Cyber Strategies for a World at War

OPEN SOURCE AGGREGATION & ANALYSIS

Top Hacker Shows Us How It’s Done

Advertisements

Filed under: cyber security, , , , , , , ,

An “Horrendous Risk” In Action

Wired tech writer Mat Honan provides heart-stopping but timely insight into what Steve Wozniak’s horrendous cloud risks look like:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

Continue reading, if you dare, at Wired

Filed under: Business, cyber security, Internet, Life, News, Polls, Technology, , , , , , , , , , , , , , , , , ,

Cyber Threats 101

By Kim Hart
February 16, 2009
The Washington Post

An Army lieutenant may be an expert at securing borders and warding off enemies in a war zone. But when it comes to making sure hackers cannot break into the military’s communications network, officers may feel pretty defenseless.

To get a better grasp on technological threats, military officers, agency heads and government contracting executives have found one of the Defense Department’s best-kept secrets: the National Defense University.

NDU is made up of four graduate-level colleges, including the National War College, the Industrial College of the Armed Forces, and the Joint Forces Staff College. But the largest college — the Information Resources Management College — has grown the fastest over the past few years because the skills it teaches are in such high demand.

Located on the District waterfront, at Fort Lesley J. McNair, the college trains mid-career workers, in the public and private sectors, how to leverage the newest consumer technologies as well as how to protect vital information. This expertise used to be reserved for an agency’s chief information officer. But as tools like thumb drives, Facebook, Twitter and voice over Internet Protocol phone services creep into offices and bases, secure digital networks are becoming essential for all employees.

“Web 2.0 and information assurance are such big deals these days, but they are in conflict,” said Robert Childs, senior director of the college. The courses are tailored for people responsible for safeguarding the networks at the National Security Administration and the Department of Homeland Security, for example. The Defense Department is the college’s primary source of funding.

Continue reading…

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, Training, War, , , , , , , , , , , , , , , , , , , , , , , , ,

VA settlement demonstrates just how costly lax security can be

By William Jackson
February 02, 2009
GCN

If you want another good reason to make sure your sensitive data is adequately locked down, look no farther than the Veterans Affairs Department, which last week agreed to pay $20 million to settle a class action lawsuit over the 2006 loss of a laptop containing records with personal information about up to 26.5 million veterans and active duty personnel.

That’s a lot of money, and it will be paid from taxpayers’ dollars, but VA got off lucky. The suit originally asked for $1,000 for each person whose data was exposed, which could have been more than $26 billion. That’s nearly enough to bail out a good-sized bank.

The settlement demonstrates that the repercussions of exposing data can be long-lasting and that the cost can go far beyond the immediate expense of cleaning up the breach. For companies it has long been known that negative publicity resulting from public notification of a data breach can quickly translate into millions of dollars of lost shareholder value as stock prices tumble. Agencies do not have to worry about stock prices, but the threat of other costs is real. The VA agreed to the settlement even though the department has said there is no evidence that the information on the stolen laptop was used or than any person involved was harmed by it.

Continue reading…

Filed under: cyber security, government, News, , , , , , , , , , ,

Nato’s cyber defence warriors

By Frank Gardner
February 3, 2009
BBC

Nato officials have told the BBC their computers are under constant attack from organisations and individuals bent on trying to hack into their secrets.

The attacks keep coming despite the establishment of a co-ordinated cyber defence policy with a quick-reaction cyber team on permanent standby.

The cyber defence policy was set up after a wave of cyber attacks on Nato member Estonia in 2007, and more recent attacks on Georgia – so what are they defending against and how do they do it?

Tower of Babel

Nato’s operational headquarters in Mons is a low, drab three-storey building – part of a sprawling complex set in rolling farmland south of Brussels.

The blue and white flag of the 26-nation alliance flutters in the cold breeze alongside the spangled banner of the EU.

Inside the canteen it is like a Tower of Babel with almost every language of Europe competing to be heard above the clatter of trays and dishes.

Our escort, a German army officer in immaculate uniform, leads us down a corridor to a hushed room where 20 or so military analysts sit hunched over computers; their desert boots and camouflage fatigues strangely out of place for a windowless room in Belgium.

This, explains Chris Evis, is the Incident Management Section, which he heads.

“We face the full gamut of threats. It varies from your kiddie who’s just trying to gain street cred amongst his friends to say he’s just defaced a Nato system to more focused targeted attacks against Nato information”.

Cyber attacks are not new – websites were being hacked into and brought down during the Kosovo war 10 years ago.

Continue reading…

Filed under: cyber war, Military, News, , , , , , , , , , , , , , ,

Federal Job Database Is Breached

By Joe Davidson
January 31, 2009
washingtonpost.com

The federal government’s online database for job seekers has been hacked.

As if Uncle Sam’s hiring process is not in enough of a mess already, now comes word that the pocket where he keeps job applications has been picked.

USAJOBS, the government’s database, is powered by Monster.com, the Internet employment service.

A “special security alert” posted by USAJOBS says “certain contact and account data were taken, including user IDs and passwords, e-mail addresses, names, phone numbers, and some basic demographic data.

“The information accessed does not include resumes,” the statement continues. “The accessed information does not include sensitive data such as social security numbers or personal financial data.”

But the government warns that the stolen data could be used in phishing schemes. This is a type of electronic fraud in which crooks use e-mail messages, pretending to come from legitimate organizations — potentially the U.S. government in this case — to secure sensitive information from those whose e-mail addresses were stolen.

Continue reading…

Filed under: cyber security, government, News, , , , , , , , , , , , , , , , , , ,

Offering protection in the new cyber war

By David Shamah
January 07, 2009
ISRAEL21c

While Hamas rockets disrupt Israeli life in the Negev, supporters of the terror group are fighting against Israel on another front – over the Internet. Groups of sophisticated hackers, with names like Moroccan Hackers, Islamic Crew, and Iran Black Hats, have been working overtime to “own” Israeli web sites, using them to send messages protesting the Israel Defense Force’s operation in Gaza, chalking up a “cyber-victory” against Israel.

Lucky we have David Allouch, CTO of Israeli security company AppliCure Technologies, on our side. Allouch has been on both sides of the cyber war – a former “black hat” hacker who attacked business and government sites in his native France, now helping protect Israeli sites from the onslaught of hacker teams around the world, determined to hack Israeli sites.

Today, most businesses and individuals have plenty of protection on their computer networks – including firewalls, e-mail spam catchers, anti-virus programs, etc. – so hackers bent on computer mischief don’t concentrate on those installations. Instead, they go for the one “door” that remains open for data from the outside – a company’s web server, which hosts web pages, applications, and databases.

Web site programmers use one of several popular site server software (Apache, Microsoft IIS, etc.), which allow users to interact with sites and site designers to set up things like streaming music and video, as well as logging, site security, and other “back end” stuff. Hackers work endlessly to exploit weaknesses in the server software, and when they find such weaknesses, they’re quick to develop an “exploit” to take advantage of it.

Hackers insert new content

Once a weakness is discovered, the programmers responsible for the hole issue a fix to close the security hold. But not all web programmers get the memo – so there are lots of sites out in cyberspace that have old weaknesses that haven’t been repaired, and it’s these sites the hackers attack. Using an automatic attack script – a bot – hackers can parse thousands of sites in a short time, looking for sites to take over. And when they find them, those sites can be compromised, with the most common exploit being a change in the home page by hackers, where they insert their own content.

Continue reading…

Filed under: cyber security, cyber war, News, Terrorism, , , , , , , , , , , , , , , , , , , ,

Are We In A Tech ‘War’ With Russia?

By Rob Enderle
January 29, 2009
Dark Reading

I was reading the withering comments Vladimir Putin made to Michael Dell in response to Dell’s offer to help Russia. While Putin is the Prime Minister of Russia now, he clearly is also the guy running the country, and reading between the lines, I think it is likely he is driving a technology war with the US — and that has some rather scary implications.

I’ve already seen what appears to be a massive ramp-up of Eastern European botnets and attacks designed to do massive amounts of identity theft. The running assumption is that these are criminals and they are simply too difficult for Russia to catch. But given that Russia treats the tools that these folks use as legitimate products that are developed, protected, and can carry warranties which can be enforced has me wondering if the folks doing the attacking aren’t also government-backed.

Russian hackers are considered a global menace as it is, and if they are overtly or covertly government-backed, this would be a sort of equivalent to a tech war. The FBI has just started warning that Cybergeddon is coming and that they are unprepared for the result. And it likely will come out of Eastern Europe.

The Dell Trigger

At the recent World Economic Conference, Vladimir Putin made a presentation that clearly had an anti-West (actually more anti-US) tone to it. The first question to him was asked by Michael Dell, who after praising Russia for its technical and scientific prowess, asked: “How can we help you?”

Putin reinterpreted Dell’s remarks to mean that Dell was calling Russia weak and then went on in a rant suggesting that Dell was removing Western technology from Russian infrastructure and then concluded with what sounded like a personal attack on Dell. This attack consisted of belittling Dell’s business and stating that Russian software was superior and hardware didn’t matter. The way he said it implied that Dell was running the equivalent of a lemonade stand.

Continue reading…

Filed under: cyber war, News, , , , , , , , , , , , , , , , , , , , ,

Seeking Obama’s Cyber Czar

By Andy Greenberg
December 19, 2008
Forbes

Should the head of cybersecurity in the new administration come from private industry, government or the military?

For weeks, blogs have been buzzing about which Silicon Valley luminary will be tapped as President-elect Barack Obama’s chief technology officer, the most innovation-focused position in what has been touted as a hyper-innovative regime.

But the Obama team may also be quietly preparing another, less-flashy tech role. The president-elect has alluded to appointing a so-called “cyber adviser,” charged with protecting the government and critical infrastructure from a growing wave of hackers and cyberspies.

Continue reading…

Filed under: News, Politics, , , , , , , , , , , ,

Hackers running fake Obama websites: security firm

PARIS (AFP) — Hackers are using dozens of fake websites linked to Barack Obama’s inauguration as US president to spread a virus on the Internet, a security company warned Tuesday.

According to the firm Panda Security, more than 70 websites are running a bogus news story titled “Barack Obama has refused to be a president,” aimed at tricking Internet users into downloading the computer virus.

Users who click on the story are asked to click in a pop-up window to download an information file.

“In reality these are malicious files that are installed on the computer, and turn it into a zombie PC, that can be remotely controlled by hackers,” the firm said in a statement.

It said the cyber-attack appeared to have originated in China, based on analysis of the website domain names, which were all bought by a Chinese company linked to previous cyber-attacks.

Web users are advised not to visit the sites — which include bestbarack.com, jobarack.com, thebaracksite.com — unless they have powerful anti-virus protection.

Filed under: cyber security, Internet, News, , , , , , , , , ,

Global Trends

"The nature of conflict is changing. The risk of conflict will increase due to diverging interests among major powers, an expanding terror threat, continued instability in weak states, and the spread of lethal, disruptive technologies. Disrupting societies will become more common, with long-range precision weapons, cyber, and robotic systems to target infrastructure from afar, and more accessible technology to create weapons of mass destruction."
 
Global Trends and Key Implications Through 2035 from the National Intelligence Council Quadrennial Report GLOBAL TRENDS: The Paradox of Power

A World at War

The World is at War. It is a world war that is being fought right now, in real time, virtually everywhere on the planet. It is a world war that is, perhaps, more encompassing and global in nature than any other world war in history because, not only is it being fought by nations and their governments, it is also being fought by non-state actors such as terrorists, organized crime, unorganized crime, and many other known and unknown entities. It is a total world war being fought every day on the hidden and dark battle fields of the cyber domain. It is a war that, according to some intelligence estimates, has the potential to be as nearly as serious and as deadly as a nuclear war... [MORE]

 


 


ADVERTISEMENT

Author of the #1 New York Times bestseller Against All Enemies, former presidential advisor and counter-terrorism expert Richard A. Clarke sounds a timely and chilling warning about America’s vulnerability in a terrifying new international conflict—Cyber War! Every concerned American should read this startling and explosive book that offers an insider’s view of White House ‘Situation Room’ operations and carries the reader to the frontlines of our cyber defense. Cyber War exposes a virulent threat to our nation’s security. This is no X-Files fantasy or conspiracy theory madness—this is real... [MORE]

RSS ODNI News

  • Protecting Privacy August 15, 2017
    The E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments for government systems that collect personal informatioon online to document how these systems collect, use, share, and maintain personally identifiable information. Learn about CTIIC's Privacy Impact process.
  • NESPIN Welcomes Connecticut Intelligence Center (CTIC) to Group of Agency Systems Connected to RISSNET July 27, 2017
    By: Donald Kennedy  Aug 15, 2016   The New England State Police Information Network (NESPIN) is pleased to welcome the Connecticut Intelligence Center (CTIC) to the group of partner agency systems connected to Regional Information Sharing Systems (RISS) and sharing criminal intelligence via RISSIntel.
  • Unpacking Cyber Terrorism July 26, 2017
    By: ISE Bloggers  May 31, 2016   The Information Sharing Environment (ISE) has always been focused on terrorism-related information sharing; with terrorist groups’ ever-increasing level of sophistication in their use of the Internet, it is only natural that information sharing play a role in tackling issues posed by cyber terrorism.
  • Homeland Security Advisor Tom Bossert Discusses Global Ransomware Attack May 22, 2017
    The President's Homeland Security Advisor, Tom Bossert, briefed the press on 15 May 2017 on the WannaCry ransomware attack that began spreading 12 May and affected computers in more than 150 countries. Bossert highlighted CTIIC's role in keeping the White House informed of unfolding events and discussed US responses and public/private coordination […]
  • Homeland Security Advisor Tom Bossert Discusses Global Ransomware Attack May 22, 2017
    The President's Homeland Security Advisor, Tom Bossert, briefed the press on 15 May 2017 on the WannaCry ransomware attack that began spreading 12 May and affected computers in more than 150 countries. Bossert highlighted CTIIC's role in keeping the White House informed of unfolding events and discussed US responses and public/private coordination […]

ADVERTISEMENT

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity... [MORE]


ADVERTISEMENT

Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications... [MORE]

RSS NSA News


ADVERTISEMENT

“When it comes to what government and business are doing together and separately with personal data scooped up from the ether, Mr. Schneier is as knowledgeable as it gets…. Mr. Schneier’s use of concrete examples of bad behavior with data will make even skeptics queasy and potentially push the already paranoid over the edge.” (Jonathan A. Knee - New York Times)... [MORE]

RSS CIA News


ADVERTISEMENT

The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders and InfoSec pros alike. The BTHb includes essential information in a condensed handbook format about the incident response process, how attackers work, common tools, a methodology for network analysis developed over 12 years, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, and numerous other topics... [MORE]

RSS Defense Advanced Research Projects Agency (DARPA)


ADVERTISEMENT

RSS Cyber News (Google)

  • UK TV drama about North Korea hit by cyber-attack - BBC News October 16, 2017
    BBC NewsUK TV drama about North Korea hit by cyber-attackBBC NewsNorth Korean hackers targeted a British television company making a drama about the country, it has emerged. The series - due to be written by an Oscar-nominated screenwriter - has been shelved. In August 2014, Channel 4 announced what it said would ...North Korea's Most Powerful Weapon Is […]
  • Obama EPA did not do background checks on hundreds of cyber-contractors, watchdog warns - Fox News October 17, 2017
    Fox NewsObama EPA did not do background checks on hundreds of cyber-contractors, watchdog warnsFox NewsFormer President Barack Obama speaks during the Goalkeepers Conference hosted by the Bill and Melinda Gates Foundation on Sept. 20, 2017, in New York. (Copyright 2017 The Associated Press. All rights reserved.) EXCLUSIVE: Hundreds of contractors ...
  • Colossus veteran salutes Bletchley Park's first cyber-security graduates - ZDNet October 16, 2017
    ZDNetColossus veteran salutes Bletchley Park's first cyber-security graduatesZDNetBletchley Park, home of the UK's war-time code-breaking efforts, has awarded CyberEPQ's to the first 60 students to complete its online cyber-security course. The CyberEPQ (Extended Project Qualification) is equivalent to the AS-level certificate ...
  • Cybersecurity Firm: North Korea Likely Behind Taiwan SWIFT Cyber Heist - Voice of America October 17, 2017
    Voice of AmericaCybersecurity Firm: North Korea Likely Behind Taiwan SWIFT Cyber HeistVoice of AmericaCybersecurity firm BAE Systems Plc said on Monday it believes the North Korean Lazarus hacking group is likely responsible for a recent cyber heist in Taiwan, the latest in a string of hacks targeting the global SWIFT messaging system. "The likely ...an […]
  • Cyber security top concern for corporate IoT deployments: BlackBerry - Economic Times October 17, 2017
    Economic TimesCyber security top concern for corporate IoT deployments: BlackBerryEconomic TimesONTARIO: Cyber security is the top concern regarding digital technologies and processes for firms globally (63 per cent) but only a few (37 per cent) actually have a formal digital transformation strategy in place when it comes to Internet of Things ...and more » […]
  • Black Friday and Cyber Monday 2017: Best cheap laptop, Macbook and Chromebook deals - The Independent October 17, 2017
    The IndependentBlack Friday and Cyber Monday 2017: Best cheap laptop, Macbook and Chromebook dealsThe IndependentLaptops are a versatile gift. Whether it's for work or play, they're suitable for all ages. And with Christmas looming, finding a Black Friday deal on the laptop can leave more money for stocking fillers - or a little extra in your back […]
  • Microsoft kept quiet on details of 2013 cyber breach: report - The Hill October 17, 2017
    The HillMicrosoft kept quiet on details of 2013 cyber breach: reportThe Hill“Bad guys with inside access to that information would literally have a 'skeleton key' for hundreds of millions of computers around the world,” Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time of the breach, told ...Microsoft responde […]
  • Every modern, protected WiFi network is vulnerable, warns ... - Washington Post October 16, 2017
    Washington PostEvery modern, protected WiFi network is vulnerable, warns ...Washington PostIt's time to update your devices and the firmware of your router.and more »
  • CW500: How the NHS WannaCry cyber attack unfolded - ComputerWeekly.com October 17, 2017
    CW500: How the NHS WannaCry cyber attack unfoldedComputerWeekly.comThe information assets in health and care are such that it is a national problem, and when the national problem hits, there is no one responsible for that cyber attack,” said Taylor. “Each individual organisation is responsible for their remediation ...
  • Cyber researchers reveal serious Wi-Fi security flaw - Politico October 16, 2017
    PoliticoCyber researchers reveal serious Wi-Fi security flawPoliticoResearchers on Monday disclosed a serious security flaw in the encryption standard that protects tens of millions of consumer, business and government Wi-Fi networks — a hole they said could allow hackers to intercept sensitive traffic, tamper with ...Wifi has been hacked: Later today, cyber […]

ADVERTISEMENT

RSS Cyber War News (Bing)

  • Cybersecurity firm: North Korea was likely behind cyber heist in Taiwan October 17, 2017
    North Korean leader Kim Jong Un, center, looks off into the distance. AFP TORONTO (Reuters) - Cyber-security firm BAE Systems Plc said on Monday it believes the North Korean Lazarus hacking group is likely responsible for a recent cyber heist in Taiwan ...
  • North Korea likely behind Taiwan SWIFT cyber heist: BAE October 16, 2017
    TORONTO (Reuters) - Cyber-security firm BAE Systems Plc said on Monday it believes the North Korean Lazarus hacking group is likely responsible for a recent cyber heist in Taiwan, the latest in a string of hacks targeting the global SWIFT messaging system.
  • Every modern, protected WiFi network is vulnerable, warns government cyber watchdog October 16, 2017
    A top federal government cybersecurity watchdog issued an advisory on Monday, warning users to update their devices to protect against a newly discovered vulnerability that affects nearly every modern, protected WiFi network. The U.S. Computer Emergency ...
  • Microsoft kept quiet on details of 2013 cyber breach: report October 17, 2017
    Microsoft did not publicly disclose the extent of the breach when it discovered the hack in 2013. The stolen database reportedly included descriptions of important vulnerabilities that had not yet been fixed. The former employees say that Microsoft say ...
  • Colossus veteran salutes Bletchley Park's first cyber-security graduates October 16, 2017
    Aaron Revell (17) receiving his EPQ certificate from former war-time code-breaker Irene Dixon at TNMOC, Bletchley Park. Photo by John Robertson. Bletchley Park, home of the UK's war-time code-breaking efforts, has awarded CyberEPQ's to the first 60 ...
  • UK TV drama about North Korea hit by cyber-attack October 16, 2017
    North Korean hackers targeted a British television company making a drama about the country, it has emerged. The series - due to be written by an Oscar-nominated screenwriter - has been shelved. In August 2014, Channel 4 announced what it said would be a ...
  • Practice: The Best Defense for Responding to Cyber Incidents October 17, 2017
    First responders have proven time and time again the valuable help they provide to people in need. Right now, we’re seeing their bravery with the historic hurricanes, fires and floods impacting millions of people. What makes first responders confident in ...
  • Facebook to train thousands of schoolchildren on cyber bullying October 16, 2017
    Facebook says tens of thousands of children in secondary schools could be taught to counter cyber bullying by the social network. The US internet giant has announced a £1 million package that it said would be enough for every secondary school in the UK ...
  • Cyber Security: The Threat and the Measures to Take October 17, 2017
    Robert Bailey: The threat of cyber-crime is incredibly serious—more dangerous and more commonplace than ever before, as unwitting citizens on public and private networks are targeted daily by a host of cyber criminals. According to NAR’s Associate ...
  • Cyber cold war is just getting started, claims Hillary Clinton October 15, 2017
    Clinton, promoting memoir addressing her 2016 US election defeat, tells UK audiences that the Kremlin is ‘hacking our unity’ by waging information war Hillary Clinton at the London literary festival, speaking about her recently published memoir ...

ADVERTISEMENT

RSS Cyber Tag (Icerocket)


ADVERTISEMENT

RSS Cyberwar Tag (Wordpress)


ADVERTISEMENT


 
The Art of Attention

© 2016 PROSOCHĒ. All Rights Reserved.
Fair Use Policy ҩ Terms of Service ҩ Privacy Policy ҩ Contact

Cyber Threat Assessment

 


ADVERTISEMENT

In this New York Times bestselling investigation, Ted Koppel reveals that a major cyberattack on America’s power grid is not only possible but likely, that it would be devastating, and that the United States is shockingly unprepared... [MORE]


ADVERTISEMENT

As cyber-attacks dominate front-page news, as hackers join terrorists on the list of global threats, and as top generals warn of a coming cyber war, few books are more timely and enlightening than Dark Territory: The Secret History of Cyber War, by Slate columnist and Pulitzer Prize–winning journalist Fred Kaplan... [MORE]


ADVERTISEMENT

ADVERTISEMENT

Support CSWW

Please help improve CSWW by providing us with your comments, concerns, and questions at our FEEDBACK page.

Editor, CSWW

Kurt Brindley is a retired U.S. Navy Senior Chief who specialized in the fields of tele-communications and C4SRI systems Upon retirement from the navy, he spent nearly a decade as a defense industry consultant. He now writes full time... [MORE]


ADVERTISEMENT

Now in development for film by 20th Century Fox, award-winning CyberStorm depicts, in realistic and sometimes terrifying detail, what a full scale cyber attack against present-day New York City might look like from the perspective of one family trying to survive it... [MORE]