Tag Archives: program

[ISN] US watchdog: Anthem snubbed our security audits before and after enormous hack attack

http://www.theregister.co.uk/2015/03/05/us_watchdog_anthem_audits/ By Shaun Nichols The Register 5 Mar 2015 A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s systems, and was again turned away. “We do not know why Anthem refuses to cooperate,” government officials told The Register today. The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) told us it wanted to audit Anthem’s information security protections back in 2013, but was snubbed by the insurer. According to the agency, Anthem participates in the US Federal Employees Health Benefits Program, which requires regular audits from the OIG, audits that Anthem allegedly thwarted. Other health insurers submit to Uncle Sam’s audits “without incident,” we’re told. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Anthem Breach Evidence Points to China, Security Researchers Say

http://www.eweek.com/security/anthem-breach-evidence-points-to-china-security-researchers-say.html By Robert Lemos eWEEK.com 2015-02-28 A new open-source intelligence analysis of the breach of health insurer Anthem has reinforced theories that the data theft leads back to a Chinese espionage program, security firm ThreatConnect stated on Feb. 27. In the report, which is based on public sources or “open-source” intelligence, security researchers at ThreatConnect and other companies found technical evidence that linked the malware reportedly used in the Anthem attack to a Chinese espionage group and a professor at Southeast University, which works with a government contractor, Beijing Topsec Technology Co. A variety of evidence—including email addresses, domains registered for the command-and-control servers and the certificate used to sign the malware—led back to the trio of actors, Rich Barger, chief intelligence officer for ThreatConnect, told eWEEK. “All of this evidence, from the technical aspect, pointed back to China in numerous ways despite the actors’ best efforts to shroud their origins,” Barger said. “They made an effort to hide, but they messed up.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber-hacking SI student changed grades from his smartphone: cops

http://nypost.com/2015/02/27/cyber-hacking-si-student-changed-grades-from-his-smartphone-cops/ By Frank Rosario, Erin Calabrese and Natalie O’Neill The New York Post February 27, 2015 He’s pretty brilliant for a kid with bad grades. A tech-savvy Staten Island high-school student who studied advanced computer programming at an NYU camp used his skills to hack into a secure computer system and improve his scores, sources told The Post Thursday. Eric Walstrom, 16, a junior at New Dorp HS, made it past a password barrier and software security system using a computer in the school and set up the network so he could access it from his smartphone, the sources said. Between Dec. 14 and Feb. 9, he pulled up his report cards and transcripts and “changed those grades,” according to a criminal complaint. “You’d think a kid smart enough to hack his school’s computers would already have good grades. Maybe the DOE should hire him to expose weaknesses in their security firewalls,” a law-enforcement source said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Researchers uncover signs of Superfish-style attacks

http://www.computerworld.com/article/2889469/researchers-uncover-signs-of-superfish-style-attacks.html By Gregg Keizer Computerworld Feb 26, 2015 Researchers at the Electronic Frontier Foundation (EFF) yesterday said that they had found evidence that implies attackers have exploited a security vulnerability in the Superfish adware and a slew of other programs. Superfish, a company that markets a visual search product, made the news last week when Lenovo was found to have pre-loaded the program on its consumer-grade PCs during a four-month span late last year. Lenovo has acknowledged that Superfish poses a security threat to customers, and has released a tool to eradicate the software. Microsoft, McAfee


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks

http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war By Kevin Poulsen Threat Level Wired.com 02.18.15 “What we really need is a Manhattan Project for cybersecurity.” It’s a sentiment that swells up every few years in the wake of some huge computer intrusion—most recently the Sony and Anthem hacks. The invocation of the legendary program that spawned the atomic bomb is telling. The Manhattan Project is America’s go-to shorthand for our deep conviction that if we gather the smartest scientists together and give them billions of dollars and a sense of urgency, we can achieve what otherwise would be impossible. A Google search on “cyber Manhattan Project” brings up results from as far back as 1997—it’s second only to “electronic Pearl Harbor” in computer-themed World War II allusions. In a much-circulated post on Medium last month, futurist Marc Goodman sets out what such a project would accomplish. “This Manhattan Project would help generate the associated tools we need to protect ourselves, including more robust, secure, and privacy-enhanced operating systems,” Goodman writes. “Through its research, it would also design and produce software and hardware that were self-healing and vastly more resistant to attack and resilient to failure than anything available today.” These arguments have so far not swayed a sitting American president. Sure, President Obama mentioned cybersecurity at the State of the Union, but his proposal not only doesn’t boost security research and development, it potentially criminalizes it. At the White House’s cybersecurity summit last week, Obama told Silicon Valley bigwigs that he understood the hacking problem well—“We all know what we need to do. We have to build stronger defenses and disrupt more attacks”—but his prescription this time was a tepid executive order aimed at improving information sharing between the government and industry. Those hoping for something more Rooseveltian must have been disappointed. On Monday, we finally learned the truth of it. America already has a computer security Manhattan Project. We’ve had it since at least 2001. Like the original, it has been highly classified, spawned huge technological advances in secret, and drawn some of the best minds in the country. We didn’t recognize it before because the project is not aimed at defense, as advocates hoped. Instead, like the original, America’s cyber Manhattan Project is purely offensive. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Justice, DHS Quarantine Smartphones Returning from Abroad

