Tag Archives: Cybersecurity

[ISN] The Former Federal Employee Who Tried to Launch a Cyberattack on Nuclear Scientists

www.nextgov.com/cybersecurity/2016/02/former-federal-employee-who-tried-launch-cyberattack-nuclear-scientists/125694/ By Kaveh Waddell The Atlantic February 4, 2016 A nuclear scientist formerly employed by the federal government admitted Tuesday that he tried to infect the computers of about 80 government employees whom he believed had access to nuclear materials and weapons. According to court documents released by the Justice Department, the scientist, Charles Eccleston, pleaded guilty to one count of attempted unauthorized access to a protected computer. Until he was fired in 2011, Eccleston worked for the Nuclear Regulatory Commission, a federal agency that oversees civilian use of radioactive materials. During his time at the commission, he held a security clearance in order to work on nuclear-energy issues, according to the documents. A year after his federal government job ended, he moved to Manila, the capital of the Philippines. In 2013, Eccleston went to the Manila embassy of an unidentified foreign country, and offered to sell foreign officials a list of thousands of federal employees’ email accounts for $18,800. He said the addresses were “top secret” and used for official communication. As a negotiating ploy, he said he would take the list to China, Venezuela, or Iran if the embassy didn’t want them. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Feds primary network security weapon needs more bang

www.networkworld.com/article/3027635/security/dhs-gao-feds-primary-network-security-weapon-needs-more-bang.html By Michael Cooney Layer 8 Network World Jan 28, 2016 In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security’s (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. The threat is obvious


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s what ‘Shmoocon 2016,’ the D.C. hackerfest, tells us about the cybersecurity industry

www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/ By Aaron Gregg The Washington Post January 28, 2016 Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year, one gets the impression that the hacker community is growing out of a bit of its outrageousness. “There’s a chaotic element to it that has really fallen off,” said Shmoocon founder Bruce Potter. “All the shenanigans you used to see; dumping Jello in the fountain in Vegas…you don’t even see it anywhere anymore.” To be sure, the cultural quirks are still there. Grown men still call each other by over-the-top hacker aliases. A man walks around wearing a chicken mask with a fluorescent-green box strapped to this back blaring electronic music. With the exception of a group of West Point cadets, everyone is wearing T-shirts. But the crowd’s absurdities make it easy to forget that these are some of the most sought-after professionals in business, government and war. Over the past few years costly and highly-public instances of data theft have driven huge corporations to give cybersecurity professionals C-suite representation for the first time. And there’s a massive dearth of trained cybersecurity professionals, even in the Washington area: a 2015 report from market research firm Burning Glass found almost 50,000 open positions for cybersecurity professionals across the country with an advertised average salary of $83,934. As a result, conferences like Shmoocon have become central nodes where corporate and government recruiters find cyber talent. Local economic development boosters are targeting cybersecurity as a growth sector for the region, hoping they can capitalize on the steady stream of specialized talent that spills out the region’s military and intelligence agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] After OPM Hack, Pentagon to Store and Secure Sensitive Security Clearance Docs

www.nextgov.com/cybersecurity/2016/01/after-opm-hack-pentagon-store-and-secure-sensitive-security-clearance-docs/125338/ By Jack Moore Nextgov.com January 22, 2016 In the continuing aftermath of the massive hack of sensitive records stored by the Office of Personnel Management, the Obama administration announced today it’s shifting the responsibility for conducting background investigations of sensitive personnel to the Defense Department In the future, files containing personal information on security clearance seekers


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] Speak About Your Cyberwar at PHDays VI

Forwarded fFrom: Alexander Lashkov Positive Hack Days VI, the international forum on practical information security, opens Call for Papers. Our international program committee consisting of very competent and experienced experts will consider every application, whether from a novice or a recognized expert in information security, and select the best proposals. Now, more than ever before, cybersecurity specialists are being asked to stop sitting on the fence and choose a side — competitive intelligence vs DLP systems; security system developers vs targeted cyberattacks; cryptographers vs reverse engineers; hackers vs security operations centers. A new concept of PHDays VI is designed to show what the current vibe is in information security. We want researchers to speak about the real dangerous threats and possible consequences. We also expect developers and integrators to give real answers to these threats rather than to talk about empowering security technologies. Come and share your experience at PHDays VI in Moscow, May 17 and 18, 2016. Your topic can revolve around any modern infosec field: new targeted attacks against SCADA, new threats to medical equipment, vulnerabilities of online government services, unusual techniques to protect mobile apps, antisocial engineering in social networks, or what psychological constitution SOC experts have. In addition, this year, we are planning to discuss IS software design, development tools, and SSDL principles. Our key criteria is that your research should be unique and offer a fresh perspective on hacking, modern information technologies, and the role they play in our lives. If you have something interesting or surprising to share, but none of the formats are suitable for your participation, please apply anyway and be sure we will consider your work. The first stage of CFP ends on January 31, 2016. Apply now — the number of final reports is limited. In 2015, the forum brought together 3,500 participants. In 2016, it is expected to see 4,000 attendees: information security leaders, CIO and CISO of the world’s largest companies, top managers of giant banks, industrial and oil and gas producing enterprises, telecoms, and IT vendors, representatives from different government departments. Positive Hack Days featured a variety of distinguished participants including Bruce Schneier (the legendary cryptography expert), Whitfield Diffie (one of the inventors of asymmetric cryptography), Mohd Noor Amin (IMPACT, UN), Natalya Kasperskaya (CEO of InfoWatch), Travis Goodspeed (a reverse engineer and wireless enthusiast from the U.S.), Tao Wan (the founder of China Eagle Union), Nick Galbreath (Vice-President of IPONWEB), Mushtaq Ahmed (Emirates Airline), Marc Heuse (the developer of Hydra, Amap, and THC-IPV6), Karsten Nohl (a specialist in GSM engineering), Donato Ferrante and Luigi Auriemma (famous SCADA experts from Italy), and Alexander Peslyak (the creator of the password cracking tool John the Ripper). Find any details about the format, participation rules, and CFP instructions on the PHDays website: www.phdays.com/call_for_papers/


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Agencies Get Marching Orders for Filling ‘Major’ Cyber Talent Shortage

www.nextgov.com/cybersecurity/2015/12/agencies-get-marching-orders-filling-major-cyber-talent-shortage/124520/ By Jack Moore Nextgov.com December 15, 2015 Federal agencies face a rapidly approaching deadline to identify cybersecurity workforce shortages. Boosting the government’s information security workforce is a key part of the Obama administration’s long-term strategy for securing federal networks. It follows a 30-day rapid action plan initiated this summer to tighten online defenses in the wake of the massive Office of Personnel Management hack. By Dec. 31, agencies are required to report to the White House the top five areas


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cybersecurity Researchers Are Hunted from All Sides

motherboard.vice.com/read/cybersecurity-researchers-are-hunted-from-all-sides By Andrada Fiscutean Motherboard.vice.com December 14, 2015 Cybersecurity researcher Peter Kruse, founder of CSIS Security Group in Denmark, thought his mother was calling. Her number appeared on his phone, but when he answered, it wasn’t her. Instead, a male voice told him to stop what he was doing as a computer expert. “They checked my family members,” he said, referring to his anonymous tormenters. “They did their homework.” Security researcher Costin Raiu at Kaspersky Lab in Romania has a similar story. While he was analyzing Stuxnet, a worm written by the US and Israel and considered to be the first cyber weapon, someone broke into his house. The intruder left behind a decision cube—a rubber die inscribed with conclusions like “yes,” “no,” “maybe”-on his living room table with the message “take a break” facing up. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] J.P. Morgan, BOA, Citi, And Wells Spending $1.5 Billion To Battle Cyber Crime

www.forbes.com/sites/stevemorgan/2015/12/13/j-p-morgan-boa-citi-and-wells-spending-1-5-billion-to-battle-cyber-crime/ By Steve Morgan Contributor Forbes / Tech Dec 13, 2015 There’s a showdown between the world’s largest corporations, governments, and cybersecurity companies who are going up against a global network of cyber criminals. The British insurance company Lloyd’s estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts put the cybercrime figure as high as $500 billion and more. The banking and financial services sector has been the prime target of cyber criminals over the last five years, followed by IT & telecom, defense, and the oil and gas sector, according to TechSci Research, an IT market intelligence firm. Infosecurity Magazine stated in an article earlier this year that financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries. Deloitte states that the financial services sector faces the greatest economic risk related to cybersecurity. The biggest U.S. banks are responding to the cyber crime epidemic with some of the biggest security budgets. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail