Tag Archives: CSI

[ISN] This Article Was Written With the Help of a ‘Cyber’ Machine

http://www.wsj.com/articles/is-the-prefix-cyber-overused-1425427767 By DANNY YADRON and JENNIFER VALENTINO-DEVRIES The Wall Street Journal March 4, 2015 These days, CyberPatriots go to CyberCamps. Washington wonks ponder a Cyber Red Cross. Last week, the Director of National Intelligence told Congress a “cyber Armageddon” is unlikely. This week, CBS Corp. will premiere the latest iteration of its long-running cops and crime franchise, “CSI: Cyber,” whose protagonist describes herself as cybercop and is based, the network says, on a real-life cyberpsychologist. For some, it is cyber-overload. Stop using the word,” Alex Stamos, the chief information security officer at Yahoo Inc. told a “Cybersecurity for a New America” conference in Washington last week. Earlier, Mr. Stamos quipped on Twitter that he had won “CyberBingo” at his table after a conference speaker warned of a “Cyber Pearl Harbor,” a term popularized by former Defense Secretary Leon Panetta in 2012. Mr. Stamos isn’t brushing off computer intrusions in his quest to hack away at “cyber” usage. As the guy in charge of keeping prying eyes out of one of the world’s most popular websites, you could say he is obsessed with them. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘CSI: Cyber’ review: Hackwork

http://www.nj.com/entertainment/tv/index.ssf/2015/03/csi_cyber_review_patricia_arquette_cbs.html By Vicki Hyman NJ Advance Media for NJ.com March 04, 2015 Thank goodness Patricia Arquette just won an Oscar, because otherwise I’d really have nothing to say about “CSI: Cyber.” The newest “CSI” franchise, which debuts on CBS tonight at 10 p.m., is about the FBI’s cyber crime division, comes with all the series’ high-tech visual flourishes and stars “Boyhood” star Arquette, who, um, just won an Oscar. Yeah. Oh! This time, the Who theme song is “I Can See For Miles.” I’m not saying “CSI: Cyber” isn’t worth watching. I’m just saying there’s not a heck of a lot to say about it. (The original flavor “CSI” is still plugging away after 15 years, while the Miami and New York franchises lasted 10 and 9 seasons, respectively. The latest entry is a bit different in that there’s a lot of people peering at computer screens instead of into microscopes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Annual cost of cybercrime hits near $400 billion

http://www.networkworld.com/article/2360983/security0/annual-cost-of-cybercrime-hits-near-400-billion.html By Ellen Messmer NetworkWorld June 9, 2014 An estimate of the global cost of cybercrime — losses from cyber-espionage theft of intellectual property, plus all types of personal and financial data stolen and dealing with the fallout — is being tabbed at least $400 billion annually, according to the report published today by the Center for Strategic and International Studies. In its report “Net Losses: Estimating the Global Cost of Cybercrime,” Washington, D.C.-based think tank CSIS claims the countries hit most are the United States, China and Germany based on their overall national wealth in Gross Domestic Product (GDP). Those three countries together are estimated to have suffered $200 billion in cybercrime losses on an annual basis. CSIS acknowledges there’s going to be debate over how to calculate the cost of cybercrime the way it broadly defines it. But CSIS, whose research draws largely from the work of economists, argues it could not be lower than $375 billion and the maximum could actually be $575 billion. “Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow,” the report says. By coincidence, the CSIS report on the cost of cybercrime comes in the wake of the U.S. Department of Justice crime charges related to alleged cybercrime operations in China and Eastern Europe that are accused of stealing millions of dollars from U.S. businesses through either theft of trade secrets or outright financial fraud. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] UMC Health System Security Officer discusses user awareness

http://healthitsecurity.com/2014/04/01/umc-health-system-security-officer-discusses-user-awareness/ By Patrick Ouellette Health IT Security April 1, 2014 With 14 years under his belt working with government entities in IT security, Phil Alexander, Information Security Officer at University Medical Center (UMC) Health System, certainly has a unique outlook on IT security in the healthcare sector. Based on those experiences at the federal level and his one year at UMC, Alexander talked with HealthITSecurity.com about his current focuses and where he thinks healthcare IT security is headed. UMC Health System, which includes our all its clinics in the local area, is the major regional provider in the West Texas area, so Alexander has a lot to keep track of. What are you concentrating on security-wise at UMC at the moment? When I got here, we were doing the typical basic cybersecurity and information assurance, nothing out of the ordinary. So I split my team into two: one dedicated to beefing up information assurance and the other being our computer security incident response team (CSIRT). The CSIRT team does a lot of traffic monitoring, packet analysis and forensics. And then on the other side of the house we’re increasing user awareness training this year. I have a different philosophy on security awareness


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Researchers explore underground market of Twitter spam and abuse

http://www.csoonline.com/article/738100/researchers-explore-underground-market-of-twitter-spam-and-abuse By Steve Ragan Staff Writer CSO Online August 14, 2013 Researchers presented data from an ICSI (International Computer Science Institute) driven project Wednesday at the 22nd USENIX Security Symposium in Washington, D.C., that explores the underground market of spam and abuse on Twitter. Led by Vern Paxson of International Computer Science Institute (ICSI) and Chris Grier of UC Berkeley, the group tracked the criminal market on Twitter, which sells access to accounts that are later used to push spam, malicious links (including Phishing and malware), as well as inflate follower counts. Research participants from George Mason University and Twitter also took part. Their research took ten months, and during that time they examined 27 merchants responsible for several million fraudulent accounts. Of those, 95 percent of them were taken offline after the researchers reported them to Twitter. However, the paper says that these merchants were responsible for nearly 10-20 percent of all the illegitimate accounts created on the service during the monitoring period, and that the criminals controlling these market places earned $127,000 to $159,000 for their efforts. The study was limited to Twitter, only because the researchers couldn’t obtain permission from other social networks, such as Facebook, Google, and Yahoo


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cybercrime costs U.S. economy up to $140 billion annually, report says

http://www.latimes.com/business/technology/la-fi-tn-cybercrime-140-billion-dollars-economy-20130722,0,308705.story By Paresh Dave The Los Angeles Times July 22, 2013 Cyberattacks may be draining as much as $140 billion and half a million jobs from the U.S. economy each year, according to a new study that splashes water on a previous estimate of $1 trillion in annual losses. “That’s our best guess,” said James Andrew Lewis, the director of the technology and public policy program at the Center for Strategic and International Studies. The center completed the study with the help from cybersecurity giant McAfee and came up with the new figures by relying on models, such as those used to estimate the economic effects of car crashes and ocean piracy, instead of surveys of companies. Four years ago, McAfee and then politicians and other industry leaders started citing a $1-trillion figure that had been based on surveys. Lewis called reliance on surveys faulty, and McAfee was quick to say on Monday that it commissioned the new study to refine the widely cited and often-criticized tally. “We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyberactivity,” said Mike Fey, executive vice president and chief technology officer at McAfee. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] With espionage at ‘Cold War levels, ‘ CSIS warns travelling spies not to fall for sexual ‘honey traps’

http://news.nationalpost.com/2013/07/14/with-espionage-at-cold-war-levels-csis-warns-travelling-spies-not-to-fall-for-sexual-honey-traps/ By Jim Bronskill Canadian Press 13/07/14 Canada’s spy agency has quietly warned travelling government officials they might be drugged, kidnapped or blackmailed after being enticed into a sexual “honey trap” by an attractive stranger. Foreign intelligence services see federal employees


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Vulnerabilities found in code library used by encrypted phone call apps

https://www.computerworld.com/s/article/9240473/Vulnerabilities_found_in_code_library_used_by_encrypted_phone_call_apps By Lucian Constantin IDG News Service July 1, 2013 ZRTPCPP, an open-source library that’s used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security. ZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for VoIP (voice over IP) communications designed by PGP creator Phil Zimmermann. The library is used by secure communications provider Silent Circle in its Silent Phone app, as well as by other programs that support encrypted phone calls, including CSipSimple, LinPhone, Twinkle, several client apps for the Ostel service and “anything using the GNU ccRTP with ZRTP enabled,” said Azimuth Security co-founder Mark Dowd in a blog post on Thursday. Following the recent reports about the U.S. National Security Agency’s data collection programs that appear to cover Internet audio conversations, there’s been an increased interest into encrypted communication services from end users. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail