Tag Archives: committee

[ISN] Hackers target Birmingham City Council website in sustained attack

http://www.birminghammail.co.uk/news/midlands-news/hackers-made-24000-attempts-attack-8705246 By Neil Elkes Birmingham Mail 24 February 2015 Hackers launched a major attack on Birmingham City Council’s computer system . The authority’s website was hit by a ‘significant attack’ receiving 24,000 hits per minute on Friday in an attempt to breach its security leading to major action to protect the data. Service Birmingham Chief Executive Tony Lubman revealed the attack while appearing before the council’s contracts and partnership committee. He told the panel how fending off attacks takes considerable resources. “Birmingham is by far the largest local authority in Europe. You represent the Government and you are therefore a target,” he said. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China’s New Rules for Selling Tech to Banks Have US Companies Spooked

http://www.wired.com/2015/01/chinas-new-rules-selling-tech-banks-us-companies-spooked/ By Davey Alba Wired.com 01.29.15 Technology companies that want to sell equipment to Chinese banks will have to submit to extensive audits, turn over source code, and build “back doors” into their hardware and software, according to a copy of the rules obtained by foreign companies already doing billions of dollar worth of business in the country. The new rules were laid out in a 22-page document from Beijing, and are presumably being put in place so that the Chinese government can peek into computer banking systems. Details about the new regulations, which were reported in The New York Times today, are a cause for concern, particularly to Western technology companies. In 2015, the China tech market is expected to account for 43 percent of tech-sector growth worldwide. With these new regulations, foreign companies and business groups worry that authorities may be trying to push them out of the fast-growing market. According to the Times, the groups—which include the US Chamber of Commerce—sent a letter Wednesday to a top-level Communist Party committee, criticizing the new policies that they say essentially amount to protectionism. The new bank rules and the reaction from Western corporations represent the latest development in an ongoing squabble between China and the US over cybersecurity and technology. The US government has held China responsible for a number of cyberattacks on American companies, and continues to be wary that Chinese-made hardware, software and internet services may have some built-in features that allow the Chinese government to snoop on American consumers. Meanwhile, China has used the recent disclosures by former NSA contractor Edward Snowden as proof that the US is already doing this kind of spying—and that this is reason enough to get rid of American technology in the country. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The Problem With Calling Cyber Attacks ‘Terrorism’

http://www.defenseone.com/technology/2015/01/problem-calling-cyber-attacks-terrorism/102309/ By Micah Zenko Council on Foreign Relations January 6, 2015 Yesterday, Sen. Robert Menendez (D-NJ), the ranking member of the Senate Foreign Relations Committee, appeared on CNN’sState of the Union where he proposed placing North Korea on the State Department’s State Sponsors of Terrorism list. Menendez contended that the additional sanctions announced by the White House last week were insufficient, and that “we need to look at putting North Korea back on the list of state sponsors of terrorism, which would have far more pervasive consequences.” Beyond claiming this would have additional consequences for North Korea, he disagreed with President Obama’s characterization of the alleged Sony hack as “an act of cyber vandalism”: “Vandalism is when you break a window. Terrorism is when you destroy a building. And what happened here is that North Korea landed a virtual bomb on Sony’s parking lot, and ultimately had real consequences to it as a company and to many individuals who work there.” I recently wrote a piece that questioned the wisdom of placing North Korea on the State Sponsors of Terrorism list, given that—according to the State Department—the “The Democratic People’s Republic of Korea (DPRK) is not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” There is no question that North Korean agents engage in any number of malicious and even violent actions in South Korea and beyond, which might be labeled by some as acts of “terrorism.” However, the U.S. Secretary of State, who is empowered under the 1979 legislation to determine which countries should be included on the list, concluded that North Korea should not be on the list, and, in fact, the Bush administration removed the country in 2008. Moreover, just as removing North Korea from the list did not open up the country to U.S. exports given the multitude of overlapping sanctions and restrictions, placing them back on it will not have any demonstrable impact. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ICANN HACKED: Intruders poke around global DNS innards

http://www.theregister.co.uk/2014/12/17/icann_hacked_admin_access_to_zone_files/ By Kieren McCarthy The Register 17 Dec 2014 Domain-name overseer ICANN has been hacked and its DNS zone database compromised, the organization has said. Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a “spear phishing” attack, suggesting employees clicked on a link in the messages that took them to a bogus login page – into which staff typed their usernames and passwords, providing hackers with the keys to their work email accounts. No sign of two-factor authentication, then. “The attack resulted in the compromise of the email credentials of several ICANN staff members,” ICANN’s statement on the matter reads, noting that the attack happened in late November and was discovered a week later. With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Retailers accuse credit unions of talking smack about card breaches

http://arstechnica.com/security/2014/10/retailers-accuse-credit-unions-of-talking-smack-about-card-breaches/ By Sean Gallagher Ars Technica Oct 30, 2014 Reeling from the bad press associated with an ongoing parade of data breaches caused by criminal infiltration of their payment systems, representatives of six retail industry associations signed a joint open letter that pushes back against a vocal critic of retailers’ cyber-security practices—credit union associations. In the letter addressed to the presidents of the Credit Union National Association (CUNA) and the National Association of Federal Credit Unions (NAFCU), retail industry representatives accused the associations of spreading “a number of misleading and factually inaccurate points… in the media and before Congress in regards to the cyber security in our country.” The industry group executives insisted that retailers already share the burden of dealing with the cost of lost data—at least to the degree that they are contractually obliged by credit card organizations. But given how much they actually do pay, the retailers may protest too much. Unsafe at any register The letter is a direct response to comments made in a letter to House Homeland Security Committee chairman Rep. Michael McCaul (R-TX) by Carrie Hunt, the NAFCU’s senior vice president of government affairs, posted on October 28. In her letter, Hunt called out the retail industry for not carrying enough of the burden associated with the loss of customers’ financial data. While credit unions and other financial institutions are subject to strict standards and regulations on handling sensitive customer financial data, Hunt wrote, “retailers and many other entities…are not subject to these same standards, and they become victims of data breaches and data theft all too often. While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] House Intel Chief Wants To Increase Cyber Attacks Against Russia

http://www.defenseone.com/politics/2014/10/house-intel-chief-wants-increase-cyber-attacks-against-russia/95675/ By Patrick Tucker defenseone.com October 2, 2014 The United States should be conducting more disruptive cyber attacks against nations like Russia, according to Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee. “I don’t think we are using all of our cyber-capability to disrupt” actors in Russia targeting U.S. interests, he said at The Washington Post’s cybersecurity summit on Thursday. Rogers cited attacks out of Russia on the U.S. financial sector, specifically against JP Morgan Chase in August, as an example of nation states targeting U.S. companies and financial interests. The FBI is currently investigating whether or not the attacks were a response to the financial sanctions that the United States placed on Russia in March. He didn’t directly implicate Putin’s government in the attack on JP Morgan Chase, but he called the attempted breaches a “decision [made] on the basis of sanctions,” and asked whether the intent was “to monitor transactions or go in destroy enough data to cause harm to transactions?” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Chinese hackers successfully attacked military contractors for 12 months: Senate probe

http://www.washingtontimes.com/news/2014/sep/17/chinese-hackers-successfully-attacked-military-con/ By Douglas Ernst The Washington Times September 17, 2014 A yearlong investigation into cyberattacks on U.S. military contractors for U.S. Transportation Command found that 50 such incidents occurred over the 12 months beginning June 1, 2012. “These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” Sen. Carl Levin, the Senate Armed Services Committee chairman from Michigan, said in a statement released with the report on Wednesday. The committee’s report found that at least 20 of the attacks were successful in achieving China’s objective, and of those 20, Transcom initially only caught two, Reuters reported Wednesday. U.S. military personnel were said to be mostly in the dark about the security breaches due to gaps in reporting requirements of its contractors, the report concluded, Reuters reported. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Senators ask Apple, Home Depot for information on breaches

http://www.computerworld.com/article/2606965/senators-ask-apple-home-depot-for-information-on-breaches.html By Grant Gross IDG News Service Sep 11, 2014 A recent data breach at retailer Home Depot and a leak of celebrity nude pictures from Apple’s iCloud service raise questions about the companies’ data security practices, two U.S. senators said Thursday. Sens. John “Jay” Rockefeller, a West Virginia Democrat, and Claire McCaskill, a Missouri Democrat, asked Apple and Home Depot for information on their security practices. The senators, senior members of the Senate Commerce, Science and Transportation Committee, have asked the companies to provide the committee with detailed information about the causes of the breaches. A series of new Apple products, including the Apple Watch and its iCloud Drive, will lead to more sensitive customer information stored in the cloud, the senators wrote in a letter to Apple CEO Tim Cook. “We are interested to know what security protocols Apple has adopted to maximize the safety and privacy of your customers who store information on your company’s popular iCloud,” the senators wrote. “We understand that the focused nature of the attack on specific iCloud accounts is very different from the massive data breaches that affected other companies, but nonetheless indicate potential vulnerabilities in your cloud security protocols that were exploited by hackers.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail