Tag Archives: government

[ISN] The Former Federal Employee Who Tried to Launch a Cyberattack on Nuclear Scientists

www.nextgov.com/cybersecurity/2016/02/former-federal-employee-who-tried-launch-cyberattack-nuclear-scientists/125694/ By Kaveh Waddell The Atlantic February 4, 2016 A nuclear scientist formerly employed by the federal government admitted Tuesday that he tried to infect the computers of about 80 government employees whom he believed had access to nuclear materials and weapons. According to court documents released by the Justice Department, the scientist, Charles Eccleston, pleaded guilty to one count of attempted unauthorized access to a protected computer. Until he was fired in 2011, Eccleston worked for the Nuclear Regulatory Commission, a federal agency that oversees civilian use of radioactive materials. During his time at the commission, he held a security clearance in order to work on nuclear-energy issues, according to the documents. A year after his federal government job ended, he moved to Manila, the capital of the Philippines. In 2013, Eccleston went to the Manila embassy of an unidentified foreign country, and offered to sell foreign officials a list of thousands of federal employees’ email accounts for $18,800. He said the addresses were “top secret” and used for official communication. As a negotiating ploy, he said he would take the list to China, Venezuela, or Iran if the embassy didn’t want them. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NSA Hacker Chief Explains How to Keep Him Out of Your System

www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-him-out-of-your-system/ By Kim Zetter Security Wired.com 1/28/2016 IT WAS THE talk most anticipated at this year’s inaugural Usenix Enigma security conference in San Francisco and one that even the other speakers were eager to hear. Rob Joyce, the nation’s hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems. Joyce is head of the NSA’s Tailored Access Operations—the government’s top hacking team who are responsible for breaking into the systems of its foreign adversaries, and occasionally its allies. He’s been with the NSA for more than 25 years but only became head of the TAO division in April 2013, just weeks before the first leaks from Edward Snowden were published by the Guardian and Washington Post. Joyce acknowledged that it was “very strange” for someone in his position to stand onstage before an audience. The TAO has largely existed in the shadowy recesses of the NSA—known and unknown at the same time—until only recently when documents leaked by Snowden and others exposed the workings of this cabal as well as many of its sophisticated hacking tools. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NSA Hacker Chief Explains How to Keep Him Out of Your System

www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-him-out-of-your-system/ By Kim Zetter Security Wired.com 1/28/2016 IT WAS THE talk most anticipated at this year’s inaugural Usenix Enigma security conference in San Francisco and one that even the other speakers were eager to hear. Rob Joyce, the nation’s hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems. Joyce is head of the NSA’s Tailored Access Operations—the government’s top hacking team who are responsible for breaking into the systems of its foreign adversaries, and occasionally its allies. He’s been with the NSA for more than 25 years but only became head of the TAO division in April 2013, just weeks before the first leaks from Edward Snowden were published by the Guardian and Washington Post. Joyce acknowledged that it was “very strange” for someone in his position to stand onstage before an audience. The TAO has largely existed in the shadowy recesses of the NSA—known and unknown at the same time—until only recently when documents leaked by Snowden and others exposed the workings of this cabal as well as many of its sophisticated hacking tools. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Feds primary network security weapon needs more bang

www.networkworld.com/article/3027635/security/dhs-gao-feds-primary-network-security-weapon-needs-more-bang.html By Michael Cooney Layer 8 Network World Jan 28, 2016 In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security’s (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. The threat is obvious


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Israeli generals said among 1, 600 global targets of Iran cyber-attack

www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/ BY TIMES OF ISRAEL STAFF January 28, 2016 Iran launched a cyber-attack targeting Israeli army generals, human rights activists in the Persian Gulf and scientists, an Israeli cyber-security firm said Thursday. Gil Shwed, CEO of Check Point Software Technologies, said the attack began two months ago and was directed at some 1,600 people worldwide. They received email messages aimed at sending spyware into their computers, Shwed told Israel Radio. More than a quarter of the recipients opened the emails and thus unknowingly downloaded spyware, allowing the hackers to steal information from their hard drives. Over the last two years, Israel has been targeted by a number of cyber-attacks. Officials say hackers affiliated with Hezbollah and the Iranian government were behind some of the infiltration attempts. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s what ‘Shmoocon 2016,’ the D.C. hackerfest, tells us about the cybersecurity industry

www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/ By Aaron Gregg The Washington Post January 28, 2016 Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year, one gets the impression that the hacker community is growing out of a bit of its outrageousness. “There’s a chaotic element to it that has really fallen off,” said Shmoocon founder Bruce Potter. “All the shenanigans you used to see; dumping Jello in the fountain in Vegas…you don’t even see it anywhere anymore.” To be sure, the cultural quirks are still there. Grown men still call each other by over-the-top hacker aliases. A man walks around wearing a chicken mask with a fluorescent-green box strapped to this back blaring electronic music. With the exception of a group of West Point cadets, everyone is wearing T-shirts. But the crowd’s absurdities make it easy to forget that these are some of the most sought-after professionals in business, government and war. Over the past few years costly and highly-public instances of data theft have driven huge corporations to give cybersecurity professionals C-suite representation for the first time. And there’s a massive dearth of trained cybersecurity professionals, even in the Washington area: a 2015 report from market research firm Burning Glass found almost 50,000 open positions for cybersecurity professionals across the country with an advertised average salary of $83,934. As a result, conferences like Shmoocon have become central nodes where corporate and government recruiters find cyber talent. Local economic development boosters are targeting cybersecurity as a growth sector for the region, hoping they can capitalize on the steady stream of specialized talent that spills out the region’s military and intelligence agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NASA, Dept of Defense, Commerce etc probed over use of backdoored Juniper kit

www.theregister.co.uk/2016/01/26/juniper_us_government/ By Chris Williams The Register 26 Jan 2016 A bunch of US government departments and agencies – from the military to NASA – are being grilled over their use of backdoored Juniper firewalls. The House of Representatives’ Committee on Oversight and Government Reform fired off letters to top officials over the weekend, demanding to know if any of the dodgy NetScreen devices were used in federal systems. Juniper’s ScreenOS software – the firmware that powers in its firewalls – was tampered with by mystery hackers a few years ago to introduce two vulnerabilities: one was an administrator-level backdoor accessible via Telnet or SSH using a hardcoded password, and the other allowed eavesdroppers to decrypt intercepted VPN traffic. The flaws, which were smuggled into the source code of the firmware, were discovered on December 17 by Juniper, and patches were issued three days later to correct the faults. The backdoor (CVE-2015-7755) affects ScreenOS versions 6.3.0r17 through 6.3.0r20, and the weak VPN encryption (CVE-2015-7756) affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How much at risk is the U.S.’s critical infrastructure? (fwd)

www.csoonline.com/article/3024873/security/how-much-at-risk-is-the-uss-critical-infrastructure.html By Taylor Armerding CSO Jan 21, 2016 There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space. But over the past decade there has been much less agreement over how much of a threat hackers are. On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.” Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.” Other experts argue just as forcefully that while the threats are real and should be taken seriously, the risks are not even close to catastrophic. They say those who predict catastrophe are peddling FUD – fear, uncertainty and doubt. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail