Blog posts tagged with 'Cybersecurity'
Monday, May 20
Despite strong warnings from the Obama administration, hackers in China are still attacking America’s networks. As David E. Sanger and Nicole Perlroth of the New York Times report:
Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks using different techniques, according to computer industry security experts and American officials.
Monday, March 25
In the New York Times, Nicole Perlroth looks at efforts by the Department of Homeland Security to recruit young hackers in order to combat cyberassaults:
In the eighth grade, Arlan Jaska figured out how to write a simple script that could switch his keyboard’s Caps Lock key on and off 6,000 times a minute. When friends weren’t looking, he slipped his program onto their computers. It was all fun and games until the program spread to his middle school.
“They called my parents and told my dad I was hacking their computers,” Mr. Jaska, 17 years old, recalled. He was grounded and got detention. And he is just the type the Department of Homeland Security is looking for.
Perlroth’s full piece is definitely worth the read.
Wednesday, March 13
Over at The Hill, Jennifer Martinez reports President Obama is set to meet with various CEOs today. The topic of conversation:
The president will discuss efforts to address the cyber threat facing the country and get the executives’ feedback on how the government and private sector can forge a relationship to improve cybersecurity in the United States, according to The White House. The meeting will be held in the Situation Room.
Martinez goes on to report that John Brennan, the new CIA Director, has called cybersecurity a “significant national security challenge.”
Wednesday, September 19
Cecilia Kang of the Washington Post reports a new lobbying coalition has been put together by a number of Internet companies:
Internet titans Facebook, Google, Amazon and Yahoo on Wednesday will launch a new lobbying association to counter efforts by federal regulators to strap new rules to their industry.
The Internet Association, led by Capitol Hill veteran Michael Beckerman, aims to band together Silicon Valley’s biggest Internet firms on issues such as piracy and copyright, privacy and cybersecurity.
Friday, July 27
David E. Sanger and Eric Schmitt of the New York Times report on a troubling cybersecurity trend:
The top American military official responsible for defending the United States against cyberattacks said Thursday that there had been a 17-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers and other nations.
The assessment by Gen. Keith B. Alexander, who heads the National Security Agency and also the newly created United States Cyber Command, appears to be the government’s first official acknowledgment of the pace at which America’s electricity grids, water supplies, computer and cellphone networks and other infrastructure are coming under attack. Those attacks are considered potentially far more serious than computer espionage or financial crimes.
On a related note, via John Eggerton over at Broadcasting & Cable, the Senate yesterday voted to push forward on the Cybersecurity Act of 2012.
Wednesday, May 30
Cybersecurity continues to be a concern in Washington, and as The Hill‘s Brendan Sasso reports, the Obama administration is launching a new offensive:
The Obama administration on Wednesday announced a series of steps aimed at combatting botnets — networks of computers that hackers take over and use to spread spam or attack websites.
Botnets have become a favorite weapon of hacker groups such as Anonymous that use them to overwhelm the servers of government and industry websites.
After discussions with government agencies, an industry working group outlined a set of voluntary principles for companies to reduce the impact of botnets, while a financial industry group announced a pilot project for sharing information about the attacks.
As part of the efforts, government agencies and private companies are also launching an education campaign with the catchy name “Keep a Clean Machine.”
Wednesday, April 25
Via The Hill‘s Brendan Sasso comes some startling new numbers from the Government Accountability Office (GAO) regarding security on the nation’s networks:
Cyber attacks on the federal government soared 680 percent in five years, an official from the Government Accountability Office (GAO) testified Tuesday.
Gregory Wilshusen, director of information issues for the GAO, said federal agencies reported 42,887 cybersecurity “incidents” in 2011, compared with just 5,503 in 2006.
The incidents included malicious code, denial of service attacks and unauthorized access to systems.
Later this week, the House of Representatives is set to vote on a few cybersecurity bills, including the Cyber Intelligence Sharing and Protection Act (or CISPA), which has already garnered close to 800,000 petition signatures against it due to privacy concerns. As Gerry Smith of the Huffington Post reports:
The Cyber Intelligence Sharing and Protection Act, or CISPA, sponsored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), seeks to give businesses and the federal government legal protection to share cyber threats with each other in an effort to thwart hackers.
Currently, they do not share that data because the information is classified and companies fear violating anti-trust law.
But privacy and civil liberties groups say the bill’s definition of the consumer data that can be shared with the government is overly broad, and once the data is shared, the government could use that information for other purposes—such as investigating or prosecuting crimes—without needing to obtain a warrant. They also criticize the legislation for not requiring companies to make customer information anonymous before sharing it with the government.
Wednesday, January 25
In last night’s State of the Union Address, President Obama highlighted the need to build out high-speed broadband to everyone in America:
Building this new energy future should be just one part of a broader agenda to repair America’s infrastructure. So much of America needs to be rebuilt. We’ve got crumbling roads and bridges. A power grid that wastes too much energy. An incomplete high-speed broadband network that prevents a small business owner in rural America from selling her products all over the world.
The President also called for “comprehensive cybersecurity legislation from Congress. As Gautham Nagesh of The Hill reports, that call received a swift response from key members of the Senate:
Senate Homeland Security chairman Joe Lieberman (I-Conn.) echoed President Obama’s call in the State of the Union for Congress to pass comprehensive cybersecurity legislation on Tuesday evening.
“The President’s call for Congress to pass cybersecurity legislation underscores the pressing nature of securing the government’s cyber systems and networks—and a limited number of private sector networks that touch the lives of all Americans,” Lieberman said.
Senate leaders have been working on legislation that would place the Department of Homeland Security in charge of regulating private networks, while in the House a more limited legislation has also been debated.
Monday, September 19
At the New York Times, Natasha Singer breaks down a new initiative from the Obama administration to help soothe fears about online fraud:
The plan, called the National Strategy for Trusted Identities in Cyberspace and introduced earlier this year, encourages the private-sector development and public adoption of online user authentication systems. Think of it as a driver’s license for the Internet. The idea is that if people have a simple, easy way to prove who they are online with more than a flimsy password, they’ll naturally do more business on the Web. And companies and government agencies, like Social Security or the I.R.S., could offer those consumers faster, more secure online services without having to come up with their own individual vetting systems.
Monday, August 08
The infamous hacker group Anonymous has been busy as of late. First up, via The Huffington Post, comes word the group managed to take over the website of the Syria Ministry of Defense. Upon arriving at the site, visitors were greeted with a message:
To the Syrian people: The world stands with you against the brutal regime of Bashar Al-Assad. Know that time and history are on your side — tyrants use violence because they have nothing else, and the more violent they are, the more fragile they become. We salute your determination to be non-violent in the face of the regime’s brutality, and admire your willingness to pursue justice, not mere revenge. All tyrants will fall, and thanks to your bravery Bashar Al-Assad is next.
To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend your country — rise up against the regime!
Meanwhile, Nomaan Merchant and Raphael Satter of the Associated Press report the group also set their sites on targets here in America:
The group known as Anonymous said Saturday it has hacked into some 70 mostly rural law enforcement websites in the United States, a breach that one local police chief said had leaked information about an ongoing investigation.
The loose-knit international hacking collective posted a cache of data to the Web early Saturday, including emails stolen from officers, tips which appeared to come from members of the public, credit card numbers and other sensitive information.
Anonymous said it had stolen 10 gigabytes worth of data in all.
Wednesday, August 03
At the Washington Post, Ellen Nakashima has a report on an investigation into a recent rash of cyber-spying:
A leading computer security firm has used logs produced by a single server to trace the hacking of more than 70 corporations and government organizations over many months, and experts familiar with the analysis say the snooping probably originated in China.
Among the targets were the Hong Kong and New York offices of the Associated Press, where unsuspecting reporters working on China issues clicked on infected links in e-mail, the experts said.
Tuesday, July 12
Peter Bright of Ars Technica reports that a group of hackers have taken aim at military data:
Anonymous hackers have broken into a server belonging to consultancy firm Booz Allen Hamilton and published a database containing some 90,000 military e-mail addresses and hashed passwords in what they have named Military Meltdown Monday.
Bright also reports the hackers even released a press release announcing the hack.
Monday, June 13
At the New York Times, David E. Sanger and John Markoff report that the International Monetary Fund has been the victim of a substantial cyber attack:
Several senior officials with knowledge of the attack said it was both sophisticated and serious. “This was a very major breach,” said one official, who said that it had occurred over the last several months, even before Dominique Strauss-Kahn, the French politician who ran the fund, was arrested on charges of sexually assaulting a chamber maid in a New York hotel.
Asked about the reports of the computer attack late Friday, a spokesman for the fund, David Hawley, declined to provide details or talk about the scope or nature of the intrusion. “We are investigating an incident, and the fund is fully functional,” he said.
According to the report, I.M.F. officials have yet to reveal where the attack may have come from due to the breach being “a delicate subject because most nations are members of the fund.”
Tuesday, June 07
Last week, Google revealed its popular Gmail service had been attacked, pointing the finger at China, an accusation the nation strongly denied.
Now, Jennifer Martinez of Politico reports, House Oversight and Government Reform Committee Chairman Darrell Issa wants records of the hack:
The California Republican requested that Google preserve all records since Jan. 20, 2009, that are tied to the Gmail accounts of officials who may have been hit by the breach. Google said the attack originated from China, which government officials there deny.
Issa also asked that Google submit all documents and messages from officials whose accounts were believed to be compromised since Jan. 1, 2010. Additionally, he requested any communications about Google’s response to cyberattacks — and the White House’s feedback to Google about such attacks — for the same time period.
Google representatives have said they are reviewing the request.
Wednesday, June 01
At the New York Times, David E. Sanger and Elisabeth Bumiller report the Pentagon is shifting its outlook on cyberattacks:
The new military strategy, which emerged from several years of debate modeled on the 1950s effort in Washington to come up with a plan for deterring nuclear attacks, makes explicit that a cyberattack could be considered equivalent to a more traditional act of war. The Pentagon is declaring that any computer attack that threatens widespread civilian casualties — for example, by cutting off power supplies or bringing down hospitals and emergency-responder networks — could be treated as an act of aggression.
Just how the U.S. will respond to attack has yet to be revealed.
Monday, January 24
A bill put together by Sens. Joseph Lieberman and Susan Collins last summer that would grant the president power over Internet networks during a national crisis (also known as the “Internet kill switch” bill) will likely make a return, according Declan McCullagh of CNet:
Portions of the Lieberman-Collins bill, which was not uniformly well-received when it became public in June 2010, became even more restrictive when a Senate committee approved a modified version on December 15. The full Senate did not act on the measure.
The revised version includes new language saying that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review.” Another addition expanded the definition of critical infrastructure to include “provider of information technology,” and a third authorized the submission of “classified” reports on security vulnerabilities.
Friday, September 10
The long-gestating cybersecurity bill — aimed to upgrade the government’s security measures in order to keep up with technology — may soon be ready for prime time. But as Diane Bartz of Reuters reports, despite Senator Harry Reid pushing it near the top of the agenda, the bill’s chances of being passed this year are looking dicey:
Previous congressional efforts to address these threats have run into roadblocks from high tech and telecommunications companies. They staunchly oppose any mandates—such as certification of cybersecurity professionals or requiring portions of the network to be shut down to mitigate a threat.
“I don’t think it’s going to happen,” Marcus Sachs, a cyber policy expert with Verizon Communications Inc, told Reuters, about the prospects for legislation this year.
Thursday, September 02
While Congress works to put together a cybersecurity bill, rumors keep circulating that it will contain a so-called Internet “kill switch,” which some believe will give the president the power to essentially turn off the Internet. Now, as Gautham Nagesh from The Hill reports, congressional leaders are attempting to clear up misconceptions about the bill:
At the heart of the issue is whether the president already has the authority to intervene in private-sector networks in the event of such an emergency. [Sen. Susan] Collins and other supporters of the bill contend the president has had that authority for some time under a little-known provision of the Communications Act passed one month after the December 1941 Japanese attack on Pearl Harbor.
“The president’s had that authority for a while,” said a senior Senate aide, who asked not to be identified. The aide said the “kill switch” is a misnomer because the infrastructure that supports the Internet in the U.S. makes it impossible to take down the entire network from one location. But the aide said the storyline has picked up steam because it’s very difficult for the public to conceptualize the severity of the cyber-threats facing the United States.
Tuesday, June 22
Recently, word made the rounds that Senator Joe Lieberman was promoting a bill that would give the president the power of an “Internet kill switch.” This set off a number of warning flares among civil liberty and privacy groups. To help squelch the concern, PC Mag reports, Sen. Lieberman has clarified matters:
The country’s “electric grid, the telecommunications grid, transportation, all the rest is constantly being probed by nation states, by some terrorist groups, by organized criminal gangs,” he said.
As a result, “we need the capacity for the president to say, Internet service provider, we’ve got to disconnect the American Internet from all traffic coming in from another foreign country, or we’ve got to put a patch on this part of it,” he said.
Friday, June 04
Cybersecurity is getting a lot of attention these days, with a number of bills making the rounds on Capitol Hill to ensure America’s digital infrastructure remains operative during an emergency. Wired takes a look at the most recent one, sponsored by Sen. Joe Lieberman and Sen. Susan Collins:
Lieberman and Collins’ solution is one of the more far-reaching proposals. In the Senators’ draft bill, “the President may issue a declaration of an imminent cyber threat to covered critical infrastructure.” Once such a declaration is made, the director of a DHS National Center for Cybersecurity and Communications is supposed to “develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure.”
“The owner or operator of covered critical infrastructure shall comply with any emergency measure or action developed by the Director,” the bill adds.
As Wired points out, the President will only be able issue a declaration if the threat will “do massive harm,” meaning breaches January’s hacking of Google and Adobe wouldn’t qualify.