tagged w/ cyber security
-
The United States is reportedly under attack by the Chinese government. America's business secrets, critical infrastructure and wealth are the targets.
But many businesses are taking a lackadaisical approach to cybersecurity. Multiple industry studies have shown that the vast majority of companies don't begin following cybersecurity best practices until after they've been hit.
The latest and most telling example came Tuesday. According to a new report from information security company Mandiant, the Chinese military is linked to one of the most prolific hacking groups in the world.
That group, known as the "Comment Crew," has attacked Coca-Cola (KO, Fortune 500), EMC (EMC, Fortune 500) security division RSA, military contractor Lockheed Martin (LMT, Fortune 500), and hundreds of others. It reportedly holds the blueprints to America's energy systems, and has funneled trade secrets out of some of the country's largest corporations.
The implications of China's presence in Corporate America's networks are vast, from matters of economic competitiveness to international diplomacy.
China has strong ties with its businesses, and any information gathered from U.S. corporations could wind up in the hands of a Chinese rival. Imagine Apple's rumored iWatch being produced first by a competitor that stole Apple's plans. Not only would Apple (AAPL, Fortune 500) lose an edge in the market, but the theft could impact the vast ecosystem of third-party software developers and accessory makers.
"It is fundamentally important that the American private sector wake up to the fact that dozens of countries -- including China -- are robbing us blind." said Tom Kellermann, head of cybersecurity at Trend Micro (TMICY) and former commissioner of President Obama's cybersecurity council.
Kellerman estimates that the cost of trade secrets being stolen online is in the hundreds of billions of dollars annually.
"This is not some 15-year old trying to hack your database to see if he can," said Andy Servwin, adviser to the Naval Post Graduate School's Center for Asymmetric Warfare. "This is a large-scale organized effort to steal your company's most valuable information."
The Chinese government has long been believed to be behind a widespread cyberespionage scheme, but Mandiant's report is the first to clearly explain the link.
"It is time to acknowledge the threat is originating from China," said Dan McWhorter, Mandiant's managing director of threat Intelligence. "Without establishing a solid connection to China, there will always be room for observers to dismiss advanced persistent threat actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns."
Cyber Cold War has clearly begun. Fears about a crippling attack by China on the nation's power grid or other critical infrastructure are also a legitimate worry. That's because 85% of such infrastructure -- including electric and water utilities -- is controlled by private industry.
"Knowing China could turn off our lights has vast diplomatic implications," said Dave Aitel, CEO of security consultancy Immunity.The United States is reportedly under attack by the Chinese government. America's... more
-
-
Congress is continuing their plea for a comprehensive cybersecurity bill, and their latest attempt to govern the Web is attracting attention of not just the Internet savvy: a new amendment tacked on to a cybersecurity act includes a provision that deals with gun control.
http://youtu.be/q2qO_l9iqNYCongress is continuing their plea for a comprehensive cybersecurity bill, and their... more
-
-
Even after the Stuxnet computer worm became public, President Obama accelerated cyberattacks against Iran that had begun in the Bush administration, temporarily disabling 1,000 centrifuges.
Excerpt:
“From his first days in office, he was deep into every step in slowing the Iranian program — the diplomacy, the sanctions, every major decision,” a senior administration official said. “And it’s safe to say that whatever other activity might have been under way was no exception to that rule.”
But the good luck did not last. In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.
An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”
Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”
http://graphics8.nytimes.com/images/2012/06/01/world/jp-cyber1/jp-cyber1-articleInline.jpgEven after the Stuxnet computer worm became public, President Obama accelerated... more
-
-
-
-
While it is reported that intercepting unencrypted drone communication data streams had first been known to US military since the mid-1990's, this exploitation continued on into 2009 where militant laptops were found with drone data and unencrypted video feeds from Predator drones...
https://www.infosecisland.com/blogview/18778-How-the-RQ-170-Was-Hijacked.htmlWhile it is reported that intercepting unencrypted drone communication data streams... more
-
-
-
If we we consider the Occupy movements across the globe, demonstrating and protesting against income inequality and inequitable policies around commerce and taxation, the persistent cart vulnerability could become a seemingly benign form of occupation that could develop into a serious threat...
https://www.infosecisland.com/blogview/18630-OWWWS-The-Other-Form-of-Occupy.htmlIf we we consider the Occupy movements across the globe, demonstrating and protesting... more
-
-
-
-
-
-
-
-
-
Have we now arrived at the point in obtaining medical care that in addition to looking into the medical practitioner's experience and confirming they are compliant with HIPAA, that we now must review their data handling policies before choosing a health care provider?
https://www.infosecisland.com/blogview/18525-Are-Your-Health-Records-at-Risk.htmlHave we now arrived at the point in obtaining medical care that in addition to looking... more
-
-
-
-
-
