Blog posts tagged with 'Cybersecurity'
Monday, May 05
Via Julian Hattem at The Hill, last year’s massive data breach of Target may have led to the resignation of the company’s CEO:
Less than a year after a major data breach that exposed the personal and financial information of as many as 110 million shoppers, Target CEO Gregg Steinhafel is stepping down.
The retail giant’s board of directors announced on Monday that John Mulligan, the company’s chief financial officer, has been appointed as interim president and chief executive until a permanent replacement is named. Steinhafel will continue to serve an advisory role for the Minneapolis-based company.
“We believe his passion for the team and relentless focus on the guest have established Target as a leader in the retail industry,” the board said of Steinhafel in a statement.
Friday, January 10
70 million, which is the number of customers whose credit and debit card information was stolen when hackers took aim at retailer Target just before Christmas. As Don Reisinger of CNet reports:
The news is the latest blow to Target, which in December revealed that hackers had stolen approximately 40 million credit and debit card numbers. Target said at the time that it believed the data stolen came from transactions made between November 27 and December 15.
Not surprisingly, hackers moved quickly to take advantage of the stolen information and put the information on the black market. According to reports, following the Target breach there was a “ten-to-twentyfold increase” in stolen cards available on underground markets.
Yikes. Reminder: Make sure to keep an eye on your accounts, no matter where you shop.
Wednesday, August 28
With Syria currently a powder keg, the conflict has spread online. As Brendan Sasso of The Hill reports:
Hackers aligned with Syrian President Bashar Assad were apparently behind an attack that shut down The New York Times website for several hours on Tuesday.
The Syrian Electronic Army, a group of hackers who support the Syrian government, claimed credit for the attack. In a Twitter post, the group said it planned to deliver an anti-war message but that its servers could only handle the traffic for a few minutes.
Some users reported seeing pro-Syrian messages on nytimes.com, but many were unable to load the site at all.
The group also claimed to have hacked Twitter and The Huffington Post’s U.K. website.
Both the Twitter and Huffington Post hacks were relatively minor, thankfully.
Friday, June 07
Hackers from China have been making the news recently as a number of American companies and government agencies have been the victims snooping. But as Michael Isikoff of NBC News reports, attacks from behind the Great Firewall have been happening for a while now:
The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking units backed by the People’s Republic of China, prompting high level warnings to Chinese officials to stop such activities, U.S. intelligence officials tell NBC News.
The disclosure on the eve of a two-day summit between the U.S. and Chinese presidents highlights what has become a persistent source of tension between the two global powers: Beijing’s aggressive, orchestrated campaign to pierce America’s national security armor at any weak point – in this case the computers and laptops of top campaign aides and advisers who received high-level briefings.
As for China’s response to being caught, Isikoff reports:
The 2008 attacks, for example, prompted U.S. intelligence officials to sternly warn the Chinese that they had “crossed the line,” says one former senior U.S. official who was directly involved in the investigation.
“We told them we knew what they were up to – and that this had gone too far,” said the former official. Chinese officials listened politely and denied they had anything to do with the attacks on the campaign, the former official said.
Monday, May 20
Despite strong warnings from the Obama administration, hackers in China are still attacking America’s networks. As David E. Sanger and Nicole Perlroth of the New York Times report:
Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks using different techniques, according to computer industry security experts and American officials.
Monday, March 25
In the New York Times, Nicole Perlroth looks at efforts by the Department of Homeland Security to recruit young hackers in order to combat cyberassaults:
In the eighth grade, Arlan Jaska figured out how to write a simple script that could switch his keyboard’s Caps Lock key on and off 6,000 times a minute. When friends weren’t looking, he slipped his program onto their computers. It was all fun and games until the program spread to his middle school.
“They called my parents and told my dad I was hacking their computers,” Mr. Jaska, 17 years old, recalled. He was grounded and got detention. And he is just the type the Department of Homeland Security is looking for.
Perlroth’s full piece is definitely worth the read.
Wednesday, March 13
Over at The Hill, Jennifer Martinez reports President Obama is set to meet with various CEOs today. The topic of conversation:
The president will discuss efforts to address the cyber threat facing the country and get the executives’ feedback on how the government and private sector can forge a relationship to improve cybersecurity in the United States, according to The White House. The meeting will be held in the Situation Room.
Martinez goes on to report that John Brennan, the new CIA Director, has called cybersecurity a “significant national security challenge.”
Wednesday, September 19
Cecilia Kang of the Washington Post reports a new lobbying coalition has been put together by a number of Internet companies:
Internet titans Facebook, Google, Amazon and Yahoo on Wednesday will launch a new lobbying association to counter efforts by federal regulators to strap new rules to their industry.
