Tag Archives: cyber

[ISN] The Former Federal Employee Who Tried to Launch a Cyberattack on Nuclear Scientists

www.nextgov.com/cybersecurity/2016/02/former-federal-employee-who-tried-launch-cyberattack-nuclear-scientists/125694/ By Kaveh Waddell The Atlantic February 4, 2016 A nuclear scientist formerly employed by the federal government admitted Tuesday that he tried to infect the computers of about 80 government employees whom he believed had access to nuclear materials and weapons. According to court documents released by the Justice Department, the scientist, Charles Eccleston, pleaded guilty to one count of attempted unauthorized access to a protected computer. Until he was fired in 2011, Eccleston worked for the Nuclear Regulatory Commission, a federal agency that oversees civilian use of radioactive materials. During his time at the commission, he held a security clearance in order to work on nuclear-energy issues, according to the documents. A year after his federal government job ended, he moved to Manila, the capital of the Philippines. In 2013, Eccleston went to the Manila embassy of an unidentified foreign country, and offered to sell foreign officials a list of thousands of federal employees’ email accounts for $18,800. He said the addresses were “top secret” and used for official communication. As a negotiating ploy, he said he would take the list to China, Venezuela, or Iran if the embassy didn’t want them. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] IoT risks raise concerns among IT specialists in central and eastern Europe

www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE By Krzysztof Polak ComputerWeekly.com 04 Feb 2016 The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices. The driving force behind IoT is the desire to gain knowledge and insights about, for example, buildings, cars, industrial installations, healthcare, aviation and civil infrastructure, using smart and connected devices. But according to Sylwester Chojnacki, director, enterprise business group at Huawei CEE, the designers of IoT equipment have not learned the lessons from the early years of internet development. “They do not pay sufficient attention to the safety of devices and applications,” he said. IoT devices are often the first target in cyber attacks, leading to intrusions into computer systems and large databases. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New centre to help Singapore boost cyber security

www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security By Lim Yan Liang The Straits Times Feb 4, 2016 Singapore will face more cyber attacks as technology is increasingly used in everyday life, from smart traffic lights and driverless trains to the ubiquitous smartphones. The greater risk, which is inevitable as Singapore pushes to be a Smart Nation, was flagged yesterday by the managing director of the Infocomm Development Authority (IDA), Ms Jacqueline Poh, noting the rise in the United States of such security incidents involving its critical infrastructures. To address the danger, Singapore plans to give existing measures a further boost. One is the introduction of a Cyber Security Bill in Parliament later this year to give the 11-month-old Cyber Security Agency greater powers to secure Singapore’s critical information infrastructure. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers post private files of America’s biggest police union

www.theguardian.com/uk-news/2016/jan/28/fraternal-order-of-police-hacked-fbi-investigation-data-servers By Jon Swaine and George Joseph in New York The Guardian 28 January 2016 Private files belonging to America’s biggest police union, including the names and addresses of officers, forum posts critical of Barack Obama, and controversial contracts made with city authorities, were posted online Thursday after a hacker breached its website. The Fraternal Order of Police (FOP), which says it represents about 330,000 law enforcement officers across the US, said the FBI was investigating after 2.5GB of data taken from its servers was dumped online and swiftly shared on social media. The union’s national site, fop.net, remained offline on Thursday evening. “We have contacted the office of the assistant attorney general in charge of cyber crime, and officials from FBI field offices have already made contact with our staff,” Chuck Canterbury, the FOP’s national president, said in an interview. The FBI did not respond to a request to confirm that it was investigating. Canterbury said he was confident that no sensitive personal information or financial details of their members had been obtained. “Some names and addresses were taken,” he said. “It concerns us. We’re taking steps to try to notify our members but that is going to take some time.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Feds primary network security weapon needs more bang

www.networkworld.com/article/3027635/security/dhs-gao-feds-primary-network-security-weapon-needs-more-bang.html By Michael Cooney Layer 8 Network World Jan 28, 2016 In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security’s (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. The threat is obvious


