organization have sensors on systems to even know that we’ve been compromised and or currently under attack?”  More than your job may depend on the answer.

Not all attacks are equal in the eyes of the U.S. government. And while the focus in this article is on the United States, it’s important for any company in any country to understand the extent and limitations of government involvement in the event of a breach.

If you are under a potentially catastrophic attack, who are you going to call for help?  According to the redacted and unclassified U.S. Department of Defense (DoD) Joint Publication 13-12 (R) Cyberspace Operations, released Feb. 5,  2013 , it greatly depends on your organization’s relevancy to national security as to how much the government is willing and able to assist your organization. For the full article click here 

from cyber war desk

Friday, 29 April 2016

ISIS is assembling a cyber army

Following the deadly assaults on Europe in late 2015 and early 2016, reports emerged suggesting that ISIS has an army of organized hackers who can provide consistent, round the clock support to foot soldiers. However, new information on the matter seems to suggest that ISIS’s remaining hacking arm is nothing more than a propaganda machine capable of dealing minor hits, if any, to enemies. But ISIS is showing more interest in expanding its hacking capabilities.

The news comes at a time when the U.S. government has declared cyber war on the Islamic paramilitary organization.

A report from Flashpoint called Hacking for ISIS: The Emergent Cyber Threat Landscape, first seen by Ars Technica, says that ISIS in April merged four independent pro-ISIS cyber teams into a single group called the United Cyber Caliphate. The group is made of the Sons Caliphate Army, the Caliphate Cyber Army, the Ghost Caliphate Section and Kalashnikov E-Security Team.

These sound like rather scary organizations, but Flashpoint says they can’t do that much harm as they lack the expertise to conduct sophisticated digital assaults. For the full article click here 

from cyber war desk

Lockton to Join Advisory Committee of American University’s New Cybersecurity Governance Center

WASHINGTON, April 28, 2016 /PRNewswire/ — Joining Marriott, AIG, and Raytheon, Lockton has been named to the Advisory Committee of The Kogod Cybersecurity Governance Center at American University. The Center’s focus is research, publications, and executive education that will improve corporate cybersecurity governance and enterprise risk management practices.

Ben Beeson, Cyber Risk Practice Leader for Lockton, will advise the center on matters related to the link between insurance and the ever-changing cyber risk environment. Beeson is an industry leader in supporting the development of US cyber security policy and was engaged in the creation and roll out of the NIST Cybersecurity Framework (National Institute of Standards and Technology). Additionally, he testified before Congress in 2015 about the evolution of the cyber insurance market and is a regular commentator on CNN, Fox News, The Financial Times, Thomson Reuters, Bloomberg BNA, and The Huffington Post on cyber security issues.

Beeson said, “The insurance industry is at the forefront of public policy debate about how best to incentivize companies to invest in cyber resilience. As such, I look forward to working with Advisory Committee of The Kogod Cybersecurity Governance Center to help better educate business and thought leaders on this increasingly urgent issue.”

Part of The Kogod School of Business, the Kogod Cybersecurity Governance Center aims to promote “good governance” in the preparation for, prevention and detection of, and response to cybersecurity breaches. The Center conducts collaborative, objective, multidisciplinary research related to cybersecurity governance, enterprise risk management, and cyber risk management across business, legal, public policy, and public administration disciplines. For the full article click here 

from cyber war desk

Researchers and Industrial Cybercrime Sleuths Confront Cyber Fraud and Extortion at Toronto Conference

Global cybercrime-fighting association APWG is hosting its eCrime 2016 program June 1-3 in Toronto, Ontario, mustering world-leading industry cybercrime responders and university researchers to plot global strategies to neutralize the menace of cybercrime, a threatscape growing seemingly unchecked in scope and virulence in recent years.

Industrial and academic researchers will probe the mutation of ransomware and other crimeware, the evolution of online scam schemes, bitcoin abuses, and the character of crimes against financial institutions – and different cultures – during this event.

“Amidst the gathering chaos, it can get pretty grim in this space, but the efficiencies in managing cybercrime the researchers discover and share gives us all hope at conference time that cybercrime can, and will be, a predictable and manageable risk like other,” said APWG Secretary General Peter Cassidy. For the full article click here 

from cyber war desk

Cybercom could split from NSA and become its own command

Washington (Talk Media News) – The 2017 defense policy bill passed through the House Armed Services Committee Thursday with language that would boost the U.S. Cyber Command (Cybercom) into its own fully unified military command and launch a review of whether the office should be separated from the National Security Agency (NSA).

Cybercom is a subordinate to U.S. Strategic Command and under the same leadership of the NSA. The head of both Cybercom and the NSA, Navy Adm. Michael Rogers, told the Senate Armed Services Committee (SASC) earlier this month that Cybercom should be its own command as cyber warfare is playing an only expanding role in international conflicts.

Secretary of Defense Ash Carter told the Command Thursday that the war against the Islamic State of Iraq and Syria (ISIS) is “the first major combat operation of Cybercom.”

“The objectives there are to interrupt ISIL command and control, interrupt its ability to move money around, interrupt its ability to tyrannize and control population[s], interrupt its ability to recruit externally. All of that it does in a cyber enabled way,” Carter said, using the Arabic acronym for ISIS. For the full article click here 

from cyber war desk

Three Key Takeaways from 2016 AFCEA Defense Cyber Operations Symposium

BROOMFIELD, Colo., April 28, 2016 /PRNewswire/ — As one of the leading events for the government’s defense sector, the 2016 AFCEA Defense Cyber Operations Symposium (DCOS) showcased a variety of presentations and panels featuring government officials, industry executives and academics. In this video, David Young, regional vice president of the Government Markets Group (GMG) at Level 3 Communications, Inc. (NYSE: LVLT), recaps some of the key takeaways from the annual show:

  • Software Defined Networking (SDN): Within government, SDN is a nascent technology; however, all indications point to a significant ramp up in 2016 as agencies start realizing the benefits. Many of the sessions at the show were dedicated to SDN and its ability to provide added flexibility, efficiency and control agencies are looking for when serving the warfighter. When it comes to the government procurement of telecom services, it is often a long, drawn-out process dependent on the stipulations put forth by the current contract vehicle. Once those services are purchased, any mid-contract course corrections can be difficult to accomplish; however, with SDN, government agencies can make changes to their network without creating a new service order or having to wait out the typical provisioning process.
  • Security: Cybersecurity is an integral component to government networking. Having a complicated patchwork of firewalls and specialized security devices is insufficient in keeping networks secure because they create points of vulnerability and are cumbersome to manage. Given the ever-evolving technology needs – spurring movements like the Internet of Things and BYOD – government agencies must implement security measures from the network layer, investing in a secure pipe, which can layer on additional security controls, as needed, to defend against infrastructure attacks. For the full article click here 

from cyber war desk

Thursday, 28 April 2016

The Hotel Hijackers – Hackers see hotels as an easy target

After all these years we’ve been in the computer security business, there is one thing we know for sure: a cyber-criminal’s main motivation is always money.

That’s why the hackers use Trojans to get the confidential data: the always-multiplying, information-stealing bugs that infect our computers and other devices.

Most recently, these cyber-criminals have been going after hotel chains, you can view our guide, infographic and video on the Panda Media Center Why hotels?
Hackers see hotels as juicy business.

When a phisher considers a hotel, they are thinking of how they can “fish” from the millions of rooms, used by millions of customers, spending millions of dollars.

From booking a room to the payments made at shops and restaurants, hotel chains have complex networks that save enormous amounts of sensitive and private data, just waiting to be compromised. If you stayed at a hotel recently, you might want to double-check your credit card statements…

A troubled history
2015 set a new milestone in this sector with most of the hotel groups, and their support companies, regardless of size, have been victims of cyber-crimes. For the full article click here 

from cyber war desk

Vulnerability in Google’s Waze app could let hackers track you, researchers say

SANTA BARBARA, Calif. — A vulnerability in a popular navigation app could let hackers track your driving, researchers say.