The Internet Association, led by Capitol Hill veteran Michael Beckerman, aims to band together Silicon Valley’s biggest Internet firms on issues such as piracy and copyright, privacy and cybersecurity.
Friday, July 27
David E. Sanger and Eric Schmitt of the New York Times report on a troubling cybersecurity trend:
The top American military official responsible for defending the United States against cyberattacks said Thursday that there had been a 17-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers and other nations.
The assessment by Gen. Keith B. Alexander, who heads the National Security Agency and also the newly created United States Cyber Command, appears to be the government’s first official acknowledgment of the pace at which America’s electricity grids, water supplies, computer and cellphone networks and other infrastructure are coming under attack. Those attacks are considered potentially far more serious than computer espionage or financial crimes.
On a related note, via John Eggerton over at Broadcasting & Cable, the Senate yesterday voted to push forward on the Cybersecurity Act of 2012.
Wednesday, May 30
Cybersecurity continues to be a concern in Washington, and as The Hill‘s Brendan Sasso reports, the Obama administration is launching a new offensive:
The Obama administration on Wednesday announced a series of steps aimed at combatting botnets — networks of computers that hackers take over and use to spread spam or attack websites.
Botnets have become a favorite weapon of hacker groups such as Anonymous that use them to overwhelm the servers of government and industry websites.
After discussions with government agencies, an industry working group outlined a set of voluntary principles for companies to reduce the impact of botnets, while a financial industry group announced a pilot project for sharing information about the attacks.
As part of the efforts, government agencies and private companies are also launching an education campaign with the catchy name “Keep a Clean Machine.”
Wednesday, April 25
Via The Hill‘s Brendan Sasso comes some startling new numbers from the Government Accountability Office (GAO) regarding security on the nation’s networks:
Cyber attacks on the federal government soared 680 percent in five years, an official from the Government Accountability Office (GAO) testified Tuesday.
Gregory Wilshusen, director of information issues for the GAO, said federal agencies reported 42,887 cybersecurity “incidents” in 2011, compared with just 5,503 in 2006.
The incidents included malicious code, denial of service attacks and unauthorized access to systems.
Later this week, the House of Representatives is set to vote on a few cybersecurity bills, including the Cyber Intelligence Sharing and Protection Act (or CISPA), which has already garnered close to 800,000 petition signatures against it due to privacy concerns. As Gerry Smith of the Huffington Post reports:
The Cyber Intelligence Sharing and Protection Act, or CISPA, sponsored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), seeks to give businesses and the federal government legal protection to share cyber threats with each other in an effort to thwart hackers.
Currently, they do not share that data because the information is classified and companies fear violating anti-trust law.
But privacy and civil liberties groups say the bill’s definition of the consumer data that can be shared with the government is overly broad, and once the data is shared, the government could use that information for other purposes—such as investigating or prosecuting crimes—without needing to obtain a warrant. They also criticize the legislation for not requiring companies to make customer information anonymous before sharing it with the government.
Wednesday, January 25
In last night’s State of the Union Address, President Obama highlighted the need to build out high-speed broadband to everyone in America:
Building this new energy future should be just one part of a broader agenda to repair America’s infrastructure. So much of America needs to be rebuilt. We’ve got crumbling roads and bridges. A power grid that wastes too much energy. An incomplete high-speed broadband network that prevents a small business owner in rural America from selling her products all over the world.
The President also called for “comprehensive cybersecurity legislation from Congress. As Gautham Nagesh of The Hill reports, that call received a swift response from key members of the Senate:
Senate Homeland Security chairman Joe Lieberman (I-Conn.) echoed President Obama’s call in the State of the Union for Congress to pass comprehensive cybersecurity legislation on Tuesday evening.
“The President’s call for Congress to pass cybersecurity legislation underscores the pressing nature of securing the government’s cyber systems and networks—and a limited number of private sector networks that touch the lives of all Americans,” Lieberman said.
Senate leaders have been working on legislation that would place the Department of Homeland Security in charge of regulating private networks, while in the House a more limited legislation has also been debated.
Monday, September 19
At the New York Times, Natasha Singer breaks down a new initiative from the Obama administration to help soothe fears about online fraud:
The plan, called the National Strategy for Trusted Identities in Cyberspace and introduced earlier this year, encourages the private-sector development and public adoption of online user authentication systems. Think of it as a driver’s license for the Internet. The idea is that if people have a simple, easy way to prove who they are online with more than a flimsy password, they’ll naturally do more business on the Web. And companies and government agencies, like Social Security or the I.R.S., could offer those consumers faster, more secure online services without having to come up with their own individual vetting systems.
