[ISN] Estonia recruits volunteer army of ‘cyber warriors’

http://www.telegraph.co.uk/news/worldnews/europe/estonia/11564163/Estonia-recruits-volunteer-army-of-cyber-warriors.html By David Blair Tallinn telegraph.co.uk 26 Apr 2015 Estonia has recruited a “ponytail army” of volunteer computer experts who stand ready to defend the nation against cyber attack. The country’s reserve force, the Estonian Defence League, has a Cyber Unit consisting of hundreds of civilian volunteers, including teachers, lawyers and economists. The Baltic nation of 1.3 million people is one of the most technologically advanced in the world: almost every banking transaction takes place online and 30 per cent of all votes in the last general election were cast electronically. But this also makes Estonia acutely vulnerable. In 2007, the country suffered one of the biggest cyber attacks in history when the websites of banks, government ministries and the national parliament were swamped with data. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] RSA Hammers Home Fact That Hackers Are Winning

http://www.eweek.com/security/rsa-hammers-home-fact-that-hackers-are-winning.html By Sean Michael Kerner eWEEK.com 2015-04-27 There was a pall of darkness that hung over the RSA Conference that ran at San Francisco’s Moscone Center from April 20 to 24. Speaker after speaker, session after session, vendor booth after vendor booth, there was one overriding message that I heard time and again—the attackers are winning. The most clichéd saying of the week was that there are only two kinds of organizations—those that have been breached and those that haven’t yet discovered that they have been breached. It’s an air of defeatism that frankly I find appalling. How could the security industry with all its myriad vendors, tools and money not be succeeding in stopping attackers? Where is all the money going that enterprises are investing in security if it’s not going to stopping attackers? The near-endless drumbeat of breach disclosures in the media (and here at eWEEK we have covered our fair share of breaches) has helped to create a climate of fear, where enterprises fear that they will be the next Sony or Target, the next breach waiting to be discovered. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The People Who Risk Jail to Maintain the Tor Network

http://motherboard.vice.com/read/the-operators BY JOSEPH COX Motherboard.vice.com April 27, 2015 Richard* had a long drive ahead of him. About an hour earlier, at 5:30 AM, his wife Lisa* had phoned. “The house is filled up,” she said in a calm but audibly tense voice. Richard, having just woken up and now trying to make sense of the call, thought there must have been another water leak in the basement. Instead, his wife told him, the house was full of FBI agents and they wanted to talk to Richard. “Okay, I’m on my way,” Richard said. He threw on some clothes, grabbed his laptop and phone as requested by the FBI, and stepped out into the night. The interstate drive from Milwaukee, where he was working as a software engineer, back to his home in Indianapolis would take a good five hours, more than enough time to figure out what this was all about. It was something to do with computers, Lisa had said. The only thing Richard thought may be linked to that was his Tor exit node. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s How You Hack a Military Drone

http://www.nextgov.com/defense/2015/04/heres-how-you-hack-drone/111229/ By Aliya Sternstein Nextgov.com April 27, 2015 Research studies on drone vulnerabilities published in recent years essentially provided hackers a how-to guide for hijacking unmanned aircraft, an Israeli defense manufacturer said Monday. A real-life downing of a CIA stealth drone by Iranians occurred a month after one such paper was published, noted Esti Peshin, director of cyber programs for Israel Aerospace Industries, a major defense contractor. In December 2011, the Christian Science Monitor reported that Iran navigated a CIA unmanned aerial vehicle safely down to the ground by manipulating the aircraft’s GPS coordinates. The 2011 study, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, was titled “The Requirements for Successful GPS Spoofing Attacks.” The scholars detailed how to mimic GPS signals to fool GPS receivers that aid navigation. “It’s a PDF file… essentially, a blueprint for hackers,” Peshin said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Preparing for Warfare in Cyberspace

http://www.nytimes.com/2015/04/28/opinion/preparing-for-warfare-in-cyberspace.html By THE EDITORIAL BOARD The New York Times APRIL 28, 2015 The Pentagon’s new 33-page cybersecurity strategy is an important evolution in how America proposes to address a top national security threat. It is intended to warn adversaries — especially China, Russia, Iran and North Korea — that the United States is prepared to retaliate, if necessary, against cyberattacks and is developing the weapons to do so. As The Times recently reported, Russian hackers swept up some of President Obama’s email correspondence last year. Although the breach apparently affected only the White House’s unclassified computers, it was more intrusive and worrisome than publicly acknowledged and is a chilling example of how determined adversaries can penetrate the government system. The United States’ cybersecurity efforts have typically focused on defending computer networks against hackers, criminals and foreign governments. Playing defense is still important, and the Obama administration has started to push Silicon Valley’s software companies to join in that fight. But the focus has shifted to developing the malware and other technologies that would give the United States offensive weapons should circumstances require disrupting an adversary’s network. The strategy document provides some overdue transparency about a military program that is expected to increase to 6,200 workers in a few years and costs billions of dollars annually. Officials apparently hope talking more openly about America’s plans will deter adversaries who view cyberattacks as a cheap way to gather intelligence from more destructive operations. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Russian Hackers Read Obama’s Unclassified Emails, Officials Say

http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclassified-emails-officials-say.html By MICHAEL S. SCHMIDT and DAVID E. SANGER The New York Times APRIL 25, 2015 WASHINGTON – Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation. The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, which he or an aide carries constantly. But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation. White House officials said that no classified networks had been compromised, and that the hackers had collected no classified information. Many senior officials have two computers in their offices, one operating on a highly secure classified network and another connected to the outside world for unclassified communications. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Stolen CentCom computers were found on eBay

http://www.tampabay.com/news/courts/criminal/stolen-centcom-computers-found-on-ebay/2226424 By Patty Ryan Times Staff Writer Tampa Bay Times April 21, 2015 TAMPA — The internal theft of five laptop computers from U.S. Central Command at MacDill Air Force Base went undetected until a supplier noticed four of them advertised on eBay, according to federal court records. A CentCom official ordered an inventory, putting it in the hands of a Riverview man who now admits to being the thief. Scott Duty’s signed federal plea agreement spells out those details and more, in anticipation of a hearing next month in which he is expected to plead guilty to stealing government property. Duty, a former civilian CentCom employee who is 48, could face up to 10 years in prison. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] After Aaron’s Law reintroduced, new counter-bill aims to crack down on hackers

http://www.zdnet.com/article/bill-introduced-forcing-mandatory-disclosure-of-data-breaches-but-at-the-expense-of-hackers/ By Zack Whittaker Zero Day ZDNet News April 25, 2015 Congress is at odds on new cybersecurity legislation, with the introduction of two competing bills aimed at reforming computer misuse laws. On Tuesday, Sens. Mark Kirk (R-IL) and Kirsten Gillibrand (D-NY) introduced two new bills


Facebooktwittergoogle_plusredditpinterestlinkedinmail