Fusion reports that a security flaw makes it possible for hackers to “create thousands of ‘ghost drivers’ that can monitor the drivers around them,” according to researchers from the University of California-Santa Barbara. The team, which included computer science professor Ben Zhao and graduate students, demonstrated the vulnerability by tracking other researchers

“There was definitely a level of shock or surprise when we first realized this,” Zhao told WTSP.

The good news? Thanks to a recent update, the app only broadcasts your location if it is running in the foreground, Fusion reports. Users also can set themselves as “invisible” in the app, according to WTSPFor the full article click here 

from cyber war desk

What OMB is doing on federal cybersecurity, and what it should be doing

NEXT UP FOR FEDERAL COMPUTER SYSTEMS U.S. Chief Information Officer Tony Scott is thinking two steps ahead about how to modernize federal information technology, whose aging systems are often at the root of cybersecurity vulnerabilities. He again pushed the Information Technology Modernization Fund at a conference Tuesday, cautioning that lawmakers and the executive branch shouldn’t encumber it with other proposals that could make it confusing or hard to implement. But he’s got something in the works next that he says would complement the fund. The Office of Management and Budget is in the process of figuring out how to use the bimodal IT model of information technology management in federal government, he said at the FedScoop-hosted conference. What that involves is simultaneously maintaining the old, legacy systems while also innovating. “You always have this set of things that’s the old stuff — the legacy stuff, the bread-and-butter stuff that runs your agency — and you have to have some way of managing the old stack and the new stack,” Scott said. “It’s time to say goodbye to the ‘wait until it breaks’ mentality, and get on to a continuous upgrade, continuous refresh kind of motion.” (Of note: The bimodal IT model is far from universally embraced.) For the full article click here 

from cyber war desk

Pentagon to Open New Cyberfront in War Against ISIS

The Obama administration has authorized a new online campaign in its slow, grinding war against ISIS, The New York Times reported earlier this week. The Pentagon’s Cyber Command will target ISIS in a way that essentially will get inside the heads of terrorist commanders to disrupt their military operations.

The goal appears to be to sow mistrust and confusion among ISIS leaders by interfering with their ability to pay their soldiers, execute operational orders, recruit new fighters, and communicate with one other.

The plan amounts to dropping cyberbombs on the enemy, Deputy Secretary of Defense Robert O. Work told the Times, which is something the U.S. never before has done in such a large-scale battlefield environment. For the full article click here 

from cyber war desk

Qatar National Bank hit by cyber attack

Qatar National Bank, the gas-rich Gulf state’s leading lender, has been rocked by a data leak that has exposed the personal details of many of its clients in a file posted on social media that singles out some Al Jazeera staff and purports to identify security officials.

The leak contains references to thousands of alleged transactions records of QNB customers, including remittance data to global banks with thousands of alleged beneficiary names and account numbers.

The 1.4GB leaked file includes the names and passwords of thousands of QNB customers. Subfolders within the leaked data file individual details into folders including staff at Al Jazeera, members of Qatar’s ruling al-Thani family, and intelligence and defence officials.

One former QNB customer mentioned in the file, who has since left the country and declined to be identified, confirmed to the Financial Times that his details posted online were accurate. For the full article click here 


from cyber war desk

Wednesday, 27 April 2016

U.S. drops ‘cyberbombs’ on ISIS in a new line of combat

U.S. Military dropping ‘Cyber Bombs’ On ISIS For The First Time

What is seen as a new tactic in its war against the Islamic State, the National Security Agency’s (NSA) Cyber Command unit is looking to increase cyberattacks against the terrorist organization, reported the New York Times on Sunday.

The military’s six-year-old Cyber Command unit is working to disturb the Islamic State’s ability to communicate with one another, potential recruits online and circulate orders online. The militant branch of the NSA has previously been focused on China, Russia, Iran and North Korea.

“We are dropping cyber bombs,” U.S. Deputy Secretary of Defense Robert O. Work told the NY Times. “We have never done that before.” The campaign has been conducted by a small number of “national mission teams,” newly created cyber-units loosely based on Special Operations forces. For the full article click here 

from cyber war desk

Linked Hackers Post US Government Employee ‘Hit List’

Among the individuals whose names appeared on the list were those with ties to the the State Department, the Department of Homeland Security and the departments of Defense, Energy, Commerce and Health and Services, Vocativ reported. The list also targets US embassies in Santiago and Kathmandu, plus the Department of the Navy in Mississippi. A lot of what was listed is publicly-available information, while many numbers are simply office lines. It includes someone who appears to have worked for Australia’s Department of Defence.”USA You are our primary goal”, the post said, according to a screenshot provided by the Middle East Media Research Institute (MEMRI). The total number of people included in the list is 43. “Your system failed to Tackling [sic] our attacks”. Telegram, which is the preferred medium for ISIS hackers is being used to merge these different hacking groups into one formidable hacking command center. Vocativ previously found that members of the Cyber Caliphate Army released target lists of current and former US government officials, as well as kill lists of cops from Minnesota-though no known attacks originated from those past hacks. The hack comes barely a day after the group aligned with Islamic State (ISIS/IS, formerly ISIL) jihadists posted 3,600 purported NY residents” details, again, under the hashtag “We Want Them #Dead’.”On Sunday, the so-called United Cyber Caliphate (UCC) – formed roughly two weeks ago – posted its hacking claims and data dump to its account on the messaging platform Telegram”.The State Department did not immediately comment on the apparent hit list, Fox News reported Monday. For the full article click here 

from cyber war desk

House committee approves $8M to create National Cybersecurity Intelligence Center near UCCS

A committee that holds the purse strings in Colorado approved spending $8 million Tuesday morning to renovate a building in Colorado Springs to house the National Cybersecurity Intelligence Center in Colorado Springs.

The money will predominately be spent renovating a vacant manufacturing plant near the University of Colorado at Colorado Springs that is currently being used as an exposition hall, said Rep. Millie Hamner, D-Dillon, sponsor of the bill.

Hamner said this was the most important bill of the session for her.

“It will put Colorado on the map as far as fighting cyber security threats,” Hamner said.

She said the bill will allow the state to better respond to incidents of hacking and cyber attacks, create a cyber institute and create a rapid response center.

Hamner said $6 million is coming from the federal government and other funding is coming from private partnerships. For the full article click here 

from cyber war desk

Cyber War versus Cyber Realities: Cyber Conflict in the International System

Free first page

from cyber war desk

Cyber Fraud At SWIFT – $81 Million Stolen From Central Bank

Swift, the vital global financial network that western financial services companies, institutions and banks use for all payments and transfer billions of dollars every day, warned its customers yesterday evening that it was aware of cyber fraud and a number of recent “cyber incidents” where attackers had sent fraudulent messages over its system and $81 million was apparently stolen from a central bank. 

As reported by Reuters, the disclosure came as law enforcement agencies investigate the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank. Swift has acknowledged that the scheme involved altering Swift software on Bangladesh Bank’s computers to hide evidence of fraudulent transfers.

Yesterday’s statement from Swift marked the first acknowledgement that the cyber attack on  the New York Federal Reserve Bank was not an isolated incident but one of several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions.

“Swift is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit Swift messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the Swift network,” the group warned customers.

The warning, which Swift issued in a confidential alert sent over its network, did not name any victims or disclose the value of any losses from the previously undisclosed attacks.

Swift, or the Society for Worldwide Interbank Financial Telecommunication, is a co-operative owned by 3,000 financial institutions. Also, Swift released a security update to the software that banks use to access its network to thwart malware that security researchers with British defense contractor BAE Systems said was probably used by hackers in the Bangladesh Bank heist. For the full article click here 

from cyber war desk

Tuesday, 26 April 2016

Pentagon launches first cyber attack against Daesh

Washington, April 26 (Petra) — The Pentagon will launch its first full-scale cyber offensive against the Daesh terror group, the Hill newspaper reported Tuesday.