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Israeli generals said among 1, 600 global targets of Iran cyber-attack

www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/ BY TIMES OF ISRAEL STAFF January 28, 2016 Iran launched a cyber-attack targeting Israeli army generals, human rights activists in the Persian Gulf and scientists, an Israeli cyber-security firm said Thursday. Gil Shwed, CEO of Check Point Software Technologies, said the attack began two months ago and was directed at some 1,600 people worldwide. They received email messages aimed at sending spyware into their computers, Shwed told Israel Radio. More than a quarter of the recipients opened the emails and thus unknowingly downloaded spyware, allowing the hackers to steal information from their hard drives. Over the last two years, Israel has been targeted by a number of cyber-attacks. Officials say hackers affiliated with Hezbollah and the Iranian government were behind some of the infiltration attempts. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s what ‘Shmoocon 2016,’ the D.C. hackerfest, tells us about the cybersecurity industry

www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/ By Aaron Gregg The Washington Post January 28, 2016 Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year, one gets the impression that the hacker community is growing out of a bit of its outrageousness. “There’s a chaotic element to it that has really fallen off,” said Shmoocon founder Bruce Potter. “All the shenanigans you used to see; dumping Jello in the fountain in Vegas…you don’t even see it anywhere anymore.” To be sure, the cultural quirks are still there. Grown men still call each other by over-the-top hacker aliases. A man walks around wearing a chicken mask with a fluorescent-green box strapped to this back blaring electronic music. With the exception of a group of West Point cadets, everyone is wearing T-shirts. But the crowd’s absurdities make it easy to forget that these are some of the most sought-after professionals in business, government and war. Over the past few years costly and highly-public instances of data theft have driven huge corporations to give cybersecurity professionals C-suite representation for the first time. And there’s a massive dearth of trained cybersecurity professionals, even in the Washington area: a 2015 report from market research firm Burning Glass found almost 50,000 open positions for cybersecurity professionals across the country with an advertised average salary of $83,934. As a result, conferences like Shmoocon have become central nodes where corporate and government recruiters find cyber talent. Local economic development boosters are targeting cybersecurity as a growth sector for the region, hoping they can capitalize on the steady stream of specialized talent that spills out the region’s military and intelligence agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CarolinaCon-12 – March 2016 – FINAL ANNOUNCEMENT

Forwarded from: Vic Vandal CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the cheap price of $40 YOU could get a full weekend of talks, hacks, contests, and parties. Regarding the price increase to $40, it was forced due to ever-rising venue costs. But we promise to provide more value via; great talks, great side events, kickass new attendee badges, cool giveaways, etc. We’ve selected as many presentations as we can fit into the lineup. Here they are, in no particular order: – Mo Money Mo Problems: The Cashout – Benjamin Brown – Breaking Android apps for fun and profit – Bill Sempf – Gettin’ Vishy with it – Owen / Snide- @LinuxBlog – Buffer Overflows for x86, x86_64 and ARM – John F. Davis (Math 400) – Surprise! Everything can kill you. – fort – Advanced Reconnaissance Framework – Solray – Introducing PS>Attack, a portable PowerShell attack toolkit – Jared Haight – Reverse Engineer iOS apps because reasons – twinlol – FLOSS every day – automatically extracting obfuscated strings from malware – Moritz Raabe and William Ballenthin – John the Ripper sits in the next cubicle: Cracking passwords in a Corporate environment – Steve Passino – Dynamic Analysis with Windows Performance Toolkit – DeBuG (John deGruyter) – Deploying a Shadow Threat Intel Capability: Understanding YOUR Adversaries without Expensive Security Tools – grecs – AR Hacking: How to turn One Gun Into Five Guns – Deviant Ollam – Reporting for Hackers – Jon Molesa @th3mojo – Never Go Full Spectrum – Cyber Randy – I Am The Liquor – Jim Lahey CarolinaCon-12 Contests/Challenges/Events: – Capture The Flag – Crypto Challenge – Lockpicking Village – Hardware Hack-Shop – Hacker Trivia – Unofficial CC Shootout LODGING: If you’re traveling and wish to stay at the Con hotel here is the direct link to the CarolinaCon discount group rate: www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20160303/index.jhtml NOTE: The website defaults to March 3rd-6th instead of March 4th-6th and the group rate is no longer available on March 3rd. So make sure that you change the reservation dates to get the group rate. ATTENTION: The discount group rate on Hilton hotel rooms expires THIS weekend on JANUARY 31st 2016, so act quickly if you plan on staying at the hotel for all of the weekend fun and you want the group rate. CarolinaCon formal proceedings/talks will run; – 7pm to 11pm on Friday – 10am to 9pm on Saturday – 10am to 4pm on Sunday For presentation abstracts, speaker bios, the final schedule, side event information, and all the other exciting details (as they develop and as our webmaster gets to them) stay tuned to: www.carolinacon.org ADVERTISERS / VENDORS / SPONSORS: There are no advertisers, vendors, or sponsors allowed at CarolinaCon….ever. Please don’t waste your time or ours in asking. CarolinaCon has been Rated “M” for Mature. Peace, Vic


Facebooktwittergoogle_plusredditpinterestlinkedinmail