Tag Archives: europe

[ISN] Hacking Critical Infrastructure: A How-To Guide

http://www.defenseone.com/technology/2015/07/hack-critical-infrastructure/118756/ By Patrick Tucker Defense One July 31, 2015 Cyber-aided physical attacks on power plants and the like are a growing concern. A pair of experts is set to reveal how to pull them off — and how to defend against them. How easy would it be to pull off a catastrophic cyber attack on, say, a nuclear power plant? At next week’s Black Hat and Def Con cybersecurity conferences, two security consultants will describe how bits might be used to disrupt physical infrastructure. U.S. Cyber Command officials say this is the threat that most deeply concerns them, according to a recent Government Accountability Office report. “This is because a cyber-physical incident could result in a loss of utility service or the catastrophic destruction of utility infrastructure, such as an explosion,” the report said. The most famous such attack is the 2010 Stuxnet worm, which damaged centrifuges at Iran’s Natanz nuclear enrichment plant. (It’s never been positively attributed to anyone, but common suspicion holds that it was the United States, possibly with Israel.) Scheduled to speak at the Las Vegas conferences are Jason Larsen, a principal security consultant with the firm IOActive, and Marina Krotofil, a security consultant at the European Network for Cyber Security. Larsen and Krotofil didn’t necessarily hack power plants to prove the exploits work; instead Krotofil has developed a model that can be used to simulate power plant attacks. It’s so credible that NIST uses it to find weakness in systems. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Outrage: Iran deal commits U.S. to teach them how to defeat a cyber attack

http://www.americanthinker.com/blog/2015/07/outrage_iran_deal_commits_us_to_teach_them_how_to_defeat_a_cyber_attack_.html By Thomas Lifson American Thinker July 22, 2015 Perhaps the very worst aspect of the Iran deal reached in Vienna is the commitment of the U.S. and European powers to teach the Iranians how to resist attacks such as Stuxnet. Although it has received very little media coverage (Adam Kredo of the Free Beacon is the notable exception), the agreement states (buried on page 142 of the 159-page deal, in Annex III, under Civil Nuclear Cooperation, Section D, under Nuclear Safety, Safeguards and Security, item 10): 10. Nuclear Security E3/EU+3 parties, and possibly other states, as appropriate, are prepared to cooperate with Iran on the implementation of nuclear security guidelines and best practices. Co- operation in the following areas can be envisaged: 10. Co-operation in the form of training courses and workshops to strengthen Iran’s ability to prevent, protect and respond to nuclear security threats to nuclear facilities and systems as well as to enable effective and sustainable nuclear security and physical protection systems; 10. Co-operation through training and workshops to strengthen Iran’s ability to protect against, and respond to nuclear security threats, including sabotage, as well as to enable effective and sustainable nuclear security and physical protection systems. The language obviously s not limited to physical threats, so it must include advanced cyber warfare training. The Israelis are outraged. Ari Yasher of Israel National News writes: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why Cyber War Is Dangerous for Democracies

http://www.theatlantic.com/international/archive/2015/06/hackers-cyber-china-russia/396812/ By MOISÉS NAÍM The Atlantic June 25, 2015 This month, two years after his massive leak of NSA documents detailing U.S. surveillance programs, Edward Snowden published an op-ed in The New York Times celebrating his accomplishments. The “power of an informed public,” he wrote, had forced the U.S. government to scrap its bulk collection of phone records. Moreover, he noted, “Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities.” He concluded by asserting that “We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason.” Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But frankly, I am far more concerned about the cyber threats to my privacy posed by Russia, China, and other authoritarian regimes than the surveillance threats from Washington. You should be too. Around the time that Snowden published his article, hackers broke into the computer systems of the U.S. Office of Personnel Management and stole information on at least 4 million (and perhaps far more) federal employees. The files stolen include personal and professional data that government employees are required to give the agency in order to get security clearances. The main suspect in this and similar attacks is China, though what affiliation, if any, the hackers had with the Chinese government remains unclear. According to the Washington Post, “China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber war in Ukraine: How NATO is helping the country defend itself against digital threats

http://www.zdnet.com/article/ukraines-cyber-warfare-how-nato-helps-the-country-defend-itself-against-digital-threats/ By Andrada Fiscutean Central European Processing ZDNet News June 11, 2015 Ukraine’s recent history has been dramatic, with border changes, riots, the occupation of government buildings, and bloodshed. Behind all this, a quiet conflict, free of gunfire but equally hard-fought, has been taking place in the online world. DDoS attacks and communications jamming has lead to misinformation in an already confused country. Now, North Atlantic Alliance nations are joining forces to help Ukraine protect its digital space. Albania, Estonia, Hungary, Poland, Portugal, Romania, and Turkey have offered financial or in-kind contributions to Ukraine’s Cyber Defense Trust Fund, a program agreed by world leaders during a NATO summit held last September in Wales. US president Barack Obama, British prime minister David Cameron, German chancellor Angela Merkel, and French president François Hollande all participated. “The technical requirements for the implementation of this project have been set up and the negotiations for the necessary legal arrangements are at an advanced stage,” a NATO official in Brussels told ZDNet. “NATO needs to keep abreast of the rapidly changing threat landscape and to maintain a robust cyber-defence,” he added. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GCHQ spies given immunity from anti-hacking laws

http://www.telegraph.co.uk/technology/internet-security/11612659/GCHQ-spies-given-immunity-from-anti-hacking-laws.html By Sophie Curtis The Telegraph 18 May 2015 The government has quietly rewritten a key clause of the Computer Misuse Act, giving GCHQ staff, intelligence officers and police immunity from prosecution for hacking into computers and mobile phones. The Computer Misuse Act, which came into effect in 1990, states that gaining unauthorised access to computer material is a criminal offence, punishable by up to 12 months’ imprisonment and a fine. Until recently, any violation of this Act was required to be by Article 8 of the European Convention on Human Rights, which provides a right to respect for one’s “private and family life, his home and his correspondence”, subject to certain restrictions that are “in accordance with law”. In May 2014, campaign group Privacy International, along with seven internet and communications service providers, filed complaints with the Investigatory Powers Tribunal, challenging GCHQ’s hacking activities, (exposed by NSA whistleblower Edward Snowden in 2013). […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My Latest Gartner Research:Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2014

The unified threat management market has grown by 11.0%, from $1.5 billion in 2013, to $1.6 billion in 2014, with the strongest growth seen in Western Europe, emerging Asia/Pacific and Greater China. 1 Market Size by Segment, Worldwide, 2011-2014 2 Market Shares by Vendor, Worldwide, 2013-2014 3 Definitions 1-1 Market Size: Unified Threat Management (SMB Multifunction Firewalls), by Segment, Worldwide, 2011-2014 (Millions of Dollars) 1-2 Total Annual Growth: Unified Threat Management

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Estonia recruits volunteer army of ‘cyber warriors’

http://www.telegraph.co.uk/news/worldnews/europe/estonia/11564163/Estonia-recruits-volunteer-army-of-cyber-warriors.html By David Blair Tallinn telegraph.co.uk 26 Apr 2015 Estonia has recruited a “ponytail army” of volunteer computer experts who stand ready to defend the nation against cyber attack. The country’s reserve force, the Estonian Defence League, has a Cyber Unit consisting of hundreds of civilian volunteers, including teachers, lawyers and economists. The Baltic nation of 1.3 million people is one of the most technologically advanced in the world: almost every banking transaction takes place online and 30 per cent of all votes in the last general election were cast electronically. But this also makes Estonia acutely vulnerable. In 2007, the country suffered one of the biggest cyber attacks in history when the websites of banks, government ministries and the national parliament were swamped with data. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Singtel acquires Trustwave in $810M security services deal

http://www.zdnet.com/article/singtel-acquires-trustwave-in-810m-security-services-deal/ By Eileen Yu By The Way ZDNet News April 8, 2015 Singtel has inked a deal to acquire a 98 percent equity interest in Trustwave for an estimated US$810 million, as the Singapore carrier looks to beef up its cloud and managed services portfolio. Headquartered in Chicago, U.S.A, Trustwave offers hosted services in threat, vulnerability, and compliance management, and has more than three million business subscribers. It has presence in 26 countries across North America, Europe, and the Asia-Pacific region, with a global headcount of 1,200 that includes security professionals in its forensic and threat research security unit, SpiderLabs. It operates five security operation centers and nine engineering centers. Trustwave Chairman and CEO Robert J. McCullen will retain the remaining 2 percent stake in the company. According to Singtel, Trustwave will continue to operate independently as a separate business unit after the acquisition has been finalized, but will tap the telco’s assets and market presence to expand its portfolio and address market opportunities in the Asia-Pacific region. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail