www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security By Lim Yan Liang The Straits Times Feb 4, 2016 Singapore will face more cyber attacks as technology is increasingly used in everyday life, from smart traffic lights and driverless trains to the ubiquitous smartphones. The greater risk, which is inevitable as Singapore pushes to be a Smart Nation, was flagged yesterday by the managing director of the Infocomm Development Authority (IDA), Ms Jacqueline Poh, noting the rise in the United States of such security incidents involving its critical infrastructures. To address the danger, Singapore plans to give existing measures a further boost. One is the introduction of a Cyber Security Bill in Parliament later this year to give the 11-month-old Cyber Security Agency greater powers to secure Singapore’s critical information infrastructure. […]
http://www.telegraph.co.uk/news/worldnews/europe/estonia/11564163/Estonia-recruits-volunteer-army-of-cyber-warriors.html By David Blair Tallinn telegraph.co.uk 26 Apr 2015 Estonia has recruited a “ponytail army” of volunteer computer experts who stand ready to defend the nation against cyber attack. The country’s reserve force, the Estonian Defence League, has a Cyber Unit consisting of hundreds of civilian volunteers, including teachers, lawyers and economists. The Baltic nation of 1.3 million people is one of the most technologically advanced in the world: almost every banking transaction takes place online and 30 per cent of all votes in the last general election were cast electronically. But this also makes Estonia acutely vulnerable. In 2007, the country suffered one of the biggest cyber attacks in history when the websites of banks, government ministries and the national parliament were swamped with data. […]
I just saw a news release with Greta Van Susteren about Thailand’s participation in the radar data for Flight 370. I myself have been searching online using DigitalGlobe.com’s satellite data in their crowdsourcing effort to search for flight 370. Although I can certainly understand how some people could be upset by the response that Thailand didn’t provide radar data “because they weren’t asked”. This sort of response is typical of Thai culture. My wife is Thai and I think that amoungst many cultures of the world, Thais are some of the most caring and loving people but their cultural norms make others (especially western cultures) feel like they don’t care. Quite in fact it is very common in Thai culture to avoid conflict and stay out of other people’s problems or situations entirely. In Thai culture their perception is that they are giving respect by staying out of other people’s business and affairs unless a Thai is asked directly to get involved. This is a deep rooted belief and likely why they did not get involved to provide data until there was a specific request for them to get involved. I know this runs contrary to Christian beliefs entirely but it is how the culture operates and this situation is likely being misinterpreted. In personal dealings with my own wife and her family I have found this dynamic to be troublesome and cause of some misunderstandings. I am certain that the Thai people care deeply for the loss of flight 370 just as much as any other country. Additionally the Thai government is in disarray adding difficulties to this scenario with severe problems in their parliament and leadership. I ask my fellow countrymen and others to not sit in judgement because of this odd cultural dynamic. My two cents. Peace!
http://thediplomat.com/2014/02/s-korea-seeks-cyber-weapons-to-target-north-koreas-nukes/ By Zachary Keck The Diplomat February 21, 2014 South Korea is developing offensive cyber weapons to target North Korea’s nuclear weapons program, according to the country’s defense ministry said on Wednesday. According to Yonhap News Agency, South Korea’s Defense Ministry outlined its long-term cyberpolicy to the parliament’s defense committee on Wednesday. The report stated that, “A strategic plan for the second phase calls for developing cybertools for offense like Stuxnet, a computer virus that damaged Iran’s uranium enrichment facility, to cripple North Korea’s missile and atomic facilities.” Yonhap also quoted an anonymous senior defense official as saying: “Once the second phase plan is established, the cyber command will carry out comprehensive cyberwarfare missions.” These missions will be carried out under a new Cyber Defense Command that South Korea plans to establish in May. It will operate under the purview of the ROK Joint Chiefs of Staff, according to the report. South Korea first established a Cyber Command in 2010 to guard against the threat posed by North Korea’s elite unit of hackers. So far, its aims have primarily been to protect vulnerable national networks from cyber attacks originating from North Korea, as well as to wage psychological warfare campaigns against Pyongyang. The decision to equip South Korea’s cyber warriors with the capabilities to attack North Korea’s nuclear and missile facilities therefore represents a dramatic escalation. […]
http://www.csoonline.com/article/740393/espionage-campaign-targeting-asian-supply-chains-uncovered By Steve Ragan Staff Writer CSO Online September 25, 2013 Kaspersky Lab, during a presentation at a security summit produced by Billington CyberSecurity, unveiled the existence of a small group of criminal hackers for hire, which began operations in 2011 and have expanded in scope and size over the last few years. Calling the campaign Icefog, Kaspersky explained during their presentation that the campaign targeted governmental institutions, military contractors, maritime and ship-building groups, telecom and satellite operators, industrial and high technology companies, and mass media. Specifically, the targets include defense industry contractors such as Lig Nex1 and Selectron Industrial Company, media companies such as Fuji TV and the Japan-China Economic Association, shipbuilding companies such as DSME Tech, Hanjin Heavy Industries, and telecom operators such as Korea Telecom. However, Kaspersky isn’t saying who was confirmed to be a victim when it comes to Icefog, only that they are working with the firms directly and law enforcement. Earlier this year, Kaspersky obtained a Phishing sample from Fuji TV. The attachment was malicious, and dropped additional files that would later be classified as part of the Icefog campaign. However, initial analysis linked the newly discovered malware to an earlier variant. This same variant was used to attack the Japanese Parliament in 2011, and later in 2012. […]
http://www.theregister.co.uk/2013/09/13/huawei_sanqi_li_says_no_national_security_threat/ By Kelly Fiveash The Register 13th September 2013 Exclusive A top Huawei exec has dismissed claims that his company poses a threat to British and US national security – despite Western government officials’ fears over Huawei’s alleged connections to the Chinese Communist Party. Professor Sanqi Li – speaking in an exclusive interview with The Register at the multinational’s R&D centre in Stockholm, Sweden – repeatedly attempted to paint a picture of a benign company that simply deals with “packet in, packet out”. When pressed about Parliament’s concerns that Huawei may have too much control over Blighty’s critical infrastructure and communications systems – based on claims that the company’s chairman (and erstwhile member of the People’s Liberation Army) Ren Zhengfei was helping Chinese authorities to spy on the Western world – Li said: “No, we are not a threat”. He added: “There’s no substance, just more speculation.” Li, the company’s Carrier Business Group CTO, said Huawei, which provides equipment to Britain’s one-time national telco BT, was an easy target because it is a Chinese company that operates in the Western world. But he insisted fears of compromised national security presented an industry-wide problem for all tech outfits. […]
http://qz.com/123190/these-are-the-codes-you-need-to-crack-to-get-a-job-as-a-british-cyberspy/ By Leo Mirani Quartz September 11, 2013 A website, canyoufindit.co.uk, just went live. It contains 28 sets of five letters and one set of three letters. There are five answers. If you get them right, you may be on your way to joining GCHQ, Britain’s signals-intelligence agency, in either the “cyber and technical operations,” “maths and cryptography” or “advanced technology research” departments. The website was registered in March to TMP Worldwide, a recruitment company that has in the past helped GCHQ search for women engineers. This is not the first time GCHQ has used puzzles to find skilled programmers. In 2011, the agency set up a similar, now-defunct website, titled “Can you crack it,” which the Telegraph newspaper later reported led to a “path to a job” for all who solved its puzzles. Cracking it involved several steps that required programming skills to complete, at the end of which lay a form to apply to GCHQ. Such methods may be essential for GCHQ, which has a tough time attracting and retaining staff. Ian Lobban, director of GCHQ since 2008, told the intelligence and security committee of Parliament early in 2011 that his agency can offer recruits a fantastic mission but can’t compete with the salaries offered by the private sector. The agency has since put in place more “flexible packages for internet specialists.” By January this year Lobban was hopeful: […]
http://www.calgaryherald.com/news/Poor+data+breach+tracking+reporting+concerns+federal/8571560/story.html By Jim Bronskill The Canadian Press June 24, 2013 OTTAWA – Canada’s privacy czar has singled out several federal departments for their lacklustre approach to data breaches, citing a need for better reporting, security and tracking protocols. Privacy commissioner Jennifer Stoddart’s office has compiled a preliminary list of agencies with potentially worrisome patterns when it comes to the loss of Canadians’ personal information. The analysis is based on departmental figures tabled in Parliament in April in response to a question from New Democrat MP Charlie Angus. The response indicated there were more than 3,000 data breaches over a 10-year period affecting about 725,000 Canadians. Upon crunching the numbers, the privacy commissioner identified nine departments and agencies that may lack adequate reporting mechanisms, have faulty security procedures or require improved tracking protocols. Stoddart’s staff cautions that the figures paint a statistical picture but do not shed full light on the kind of data involved in the breaches. […] _______________________________________________ ISN mailing list ISN@lists.infosecnews.org http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org