Don’t cut that cord, Comrade!

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Russ­ian sub­marines and spy ships are aggres­sive­ly oper­at­ing near under­sea cables that car­ry most glob­al Inter­net com­mu­ni­ca­tions, rais­ing con­cerns among some U.S. mil­i­tary and intel­li­gence offi­cials that the Rus­sians might plan to attack those lines in times of ten­sion or con­flict. The ulti­mate hack on the Unit­ed States could involve sev­er­ing the fiber-optic cables at some of their hard­est-to-access loca­tions to halt the instant com­mu­ni­ca­tions on which the West’s gov­ern­ments, economies and cit­i­zens have grown depen­dent. While there is no evi­dence of any cable cut­ting, the con­cern is part of a grow­ing wari­ness among senior Amer­i­can and allied mil­i­tary and intel­li­gence offi­cials about the accel­er­at­ed activ­i­ty by Russ­ian armed forces around the globe. At the same time, the inter­nal debate in Wash­ing­ton illus­trates how the Unit­ed States is increas­ing­ly view­ing every Russ­ian move through a lens of deep dis­trust, rem­i­nis­cent of rela­tions dur­ing the Cold War. Source: The New York Times

It’s not enough to steal; what if they mess with our heads?

Com­put­er hack­ers could do more dam­age than just steal­ing the infor­ma­tion they find online, the nation’s top cyber­se­cu­ri­ty offi­cial said. Com­put­er thieves already hit U.S. com­pa­nies dai­ly, look­ing for trade secrets, bank account infor­ma­tion, and the inner work­ings of oper­at­ing sys­tems, said Adm. Michael Rogers, who heads both the Nation­al Secu­ri­ty Agency and U.S. Cyber Com­mand. “What hap­pens when nation-states, groups and indi­vid­u­als no longer want to steal data (but) they want to manip­u­late data — and sud­den­ly we can’t believe what we’re see­ing?” Rogers said. “Much of our struc­ture is based on the whole idea of trust. If you log on, you can believe what you’re see­ing. … (Manip­u­la­tion) would be huge col­lec­tive­ly for us as a nation, but more broad­ly, the world.” Source: Tri­b­Live, Pitts­burgh

Prepare to keep those tax returns safe

sh_taxes_280The Inter­nal Rev­enue Ser­vice is cau­tion­ing tax pre­par­ers that they are prime tar­gets for iden­ti­ty thieves, and advised that they cre­ate a secu­ri­ty plan. Rec­om­mend­ed steps include: secu­ri­ty soft­ware with a fire­wall, anti-mal­ware and anti-virus pro­grams with auto­mat­ic updates; strong pass­words that are changed peri­od­i­cal­ly; and a secure wire­less con­nec­tion. Tax pre­par­ers also should back up tax­pay­er data fre­quent­ly, per­haps on an exter­nal hard dri­ve, and ensure that the hard dri­ve is kept in a secure loca­tion with lim­it­ed access. Source: Account­ing Today

The swearin’ o’ the green: Irish teen arrested in TalkTalk hack

A 15-year-old Irish youth has been arrest­ed in con­nec­tion with the Talk­Talk secu­ri­ty breach on sus­pi­cion of Com­put­er Mis­use Act offens­es. The inves­ti­ga­tion is being car­ried out by the Met’s cyber crime unit, the PSNI’s cyber crime cen­tre, and the Nation­al Crime Agency. Talk­Talk CEO Dido Hard­ing said she still was unsure how many of its 4 mil­lion Unit­ed King­dom cus­tomers had been affect­ed by the attack, which had affect­ed the tele­com giant’s web­site rather than its core sys­tems. Mem­bers of Par­lia­ment plan an inquiry into the cyber attack. Cul­ture min­is­ter Ed Vaizey also told the House of Com­mons that the gov­ern­ment was not against com­pul­so­ry encryp­tion for firms hold­ing cus­tomer data. Sources: The Belfast Tele­graph; BBC

Flock of airlines swarm for security support

sh_airplane security_280The avi­a­tion indus­try is step­ping up efforts to enlist coor­di­nat­ed inter­na­tion­al sup­port in the bat­tle against threats from hack­ers and those seek­ing to exploit IT sys­tems. Along with Wi-Fi and elec­tron­ics on board, air­lines, air­ports and air traf­fic man­age­ment com­pa­nies are shar­ing more infor­ma­tion than ever to make fly­ing more effi­cient and deal with increas­ing num­bers of pas­sen­gers. But that pro­vides more inter­faces that can be exploit­ed by attack­ers, avi­a­tion indus­try rep­re­sen­ta­tives said at the AVSEC World avi­a­tion secu­ri­ty con­fer­ence in Dublin, Ire­land. Those seek­ing to do mis­chief also know that attack­ing an air­line will guar­an­tee max­i­mum impact, they said. As part of ini­tia­tives to shore up the industry’s defens­es, lead­ing avi­a­tion indus­try asso­ci­a­tions have put togeth­er a team to work on a dec­la­ra­tion on cyber­se­cu­ri­ty to put before the Unit­ed Nations’ avi­a­tion safe­ty arm. Source: Reuters

Wow, are they in the money

For­mer U.S. Nation­al Secu­ri­ty Agency Direc­tor Kei­th Alexander’s cyber­se­cu­ri­ty start­up, Iron­Net Cyber­se­cu­ri­ty, said it had raised $32.5 mil­lion in a fund­ing round. Iron­Net says its tech­nol­o­gy detects and mit­i­gates anom­alous activ­i­ty in a company’s cyber infra­struc­ture using advanced behav­ioral mod­els and ana­lyt­ics. Alexan­der found­ed the com­pa­ny in 2014 along with for­mer top offi­cials of the U.S. Depart­ment of Defense, the Nation­al Coun­tert­er­ror­ism Cen­ter, and the Defense Advanced Research Projects Agency. Iron­Net aroused con­tro­ver­sy last year after employ­ing a senior U.S. intel­li­gence offi­cial to work part-time, a move that NSA offi­cials said risked a con­flict of inter­est. Alexan­der lat­er end­ed the deal. Source: Reuters

Cyber game to find security stars nears finish line

sh_cyber geek_280In an effort to find the Unit­ed Kingdom’s best upcom­ing young tal­ent in cyber­se­cu­ri­ty, a con­sor­tium of com­pa­nies designed a real­is­tic and sophis­ti­cat­ed sim­u­lat­ed cyber-attack that must be stopped in real time. It will be car­ried out at an undis­closed high-pro­file loca­tion. Defense, aero­space and secu­ri­ty experts will lead the Nov. 19–20 sim­u­la­tion. The two-day event will con­clude this year’s chal­lenge, which saw thou­sands of con­tes­tants inves­ti­gate the fic­ti­tious group known as Black Ole­an­der, sus­pect­ed of fund­ing cyber-ter­ror­ist cells across the world. In the past three months, con­tes­tants used their cyber­se­cu­ri­ty skills to qual­i­fy to play on-demand on Cyphinx, the plat­form where they dis­cov­ered the net­work of insid­ers plant­ed in cor­po­ra­tions across the globe with mali­cious motives. The 42 final­ists will be assessed both as teams and indi­vid­u­al­ly on tech­ni­cal, inter­per­son­al and deci­sion-mak­ing skills. Source: SC mag­a­zine

Homeland Security sometimes relies on insurance

The Depart­ment of Home­land Secu­ri­ty got inter­est­ed in encour­ag­ing a cyber­se­cu­ri­ty insur­ance mar­ket about four years ago after offi­cials real­ized that “reg­u­lat­ing our way out of cyber risk was prob­a­bly not going to hap­pen,” said Tom Finan, a senior cyber­se­cu­ri­ty strate­gist and coun­sel at DHS. They have been estab­lish­ing a com­mon breach nomen­cla­ture for insur­ers and IT secu­ri­ty pro­fes­sion­als, and DHS is explor­ing a cyber inci­dent data repos­i­to­ry. The idea is to help insur­ers build more sophis­ti­cat­ed prod­ucts by giv­ing them access to a rich­er har­vest of threat data. DHS is par­tic­u­lar­ly inter­est­ed in the insur­ance market’s abil­i­ty to cov­er prop­er­ty dam­ages and bod­i­ly harm that might result from cyber attacks, Finan said. For now, the data repos­i­to­ry is just a con­cept. A DHS-backed group released a white paper out­lin­ing 16 cat­e­gories of data that could form the basis of the repos­i­to­ry, includ­ing inci­dent detec­tion tech­niques and mit­i­ga­tion mea­sures. Source: FCW

Plaintiffs say never mind to Hulu privacy suit

sh_hulu_280A group of Web users have dropped their attempt to revive a law­suit accus­ing Hulu of vio­lat­ing a fed­er­al video pri­va­cy law, court records show. Lawyers for the con­sumers and for Hulu sub­mit­ted a joint stip­u­la­tion ask­ing for a dis­missal of the appeal. The paper­work didn’t indi­cate why the case was being dropped. The move ends a dis­pute about whether Hulu vio­lat­ed the Video Pri­va­cy Pro­tec­tion Act by auto­mat­i­cal­ly trans­mit­ting infor­ma­tion to Face­book via the “Like” but­ton. From April 2010 to June 2012, the wid­get was con­fig­ured so that it sent titles of the videos that peo­ple watched to Facebook’s serv­er —regard­less of whether users clicked the but­ton to indi­cate that they “liked” the clips. The con­sumers argued that Face­book was able to piece togeth­er infor­ma­tion about per­son­al­ly iden­ti­fi­able indi­vid­u­als’ video-watch­ing his­to­ry by com­bin­ing its cook­ie-based data with the infor­ma­tion sent by Hulu. Source: Media Post

My password? Read ‘Ode to a Nightingale’ for a clue

The strongest pass­word you can have is from an unusu­al idea or an image that’s easy for you to remem­ber, prac­ti­cal­ly impos­si­ble for a com­put­er to crack and hard for a human hack­er to imag­ine. Poet­ry sup­plies good pass­words that are high­ly indi­vid­ual and very mem­o­rable, pos­si­bly because of their rhyme and rhythm. Source: The News Hub