News from around the Internet
Cyber spying is the new face of espionage
Sep 21, 2011link link
"Cyber espionage is probably the single greatest emerging threat
because it's hard to figure out who's doing it and very hard to
protect yourself against it," [Christian Leuprecht] said.
"[Canada does] a reasonably good job with protection. But as we recently saw, a cyber attack can take down three major departments in a matter of hours and it takes months to bring those networks back online."
"There's no state on the face of the Earth that's managed a successful defence yet."
The game has changed.
Cyber attack leads directly to company's bankruptcy - DigiNotar is dead.
Sep 20, 2011link link
Dutch security firm DigiNotar has filed for voluntary bankruptcy following a series of attacks by a hacker.
DigiNotar's parent company Vasco Data Security said the firm had been put into voluntary bankruptcy. A trustee for the business has been appointed who will oversee the winding up of DigiNotar.
This is the first case I can recall of a computer intrusion directly leading to a company going bankrupt. What DigiNotar essentially sold was "trust", and once the scope of the penetration and the poor security DigiNotar had for their networks, I doubt anyone would trust them again.
VASCO announced in January that they were acquiring DigiNotar for $12.9 million. In hindsight, it was not a very good purchase.
Japan cyber attack silence may breach arms contracts
Sep 20, 2011link link
Mitsubishi Heavy Industries, Japan's biggest weapons maker, kept a
cyber attack on its computer network quiet from the defense ministry,
potentially putting it in breach of contracts to supply billions of
dollars of equipment to the military.
Under the terms of an agreement the government imposes on all contractors, companies are obliged to inform it promptly of any breach of sensitive or classified information. An angry defense ministry on Tuesday demanded the company carry out a full probe.
I'm not sure if Mitsubishi had the monitoring instrumentation in place ahead of time (e.g., audit trails) that would be necessary to determine exactly what was taken. They may have very little information to provide the defense ministry.
A second Japanese military contractor, IHI Corp, may have also been penetrated by attackers.
Japan's defense industry hit by its first cyber attack
Sep 19, 2011link link
Japan's biggest defense contractor, Mitsubishi Heavy Industries Ltd, said on Monday hackers had gained access to its computers, with one newspaper saying its submarine, missile and nuclear power plant component factories had been the target.
"We've found out that some system information such as IP addresses have been leaked and that's creepy enough," said a Mitsubishi Heavy spokesman. "We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies have been kept safe," he said, adding the company first noticed the cyberattack on August 11.
About 80 computers are known to have been compromised with at least 8 different types of malware. I'm pretty sure more than just your IP addresses have been leaked out Mitsubishi. You need to turn on your audit trails.
Misubishi Heavy Industries manufactures air-to-air missiles, a version of the F-15 fighter jet, and the PATRIOT system. Presumably they have detailed blueprints of all these systems. More information about what they produce can be found here.
American Superconductor Accuses Chinese Firm—Its Biggest Customer—of Espionage
Sep 19, 2011link link
[American Superconductor Corp] accuses Sinovel of agreeing to pay more than $1 million to a 38-year-old American Superconductor employee in Austria, who now faces criminal charges. The employee allegedly stole valuable software that controls turbines and gave it to the Chinese company, which was expected to account for 70% of American Superconductor's revenue this year.
American Superconductor Chief Executive Daniel McGahn, in a briefing for analysts and an interview Friday, said that the employee gave the stolen software to Sinovel, which in turn furnished it to a newly formed Sinovel affiliate that competes with American Superconductor in the sale of power electronics for the wind industry. Some of that purloined software, Mr. McGahn said, has already appeared in turbines sold by Sinovel in China.
Your biggest (almost exclusive) customer steals your intellectual property and then uses it to compete with you. Ouch! This is not unique to American Superconductor however. More and more US companies that outsourced their manufacturing are now finding themselves in competition with their manufacturing partners.
Intellectual Properties are American companies most valuable assets. American companies better make protecting IP an extremely high priority.
Intel officials' emails posted after hack of INSA
Sep 17, 2011link link
The names and email addresses of hundreds of U.S. intelligence officials — including some senior officials in the Obama Administration — have been posted on an anti-secrecy website after computer hackers allegedly swiped them from the internal membership list of a prestigious national security organization.
The Intelligence and National Security Alliance (INSA), which bills itself as "the premier intelligence and national security organization that brings together the public, private, and academic sectors to collaborate on the most challenging policy issues and solutions" had just published a report on cyber intelligence when it was penetrated. It is not clear how deep the penetration went and where the membership list was kept. If their database is kept online, it is possible this was just an SQL injection attack.
Cyber-Threats Continue to Target the Financial Industry
Sep 15, 2011link link
During Congressional testimony, Homeland Security, FBI and Secret Service officials warned of continued attacks and evolving cyber-threats against the financial sector.
The FBI is currently investigating more than 400 cases of fraudulent wire transfers from business bank accounts that total about $255 million in stolen funds, testified Gordon Snow, the agency's assistant director.
The annual cost of cyber-crime is about $388 billion, including money and time lost, or about $100 billion more than the global black market trade in heroin, cocaine and marijuana, said Brian Tillet, chief security strategist at Symantec.
I predict there is going to eventually be a thriving business to provide computer security services to small and medium size businesses. These businesses simply can't hire full-time, highly skilled security administrators to monitor their networks. I remember when my friends started WheelGroup in 1996, they said they wanted to be the ADT of computer security. Eventually this market will catch on.
U.S. defense firms face relentless cyberattacks
Sep 7, 2011link link
U.S. defense industries are facing relentless, sophisticated foreign attacks on their computer networks, a threat company leaders say poses a risk of significant damage and may require the government to take greater protective action.
"Every defense company is constantly under attack. If anybody tells you they're not, it just means they don't know," said Northrop Grumman (NOC.N) Chief Executive Wes Bush. "It is a threat that is broad-based. It's not just from one source ... and it's just unceasing."
[Deputy Defense Secretary] Lynn said a recent estimate pegged economic losses from the theft of intellectual property and information from government and commercial computers at more than $1 trillion.
For small contractors or critical infrastructure, [Linda Hudson, president of BAE Systems Inc] said, "there's been a lot of talk about requiring a certain level of support and security protection that in fact would generate a market for some of us who have those capabilities."
$1 trillion is a lot of money. I don't know how someone can arrive at a number like that, but I suspect when your adversary steals the blueprints for your secret next-generation plane it is hard to put a price on it.
Interim Report: DigiNotar Certificate Authority breach “Operation Black Tulip”
Sep 5, 2011link link
On the morning of the following Tuesday, Fox-IT was contacted and asked to investigate the breach and report its findings before the end of the week.
We have strong indications that the CA-servers, although physically very securely placed in a tempest proof environment, were accessible over the network from the management LAN.
This is a pretty damning report. DigiNotar, which essentially sells "trust" by being the trusted 3rd-party that allows two computers to talk to each other securely, had terrible network security.
I wonder how many Iranians had their personal safety put at direct risk because of DigiNotar?
CYBER INTELLIGENCE: setting the landscape for an emerging discipline
Sep, 2011link link
This paper is the first in a series developed by the Intelligence and national Security Alliance's (INSA) Cyber Council. It is intended to broaden the vision of senior decision makers in government and industry. our goal with this paper is to set the landscape for cyber intelligence by discussing why it is necessary and providing thoughts on how to approach the development of this function in the cyber domain. [...]
Federal Information Security Market, 2010-2015, indicates that demand for vendor-furnished information security products and services by the U.S. federal government will increase from $8.6 billion in 2010 to $13.3 billion in 2015 at a compound annual growth rate (CAGR) of 9.1 percent.
The report is pretty dry and not very interesting for a technical person. This promises to be the first in a series of reports. I look forward to seeing if they flesh out some details or at least provide some concrete examples in future papers.
I did appreciate the dollar figures cited, so I quoted them as well. :)