The campaign includes efforts to imitate prominent Daesh commanders online and mislead militants, as well as to interrupt and redirect electronic transfers of money used to fund the group’s extremist agenda, the newspaper revealed.

To conduct the offensive, the Pentagon has created a cadre of “national mission teams” that resemble special operations forces.

The military is hoping to spread concern among the gang’s members that U.S. cyber attacks are manipulating their data and eavesdropping on communications with potential recruits, it added.

“We are dropping cyber bombs,” Robert Work, deputy secretary of Defense,said. “We have never done that before.” To this point, the U.S. has struggled to counteract Daesh online. The terrorist group successfully uses online messaging platforms and social media networks to spread propaganda, radicalize foreigners and conduct its own low-scale digital disruptions through cyber attacks, the Hill explained. For the full article click here 

from cyber war desk

US Road Vehicles Vulnerable to Cyberattack From Any Place Around the World Read more:

Road vehicles used in the United States are increasingly vulnerable to being hacked and disabled by cyberattacks mounted even from outside the United States, a Government Accountability Office (GAO) report said.

WASHINGTON (Sputnik) — Researchers have shown that these interfaces can be exploited remotely through short-range and long-range wireless channels, even via Bluetooth units that enable hands-free cell phone use to take control over safety-critical functions such as the brakes, the GAO noted.

“Modern vehicles contain multiple interfaces… that leave vehicle systems, including safety-critical systems, such as braking and steering, vulnerable to cyberattacks,” the report stated on Monday.

Twenty three specialists consulted by the GAO agreed that wireless attacks, such as those exploiting vulnerabilities in vehicles’ built-in cellular-calling capabilities, would pose the largest risk to passenger safety.

“Such attacks could potentially impact a large number of vehicles,” the report pointed out.

The attacks could access targeted vehicles “from anywhere in the world,” the GAO added. For the full article click here 

from cyber war desk

Malcolm Turnbull To Spend $240M on Cyber Defence Attack

Australian Prime Minister Malcolm Turnbull announced on Thursday that the Australian government is working on a $240-million cyber-defence program in light of the countless cyber attacks the country faces on a daily basis.

The goal of the program is to protect Australia’s computer-generated systems from sophisticated attacks orchestrated by established offenders and those subsidised by the nation. Turnbull is also set to assign a minister to help him in all matters regarding cyber security.

Thousands of cyber attacks, which the government claims are becoming more and more recurrent and refined, are launched almost every year. These attacks range from illegally modifying data, unlocking a computer loaded with software that’s malicious, intellectual property theft and seeking ransom.

Although the government believes that a bigger and graver cyber attack, described as compromising national security, has yet to be conducted. For the full article click here 

from cyber war desk

What Cyberwar Against ISIS Should Look Like

Pentagon officials have publicly said, in recent weeks, that they’re hitting ISIS not only with bullets and bombs but also with cyberoffensive operations.“We are dropping cyberbombs,” Robert Work, deputy secretary of defense, is quoted as proclaiming in Monday’s New York Times. Similar, if less colorful, statements have been made by Secretary of Defense Ash Carter and,a week ago, President Obama.

What does it mean? And what effects are these new weapons having on the overall war? After dropping his “cyberbombs” bombshell, Work said, “We have never done that before.” But in fact, the United States has done it before, against Iraqi insurgents, including al-Qaida fighters, back in 2007. And, as I discovered while researching my book Dark Territory: The Secret History of Cyber War, the effects were devastating.

Standard accounts have credited President George W. Bush’s troop surge and Gen. David Petraeus’ counterinsurgency strategy for turning the Iraq conflict in the coalition’s favor in 2007. These accounts aren’t wrong, as far as they go, but they leave out another crucial factor—cyberoffensive warfare, as conducted by the Joint Special Operations Command and the National Security Agency. For the full article click here 

from cyber war desk

US government wants cyber forces that think like the enemy

Lawmakers want mandatory training for US military cybersecurity to act as the enemy in war games tailored to test the country’s cyber defenses. The suggestion was included in a recent defense bill. To ensure attacks aren’t confused with real (well, cyber) ones, agreements would be made with the Defense Secretary Ash Carter. One official described the training like the enemy squadrons used by the US Air Force during Red Flag — a flight exercise for fighter pilots.

The Armed Services Committee voted last week to create a training program for cyber opposition forces by the end of March 2016, while deploying cyber red teams against the US’ cyber defenses will need to be agreed upon by September next year. The military would run practice scenarios through out the year. “The committee recognizes that special arrangements will be needed to deconflict training from real-world activities that may happen on mission networks,” the lawmakers said.

US forces have already experienced periodic “red team” cyberattacks over time with positive results, according to Michael Gilmore, the Pentagon’s operational test and evaluation director. For the full article click here 

from cyber war desk

Monday, 25 April 2016

ISIS Targeted by Cyberattacks in a New U.S. Line of Combat

LONDON — The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons.

The effort reflects President Obama’s desire to bring many of the secret American cyberweapons that have been aimed elsewhere, notably at Iran, into the fight against the Islamic State — which has proved effective in using modern communications and encryption to recruit and carry out operations.

The National Security Agency, which specializes in electronic surveillance, has for years listened intensely to the militants of the Islamic State, and those reports are often part of the president’s daily intelligence briefing. But the N.S.A.’s military counterpart, Cyber Command, was focused largely on Russia, China, Iran and North Korea — where cyberattacks on the United States most frequently originate — and had run virtually no operations against what has become the most dangerous terrorist organization in the world. For the full article click here

from cyber war desk

Comelec hacking: A lesson on cybersecurity

Recently, an American Internal Revenue Service (IRS) was also attacked by identity thieves who eventually succeeded in getting the PINS of around 101,000 previously stolen Social Security numbers. Last March, a group of unknown hackers broke into Bangladesh’s central bank, obtained credentials needed for payment transfers, and then transferred large sums to fraudulent accounts based in the Philippines and Sri Lanka.

Based on fresh reports of cyber attacks all over the world, it seems that even the most secure government institutions in even the most security-conscious countries have fallen prey to hackers, in one way or another—the FBI, Homeland Security, NASA, and even the Bangladesh Central Bank and our very own Comelec, to name just a few. The list is getting longer by the day.

The fact is that the amount of data that organizations often need to secure expands much faster than the efforts done to protect it. As data expands, so should the layers of protection provided for it.

When asked about the recent Comelec database hacking in an interview, Allyxon Cua, President of AMTI—a local technology and systems integration company that provides security solutions—said: “What happened to the COMELEC is still unclear to all of us. What we do know is that security was breached and important data was compromised.”

Cua stressed that the incident should make organizations and government agencies realize the need to continually increase security for their online databases. For the full article click here

from cyber war desk

Big data analytics a useful security tool, says analyst

Big data analytics is a useful tool for enabling organisations to become more resilient in the face of increasing cyber attacks, according to a software market analyst and IT consultant.

“A recent survey found that 53% of organisations that are using big data security analytics report a ‘high’ business benefit,” said Carsten Bange, founder and managing director of the Business Application Research Center (Barc).

“The survey also found that 41% reported a ‘moderate’ benefit and only 6% said benefit was ‘low’, so there is fairly strong evidence of the business benefits of big data security analytics, ” he told Computer Weekly.

While adoption across the board is still relatively low, more than two-thirds of the more advanced companies surveyed are adopting advanced big data security analytics technologies, such as user behaviour analytics, the Barc survey revealed. For the full article click here

from cyber war desk

Insurers could hold key to managing cyber risks

U.S. deploying 250 more U.S. troops to Syria, launching cyberattacks on ISIS

President Obama said Monday he is sending 250 more U.S. military personnel to combat the Islamic State in Syria, bringing the total U.S. military force in Syria to about 300. “They’re not going to be leading the fight on the ground, but they will be essential in providing the training and assisting local forces,” Obama said in Hanover, Germany. U.S. officials say a main purpose is to get more Sunni Arabs in the fight against ISIS. U.S. Cyber Command has also been attacking ISIS, disrupting their communications, recruitment, and day-to-day operations, The New York Times reports. Cyber Command typically focuses on nations that use the internet to attack the U.S., like Russia, China, Iran, and North Korea. For the full article click here

from cyber war desk

Saturday, 23 April 2016

Forcepoint 2016 Global Threat Report WebCast

Title: Forcepoint 2016 Threat Report

Date: Tuesday, May 03, 2016

Time: 11:00 AM Pacific Daylight Time

Duration: 1 hour

Forcepoint Security Labs® has produced their annual Threat Report – the must-read analysis of what’s really happening in the cyber landscape.

Evolving IT environments have made the past perimeter-based security model obsolete. Resource-strapped security teams are struggling to keep up with more and more challenging threats. A new, holistic approach is needed to give enterprises a 360-degree view with real-time analysis and meaningful alerts that anticipate and communicate the threat landscape so customers can act quickly to defeat the most determined adversary.

Using in-depth insights from the Forcepoint Security Labs ThreatSeeker® Intelligence Cloud, Michael Crouse, Office of the CISO, will share the latest threats gathered from more than three billion data points per day in 155 countries around the world, and what they mean for agencies while providing operational and technical recommendations to navigate the ever-changing threat landscape.

Learn more about:

  • Forcepoint’s first-hand case study on protecting a cybersecurity company during an acquisition.
  • How to avoid becoming an inadvertent insider threat.
  • How threats are evolving in capability while traditional security perimeters dissolve.

This is a must-attend webcast. All attendees will receive a FREE copy of the full 2016 Threat Report.

To Register and View More Details Click Here

from cyber war desk

DARPA Is Looking For The Perfect Encryption App, and It’s Willing to Pay

While the FBI keeps crying wolf about the dangerous dark future where criminals use technology that’s impossible to spy on, the Pentagon’s blue-sky research arm wants someone to create the ultimate hacker-proof messaging app.

The Defense Advanced Research Projects Agency, better known as DARPA, is looking for a “secure messaging and transaction platform” that would use the standard encryption and security features of current messaging apps such as WhatsApp, Signal, or Ricochet, but also use a decentralized Blockchain-like backbone structure that would be more resilient to surveillance and cyberattacks.

DARPA’s goal is to have “a secure messaging system that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations,” according to a notice looking for proposals, which was recently posted on a government platform that offers federal research funds to small businesses. For the full article click here 

from cyber war desk

7 things to know about whaling, the emerging cybersecurity threat

In addition to phishing schemes, ransomware and other cybersecurity scams, whaling is emerging as a growing cybersecurity threat.

Here are seven things to know about whaling.

1. Whaling, also known as CEO fraud, is when a hacker pretends to be an executive or senior leader of a company and sends an email to a specific individual to wire or transfer money, according to CIO.

2. Whaling has become a significant enough of a concern that the FBI issued an alert for businesses to be aware and on the look out for such email scams. The FBI has received complaints of such scams from all 50 states and in at least 79 countries in nearly two and a half years. Since January 2015, the FBI reported a 270 percent increase in identified victims of whaling attacks, according to the agency’s alert.

3. While other cyber attack tactics generally involve sending spam emails with malicious links — often sent in mass batches — whaling is a targeted attack. Hackers create email addresses that closely mimic those of company executives, and they research companies to mirror the language used to sound like the leader they are impersonating.

“On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software,” according to a Krebs on Security report. “But in many ways, CEO fraud is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers.” For the full article click here 

from cyber war desk

Australia Is Spending $178 Million to Beef Up Cyber Security

The Australian government announced on Thursday that they would be allotting $178 million to beef up cyber security. This was after admitting that the country’s weather bureau had been compromised by cyber intrusion.

Prime Minister Malcolm Turnbull from Australia confirmed the rumors that some government agencies of the country had been hacked. However, he refused to answer when asked if he believes that China is behind the hacking.

The prime minister clarified that the funding, which will increase to $400 million Australian dollars, is to strengthen cyber security, finance regular meetings between government, researchers and businesses for strategizing on the concern that may arise.

Previous cyber attacks have also been encountered by the country when the Australian Broadcasting Corporation system was hacked in December. Australia’s new intelligence agency headquarters blueprint was stolen in 2013. Moreover, there has been suspected cyber intrusion on the computers of the prime minister, foreign minister and defense minister two years ago, according to Security Week. For the full article click here 

from cyber war desk

Halvorsen: Cyber war is a culture war

Security experts have often said that the key to cybersecurity is a matter of approach and attitude, an idea Defense Department  CIO Terry Halvorsen reiterated this week.

“Technology is really the easy part,” he said at the AFCEA Defensive Cyber Operations Symposium in Washington, D.C. “I am convinced you will get the technology piece right, but what concerns me is, can we get to the culture change needed?”

Part of that culture change just has to do with diligence and educating users (many of the highest-profile hacks in recent years started with an employee clicking on a malicious link in a phishing email), but Halvorsen specifically promoted the idea of collaboration between DOD and industry—and the trust that needs to be built between the two in order to make that collaboration work.

DOD has sought to partner Silicon Valley-based and other tech companies through its Information Technology Exchange Program, which has to date has launched efforts such as development of new flexible electronics and the Hacking 4 Defense program. For the full article click here 

from cyber war desk

Friday, 22 April 2016

A Business Case For Funding Your Federal Insider Threat Program


The insider threat is a dangerous risk to government agencies and its most sensitive data. Monitoring the behaviors internally and identifying when bad is bad based on access, roles and actions is not a luxury government agencies can afford to go without.

Read our detailed whitepaper on building a case for funding your federal insider threat program and the necessary steps to establishing a successful security posture against such threats.

Get your copy of the report today! 

Source :

from cyber war desk

Win XP Flash Java healthcare makes easy pickings for hackers

The healthcare industry is a long way behind the financial sector in basic security practices, according to a study by two factor authentication firm Duo Security.

Duo found that healthcare devices were significantly more out of date and less secure than ones from finance, after comparing its healthcare customers’ devices to its finance customers’ equipment.

Healthcare has a four times greater density of Windows XP computers compared to finance. Windows XP has been unsupported by Microsoft since 2014 and unsupported OSes do not receive any software patches or updates, making them an easy target for attackers.

The risk is far from theoretical. For example, earlier this year Melbourne Health’s networks were infected with malware after an attack compromised the Royal Melbourne Hospital’s pathology department, which was running Windows XP.

The Qbot malware linked to the infection is capable of stealing passwords and logging keystrokes.

A significant minority (three per cent) of Duo’s installed base is stuck on Windows XP, which compares to one per cent of users across Duo’s entire client base. Across that customer base, finance has 50 per cent more instances of computers running on the Windows 10 operating system than healthcare. For the full article click here 

from cyber war desk

Q&A: Rep. Mike McCaul on a whole new age of terrorism

As chairman of the House Committee on Homeland Security, Rep. Mike McCaul has a unique perspective on national security matters. In his new book, Failures of Imagination: The Deadliest Threats to Our Homeland — And How to Thwart Them, McCaul, who receives daily intelligence briefings, says the threats of dirty bombs and cyber warfare are more pressing than most Americans realize. Editorial writers Jim Mitchell and Michael Lindenberger chatted with the Republican congressman who represents Austin during a recent trip to Dallas.

When you look at crises around the world, how would you prioritize them? Is ISIS the No. 1 foreign-policy question?

ISIS is probably the No. 1 homeland security threat. Having said that, there are many others, whether it is Mr. Putin in Russia and his aggressions or China and North Korea and their cyber-espionage. ISIS is capable of doing an active shooter, suicide-bomber-type of thing, which would cause a lot of damage. They’ve talked about doing that in the United States.

But a cyber-event could be really catastrophic. Iran, North Korea, China and Russia have capabilities to shut things down. A cyber-attack on the power grid or financial institutions could be very damaging. The probability is getting higher on the cyber-side. ISIS also has talked about getting a Pakistani nuclear device and smuggling it across the Southwest border. Even radioactive material with a stick of dynamite can cause a dirty bomb that could contaminate critical assets here, too. For the full article click here

from cyber war desk

IDFs IT unit head: Our enemy understood it can try to shut us down with a cyber attack

Driven By Rising capabilities to launch cyber attacks that could paralyze IDF operations, the military unit in charge of IT infrastructure held a large-scale cyber war drill on Thursday, testing its ability to switch to shadow facilities in the event of a shut down.

Lt.-Col. Yaniv Ossi, Head of IT Operations in the IDF’s Center of Computing and Information Systems, known by its Hebrew acronym, MAMRAM, told the Jerusalem Post on Thursday that the exercise reflected the IDF’s growing dependence on technology for every aspect of military operations.

MAMRAM is the C4i Branch unit that supplies IT infrastructure, from servers to communications components, to IDF units. It also activates them on behalf of the army, and enables the IDF’s three branches to integrate their operations. For the full article click here 

from cyber war desk

Australia admits government hack attacks boosts cyber security

“The growth centre will also link to existing cyber security innovation hubs overseas … and its network will help strengthen our cyber defences as well as growing business opportunities and creating jobs”.

While there was a lot of praise for what the cyber security strategy covered, BAE Systems was critical of the Government for delaying the revision of the original security plan which was released in 2009.

The PM says that the government will be investing AU$230 million (around $180 million or £125 million) on new measures, including hiring over 100 IT specialists and the implementation of 33 initiatives. Its release was originally planned to coincide with the Australian Cyber Security Centre conference where Craig spoke, but was delayed, according to ZDNet.

He did laud the Government for bringing in cyber security health check scheme for the public and private sector.

“We will increase our global cooperation and influence and foster genuine partnerships between the Australian public and private sectors”, the Prime Minister said. The UK too set up its own Joint Cyber Reserve unit back in 2013 to ward off and – if necessary – strike back against potential cyber threats. Business wants better access to government information on cyber threats and they have told us they have information they want to share. For the full article click here 

from cyber war desk

McAfee: If FBI gets backdoor to peoples phones US society will collapse

They said that the war never changes – but what if it does? The introduction of digital technologies, the cyberspace of the World Wide Web has introduced new battlefields. Law enforcement, drug trade, political fights and terrorism have gone online. The fight for information and access to the hidden data is raging on, both in the legal sphere, with authorities trying to tighten the grip on the digital flow, and international, with army-like hacker groups searching for the cracks in the cyber defense of nations. How far will this fight go? Who has the upper hand? And can battles in virtual reality claim real lives? We ask the cyber-expert extraordinaire – John McAfee is on Sophie&Co today.

Sophie Shevarnadze:  John McAfee, cyber security expert extraordinaire, inventor, entrepreneur, creator of McAfee antivirus, welcome to the show, once again, it’s really great to have you with us. So, John, the recent Apple-FBI battle over the unlocking of encrypted Iphone of the San-Bernardino shooter has ended when the FBI said it was able to access the phone’s data with the help from the third party. Should the FBI have access to the information stored on that phone, the phone of a terrorist?

John McAfee: It’s not the matter of should they have it. I mean, I guess, if he’s suspected in a crime, the question is not whether they should have access to it, it is whether they should require Apple to give them access in a manner that gives them access to all other telephones, and that’s basically what the FBI was asking. For the full article click here 

from cyber war desk

Thursday, 21 April 2016

U.S. cyber officials worry milware will target infrastructure

It’s no secret cyber threats are becoming more widespread and advanced. Just look no further than Ukraine’s power grid that was knocked out in a first-of-its-kind coordinated cyber attack.

Current terminology and lexicon appear to be outdated to describe how sophisticated threats today are. “We all know what malware is, right? We’re starting to use the term milware,” Philip Quade, special assistant to the director for cyber for the NSA’s Cyber Task Force said. “It’s not a scientific term but what it represents is the sophistication of attacks, whether it’s the targeted attack, for example it might be a defense target or other systems of national importance, it’s often a type of malware that’s been customized by government. Sometimes it starts with plain old malware available elsewhere and [then is] customized, but more and more importantly, it often is a planted attack – some parts of it might be physical, some parts might be otherwise. The Ukrainian malicious activity has many of these attributes.”

Quade, in an address at an event hosted by AFCEA’s Bethesda chapter April 19, delved into the types of threats facing the U.S. and their characteristics. Russia, which remains the top cyber threat, tends to focus on intelligence, influence operations and preparing for future contingencies, Quade said. For the full article click here 

from cyber war desk

Manufacturers Suffer Increase In Cyberattacks

Cyberattacks on manufacturing companies on the rise as attackers attempt to steal valuable intellectual property and information.

The manufacturing sector is now one of the most frequently hacked industries, second only to healthcare, a new report says.

Healthcare, which has a wealth of exploitable information within electronic records, moved into the top spot of the rankings, replacing financial services, which dropped to third place in IBM X-Force Research’s new 2016 Cyber Security Intelligence Index. Manufacturing rose from third place in last year’s report, which offers a high-level overview of the major threats to IBM’s clients’ businesses worldwide over the past year.

Manufacturing includes automotive, electronics, textile, and pharmaceutical companies. Automotive manufacturers were the top targeted manufacturing sub-industry, accounting for almost 30% of the total attacks against the manufacturing industry in 2015. Chemical manufacturers were the second-most targeted sub-industry in 2015, according to IBM. For the full article click here 

from cyber war desk

DISA director: Gloves are off in cyber war time for new defenses

In describing a handful of his agency’s top cybersecurity acquisition priorities, the director of the Defense Information Systems Agency said DoD needs new tools to grapple with the fact that cyber adversaries have become much more brazen in recent years, and are no longer concerned with whether or not they’re detected when trying to penetrate Defense networks.

Until relatively recently, said Lt. Gen. Alan Lynn, most cyber attacks looked somewhat like an “intel game,” with enemies quietly burrowing their way into networks and keeping a low profile until they discovered something worth stealing.

“That’s not the world we’re living in today. They don’t care anymore,” Lynn said Wednesday at AFCEA’s cyber defense symposium in Washington. “They are kicking in the doors. It’s loud, it’s fast, it is smash-and-grab. It used to be that going after senior leaders is something you just didn’t do, but they’re going after senior leaders in their offices and at their homes. The gloves are off. This is cyber warfare, and it’s happening on our networks daily.”

Among the technologies DISA is most interested in to protect Defense networks against those sorts of attackers: software defined networking (SDN), which the agency has been spending money on for about 15 months. The technology would let DoD move from network structures that are determined by fixed, physical hardware like routers and switches and toward a virtualized IT topology that can be changed at a moment’s notice. For the full article click here 

from cyber war desk

Rules For Cyberwarfare Still Unclear Even As U.S. Engages In It

When Defense Secretary Ashton Carter landed in Iraq for a surprise visit this week, he came armed with this news: More than 200 additional U.S. troops are headed to that country. They’ll join the fight to retake the Iraqi city of Mosul from the Islamic State.

As that battle unfolds on the ground, a parallel war against ISIS is unfolding in cyberspace.

U.S. officials have confirmed to NPR that over the past year, the cyber campaign has taken off. They describe an escalation in operations, from using cybertools to geolocate a particular ISIS leader to hacking into and then conducting surveillance on a particular computer.

The activity occurs even as the rules for cyberwarfare remain a work in progress. Among the outstanding questions: Who’s in charge when the U.S. wages cyberwar?

“The chain of command is clear on paper,” says Susan Hennessey, who served as a lawyer at the National Security Agency until November 2015. “It’s much more difficult to understand in practice.” For the full article click here 

from cyber war desk

Australia says it can hack enemies as it invests $230 million in cyber security

The Australian government is watching and has the means to launch a cyber attack.

On Thursday, Prime Minister Malcolm Turnbull introduced a massive A$230 million cash injection to arm the country for cyber security issues and deal with online threats it is facing, including cyber war and internal whistleblowers.

Within the new Internet strategy, pushed down to page 28, the government also makes clear it has the capabilities to launch a cyber attack if necessary.

“Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack,” the report reads. “Any measure used by Australia in deterring and responding to malicious cyber activities would be consistent with our support for the international rules based order and our obligations under international law.”

In Turnbull’s statement, he also singled out the threat of “warmware,” where an insider compromises government intelligence. In particular, the Edward Snowden leaks in 2013.  For the full article click here 

from cyber war desk

Wednesday, 20 April 2016

ICIT Brief: Combatting the Ransomware Blitzkrieg with Endpoint Security

Ransomware, the weaponization of encryption, has struck fear and confusion into the hearts of PC users and critical infrastructure communities alike. While it is impossible for organizations to prevent malware from infecting their networks, those who deploy a multi-layered security strategy and teach proper cybersecurity hygiene to their employees have a strong chance of defending against these types of attacks. This brief, entitled “Combatting the Ransomware Blitzkrieg: The Only Defense is a Layered Defense – Layer One: Endpoint Security”, will focus on the critical role endpoint security plays as part of an organization’s comprehensive and holistic security strategy. The brief contains an analysis of:

  • The need for endpoint security
  • Vulnerable endpoints (users, personal computers, servers, mobile devices, specialize hardware and cloud services)
  • Potentially vulnerable endpoints (SCADA/ICS, IoT devices, cars)
  • Endpoint security
  • Selecting an endpoint security strategy

The following experts contributed to this brief:

  • James Scott (Sr. Fellow & Co-Founder, ICIT)
  • Drew Spaniel (Visiting Scholar, ICIT)
  • Dan Waddell (ICIT Fellow – Director, Government Affairs, (ISC)2)
  • Greg Fitzgerald (ICIT Fellow – Chief Strategy Officer, Cylance)
  • Rob Bathurst (ICIT Fellow – Managing Director, Healthcare and Life Sciences, Cylance)
  • Malcolm Harkins (ICIT Fellow – Global Chief Information Security Officer, Cylance)
  • Ryan Brichant (ICIT Fellow – CTO, ICS, FireEye)
  • George Kamis, (ICIT Fellow – CTO Federal, Forcepoint)
  • Stacey Winn (ICIT Fellow – Senior Product Marketing Manager, Public Sector, Forcepoint)
  • Thomas Boyden (ICIT Fellow – Managing Director, GRA Quantum)
  • Kevin Chalker (ICIT Fellow – Founder & CEO, GRA Quantum)
  • John Sabin (ICIT Fellow – Director of Network Security & Architecture, GRA Quantum)
  • Rob Roy (ICIT Fellow – Public Sector CTO, Hewlett Packard Enterprise)
  • Stan Wisseman (ICIT Fellow – Security Strategist, Hewlett Packard Enterprise)
  • Cindy Cullen (ICIT Fellow – Security Strategist, Hewlett Packard Enterprise)
  • Stan Mierzwa (ICIT Fellow – Director, Information Technology, Population Council)

Download the brief here

from cyber war desk

Cybersecurity in the Financial Services Sector

Cybersecurity –why is it important?

In the digital era Financial Institutions rely on technology to engage with their customers, manage assets and balance sheet exposures, settle transactions, and satisfy regulatory reporting requirements. The resilience of firms’ technology infrastructure has become a key focus for Chief Executives and regulators1. alike – it is no longer the sole preserve of the IT department.

Recent high profile incidents have placed data security breaches firmly on the front pages – Mossack Fonseca, Ashley Madison, Talk Talk, Vtech, Target, Home Depot. In some cases leaks and attacks are initiated by activists or whistle-blowers (in some cases under the cover of public interest); of greater concern are those initiated by criminal groups who recognise that confidential information, financial data and personal identities are a tradable commodity.

The risk of Cybercrime to the UK economy is estimated at £27bn2 with 90% of large companies reporting a security breach in 2015.3 The exposure is perceived as most acute in the banking, capital markets and insurance sectors.4

It is not surprising then that over half of large companies polled in a recent survey5 have appointed CISOs (Chief Information Security Officers) in recognition of the potential impact of data breaches on their business.

In short IT and Data security has become an essential element of any firm’s strategic management controls and we will explore some of those themes in this briefing. For the full article click here 

from cyber war desk

Why companies are still falling victim to an eight-year-old computer virus

The vast majority of even the most significant cyberattacks and intrusions by nation states could be stopped if only organisations followed the most basic cybersecurity practices, the director of UK’s national Computer Emergency Response Team (CERT-UK) has warned.

Speaking at the Security and Counter Terror Expo in London, Chris Gibson said the biggest security threat remains malware. Many companies are still fighting malware infections which were first released as long as eight years ago — a fact he described as “enormously depressing”.

“We saw 530,000 incidents involving Conficker last year. Conficker is an eight year old virus — this it not new stuff. It changes, but at the end of the day, as someone who’s spent 20 years in information security, this is the point where I hold my head in my hands and think I’ve failed dismally. This is stuff we should’ve nailed years ago — this is not stuff we should still be facing day in, day out,” he said. For the full article click here 

from cyber war desk

Stepping over the cyber line

The recent cyberattack on the Ukraine’s power grid has caused several organizations to rethink the threats posed to the U.S. power grid. The Ukraine’s power incident, which disrupted electricity for 80,000 customers, is the first publicly disclosed outage resulting from a cyberattack. The Department of Homeland Security said spear-phishing and a corrupted Microsoft Word attachment allowed the BlackEnergy malware to infect the Ukraine’s systems.

The successful Ukraine attack prompted DHS and the FBI to create and start delivering an unclassified Web briefing titled, “Ukraine Cyber Attack: Implications for U.S. Stakeholders.” Federal authorities also recently disclosed that the cyberattack on the small Bowman Dam in Rye, New York was attributed to seven hackers in Iran.

All of this has raised concerns of many in government as well as some in the private sector and prompted discussions about the likelihood of a cyberwar in the not-so-distant future. So what level of cyberattack would be considered an act of war? During his nomination hearings last year, Secretary of Defense Ash Carter told the Senate Armed Services Committee that an act of cyberwarfare is defined as a cyberattack on critical infrastructure, the economy or U.S. military operations. For the full article click here 

from cyber war desk

A novel approach to war

Defense analyst Peter Singer speaks at ASU about ‘Ghost Fleet’ book, shrinking U.S. military advantage and possibility of WWIII

Land grabs by Russia. Escalating Chinese military dominance in Asia. Superpowers fighting in outer space. The launch of World War III.

It is the stuff of fiction — specifically, Peter W. Singer’s novel “Ghost Fleet: A Novel of the Next World War” — but it is also mere moments away from reality, the political theorist said Tuesday night at Arizona State University.

“The global context is changing,” said Singer, strategist and senior fellow for think tank New America Foundation and contributing editor for Popular Science. “What was once thinkable, then became unthinkable, is thinkable once more: the thought of great powers going to war.” For the full article click here 

from cyber war desk


The following is a two-part series on how the U.S. might better utilize cyberspace and information operations as a Third Offset. Part I will evaluate current offset proposals and explores the strategic context. Part II will provide specific cyber/IO operations and lines of effort.

By Jake Bebber

“It is better by noble boldness to run the risk of being subject to half of the evils we anticipate than to remain in cowardly listlessness for fear of what might happen.”

-Herodotus, The Histories


In 2014, then Secretary of Defense Hagel established the Defense Innovation Initiative, better known as the Third Offset, which is charged with recommending ways to sustain American military superiority in the face of growing capabilities fielded by powerssuch as Russia and China.[i] The purpose of the Third Offset is to “pursue innovative ways to sustain and advance our military superiority” and to “find new and creative ways to sustain, and in some cases expand, our advantages even as we deal with more limited resources.” He pointed to recent historical challenges posed by the Soviets in the 1970’s which led to the development of “networked precision strike, stealth and surveillance for conventional forces.” Centrally-controlled, inefficient Soviet industries could not match the U.S. technological advantage, and their efforts to do so weakened the Soviet economy, contributing to its collapse.

Today, China represents the most significant long-term threat to America and will be the focus here. A number of leading organizations, both within and outside government, have put forward recommendations for a Third Offset. However, these strategies have sought to maintain or widen perceived U.S. advantages in military capabilities rather than target China’s critical vulnerabilities. More importantly, these strategies are predicated on merely affecting China’s decision calculus on whether to use force to achieve its strategic aims – i.e., centered around avoiding war between the U.S. and China. This misunderstands China’s approach and strategy. China seeks to win without fighting, so the real danger is not that America will find itself in a war with China, but that America will find itself the loser without a shot being fired. This paper proposes a Cyberspace-IO Offset strategy directly attacking China’s critical vulnerability: its domestic information control system. By challenging and ultimately holding at risk China’s information control infrastructure, the U.S. can effectively offset China’s advantages and preserve America’s status as the regional security guarantor in Asia For the full article click here 

from cyber war desk

Tuesday, 19 April 2016

The cyber war on ISIS; More US troops to Iraq?; Syrian ceasefire not so much; Whats broken on F-35 now; and a bit more.

The U.S. is mulling more American troops for Iraq’s Mosul offensive, Ash Carter said this morning during his third trip to Baghdad as defense secretary. Other ideas reportedly on the table include “more airstrikes, cyberattacks and American troops on the ground,” the Associated Press reportsfrom Baghdad.

About those cyber attacks: they are “far more serious than what the president laid out in his bland description” last week, The Daily Beast reports. They include such things as “implanting viruses in terrorists’ computers, and mining the machines to launch real-world strikes,” write Shane Harris and Nancy Youssef, who put it all in context,here.

Back to Carter’s trip: A senior defense official told Stars and Stripes that increased U.S. troop level “recommendations would likely be for smaller additions of specific forces theU.S. thinks will help the Iraqi forces campaign against the Islamic State,” but no additional details were offered.

“We are not looking for a big footprint and the Iraqis certainly will be supportive of things that are directly connected to capabilities that they feel their soldiers need do the fight,” the nameless official said. “That’s what we saw with Taqqadum…the base outside of Ramadi that helped us help them take back Ramadi.” For the full article click here 

from cyber war desk

Steve Wozniak Apple co-founder compares current cyber fears to Cold War hysteria

Cyberattacks are causing as much panic today as the possibility of a nuclear attack did during the Cold War, Apple co-founder Steve Wozniaktold interviewers in Australia on Monday.

“We used to fear the atomic bomb when I was young, and you used to come home from school and sirens would go off for a test on every corner,” the 65-year-old computer pioneer said during an appearance on Lateline that this week on Australia’s ABC television network. “Now we fear all the cyberattacks and hacking. What’s the next one we’re going to hear about?

“Is one going to come close to me? Is it going to hit me? Could they really take out our electrical system, turn off our internet, how far can it go? And it’s getting worse and worse year by year, not better and better,” headded.

Although “The Woz,” as he’s widely known, left Apple ages before the tech titan released its signature iPhone in 2007, he told Lateline that the current dispute between the Department of Justice and Apple could set a dangerous precedent if the government is allowed to cite national security concerns in order to compel companies into designing products that can be compromised. For the full article click here 

from cyber war desk

Overnight Cybersecurity: Apple FBI head back to Capitol Hill

-DON’T CALL IT A COMEBACK: The dispute between Apple and the FBI will be back in the spotlight on Tuesday, with both sides sending representatives to testify before the House Energy and Commerce Committee. But lawmakers will keep the two sides apart at the hearing, titled “Deciphering the Encryption Debate.” There will be two separate panels: one made up of law enforcement voices and a second dominated by tech industry members. The hearing comes as lawmakers weigh a contentious discussion draft of an encryption bill released last week by Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and ranking member Dianne Feinstein(D-Calif.). The bill would force companies to provide “technical assistance” to government investigators seeking secure data — a response to concerns that criminals are increasingly using encrypted technology to hide from authorities. On Monday, major law enforcement organizations lined up to support the Burr-Feinstein bill. Prominent police commissioners, district attorneys and the industry groups that represent them say companies are failing to comply with legal court orders and impeding legitimate investigations. Apple recently rebuffed an FBI court order directing the tech giant to help unlock an iPhone used by one of the San Bernardino terrorists. “This is a crisis in the making and it goes well beyond a singular terrorism case,” said New York City Police Commissioner William Bratton. “To establish a safe haven for pedophiles, rapists and murderers through their mobile device is impacting untold crime victims today — right now.” But the tech community has strongly opposed the legislation. Apple’s general counsel and the cybersecurity specialists testifying on Tuesday will likely restate their belief that guaranteeing access to secure data will undermine security and endanger online privacy. For the full article click here 

from cyber war desk

Worlds biggest cyber wargame features battle over online services and industrial control system

The world’s largest cyber wargame will take place this week, with 550 security professionals from 26 nations battling over the computer networks of the fictional state of Berylia.

The Locked Shields 2016 cyber defence exercise — organised by the NATO Cooperative Cyber Defence Centre of Excellence in Estonia — sees 20 ‘blue teams’ representing 19 nations and NATO’s Computer Incident Response Capability attempting to defend the systems and services of the fictional country from attack.

More than 1,700 attacks will be carried out against the 1,500 virtualised systems the teams have to defend — a variety of servers, online services and an industrial control system.

And it’s not just about stopping digital attacks: as well as handling and reporting incidents, the defenders have to solve forensic challenges and respond to the fictional media inquiries and legal issues that could crop up in a real incident. For the full article click here 

from cyber war desk

Defense Secretary: China Cyberwar Not Attacks But Cyber Misbehavior

Defense Secretary Ash Carter and Philippine Defense Secretary Voltaire Gazmin observe flight deck operations as they tour the USS John C. Stennis in the South China Sea on April 15, 2016. (DoD photo by Air Force Senior Master Sgt. Adrian Cadiz)

In a chat with troops aboard the USS John C. Stennis, Defense Secretary Ashton Carter characterized China’s cyber warfare not as attacks but as “cyber misbehavior.”

The aircraft carrier is in the disputed South China Sea. “You play an essential and pivotal role in this region, which I’ll discuss in a moment, but you and the rest of the American military do that, and everything else around the world, in a principled and respectful way. You don’t intimidate people, coerce people or exclude people,” Carter said during the troop event. “Instead the American style has always been to include people in protecting us all. That’s what you’re doing right now.”

Carter was asked what the U.S. government is doing to prevent cyberattacks from China, something China denies it does but that has affected corporations, defense contractors and government systems. For the full article click here 

from cyber war desk

Monday, 18 April 2016

Academic network Janet clobbered with DDoS attacks – again

Blighty’s government-funded educational network Janet has once again been hit by a cyber attack, with a fresh wave of DDoS attacks launched against the network this morning.

The issue first began on Friday 15 April, with the body reporting it had been hit by a DDoS attack.

“We are seeing another targeted attack. This may cause issues accessing sites outside of the UK. Blocks are being applied,” it said in a status update.

But it said this morning further attacks had been observed since 10am: “Investigations are ongoing,” read the status page.

Bournemouth University’s IT department tweeted this morning: For the full article click here 

from cyber war desk

Majority of Healthcare Data Breaches Caused by Cyberattacks

Will: The destructive threat of cyberwarfare

WASHINGTON — There is a consensus that aggression by one nation against another is a serious matter, but there is no comparable consensus about what constitutes aggression. Waging aggressive war was one charge against Nazi leaders at the 1946 Nuremberg war crimes trials, but 70 years later it is unclear that aggression, properly understood, must involve war, as commonly understood. Or that war, in today’s context of novel destructive capabilities, must involve “the use of armed force,” which the Rome Statute of the International Criminal Court says is constitutive of an “act of aggression.”

Cyberskills can serve espionage — the surreptitious acquisition of information — which is older than nations and not an act of war. Relatively elementary cyberattacks against an enemy’s command-and-control capabilities during war was a facet of U.S. efforts in Operation Desert Storm in 1991, in the Balkans in 1999 and against insurgents — hacking their emails — during the “surge” in Iraq.

In 2007, Israel’s cyberwarfare unit disrupted Syrian radar as Israeli jets destroyed an unfinished nuclear reactor in Syria. But how should we categorize cyberskills employed not to acquire information, and not to supplement military force, but to damage another nation’s physical infrastructure? For the full article click here 

from cyber war desk

U.S. Ratchets Up Cyber Attacks on ISIS

Military hackers are disrupting ISIS’s encrypted chats, implanting viruses in terrorists’ computers, and mining the machines to launch real-world strikes.

President Obama confirmed for the first time last week that the U.S. is conducting “cyber operations” against ISIS, in order to disrupt the group’s “command-and-control and communications.”

But the American military’s campaign of cyber attacks against ISIS is far more serious than what the president laid out in his bland description. Three U.S. officials told The Daily Beast that those operations have moved beyond mere disruption and are entering a new, more aggressive phase that is targeted at individuals and is gleaning intelligence that could help capture and kill more ISIS fighters.

As the U.S. ratchets up its online offensive against the terror group, U.S. military hackers are now breaking into the computers of individual ISIS fighters. Once inside the machines, these hackers are implanting viruses and malicious software that allow them to mine their devices for intelligence, such as names of members and their contacts, as well as insights into the group’s plans, the officials said, speaking on condition of anonymity to describe sensitive operations. For the full article click here 

from cyber war desk

First on CNN: U.S. and Russia meet on cybersecurity

(CNN)Senior cybersecurity officials from the U.S. and Russia are holding meetings this week on cybersecurity, renewing efforts to prevent the countries from mistakenly getting into a cyber war, U.S. officials say.

The meetings in Geneva include officials from the White House, State Department and FBI and will include a review of cybersecurity agreements signed in 2013 by the two countries, a senior administration official told CNN.
The meetings come in the wake of a cyber attack that crippled parts of the Ukrainian power grid in December, a breach that U.S. investigators concluded to be a first-of-its-kind confirmed cyber attack on civilian infrastructure. Senior U.S. security officials believe Russia was behind the attack, though the Obama administration has stopped short of attributing the attack to Russia.
Attributing attacks is notoriously difficult because sophisticated hackers mask where their attacks are coming from.
There’s been an icy relationship between the U.S. and Russia on cyber and other issues since 2014 when Russia invaded eastern Ukraine and annexed Crimea. For the full article click here 

from cyber war desk

Saturday, 16 April 2016

Call To Arms For Cyber War, Trying To Poach Private Sector Recruits

MUNICH — It’s hard to ignore. About 18,000 billboards, along with advertisements on the Internet, in newspapers and magazines, are promoting “cyber” positions in Germany’s Defense Ministry.

“Defend Germany’s freedom in cyberspace,” the campaign’s slogan reads. “Do something that really matters.” The message is accompanied by the army’s logo and motto, “project digital forces.”

The marketing campaign represents the German army’s must public attempt to ready itself for one of the biggest security threats, both present and future. By its own account, military developers have eliminated about 7,200 kinds of malware over the past year and identified about 71 million “unauthorized and malicious access attempts” at central Internet exchange points. About 8.5 million of them have been qualified as “very dangerous.” And the threats coming from cyber attacks could be directed at private or public infrastructure, hospitals and even energy supplies.

That’s why Defense Minister Ursula von der Leyen is creating a cyber team dedicated to preparing the army for a cyber war. The government wants to bundle all cyber expertise and build a separate military organization, similar to the standing army, air force or medical service. It comes as other countries, including the United States, are shifting resources to digital combat. For the full article click here 

from cyber war desk

Swedish air controllers debunk cyber attack disruption theory

Sweden’s civil aviation administration (LFV) has concluded that radar disruptions that affected services in Stockholm and Malmö last November were down to the effects of a solar flare, scotching rumorsreported by El Reg and others earlier this week that a hacker group linked to Russian intelligence might be to blame.

Radar stations were not relaying the correct data to air traffic control during the afternoon of November 4, prompting controllers to switch over onto a different way of managing the aircraft, and to restrict the number of planes allowed into Swedish airspace. The disruption lasted for around 90 minutes.

An investigation by LFV did consider the possibility that a cyber attack against the system might be behind the disruption, but this theory was quickly discounted by aviation experts.

“Early on in our investigation we had this as one … hypothesis,” said Ulf Thibblin, technical director at LFV in an official statement.

“But there was nothing in our radar data or internet traffic logs to support or confirm a possible cyber attack. Also, we had the relationship in time [translation problem –ed] with space weather, plus there were a few more technical reasons which excluded a cyber attack,” he added. For the full article click here 

from cyber war desk

PowerShell Increasingly Being Used To Hide Malicious Activity

Data from 1,100 security investigations shows PowerShell was used in 38 percent of cyberattacks

Threat actors often try to take advantage of native tools in operating systems to conceal malicious activities.

One tool that appears to be a particular favorite in this regard is the PowerShell command shell and scripting language that Microsoft has included with its Windows operating system since 2009.

Security firm Carbon Black recently analyzed data from 1,100 investigations conducted by more than two-dozen of its partners in 2015 to see how extensively PowerShell is being exploited in cyber attacks.

The data showed that in 38 percent of the investigated incidents, PowerShell was a part of the attack.  Some 31 percent of the victim organizations said they had no idea that PowerShell had been exploited and discovered that fact only after calling in someone to investigate security incidents.

The most common malicious activity carried out via PowerShell was command and control communications. The data also showed that threat actors, trying to move laterally across a network after breaking into it first, often used PowerShell to conceal their movement. Credential theft and privilege escalation were some of the other common malicious activities enabled via PowerShell. For the full article click here

from cyber war desk

Utilities and Energy Companies Could Do More to Protect Infrastructure [#Infographic]

When it comes to guarding energy-sector infrastructure, IT professionals have their work cut out for them.

According to a Tripwire statistic featured in a recent CDW infographic, 82 percent of survey respondents in the oil and gas industry said they saw a jump in successful cyberattacks over the last year.

“It’s tempting to believe that this increase in attacks is horizontal across industries, but the data shows that energy organizations are experiencing a disproportionately large increase when compared to other industries,” Tim Erlin, the director of IT security and risk strategy for Tripwire, said in a statement.

Despite increasing risks, data from the CDW infographic indicates that only 55 percent of power and utilities companies perform threat assessments, and just 51 percent actively monitor and analyze security intelligence.

Energy companies instead focus their efforts on other areas: The infographic shows that these organizations most commonly implement information security strategies, secure access control measures and patch management tools.

Still, 69 percent of oil and gas industry respondents believe they’re able to detect all cyberattacks; and because detection is the first line of defense against breaches, it’s clear cybersecurity strategies need to improve. For the full article click here 

from cyber war desk