http://www.nextgov.com/cybersecurity/2015/02/justice-dhs-quarantine-smartphones-returning-abroad/105576/ By Aliya Sternstein Nextgov.com February 18, 2015 Officials at the departments of Justice and Homeland Security typically expect employees’ smartphones will be bugged when they travel overseas. So, they are experimenting with various ways to neutralize foreign spy gear. For years, the FBI has warned government and corporate executives not to use hotel Wi-Fi connections, because of reports that foreign travelers were unknowingly downloading spyware. When DHS personnel travel, “we understand you go there, you go to Ukraine, you come back, there’s a good chance that the BlackBerry or any other device, Androids, iOS, whatever, is probably owned. We get that,” said Vincent Sritapan, a cybersecurity division program manager at the DHS Science and Technology Directorate. To contain the damage, Homeland Security limits what employees can see on their mobile device overseas, and “when it comes back, it’s usually quarantined,” he added. These are not precautions. There’s a good chance malicious software really is on the phone or tablet. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] THOTCON Speakers Announced, Tickets bound to sell out fast!

[If you haven’t looked lately, THOTCON has announced their speaker list, I highly recommend if you have been sitting on the fence, you should check this out soon. Likewise, now is the time to buy tickets! You don’t want to be trying to wheel and deal in the days leading up to THOTCON on Twitter and Facebook making sure you can get your whole team in. – Seriously, Buy your tickets NOW! – WK] *************************************************************************** ***BEGIN THOTCON TRANSMISSION********************************************** ___ ___ ___ ___ ___ ___ ___ / /__ / / / / /__ : /:/__/_ /:: : /:: /:: /:| _|_ /::__ /::/__ /:/:__ /::__ /:/:__ /:/:__ /::|/__ /://__/ /::/ / :/:/ / /://__/ : /__/ :/:/ / /|::/ / /__/ /:/ / ::/ / /__/ :__ ::/ / |:/ / /__/ /__/ /__/ /__/ /__/ *** SPEAKERS ************************************************************** http://thotcon.org/speakers.html Too many high quality speakers to list! http://thotcon.org/registration.html *** REGISTRATION ********************************************************** THOTCON Registration (AKA Ticket Sales) – click below to purchase!!! NOTE: We have confirmed with (ISC)2 that attending THOTCON counts towards CAP, SSCP or CISSP CPE credits. *** PRICES **************************************************************** There are three ticket price levels for THOTCON 0x6. 0] Student GA Ticket -> $56.00 [SOLD OUT!] 1] Early GA Ticket -> $106.00 [SOLD OUT!] 2] General Admittance Ticket -> $156.00 [390 Remain] 3] VIP Tickets -> $286.00 [49 Remain] Student & Early GA (EGA) and General Admittance (GA) Tickets Include: – THOTCON Badge – Program – T-SHIRT – THOTCON Stuffs – Attendance to ALL Sessions – FREE Soft Drinks All-Day – Food and Adult Drinks – Pay as You Go – 3-hour Saturday Night After Party (If >= 21) Very Important Peep (VIP) Tickets Include: – THOTCON VIP Badge – Program – T-SHIRT – THOTCON Stuffs++ – Attendance to ALL Sessions – VIP/Speaker Lounge Access – Breakfast & Lunch Buffet, Snacks and FREE Adult Drinks All-Day – 3-hour Saturday Night After Party (If >= 21) ***END THOTCON TRANSMISSION************************************************ ***************************************************************************


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Is this the future of cyberwarfare?

http://america.aljazeera.com/watch/shows/america-tonight/articles/2015/2/5/blackenergy-malware-cyberwarfare.html By Aaron Ernst Al Jazeera America February 5, 2015 Five years ago, the most sophisticated cyber weapon the world had ever seen ravaged Iran’s nuclear program. Allegedly developed by the U.S. and Israel, the complex virus infected the computer system that ran the centrifuges. Slight tweaks to the software caused hundreds of the centrifuges to self-destruct, setting the program back years. The malware was dubbed Stuxnet. Traditionally, foreign governments have used malware to spy and steal. But this was something entirely different. “Stuxnet, it is a weapon, it’s not ‘like’ a weapon,” says German computer security expert Ralph Langner, who was the first to identify how the virus worked. “It is a weapon because it was designed to cause physical damage.” Now, Langner worries that Stuxnet could come back to haunt the U.S. Those same vulnerabilities in Iran’s nuclear control systems that the malware exploited can be found in similar systems throughout America. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail