Friday, October 13, 2017

Nordic states join together to bolster cyber defenses

Letter: Respecting office, but not the man  “Couldn't Agree More” 

I must respond to the letter “Couldn’t Agree More” of Oct. 5. The letter writer said whether or not we agree with the president, we should show respect for the office.
The writer must have forgotten the abuse President Barack Obama took from the other side, including Trump, who accused him of lying about where he was born, or the congressman who called him a liar at a State of the Union speech. These are only the most polite of the insults hurled at President Obama.

Iran's president fires back at Donald Trump on nuclear deal

Fifth Domain Cyber
Nordic governments have greenlighted deeper collaboration within the cyber defense strategies and response domain between the militaries of Sweden, Denmark, Finland and Norway. The strengthening of interstate cyber defense and security is being tasked to the Nordic Defense Cooperation, or NORDEFCO, the primary vehicle for joint military collaboration between the Nordic armed forces. The primary objective for a unified approach among Nordic countries is to develop more effective joint cyber defense capabilities based on enhanced information sharing, identifying best-practice computer emergency responses and more regular cybersecurity based defense exercises. NORDEFCO has already run a number of preliminary cyber-defense collaboration projects. These have included identifying possible legal and unidentified barriers to deepening collaboration among Nordic militaries

Former US cyber diplomat wants tougher consequences state backed hacks

Labor has called for the Government to take “real action” in response to the hacking of an Australian defence contractor, which resulted in the theft of 30 gigabytes of data. The hacker stole technical informationon smart bombs, the Joint Strike Fighter, the Poseidon maritime patrol aircraft and several naval vessels over five months last year.

Top German intelligence officials on Thursday urged lawmakers to give them greater legal authority to "hack back" in the event of cyber attacks from foreign powers. Hans-Georg Maassen, head of the BfV domestic intelligence agency, told the parliamentary oversight committee it should be possible to destroy data stolen from German servers and moved to foreign servers to prevent it from being misused.

The Intercept

The growing propensity of government hackers to reuse code and computers from rival nations is undermining the integrity of hacking investigations and calling into question how online attacks are attributed, according to researchers from Kaspersky Lab. In a paper set for release today at the Virus Bulletin digital security conference in Madrid, the researchers highlight cases in which they’ve seen hackers acting on behalf of nation-states stealing tools and hijacking infrastructure previously used by hackers of other nation-states. Investigators need to watch out for signs of this or risk tracing attacks to the wrong perpetrators, the researchers said.

AS ALWAYS, THERE’S NO WAY ANY SATIRIST CAN COMPETE WITH REAL LIFE FOR ITS PURE ABSURDITY: As Tom Wolfe wrote in the liner notes to theBonfire of the Vanities, “We live in an age in which it is no longer possible to be funny. There is nothing you can imagine, no matter how ludicrous, that will not promptly be enacted before your very eyes, probably by someone well known.”

Remember the Kronies superhero parody video from a few years ago?

Gov Info Security

October 3, 2017

During the first of three Congressional hearings this week to examine the Equifax mega-breach, members of both parties Tuesday grilled - and at times roasted - the firm's former CEO for three hours about details surrounding the incident. House Cyber Leader Wants to Give Equifax the Kaspersky Treatment A congressional cyber leader wants the Homeland Security Department to use the same authority it used to ban Kaspersky software from government systems to cancel a $7 million IRS contract with the breached credit rating agency Equifax. Equifax, which recently disclosed a data breach that compromised information about more than 140 million Americans, “displayed cybersecurity negligence of epic proportions,” Rep. John Ratcliffe, R-Texas, said. He urged Homeland Security “in the strongest possible terms” to use powers outlined in the 2015 Cybersecurity Act and a 2014 update to the Federal Information Security Management Act to “address this troubling development.”


October 6, 2017
An Inspector General's audit found that the Federal Deposit Insurance Corporation's protocols for responding to a data breach aren't being followed, even as the agency has faced dozens of security incidents in the past two years.

Lawmakers believe by adopting cybersecurity standards for the internet-connected devices it purchases, the federal government can drive the tech industry into building safer and better-protected products for the internet of things.

Ars Technica Rob Joyce, the White House cybersecurity czar, said on Tuesday that the government should end using the Social Security number as a national identification method. "I believe the Social Security number has outlived its usefulness," said Joyce, while speaking at The Washington Post's Cybersecurity Summit. "Every time we use the Social Security number, you put it at risk." One problem with the Social Security number, he said, is that a victim of identity theft cannot get it changed after it has been stolen. Joyce's comments come a month after the Equifax hack, in which hackers gained access to the Social Security numbers of as many as 143 million Americans. "It's a flawed system that we can't roll back after a breach," he said. The Social Security number, originally a code for federal retirement benefits, has grown to become a personal identifier used for everything from getting a job to buying auto insurance.

Ars Technica

Nextgov The Federal Bureau of Investigation wants to publicly shame cyber criminals after they’ve been caught as part of an effort to make sure malicious actors don’t count on anonymity. “You will be identified pursued, and held to account no matter where you are in the world,” Paul Abbate, the FBI’s executive assistant director of the Criminal, Cyber, Response and Services Branch, said at a U.S. Chamber of Commerce event in Washington Wednesday.

The Hill October 4, 2017 Deputy Attorney General Rod Rosenstein on Wednesday lamented how encryption has made it more difficult for law enforcement officials to do their jobs, calling for a public debate about the use of the technology.


October 6, 2017

The U.S. Securities and Exchange Commission (SEC), Wall Street's top regulator, has discovered a vulnerability in its corporate filing database that could cause the system to collapse, according to an internal document seen by Reuters.


White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials. The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing.

The Wall Street Journal October 6, 2017

A suspected Chinese cyberattack on the website of a prominent Washington think tank drew a complaint from U.S. Attorney General Jeff Sessions this week in a meeting with top Chinese government officials. The website of the Hudson Institute crashed earlier this week, shortly before the organization was scheduled to host an event with Guo Wengui, a fugitive Chinese businessman and political dissident who has alleged corruption within China’s leadership.

Reuters October 2, 2017

Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue. The HPE system, called ArcSight, serves as a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector. The Russian review of ArcSight’s source code, the closely guarded internal instructions of the software, was part of HPE’s effort to win the certification required to sell the product to Russia’s public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.