Blog posts tagged with 'Cyberattacks'
Wednesday, April 25
Via The Hill‘s Brendan Sasso comes some startling new numbers from the Government Accountability Office (GAO) regarding security on the nation’s networks:
Cyber attacks on the federal government soared 680 percent in five years, an official from the Government Accountability Office (GAO) testified Tuesday.
Gregory Wilshusen, director of information issues for the GAO, said federal agencies reported 42,887 cybersecurity “incidents” in 2011, compared with just 5,503 in 2006.
The incidents included malicious code, denial of service attacks and unauthorized access to systems.
Later this week, the House of Representatives is set to vote on a few cybersecurity bills, including the Cyber Intelligence Sharing and Protection Act (or CISPA), which has already garnered close to 800,000 petition signatures against it due to privacy concerns. As Gerry Smith of the Huffington Post reports:
The Cyber Intelligence Sharing and Protection Act, or CISPA, sponsored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), seeks to give businesses and the federal government legal protection to share cyber threats with each other in an effort to thwart hackers.
Currently, they do not share that data because the information is classified and companies fear violating anti-trust law.
But privacy and civil liberties groups say the bill’s definition of the consumer data that can be shared with the government is overly broad, and once the data is shared, the government could use that information for other purposes—such as investigating or prosecuting crimes—without needing to obtain a warrant. They also criticize the legislation for not requiring companies to make customer information anonymous before sharing it with the government.
Wednesday, July 20
Via Josh Peterson of Broadband Breakfast, the Department of Defense is focusing heavily on the threat of cyberattacks:
The DoD Strategy for Operating in Cyberspace (DSOC) is the first unified strategy for conducting operations in cyberspace between the Defense Department’s military, intelligence and business operations. The DoD is coordinating its cyber security efforts with the Department of Homeland Security and private companies responsible for maintaining critical infrastructure through threat information sharing and more robust network protection.
But while preparing for battle against cyber attackers is definitely smart, The Hill‘s John T. Bennett reports that questions linger about the difference between an attack and an all-out act of war:
[The DoD’s document] does not define what the Obama administration considers an act of cyberwar, nor does it detail how the military would respond to a major electronic attack. It also features no description of the kinds of actions the military is conducting in the electronic domain.
Those omissions brought fresh questions Tuesday during a Senate Armed Services Committee hearing about whether the Defense Department, White House, federal agencies and industry are truly prepared for a major attack on the U.S. through the Internet.
Friday, June 17
With cyberattacks on the rise — most recently, the CIA homepage was hacked — Ellen Nakashima of the Washington Post reports the National Security Agency is partnering with Internet service providers on a stronger line of defense:
The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.
“We hope the ... cyber pilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”
So far the program is limited to defense contractors, but if it’s successful the NSA says it may want to extend it to domestic traffic, a move that would surely spark a major privacy debate.
Wednesday, June 01
At the New York Times, David E. Sanger and Elisabeth Bumiller report the Pentagon is shifting its outlook on cyberattacks:
The new military strategy, which emerged from several years of debate modeled on the 1950s effort in Washington to come up with a plan for deterring nuclear attacks, makes explicit that a cyberattack could be considered equivalent to a more traditional act of war. The Pentagon is declaring that any computer attack that threatens widespread civilian casualties — for example, by cutting off power supplies or bringing down hospitals and emergency-responder networks — could be treated as an act of aggression.
Just how the U.S. will respond to attack has yet to be revealed.
Friday, February 19
Last month, Google announced it would be ending its business efforts in China following an apparent cyberattack on the company and others from the nation. Now, the New York Times reports, an investigation conducted in part by the National Security Agency has traced the attacks to two schools in China:
If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.
Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.
Wednesday, January 13
Yesterday, Google revealed that it had been the victim of a sophisticated cyber attack from China, and that one of the goals of the attack appears to have been accessing the Gmail accounts of human rights activists. In the wake of the attack, Google has announced it will end its controversial practice of censoring search results in China, and may be ending its business ties to the nation altogether:
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”
These attacks and the surveillance they have uncovered—combined with the attempts over the past year to further limit free speech on the web—have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
Reactions to Google’s announcement have, for the most part, been positive. But Sarah Lacy at TechCrunch believes that while the human rights angle is worth applauding, at the end of the day Google’s decision may be more about business:
Does anyone really think Google would be doing this if it had top market share in the country? For one thing, I’d guess that would open them up to shareholder lawsuits. Google is a for-profit, publicly-held company at the end of the day. When I met with Google’s former head of China Kai-fu Lee in Beijing last October, he noted that one reason he left Google was that it was clear the company was never going to substantially increase its market share or beat Baidu. Google has clearly decided doing business in China isn’t worth it, and are turning what would be a negative into a marketing positive for its business in the rest of the world.
Wednesday, July 29
First up, a scare from the Guardian, which reports that the International Commission on Nuclear Non-proliferation and Disarmament (ICNND) is worried that terrorists may use the Internet to launch nuclear attacks from armed countries:
While the possibility of a radical group gaining access to actual launch systems is remote, the study suggests that hackers could focus on feeding in false information further down the chain – or spreading fake information to officials in a carefully orchestrated strike.
“Despite claims that nuclear launch orders can only come from the highest authorities, numerous examples point towards an ability to sidestep the chain of command and insert orders at lower levels,” said Jason Fritz, the author of the paper. “Cyber-terrorists could also provoke a nuclear launch by spoofing early warning and identification systems or by degrading communications networks.”
Next, an article from the Washington Post on how electric utilities looking for a piece of the $3.9 billion “smart grid” stimulus will need to prove that they’re working to prevent cyberattacks:
The requirements from the Energy Department come amid mounting concern from security experts that many existing smart-grid efforts do not have sufficient built-in protections against computer hacking, such as new “smart meters” that put information about consumers’ power use onto the Internet, grid-management software and other equipment.
And finally, Ars Technica warns that the current use of security certificate warnings—those boxes that pop up occasionally on sites that claim to be secure for shopping and other transactions—are falling on deaf ears:
Internet users have grown immune to security certificate warnings and are more than happy to click past them, according to a new report out of Carnegie Mellon University. Researchers found that users won’t hesitate to engage in this risky browsing behavior, especially since most warnings are for benign things like expired certificates. This behavior leaves them vulnerable to man-in-the-middle attacks, and the report calls for a reform in how warnings are handled in both safe and dangerous situations.