Monday, August 08
The infamous hacker group Anonymous has been busy as of late. First up, via The Huffington Post, comes word the group managed to take over the website of the Syria Ministry of Defense. Upon arriving at the site, visitors were greeted with a message:
To the Syrian people: The world stands with you against the brutal regime of Bashar Al-Assad. Know that time and history are on your side — tyrants use violence because they have nothing else, and the more violent they are, the more fragile they become. We salute your determination to be non-violent in the face of the regime’s brutality, and admire your willingness to pursue justice, not mere revenge. All tyrants will fall, and thanks to your bravery Bashar Al-Assad is next.
To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend your country — rise up against the regime!
Meanwhile, Nomaan Merchant and Raphael Satter of the Associated Press report the group also set their sites on targets here in America:
The group known as Anonymous said Saturday it has hacked into some 70 mostly rural law enforcement websites in the United States, a breach that one local police chief said had leaked information about an ongoing investigation.
The loose-knit international hacking collective posted a cache of data to the Web early Saturday, including emails stolen from officers, tips which appeared to come from members of the public, credit card numbers and other sensitive information.
Anonymous said it had stolen 10 gigabytes worth of data in all.
Wednesday, August 03
At the Washington Post, Ellen Nakashima has a report on an investigation into a recent rash of cyber-spying:
A leading computer security firm has used logs produced by a single server to trace the hacking of more than 70 corporations and government organizations over many months, and experts familiar with the analysis say the snooping probably originated in China.
Among the targets were the Hong Kong and New York offices of the Associated Press, where unsuspecting reporters working on China issues clicked on infected links in e-mail, the experts said.
Tuesday, July 12
Peter Bright of Ars Technica reports that a group of hackers have taken aim at military data:
Anonymous hackers have broken into a server belonging to consultancy firm Booz Allen Hamilton and published a database containing some 90,000 military e-mail addresses and hashed passwords in what they have named Military Meltdown Monday.
Bright also reports the hackers even released a press release announcing the hack.
Monday, June 13
At the New York Times, David E. Sanger and John Markoff report that the International Monetary Fund has been the victim of a substantial cyber attack:
Several senior officials with knowledge of the attack said it was both sophisticated and serious. “This was a very major breach,” said one official, who said that it had occurred over the last several months, even before Dominique Strauss-Kahn, the French politician who ran the fund, was arrested on charges of sexually assaulting a chamber maid in a New York hotel.
Asked about the reports of the computer attack late Friday, a spokesman for the fund, David Hawley, declined to provide details or talk about the scope or nature of the intrusion. “We are investigating an incident, and the fund is fully functional,” he said.
According to the report, I.M.F. officials have yet to reveal where the attack may have come from due to the breach being “a delicate subject because most nations are members of the fund.”
Tuesday, June 07
Last week, Google revealed its popular Gmail service had been attacked, pointing the finger at China, an accusation the nation strongly denied.
Now, Jennifer Martinez of Politico reports, House Oversight and Government Reform Committee Chairman Darrell Issa wants records of the hack:
The California Republican requested that Google preserve all records since Jan. 20, 2009, that are tied to the Gmail accounts of officials who may have been hit by the breach. Google said the attack originated from China, which government officials there deny.
Issa also asked that Google submit all documents and messages from officials whose accounts were believed to be compromised since Jan. 1, 2010. Additionally, he requested any communications about Google’s response to cyberattacks — and the White House’s feedback to Google about such attacks — for the same time period.
Google representatives have said they are reviewing the request.
Wednesday, June 01
At the New York Times, David E. Sanger and Elisabeth Bumiller report the Pentagon is shifting its outlook on cyberattacks:
The new military strategy, which emerged from several years of debate modeled on the 1950s effort in Washington to come up with a plan for deterring nuclear attacks, makes explicit that a cyberattack could be considered equivalent to a more traditional act of war. The Pentagon is declaring that any computer attack that threatens widespread civilian casualties — for example, by cutting off power supplies or bringing down hospitals and emergency-responder networks — could be treated as an act of aggression.
Just how the U.S. will respond to attack has yet to be revealed.
Monday, January 24
A bill put together by Sens. Joseph Lieberman and Susan Collins last summer that would grant the president power over Internet networks during a national crisis (also known as the “Internet kill switch” bill) will likely make a return, according Declan McCullagh of CNet:
Portions of the Lieberman-Collins bill, which was not uniformly well-received when it became public in June 2010, became even more restrictive when a Senate committee approved a modified version on December 15. The full Senate did not act on the measure.
The revised version includes new language saying that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review.” Another addition expanded the definition of critical infrastructure to include “provider of information technology,” and a third authorized the submission of “classified” reports on security vulnerabilities.