[ISN] Pentagon Personnel Now Talking on ‘NSA-Proof’ Smartphones

http://www.nextgov.com/cybersecurity/2015/03/pentagon-personnel-are-talking-nsa-proof-smartphones/108820/ By Aliya Sternstein Nextgov.com March 30, 2015 The Defense Department has rolled out supersecret smartphones for work and maybe play, made by anti-government-surveillance firm Silent Circle, according to company officials. Silent Circle, founded by a former Navy Seal and the inventor of privacy-minded PGP encryption, is known for decrying federal efforts to bug smartphones. And for its spy-resistant “blackphone.” Apparently, troops don’t like busybodies either. As part of limited trials, U.S. military personnel are using the device, encrypted with secret code down to its hardware, to communicate “for both unclassified and classified” work, Silent Circle chairman Mike Janke told Nextgov. In 2012, Janke, who served in the Navy’s elite special operations force, and Phil Zimmermann, creator of Pretty Good Privacy (PGP, in short), started Silent Circle as a California-based secure communications firm. The company is no longer based in the United States, ostensibly to deter U.S. law enforcement from seeking access to user records. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] US Used Zero-Day Exploits Before It Had Policies for Them

http://www.wired.com/2015/03/us-used-zero-day-exploits-policies/ By Kim Zetter Security Wired.com March 30, 2015 AROUND THE SAME time the US and Israel were already developing and unleashing Stuxnet on computers in Iran, using five zero-day exploits to get the digital weapon onto machines there, the government realized it needed a policy for how it should handle zero-day vulnerabilities, according to a new document obtained by the Electronic Frontier Foundation. The document, found among a handful of heavily redacted pages released after the civil liberties group sued the Office of the Director of National Intelligence to obtain them, sheds light on the backstory behind the development of the government’s zero-day policy and offers some insight into the motivations for establishing it. What the documents don’t do, however, is provide support for the government’s assertions that it discloses the “vast majority” of zero-day vulnerabilities it discovers instead of keeping them secret and exploiting them. “The level of transparency we have now is not enough,” says Andrew Crocker a legal fellow at EFF. “It doesn’t answer a lot of questions about how often the intelligence community is disclosing, whether they’re really following this process, and who is involved in making these decisions in the executive branch. More transparency is needed.” The timeframe around the development of the policy does make clear, however, that the government was deploying zero-days to attack systems long before it had established a formal policy for their use. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Taiwan seeks stronger cybersecurity ties with US to counter China threat

http://www.thestar.com.my/Tech/Tech-News/2015/03/31/Taiwan-seeks-stronger-cybersecurity-ties-with-US-to-counter-China-threat/ The Star Online March 31, 2015 TAIPEI: Taiwan wants to join a major anti-hacking drill conducted by the United States to strengthen cybersecurity ties with its staunchest ally, its vice premier said on Monday, a move which would help safeguard against constant targeting by hackers in rival China. Many hacks into Taiwan systems have been traced to sites belonging to China’s People’s Liberation Army, Vice Premier Simon Chang told Reuters in an interview, without elaborating on the locations. “Taiwan has no enemy in the international community except you-know-who. Who in the world would try to hack Taiwan?” Chang, a former director of Asia hardware operations for Internet giant Google Inc, said. China has vehemently denied accusations of cybertheft. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Law firms looking into cyber insurance

http://www.businessinsurance.com/article/20150330/NEWS06/150339979 By Claire Bushey Crain’s Chicago Business March 30, 2015 Alarmed by their vulnerability to everything from sophisticated hacking to the hapless attorney who attaches the wrong spreadsheet to an email, law firms are turning to new must-have coverage: cyber insurance. In the past few years, the biggest firms have purchased policies to cover the costs of a data breach: notifying clients or employees, conducting a forensic investigation and, if necessary, writing checks to plaintiffs or regulators. Now midsize and small firms are eyeing the policies, too. But without a major claim by a law firm against a cyber insurance policy, attorneys shopping for coverage are left with what Matthew Price, associate general counsel at Milwaukee-based Foley & Lardner L.L.P., calls “the real $64,000 question, which is: How much is enough?” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Secrecy on the Set: Hollywood Embraces Digital Security

http://www.nytimes.com/2015/03/30/technology/secrecy-on-the-set-hollywood-embraces-digital-security.html By NICOLE PERLROTH The New York Times MARCH 29, 2015 SAN FRANCISCO — For years, Lulu Zezza has played one of the toughest roles in Hollywood. Ms. Zezza, who has managed physical production on movies like “The Reader” and “Nine,” also oversees the digital security of everything that goes into the making of a film on set, including budgets, casting, shooting schedules and scripts. Not all that long ago, keeping tabs on Hollywood secrets was pretty simple. Executives like Ms. Zezza could confiscate a crew member’s company-issued computer or cellphone once shooting ended. But personal smartphones that receive company emails, and apps that store data on cloud computers? That is not so easy to manage if your co-workers aren’t willing to play along. F.B.I. Says Little Doubt North Korea Hit Sony JAN. 7, 2015 News Companies See Movies as Opportunity for GrowthMARCH 29, 2015 Enter North Korea, stage left. After hackers believed to be from North Korea revealed embarrassing emails and other personal details at Sony Pictures late last year, Hollywood studios — like so many businesses in other industries before them — realized they had better find a better way to protect their most sensitive files. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cash, IT security threaten NASA Deep Space Network operation

http://www.networkworld.com/article/2902506/security0/cash-it-security-threaten-nasa-deep-space-network-operation.html By Michael Cooney Layer 8 Network World March 26, 2015 Money needed for upgrades to older equipment and IT security issues continue to drag on NASA, according to a report issued this week by the space agency’s Office of Inspector General. The report focuses on NASA’s Deep Space Network, which through variety of antennas and transmitters at communications complexes in three locations: Goldstone, California; Madrid, Spain; and Canberra, Australia provides space missions with the tracking, telemetry, and command services required to control and maintain spacecraft and transmit science data. NASA’s international partners also use the Deep Space Net. > From the OIG report: “Much of DSN’s hardware is more than 30 years old, costly to maintain, and requires modernization and expansion to ensure continued service for existing and planned missions. Although DSN is meeting its current operational commitments, budget reductions have challenged the Network’s ability to maintain these performance levels and threaten its future reliability. Specifically, in FY 2009 the Network implemented a plan to achieve $226.9 million in savings over 10 years and use most of that savings to build new antennas and transmitters. However, in FY 2013 the NASA’s Space Communications and Navigation (SCaN) Program cut the Network’s budget by $101.3 million, causing DSN to delay upgrades, close antennas, and cancel or re-plan tasks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Where the Military’s Smartest Hackers Aren’t Human at All

http://www.defenseone.com/technology/2015/03/where-militarys-smartest-hackers-arent-human-all/108562/ BY ALIYA STERNSTEIN NEXTGOV MARCH 26, 2015 Next month, unmanned computers all over the globe will face off in a dress rehearsal for a Las Vegas hacking tournament run by the U.S. military. The $2 million “Cyber Grand Challenge” pits hacker-fighting software against malicious code programmed by Pentagon personnel. During the 2016 finals in Vegas, the humans who built these cyberbots might as well go play blackjack. At stake in the cyber challenge is a chunk of change and perhaps societal gratitude. That’s because the research and development gleaned during the two-year competition could lay the groundwork for a world where machines are in charge of cybersecurity. At least, that’s the hope of many of the contestants and the Defense Advanced Research Projects Agency, the Pentagon component leading the program. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail