http://www.theregister.co.uk/2015/03/05/us_watchdog_anthem_audits/ By Shaun Nichols The Register 5 Mar 2015 A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s systems, and was again turned away. “We do not know why Anthem refuses to cooperate,” government officials told The Register today. The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) told us it wanted to audit Anthem’s information security protections back in 2013, but was snubbed by the insurer. According to the agency, Anthem participates in the US Federal Employees Health Benefits Program, which requires regular audits from the OIG, audits that Anthem allegedly thwarted. Other health insurers submit to Uncle Sam’s audits “without incident,” we’re told. […]
http://www.eweek.com/security/anthem-breach-evidence-points-to-china-security-researchers-say.html By Robert Lemos eWEEK.com 2015-02-28 A new open-source intelligence analysis of the breach of health insurer Anthem has reinforced theories that the data theft leads back to a Chinese espionage program, security firm ThreatConnect stated on Feb. 27. In the report, which is based on public sources or “open-source” intelligence, security researchers at ThreatConnect and other companies found technical evidence that linked the malware reportedly used in the Anthem attack to a Chinese espionage group and a professor at Southeast University, which works with a government contractor, Beijing Topsec Technology Co. A variety of evidence—including email addresses, domains registered for the command-and-control servers and the certificate used to sign the malware—led back to the trio of actors, Rich Barger, chief intelligence officer for ThreatConnect, told eWEEK. “All of this evidence, from the technical aspect, pointed back to China in numerous ways despite the actors’ best efforts to shroud their origins,” Barger said. “They made an effort to hide, but they messed up.” […]
http://nypost.com/2015/02/27/cyber-hacking-si-student-changed-grades-from-his-smartphone-cops/ By Frank Rosario, Erin Calabrese and Natalie O’Neill The New York Post February 27, 2015 He’s pretty brilliant for a kid with bad grades. A tech-savvy Staten Island high-school student who studied advanced computer programming at an NYU camp used his skills to hack into a secure computer system and improve his scores, sources told The Post Thursday. Eric Walstrom, 16, a junior at New Dorp HS, made it past a password barrier and software security system using a computer in the school and set up the network so he could access it from his smartphone, the sources said. Between Dec. 14 and Feb. 9, he pulled up his report cards and transcripts and “changed those grades,” according to a criminal complaint. “You’d think a kid smart enough to hack his school’s computers would already have good grades. Maybe the DOE should hire him to expose weaknesses in their security firewalls,” a law-enforcement source said. […]
http://www.computerworld.com/article/2889469/researchers-uncover-signs-of-superfish-style-attacks.html By Gregg Keizer Computerworld Feb 26, 2015 Researchers at the Electronic Frontier Foundation (EFF) yesterday said that they had found evidence that implies attackers have exploited a security vulnerability in the Superfish adware and a slew of other programs. Superfish, a company that markets a visual search product, made the news last week when Lenovo was found to have pre-loaded the program on its consumer-grade PCs during a four-month span late last year. Lenovo has acknowledged that Superfish poses a security threat to customers, and has released a tool to eradicate the software. Microsoft, McAfee
http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war By Kevin Poulsen Threat Level Wired.com 02.18.15 “What we really need is a Manhattan Project for cybersecurity.” It’s a sentiment that swells up every few years in the wake of some huge computer intrusion—most recently the Sony and Anthem hacks. The invocation of the legendary program that spawned the atomic bomb is telling. The Manhattan Project is America’s go-to shorthand for our deep conviction that if we gather the smartest scientists together and give them billions of dollars and a sense of urgency, we can achieve what otherwise would be impossible. A Google search on “cyber Manhattan Project” brings up results from as far back as 1997—it’s second only to “electronic Pearl Harbor” in computer-themed World War II allusions. In a much-circulated post on Medium last month, futurist Marc Goodman sets out what such a project would accomplish. “This Manhattan Project would help generate the associated tools we need to protect ourselves, including more robust, secure, and privacy-enhanced operating systems,” Goodman writes. “Through its research, it would also design and produce software and hardware that were self-healing and vastly more resistant to attack and resilient to failure than anything available today.” These arguments have so far not swayed a sitting American president. Sure, President Obama mentioned cybersecurity at the State of the Union, but his proposal not only doesn’t boost security research and development, it potentially criminalizes it. At the White House’s cybersecurity summit last week, Obama told Silicon Valley bigwigs that he understood the hacking problem well—“We all know what we need to do. We have to build stronger defenses and disrupt more attacks”—but his prescription this time was a tepid executive order aimed at improving information sharing between the government and industry. Those hoping for something more Rooseveltian must have been disappointed. On Monday, we finally learned the truth of it. America already has a computer security Manhattan Project. We’ve had it since at least 2001. Like the original, it has been highly classified, spawned huge technological advances in secret, and drawn some of the best minds in the country. We didn’t recognize it before because the project is not aimed at defense, as advocates hoped. Instead, like the original, America’s cyber Manhattan Project is purely offensive. […]
http://www.nextgov.com/cybersecurity/2015/02/justice-dhs-quarantine-smartphones-returning-abroad/105576/ By Aliya Sternstein Nextgov.com February 18, 2015 Officials at the departments of Justice and Homeland Security typically expect employees’ smartphones will be bugged when they travel overseas. So, they are experimenting with various ways to neutralize foreign spy gear. For years, the FBI has warned government and corporate executives not to use hotel Wi-Fi connections, because of reports that foreign travelers were unknowingly downloading spyware. When DHS personnel travel, “we understand you go there, you go to Ukraine, you come back, there’s a good chance that the BlackBerry or any other device, Androids, iOS, whatever, is probably owned. We get that,” said Vincent Sritapan, a cybersecurity division program manager at the DHS Science and Technology Directorate. To contain the damage, Homeland Security limits what employees can see on their mobile device overseas, and “when it comes back, it’s usually quarantined,” he added. These are not precautions. There’s a good chance malicious software really is on the phone or tablet. […]
Buy a copy of my book!
This management book focuses on the crucial knowledge you'll need to become a great manager and leader. It will teach you the important management and leadership skills so others will call you "great"!