30 years since the first major attack on the Internet
At around 8:30 p.m. on November 2, 1988, a maliciously clever program was unleashed on the Internet from a computer at the Massachusetts Institute of Technology (MIT).
This cyber worm was soon propagating at remarkable speed and grinding computers to a halt.
The Wall
Street Journal
November 9,
2018
On a rainy
Tuesday this week, Tim Yardley trekked through the mud on a remote island about
900 miles from his office at the University of Illinois Urbana-Champaign. Mr.
Yardley, the associate director of technology at the university’s Information
Trust Institute, finally arrived at a nondescript shelter about the size of a
shipping container. Mr. Yardley is an expert on what can go wrong when
attackers target an electric grid and is one of hundreds of government and
industry researchers on the island this week to test their theories. The
shelter is packed with wires, sensors and security tools connected to a 5-foot
high box capable of transmitting thousands of volts of electricity. “We want to
know that [these technologies and recovery plans] work and that they work under
a wide variety of scenarios,” Mr. Yardley said. Plum Island, a partly
dilapidated 840 acres in the Long Island Sound, is primarily a restricted
animal disease research center owned by the federal government. It’s also, it
turns out, an ideal laboratory for cybersecurity tests. The island is connected
to New York’s power grid through undersea cables that officials disabled this
week. For government researchers, the Plum Island drill is what red-teaming and
cyber ranges are for corporate executives. That is, the chance to expose
security teams to serious threats in a controlled, but realistic, setting.
TechCrunch
November 9,
2018
Hackers
siphoned off thousands of Healthcare.gov applications by breaking into the
accounts of brokers and agents tasked with helping customers sign up for
healthcare plans. The Centers for Medicare and Medicaid Services (CMS) said in
a post buried on its website that the hackers obtained “inappropriate access”
to a number of broker and agent accounts, which “engaged in excessive
searching” of the government’s healthcare marketplace systems. CMS didn’t say
how the attackers gained access to the accounts, but said it shut off the
affected accounts “immediately.” In a letter sent to affected customers this
week (and buried on the Healthcare.gov website), CMS disclosed that sensitive
personal data — including partial Social Security numbers, immigration status
and some tax information — may have been taken.
Bloomberg
The
Pentagon’s top weapons buyer has issued new language applying to future
contracts that’s intended to put companies on notice that they must elevate
cybersecurity protection. “We are coming out with standard contract language
that all the services will use,” Ellen Lord, the under secretary of defense for
acquisition and sustainment, said in an interview Thursday. “We’ve just sent
out our first formal communication” that says “we are going to do it and
providing standard language that can be tailored as needed.” The beefed-up
contracting language follows a move by Defense Secretary Jim Mattis last month
to establish a task force that will recommend ways to protect critical
technologies from theft by China, Russia and other adversaries. It would place
a company’s cybersecurity practices alongside matters such as the quality and
cost of proposals, as well as performance reviews, when considering contract
proposals. “Working with our partners in the defense industry and research
enterprise, we must ensure the integrity of our classified information,
controlled unclassified information and key data,” Mattis said in an Oct. 24
memo. The Pentagon failed to make cybersecurity for its multibillion-dollar
weapons systems a major focus until recently despite years of warnings,
Congress’s watchdog agency said last month.
Nextgov
November 9,
2018
The
National Science Foundation and other science agencies are launching a major
rewrite of the government’s cybersecurity research and development plan,
according to a Federal Register notice that’s scheduled to be published on
Tuesday. In advance of the rewrite, which will be completed in 2019, the
National Science Foundation is seeking public and industry feedback on new
technologies that could improve the “security, reliability, resiliency, and
trustworthiness of the digital infrastructure,” according to the notice. The
foundation is also interested in changes the nation should make in cyber
training, education and workforce development to prepare for the impact on
cybersecurity of new technologies, such as quantum computing and artificial
intelligence, the notice states. The National Science Foundation is managing
the rewrite on behalf of the National Science and Technology Council, which
includes federal cabinet secretaries and agency leaders with significant
science and technology responsibilities.
AP
November 8,
2018
An
unprecedented federal and state collaboration to defend election systems
against Russian interference ended with no obvious voting system compromises,
although it’s not entirely clear why. Federal officials are wondering whether
foreign agents are saving their ammunition for the 2020 presidential showdown
or planning a late-stage misinformation campaign to claim Tuesday's election
had been tainted. It doesn't change how vulnerable most states are to possible
interference. "They've shown will, they've shown the capability,"
Homeland Security Secretary Kirstjen Nielsen said. "I certainly can't
speak to why they're doing or not doing something. But I would just offer to
put it in a broader perspective — they have a full-court press through many
means ... to try to affect our democracy." In a news conference Wednesday
after Democrats won control of the House, President Donald Trump said his
administration worked hard to shore up elections and he'd issue a report soon
on the effort.
ZDNet
November 8,
2018
On Monday,
the Cyber National Mission Force (CNMF), a subordinate unit of US Cyber Command
(USCYBERCOM), set in motion a new initiative through which the DOD would share
malware samples it discovered on its networks with the broader cybersecurity
community. The CNMF kicked off this new project by creating an account on
VirusTotal, an online file scanning service that also doubles as an online
malware repository, and by uploading two malware samples. In addition,
USCYBERCOM also created a new Twitter account where it would tweet a link to
all new VirusTotal malware uploads.
Politico
November 8,
2018
Lawyers for
critics suing President Donald Trump’s campaign over its alleged involvement in
the hacking of Democratic National Committee emails urged a federal judge in
Virginia Thursday to reject a bid by the campaign to have the lawsuit thrown
out. The Trump campaign met the suit earlier this year with an eyebrow-raising
claim: that Trump’s presidential bid had the legal right under the First
Amendment to disseminate emails that were stolen by others. However, attorneys
pressing the case argued in a new brief filed Thursday that the Trump
campaign’s assertions about First Amendment protections are a diversion because
its alleged involvement in the hacking and the dissemination of private
information about Democratic donors went well beyond anything permitted by law.
“As the publicly known evidence of a conspiracy has become overwhelming, the
Campaign has pivoted from denying coordination with the Kremlin to claiming
that such collusion is not a crime,” lawyers with the Trump-focused watchdog
group United to Protect Democracy wrote on behalf of the plaintiffs, who
contend they were harmed by publication of their social security numbers,
medical information and details of private interactions with co-workers.
Gov Info
Security
November 7,
2018
The Food
and Drug Administration's procedures for handling cybersecurity concerns in
medical devices once they are on the market are deficient, according to a new
federal watchdog agency report. But since the audit was conducted, the FDA has
been aggressively ramping up its activities around medical device
cybersecurity, including addressing many of the issues spotlighted in the
report. The Department of Health and Human Services' Office of Inspector
General's report says the agency found FDA's policies and procedures
insufficient for handling postmarket medical device cybersecurity events. In
addition, the watchdog agency notes that FDA had not adequately tested its
ability to respond to emergencies resulting from cybersecurity events in
medical devices. It also notes that in two of 19 FDA district offices, FDA had
not established written standard operating procedures to address recalls of
medical devices vulnerable to cyber threats. The OIG report acknowledges,
however, that the weaknesses existed because, at the time of OIG's fieldwork in
early 2017, FDA had not sufficiently assessed medical device cybersecurity.
"We shared our preliminary findings with FDA in advance of issuing our
draft report. Before we issued our draft report, FDA implemented some of our
recommendations. Accordingly, we kept our original findings in the report, but,
in some instances, removed our recommendations," the report notes.
Nextgov
November 6,
2018
The
government’s cybersecurity standards agency will launch a process this year to
make it easier to verify government employees’ identities when they access
government data on mobile devices. The updated standards for civilian
government personal identity verification, or PIV, cards will focus on using the
PIV card, as a launching point for verifying identity on smartphones and other
devices that are far afield from the desktop computers PIV cards were first
used for in the early 2000s, said Matthew Scholl, division chief of the
computer security division at the Commerce Department’s National Institute of
Standards and Technology. For example, an employee might use a PIV card to
access information on a government computer and then use a special credential
from the PIV card to authorize access to that information on a mobile device,
Scholl told reporters after a NIST advisory board meeting Friday. “You can’t
stick a PIV card into this thing,” Scholl said, gesturing to a smartphone’s
power and headphone outlet. “So how do we get a similarly strong identity credential
but on a form factor that’s not PIV-friendly?”
CyberScoop
November 6,
2018
The Air
Force announced Monday that it has invited hackers from 191 countries to try to
find vulnerabilities in systems it recently migrated to the cloud. Yes — it’s
Hack the Air Force round three. And it’s the “most inclusive” edition to date,
meaning that foreign nationals — except those from China, Russia, Iran or North
Korea — are welcome to participate. This third round of the program, run in
partnership with the Defense Digital Service and bug bounty platform HackerOne,
will run until Nov. 22. The minimum payout for a critical vulnerability is
$5,000, but that could be increased if the vulnerability is particularly
integral to a system. “Hack the AF 3.0 demonstrates the Air Force’s willingness
to fix vulnerabilities that present critical risks to the network,” Wanda
Jones-Heath, Air Force chief information security officer, said in a statement.
CNN
November 5,
2018
Georgia
Secretary of State Brian Kemp set off a political firestorm when his office,
two days before an election in which he is a candidate, announced on Sunday
morning that it had opened an investigation into the Georgia Democratic Party in
connection with what it described as an attempted hack of the state's voter
registration system. But that initial advisory lacked key details about how
Kemp's office was made aware of potential security vulnerabilities in the
state's electronic voter information page, which the secretary of state
oversees. A series of email chains obtained by CNN indicate that, rather than
taking part in any alleged "hack," the Georgia Democrats had simply
passed along information regarding security concerns from a concerned voter to
a private cybersecurity firm, which in turn shared its concerns with Kemp's
office.
ProPublica
November 5,
2018
In a rush
of preparation for this year’s midterm elections, scores of state and local
governments have been working to safeguard their election systems from being
hacked or otherwise compromised. At the same time, according to interviews with
more than a dozen national, state and local election officials, the federal
commission responsible for providing assistance to them has either been missing
in action or working to thwart their efforts. The Election Assistance
Commission has ceded its leadership role in providing security training, state
and local officials say, forcing them to rely on the help of the U.S.
Department of Homeland Security, which lacks the same level of experience in
the issues confronting the country’s voting systems.
ZDNet
November 5,
2018
At least
three US states have activated and put National Guard cyber-security units on
standby for midterm elections. The three states are Washington, Illinois, and,
more recently, Wisconsin. According to officials, these cyber-security teams
will be prepared to assist state election officials in the event of a
cyber-security incident during the elections. Illinois officials have activated
National Guard cyber units last month, while Wisconsin Governor Scott Walker
did the same on Friday for his state. "Wisconsin voters should feel
confident that the Wisconsin National Guard's team is ready if needed to
provide assistance on Election Day," said Maj. Gen. Donald Dunbar,
adjutant general of the Wisconsin National Guard. "The governor's
executive order simply allows us to deploy those resources quickly."
Speaking to ABC News, Maj. Joy Staab of the Wisconsin National Guard said that
Wisconsin is just one of the many US states that have called on the National
Guard to help out with cyber-security.
Pro Publica
November 5,
2018
As recently
as Monday, computer servers that powered Kentucky's online voter registration
and Wisconsin's reporting of election results ran software that could
potentially expose information to hackers or enable access to sensitive files
without a password. The insecure service run by Wisconsin could be reached from
Internet addresses based in Russia, which has become notorious for seeking to
influence US elections. Kentucky's was accessible from other Eastern European
countries. The service, known as FTP, provides public access to files—sometimes
anonymously and without encryption. As a result, security experts say, it could
act as a gateway for hackers to acquire key details of a server's operating
system and exploit its vulnerabilities. Some corporations and other
institutions have dropped FTP in favor of more secure alternatives. Officials
in both states said that voter-registration data has not been compromised and
that their states' infrastructure was protected against infiltration. Still,
Wisconsin said it turned off its FTP service following ProPublica's inquiries.
Kentucky left its password-free service running and said ProPublica didn't
understand its approach to security.
FCW
November 5,
2018
As data
breaches and identity theft become increasingly regular parts of the news
cycle, there is growing support for government taking a lead role in identity
proofing. If it does happen, expect to see the Better Identity Coalition's
Jeremy Grant showing the way. After the Equifax breach, which included the
theft of data on 147 million customers, Congress launched a series of hearings
on the subject of individual identity, and Grant, the former head of the
Commerce Department's National Strategy for Trusted Identities in Cyberspace,
helped form the Better Identity Coalition as a trade group to prod government
into taking a more authoritative role in digital identity. In July, the
Coalition put out a blueprint for policymakers, outlining five policy
initiatives promoting security and identity verification. Its recommendations
included getting the federal government to spend $1 billion over five years in
grants to modernize motor vehicle departments to provide ID cards that can
digitally validate identities as well as ending the use of the Social Security
number as an identifier.
INDUSTRY
Gov Info
Security
November 9,
2018
Bankers
Life is notifying more than 566,000 individuals, including Medicare
supplemental insurance policyholders, that their personal information was
exposed in a hacking incident. Employee credentials were compromised, enabling
unauthorized third parties to gain access to certain company websites
containing personal data on policyholders and applicants, the insurer says. The
incident, which was reported by Bankers Life's parent company, CNO Financial
Group, to the Department of Health and Human Services as an "unauthorized
access/disclosure" breach, is the fifth largest incident added to the
HIPAA Breach Reporting Tool website so far this year. Commonly called the
"wall of shame," the HHS website lists health data breaches impacting
500 or more individuals. In an Oct. 25 statement, Bankers Life says it learned
about the incident on August 7. An investigation by an external forensics firm revealed
that unauthorized third parties accessed credentials of "a limited
number" of Bankers Life employees between May 30 and September 13,
according to the statement.
CyberScoop
November 9,
2018
ForeScout
Technologies, a network security company that focuses on internet-of-things,
operational technology and cloud computing, announced on Thursday that it
acquired OT security company SecurityMatters for $113 million. With the
increasing convergence of IT and OT, the purchase is meant boost ForeScout’s
ability to deliver security in enterprise and industrial environments.
“ForeScout’s acquisition of SecurityMatters is a natural fit as it takes us
deeper into a market where we have an established foothold and are seeing
explosive customer demand,” said ForeScout CEO Michael DeCesare, in a press
release. The deal comes after the two companies have been partnering for about
a year. The companies said their combined monitoring and assessment
capabilities will help them provide customers with “deeper visibility into OT
and [industrial control system] environments” and better manage network risk,
among other improvements.
The Wall
Street Journal
November 8,
2018
After years
of being caught flat-footed by hackers, companies are turning to cybersecurity
defenses called threat intelligence to fend off a new generation of criminals
and spies trying to steal their secrets and money. Threat-intelligence services
can include detailed reports on the makeup and motivations of illicit groups,
descriptions of illegal data sold on the dark web, and information about
hackers’ tools and tricks. Incubated in the military and in spy agencies, they
are becoming more popular in an era when companies often find themselves pitted
against nation-state hackers. This information can serve as an early-warning
system, letting companies know when hackers are plotting an attack or selling
stolen data online. They also can warn companies of malicious websites and the
tactics used by criminals.
Wired
November 8,
2018
DJI makes
some of the most popular quadcopters on the market, but its products have
repeatedly drawn scrutiny from the United States government over privacy and
security concerns. Most recently, the Department of Defense in May banned the
purchase of consumer drones made by a handful of vendors, including DJI. Now
DJI has patched a problematic vulnerability in its cloud infrastructure that
could have allowed an attacker to take over users' accounts and access private
data like photos and videos taken during drone flights, a user's personal
account information, and flight logs that include location data. A hacker could
have even potentially accessed real-time drone location and a live camera feed
during a flight. The security firm Check Point discovered the issue and
reported it in March through DJI's bug bounty program. Similar to the issue
that resulted in this fall's massive Facebook breach, the researchers found
that they could compromise the authentication tokens that allow DJI's users to
move seamlessly between the company's various cloud offerings and stay logged
in. In this setup—known as a single sign-on scheme—an active token is
essentially the key to a user's entire account.
Reuters
November 7,
2018
Sophos
Group Plc's shares fell about 39 percent and were on track for their worst day
ever, after the cyber security company cut its billings forecast for the second
half of fiscal 2019 and posted lower-than-expected billings numbers in the
first half. Sophos said on Wednesday it sees modest improvement in constant
currency billable growth in the second half of the year, as it struggles to
match the "dramatic acceleration in demand" it had last year for
cybersecurity products in the backdrop of several high-profile, global
ransomware attacks. In July, Sophos had said it expected to return to mid-teens
constant currency billings growth in the second half after warning that it
would report lower-than-anticipated billings growth in the first quarter due to
difficult year-ago comparables at one of its security businesses.
The Hill
November 7,
2018
Multinational
bank HSBC this week said hackers gained unauthorized access to the accounts of
some of its U.S. customers in October. The lender sent a letter to
California-based customers on Nov. 4 notifying them that hackers may have
accessed sensitive information like their "full name, mailing address,
phone number, email address, date of birth, account numbers, account types,
account balances, transaction history, payee account information, and statement
history where available." The cyberattack took place Oct. 4-14 and less
than 1 percent of U.S.-based clients were affected, HSBC said. Public details
about the breach are limited, and it is unclear whether the hackers sought to
use such data to pilfer savings at the bank. “HSBC regrets this incident, and
we take our responsibility for protecting our customers very seriously,"
Robert Sherman, head of HSBC's media relations in the U.S., said in a statement
to The Hill on Wednesday.
CyberScoop
November 6,
2018
The
unprecedented foreign hacking and misinformation campaigns that were reported
around the 2016 U.S. election cast a cloak of doubt over the integrity of the
country’s democratic process. The threat sent government officials on the
federal, state and local level scrambling to ensure that the country’s voting
machines, voter registration systems, pollbooks, results-reporting websites and
other election technology is ready for the midterm elections. Over the past few
months, about a dozen technology companies have announced programs offering
state and local election offices or political organizations free services to
help them fend off looming threats, including email protection, extra security
for cloud applications, basic antivirus coverage, multi-factor authentication
tools and several other types of products. As elections in the U.S. are run by
the states, securing a federal election requires a massive coordinated effort.
The federal government has been playing a greater role to this end since 2016,
but can only do so much without overstepping its bounds. In this gap, some
companies saw a role they could play, and some of them decided to step in for
free. But those steps seem to be very disjointed. There is no coordination to
make sure officials and campaign members understand their options. There is no
overarching plan describing the private sector’s role. One official called the
phenomenon a “free-for-all” that has “inundated” the government officials
across the country who are responsible for running elections.
Reuters
November 6,
2018
Private
equity firm Thoma Bravo LLC has approached Symantec Corp to express interest in
acquiring the Norton antivirus software maker, people familiar with the matter
told Reuters on Tuesday. A deal could be the largest leveraged buyout this
year, based on Symantec's market value of about $15 billion and total debt of
approximately $5 billion. It would come as Symantec seeks to regain its footing
in a crowded cyber security market following a string of acquisitions,
including the $4.65 billion purchase of cyber security firm Blue Coat Inc in
2016. There is no certainty that the discussions between Thoma Bravo and
Symantec will lead to a deal, the sources said, asking not to be identified
because the matter is confidential.
Motherboard
November 5,
2018
States and
counties have had two years since the 2016 presidential election to educate
themselves about security best practices and to fix security vulnerabilities in
their election systems and processes. But despite widespread concerns about
election interference from state-sponsored hackers in Russia and elsewhere,
apparently not everyone received the memo about security, or read it. An
election security expert who has done risk-assessments in several states since
2016 recently found a reference manual that appears to have been created by one
voting machine vendor for county election officials and that lists critical
usernames and passwords for the vendor's tabulation system. The passwords,
including a system administrator and root password, are trivial and easy to
crack, including one composed from the vendor’s name. And although the document
indicates that customers will be prompted periodically by the system to change
the passwords, the document instructs customers to re-use passwords in some
cases—alternating between two of them—and in other cases to simply change a number
appended to the end of some passwords to change them.
INTERNATIONAL
BBC
November 9,
2018
The Bank of
England is testing the UK's ability to withstand a major cyber-attack on
financial institutions. Some 40 firms, including leading banks, are taking part
in a one-day "war-gaming" exercise designed to assess their
resilience. The Bank is conducting the exercise on Friday in partnership with
regulators and the Treasury. It wants to ensure that firms are able to meet
certain minimum recovery standards after a cyber-attack. "The exercise
will help authorities and firms identify improvements to our collective
response arrangements, improving the resilience of the sector as a whole,"
the Bank said.
FCW
November 9,
2018
The United States and Russia are competing to steer a process to develop
international cyber norms at the United Nations. On Nov. 8, the UN’s Committee
on Disarmament and International Security approved dueling draft proposals by
the U.S. and Russia to establish working groups that would be responsible for
developing global rules of the road for behavior in cyberspace. The U.S.
proposal endorses two previous reports on international cyber norms and calls
for the UN Secretary General to establish a working group in 2019 staffed by
experts with “equitable geographic distribution” around the world. The group
would be empowered to continue studying existing and potential information and
communications technology threats. The proposal also emphasizes the role that
regional bodies like the European Union, African Union and others can play in
the discussion, along with private-sector companies, academia and civil service
organizations. The Russian proposal also calls for the establishment of a
working group in 2019 to develop voluntary and non-binding rules, norms and
principles for nation-state cyber activities as well as “possible cooperative
measures” between nations on information security.
Reuters
November 8,
2018
China has
been violating an agreement with the United States aimed at stopping cyber
espionage through the hacking of government and corporate data, a senior U.S.
intelligence official said on Thursday. When asked if China was violating the
2015 agreement between then President Barack Obama and Chinese President Xi
Jinping, National Security Agency official Rob Joyce said: “We think they are.”
But he added that the quantity and number of attacks had dropped “dramatically”
since the agreement. “While it’s not black and white, (China) met the agreement
or they didn’t meet the agreement, it’s clear that they are well beyond the
bounds today of the agreement that was forged between our countries,” Joyce
said. Speaking in Beijing on Friday, Chinese Foreign Ministry spokeswoman Hua
Chunying rejected the U.S. allegations. “The U.S. accusations lack factual
basis. China firmly opposes them,” she told a daily news briefing.
AP
November 8,
2018
ackers
impersonating journalists tried to intercept the communications of a prominent
Saudi opposition figure in Washington, The Associated Press has found. One
attempt involved the fabrication of a fake BBC secretary and an elaborate television
interview request; the other involved the impersonation of slain Washington
Post columnist Jamal Khashoggi to deliver a malicious link. Media rights
defenders denounced the hacking effort, which they said would make it harder
for genuine reporters to do their jobs. "It's incredibly dangerous to
employ this kind of tactic," said Elodie Vialle, who heads the technology
desk at Paris-based Reporters Without Borders. "The chilling effect is
that people are deterred from speaking to journalists. In the end, it
undermines the freedom of information." The most involved masquerade took
place in February of this year, when someone posing as a BBC journalist called
"Tanya Stalin" emailed Washington-based Saudi dissident Ali AlAhmed
inviting him to a live broadcast about Saudi Arabia. Stalin engaged with
AlAhmed over several days, sending him a list of proposed topics and talking
him through the logistics of his purported television appearance.
CyberScoop
November 8,
2018
As the
North Korean government has felt the bite of international sanctions, its
hackers have reportedly carried out damaging raids on financial institutions to
raise cash. Few operations capture that naked ambition more clearly than a
scheme that has reportedly stolen tens of millions of dollars from ATMs in
Africa and Asia. On Thursday, researchers from cybersecurity company Symantec detailed
how the malware used in the ATM scheme intercepts fraudulent withdrawal
requests and sends messages approving those withdrawals. The Lazarus Group, a
broad set of North Korean hackers, is responsible for the so-called FastCash
operation, according to Symantec. “FASTCash illustrates that Lazarus possesses
an in-depth knowledge of banking systems and transaction processing protocols
and has the expertise to leverage that knowledge in order to steal large sums
from vulnerable banks,” Symantec researchers wrote in a blog post.
Forbes
November 8,
2018
The UK has
not yet faced what would be considered a ‘category one’ cyber-attack, but there
is little doubt that it will happen in the years ahead, according to Peter
Yapp, the deputy director at the National Cyber Security Centre, which is a
core part of the UK government intelligence agency, GCHQ. Speaking at the
inaugural Cyber Security Connect UK conference held in Monaco this week, Yapp
explained that since the NCSC was launched over two years ago, it had dealt
with 1100 cyber security incidents – or more than 10 a week. “The majority of
these incidents were from hostile nation states, meaning computer hackers that
are directed, sponsored or tolerated by governments of those countries and
these are the most acute and direct cyber security threats to our national
security,” he said. As a result of these continuing attacks, and the looming
prospect of being hit by a devastating category one attack, Yapp suggested that
the UK had to be alert to the threat from countries who sought to attack its
critical national networks.
Ars
Technica
November 5,
2018
Last week,
Iran’s chief of civil defense claimed that the Iranian government had fought
off Israeli attempts to infect computer systems with what he described as a new
version of Stuxnet—the malware reportedly developed jointly by the US and
Israel that targeted Iran’s uranium-enrichment program. Gholamreza Jalali,
chief of the National Passive Defense Organization (NPDO), told Iran's IRNA
news service, “Recently, we discovered a new generation of Stuxnet which
consisted of several parts... and was trying to enter our systems.” On November
5, Iran Telecommunications Minister Mohammad-Javad Azari Jahromi accused Israel
of being behind the attack, and he said that the malware was intended to “harm
the country’s communication infrastructures.” Jahromi praised “technical teams”
for shutting down the attack, saying that the attackers “returned
empty-handed.” A report from Iran’s Tasnim news agency quoted Deputy
Telecommunications Minister Hamid Fattahi as stating that more details of the
cyber attacks would be made public soon.
TECHNOLOGY
The New York Times
November 7,
2018
A stunning
statistic is reverberating in cybersecurity: An estimated 3.5 million
cybersecurity jobs will be available but unfilled by 2021, according to
predictions from Cybersecurity Ventures and other experts. “It’s scary. Our
power grid, our cars, our everyday devices — basically everything is online and
able to be attacked,” said Georgia Weidman, author of “Penetration Testing: A
Hands-On Introduction to Hacking.” Ms. Weidman is the founder of two
cybersecurity companies, Bulb Security, where she is chief executive, and
Shevirah, where she is chief technology officer. Shevirah specializes in
security for mobile devices. “It would certainly cause mass destruction if our
power grid went down or our water pumps started going haywire or our dams
decided to open all their sluices,” she said. “That’s actually something that
could happen.” According to a report released this year by the Identity Theft
Resource Center, the number of data breaches tracked in the United States in
2017 hit a high of more than 1,500, up almost 45 percent over 2016. In one
incident this year, the data of 29 million Facebook users was stolen. In
response to the sheer number of new digital gates that might be left open,
employers and educators have had to become more creative in finding people to
guard them.
Ars Technica
November 6,
2018
China
Telecom, the large international communications carrier with close ties to the
Chinese government, misdirected big chunks of Internet traffic through a
roundabout path that threatened the security and integrity of data passing
between various providers’ backbones for two and a half years, a security
expert said Monday. It remained unclear if the highly circuitous paths were
intentional hijackings of the Internet’s Border Gateway Protocol or were caused
by accidental mishandling. For almost a week late last year, the improper
routing caused some US domestic Internet communications to be diverted to
mainland China before reaching their intended destination, Doug Madory, a
researcher specializing in the security of the Internet’s global BGP routing
system, told Ars. As the following traceroute from December 3, 2017 shows,
traffic originating in Los Angeles first passed through a China Telecom
facility in Hangzhou, China, before reaching its final stop in Washington, DC.
The problematic route was the result of China Telecom inserting itself into the
inbound path of Verizon Asian Pacific.
via Nick
Leiserson
