Cybersecurity News

A story in the Washington Post this morning reports that “The most significant breach of US military computers was caused by a flash drive inserted into a US military laptop on a post in the Middle East in 2008.”

According to the article, William J. Lynn III, US Deputy Secretary of Defense, will publish an article later today to announce that malicious code was uploaded onto US Central Command networks back in 2008, potentially leaving vulnerabilities in the Defense networks’ security.

Of the incident, Lynn went on to mention, “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary…. [The] Pentagon has begun to recognize its vulnerability and is making a case for how you’ve got to deal with it.”

Also covering the incident, the New York Times, said “Mr. Lynn described the extraordinary difficulty of protecting military digital communications over a web of 15,000 networks and 7 million computing devices in dozens of countries against far-flung adversaries who, with modest means and a reasonable degree of ingenuity, can inflict outsized damage. Traditional notions of deterrence do not apply.”

Meanwhile, “traditional notions of deterrence” might involve resetting your network passwords to align with a new security criteria.  According to a recent study conducted by the Georgia Institute of Technology published in the Huffington Post: 7,134 is the amount of years “it would take a hacker to decode your computer password if you adopted one with at least 12 characters.”

As a majority of computing passwords are comprised of roughly six characters, Georgia Tech research scientist Joshua Davis pointed out to the Huffington Post, “A computer keyboard contains 95 characters, and every time you add another character, your protection goes up exponentially, by 95 times.”

In other news, the on-again, off-again social media relationship between North Korea and Twitter appears to be off… again.

According to information obtained exclusively by Forbes from a North Korean government official, “The Democratic People’s Republic of Korea is not using Twitter, Facebook and YouTube, as reported by thousands of publications worldwide. The accounts are run by government supporters, not government officials, living in Japan and China, not North Korea.”

So while several of us in the cyber world, including Cybersecurity News, retract our words and our reports that the secret nation has joined the social cyber society, USA Today reports on another flighty story for those interested in network security.

[Despite the bad pun…] In an article published yesterday, USA Today said a jetliner crash that occurred two years ago in Madrid was believed to be the result of an infected USB thumb drive, which installed a malicious program onto the airline’s network monitoring system.

Pointing out the dangers of using potentially tainted USB sticks, the article goes on to note that Rick Wanner, a threat analyst for the SANS Institute Internet Storm Center, said “the revelation shows how disruptive malicious programs can be to the controls of any complex digital network at any big organization.”

Additional cybersecurity news follows:

Cybersecurity a team sport, says Navy CIO Robert Carey (ExecutiveGov)

The new generation of security threats (American Thinker)

Murder by malware: Can computer viruses kill? (ComputerWorld)

End-to-end approach to cybersecurity: An idea whose time has come (ExecutiveBiz)

How to improve cyberdefenses at the DoD (AFCEA International)

Why cybersecurity experts can never rest: Hackers adapt as defenses change (Federal Computer Week)

Open source tools at heart of DARPA’s virtual satellite network (NetworkWorld)

Details emerge on new DLL load hijacking Windows attack vector (ZDNet)

Avoid your business being collateral damage in a cyber war (ComputerWorld)

Hackers attack colleges website (UK Press Association)

The pros and cons of government cybersecurity work (Government Computer News)

Cloud computing benefits IT pros… and hackers (eWeek)