Don’t cut that cord, Comrade!

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Russian submarines and spy ships are aggressively operating near undersea cables that carry most global Internet communications, raising concerns among some U.S. military and intelligence officials that the Russians might plan to attack those lines in times of tension or conflict. The ultimate hack on the United States could involve severing the fiber-optic cables at some of their hardest-to-access locations to halt the instant communications on which the West’s governments, economies and citizens have grown dependent. While there is no evidence of any cable cutting, the concern is part of a growing wariness among senior American and allied military and intelligence officials about the accelerated activity by Russian armed forces around the globe. At the same time, the internal debate in Washington illustrates how the United States is increasingly viewing every Russian move through a lens of deep distrust, reminiscent of relations during the Cold War. Source: The New York Times

It’s not enough to steal; what if they mess with our heads?

Computer hackers could do more damage than just stealing the information they find online, the nation’s top cybersecurity official said. Computer thieves already hit U.S. companies daily, looking for trade secrets, bank account information, and the inner workings of operating systems, said Adm. Michael Rogers, who heads both the National Security Agency and U.S. Cyber Command. “What happens when nation-states, groups and individuals no longer want to steal data (but) they want to manipulate data — and suddenly we can’t believe what we’re seeing?” Rogers said. “Much of our structure is based on the whole idea of trust. If you log on, you can believe what you’re seeing. … (Manipulation) would be huge collectively for us as a nation, but more broadly, the world.” Source: TribLive, Pittsburgh

Prepare to keep those tax returns safe

sh_taxes_280The Internal Revenue Service is cautioning tax preparers that they are prime targets for identity thieves, and advised that they create a security plan. Recommended steps include: security software with a firewall, anti-malware and anti-virus programs with automatic updates; strong passwords that are changed periodically; and a secure wireless connection. Tax preparers also should back up taxpayer data frequently, perhaps on an external hard drive, and ensure that the hard drive is kept in a secure location with limited access. Source: Accounting Today

The swearin’ o’ the green: Irish teen arrested in TalkTalk hack

A 15-year-old Irish youth has been arrested in connection with the TalkTalk security breach on suspicion of Computer Misuse Act offenses. The investigation is being carried out by the Met’s cyber crime unit, the PSNI’s cyber crime centre, and the National Crime Agency. TalkTalk CEO Dido Harding said she still was unsure how many of its 4 million United Kingdom customers had been affected by the attack, which had affected the telecom giant’s website rather than its core systems. Members of Parliament plan an inquiry into the cyber attack. Culture minister Ed Vaizey also told the House of Commons that the government was not against compulsory encryption for firms holding customer data. Sources: The Belfast Telegraph; BBC

Flock of airlines swarm for security support

sh_airplane security_280The aviation industry is stepping up efforts to enlist coordinated international support in the battle against threats from hackers and those seeking to exploit IT systems. Along with Wi-Fi and electronics on board, airlines, airports and air traffic management companies are sharing more information than ever to make flying more efficient and deal with increasing numbers of passengers. But that provides more interfaces that can be exploited by attackers, aviation industry representatives said at the AVSEC World aviation security conference in Dublin, Ireland. Those seeking to do mischief also know that attacking an airline will guarantee maximum impact, they said. As part of initiatives to shore up the industry’s defenses, leading aviation industry associations have put together a team to work on a declaration on cybersecurity to put before the United Nations’ aviation safety arm. Source: Reuters

Wow, are they in the money

Former U.S. National Security Agency Director Keith Alexander’s cybersecurity startup, IronNet Cybersecurity, said it had raised $32.5 million in a funding round. IronNet says its technology detects and mitigates anomalous activity in a company’s cyber infrastructure using advanced behavioral models and analytics. Alexander founded the company in 2014 along with former top officials of the U.S. Department of Defense, the National Counterterrorism Center, and the Defense Advanced Research Projects Agency. IronNet aroused controversy last year after employing a senior U.S. intelligence official to work part-time, a move that NSA officials said risked a conflict of interest. Alexander later ended the deal. Source: Reuters

Cyber game to find security stars nears finish line

sh_cyber geek_280In an effort to find the United Kingdom’s best upcoming young talent in cybersecurity, a consortium of companies designed a realistic and sophisticated simulated cyber-attack that must be stopped in real time. It will be carried out at an undisclosed high-profile location. Defense, aerospace and security experts will lead the Nov. 19-20 simulation. The two-day event will conclude this year’s challenge, which saw thousands of contestants investigate the fictitious group known as Black Oleander, suspected of funding cyber-terrorist cells across the world. In the past three months, contestants used their cybersecurity skills to qualify to play on-demand on Cyphinx, the platform where they discovered the network of insiders planted in corporations across the globe with malicious motives. The 42 finalists will be assessed both as teams and individually on technical, interpersonal and decision-making skills. Source: SC magazine

Homeland Security sometimes relies on insurance

The Department of Homeland Security got interested in encouraging a cybersecurity insurance market about four years ago after officials realized that “regulating our way out of cyber risk was probably not going to happen,” said Tom Finan, a senior cybersecurity strategist and counsel at DHS. They have been establishing a common breach nomenclature for insurers and IT security professionals, and DHS is exploring a cyber incident data repository. The idea is to help insurers build more sophisticated products by giving them access to a richer harvest of threat data. DHS is particularly interested in the insurance market’s ability to cover property damages and bodily harm that might result from cyber attacks, Finan said. For now, the data repository is just a concept. A DHS-backed group released a white paper outlining 16 categories of data that could form the basis of the repository, including incident detection techniques and mitigation measures. Source: FCW

Plaintiffs say never mind to Hulu privacy suit

sh_hulu_280A group of Web users have dropped their attempt to revive a lawsuit accusing Hulu of violating a federal video privacy law, court records show. Lawyers for the consumers and for Hulu submitted a joint stipulation asking for a dismissal of the appeal. The paperwork didn’t indicate why the case was being dropped. The move ends a dispute about whether Hulu violated the Video Privacy Protection Act by automatically transmitting information to Facebook via the “Like” button. From April 2010 to June 2012, the widget was configured so that it sent titles of the videos that people watched to Facebook’s server —regardless of whether users clicked the button to indicate that they “liked” the clips. The consumers argued that Facebook was able to piece together information about personally identifiable individuals’ video-watching history by combining its cookie-based data with the information sent by Hulu. Source: Media Post

My password? Read ‘Ode to a Nightingale’ for a clue

The strongest password you can have is from an unusual idea or an image that’s easy for you to remember, practically impossible for a computer to crack and hard for a human hacker to imagine. Poetry supplies good passwords that are highly individual and very memorable, possibly because of their rhyme and rhythm. Source: The News Hub