Archive
UPDATE: Deputy Secretary of Defense Publishes Paper to Confirm 2008 Cyber Breach
As Cybersecurity News reported earlier this afternoon, William J. Lynn III, US Deputy Secretary of Defense, made plans to publish a paper to confirm the 2008 cyber breach on the US defense networks.
Calling the incident “a significant compromise of its classified military computer networks,” following is Lynn’s paper obtained by Cybersecurity News from the Council on Foreign Relation’s Foreign Affairs magazine:
Defending a New Domain: The Pentagon’s Cyberstrategy
By William J. Lynn III
September/October 2010
In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary…
Read more…
Defending the Cyber World: News from the Pentagon and Beyond
A story in the Washington Post this morning reports that “The most significant breach of US military computers was caused by a flash drive inserted into a US military laptop on a post in the Middle East in 2008.”
According to the article, William J. Lynn III, US Deputy Secretary of Defense, will publish an article later today to announce that malicious code was uploaded onto US Central Command networks back in 2008, potentially leaving vulnerabilities in the Defense networks’ security.
Of the incident, Lynn went on to mention, “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary…. [The] Pentagon has begun to recognize its vulnerability and is making a case for how you’ve got to deal with it.”
Read more…
Twitter and the Tale of the Two Koreas
It’s been nearly a week since North Korea purportedly launched its Twitter account “@uriminzok,” which, despite being viewed as another tool for propaganda, literally means “our people” in the native tongue.
On Monday afternoon the uriminzok page had 2,445 Twitter followers… a number that has nearly quadrupled since then, as the account has now racked in just under 9,000 followers.
Who won’t be included on that list? South Korean citizens.
According to an article in BusinessWeek, “South Korea has decided to ask domestic Internet service providers to block South Korean citizens’ access to a North Korean Twitter Inc. account because it breaches the South’s national security laws.” Read more…
Cyber Tensions on the Rise in Asia
As Korea commemorated Liberation Day yesterday, marking the anniversary of freedom from Japan, The Korea Times reported that online tensions were high between the two nations.
Calling it a “sensitive day” for the two countries, The Times noted that both Japan and Korea remained on “high alert” in the cyber realm, as thoughts of retaliation were in plain sight.
According to the article, “Last March, the Korean netizens mounted an attack on Japan’s largest Internet site, 2ch (www.2ch.net). In return, Japanese Internet warriors assaulted the Web site of the South Korea’s Presidential Office.”
But, one day later, as no reports have surfaced regarding a suspected attack, all seems calm on the cyber front…
…That is, “calm” enough for North Korea to launch a Twitter page, creating a stir in the tech world today.
As Time Magazine put it in headline form: “Welcome to Twitter, North Korea.”
Read more…
Sen. Lieberman and More Overkill for the ‘Kill Switch’
It’s been a fairly quiet week for Washington, as Monday kicked off the start to a five-week congressional recess.
But not wasting any time on the cybersecurity front, Hartford Business Journal reports that Senator Joe Lieberman (I-CT) on Monday addressed an audience of New England business leaders to warn of potential cyberterrorism and cyber crime.
“This is one of the things that keeps me up at night,” Lieberman said.
According to the Journal, the senator went on to add that, while about $1 trillion is lost each year to cyber crime, both Congress and Lieberman’s committee, the Senate Committee on Homeland Security and Governmental Affairs, are “working on requirements for software developers, giving the president emergency powers over the Internet in the case of an attack, and taking greater control over the federal government’s cybersecurity advisors.”
Meanwhile, Time Magazine this morning published an article on the cyber catchphrase that Sen. Lieberman and his cohorts have been working hard to silence. That is, the Internet “kill switch.”
Read more…
The Vulnerabilities of the Power Grid and the Private Sector
The Wall Street Journal this morning outlined a recent report released by the Department of Energy to warn that the US power grid is vulnerable to cyber attacks.
Conducted by the DOE’s Idaho National Lab, the report “reinforces concerns that intelligence officials have raised in recent years about growing surveillance of the electric grid by Chinese and Russian cyber-spies,” WSJ noted.
But the announcement comes as old news to most in the cyber world, including former US-CERT director Mischel Kwon, who acknowledged, “We have so many known vulnerabilities that have not been patched.” Kwon, now a vice president for RSA, went on to include, “The report offers common sense and best-practice recommendations that have been available for years.”
In other old news making headlines today: “There still is a long way to go before Congress sends Barack Obama legislation he can sign.” That’s according to an article in The Economist which takes a closer look at current cybersecurity issues, legislation and delays on Capitol Hill.
Read more…
Preventing a Cyber Attack: The $100 Million Question
What can two years and $100 million buy you these days? The ability to win a cyber war.
…Or so says cyber expert Charlie Miller, who, according to the AFP, announced his security findings on Saturday at the Defcon hackers’ convention in Las Vegas.
Speaking on the topic of potential cyber attack scenarios, Miller, a former NSA researcher, said that with 100 million dollars and two years’ time, it would be “easy” to craft a cyber invasion to bring down US infrastructure and the nation’s defenses.
“I already knew it was easy, but now I know in detail how easy it would be,” said Miller. “We are certainly very vulnerable.”
Read more…
Black Hat, White Collar: Former NSA, CIA Director Makes His Cyber Mark
The cyber world is buzzing this week with the latest news and comments made at the annual Black Hat USA conference in Las Vegas. And as the media continue to report on the event, it seems that one man in particular has already stolen the security show.
Retired US Air Force General Michal Hayden, former director of the National Security Agency and the Central Intelligence Agency, at the conference on Thursday, spoke of cyber attacks and cyber warfare, as well as the government’s current plans in regards to both.
According to Wired, Hayden, now a principal at security firm the Chertoff Group, in a keynote discussion said that “Ideas have been raised about forming the cyber equivalent of demilitarized zones for sensitive networks, such as the power grid and financial networks, that would be off-limits to attack from nation states,” all the while acknowledging that the idea “contradicts the view in kinetic warfare where attacks on power grids and other infrastructures are considered legitimate targets.”
Read more…
WikiLeaks and Black Hat: A Busy Week for the Cyber World
This week has proved to be busy for the cyber world and those with a close eye on security.
Kicking off the week with the Wikileaks case that exposed more than 90K secret US military documents, the Washington bureau of the Agence France Presse reported that “WikiLeaks highlights the security challenges of the digital age, when gigabytes of sensitive data can be exposed with a single click.”
And while the source for the documents has not yet been identified, James Lewis, cybersecurity expert for the Center for Strategic and International Studies, told the AFP, “You’ve got to rethink how you secure information.”
But it appears another group may already be rethinking security this week, as Black Hat USA 2010, a conference on all things information security, kicked off yesterday in Las Vegas, NV.
Read more…
UN, UK & Dept of VA Aiming for Cyber Control
In an op-ed in the Wall Street Journal this morning, FCC commissioner Robert McDowell warned that the United Nations may soon have jurisdiction over parts of the Internet.
According to McDowell, “At two meetings of the UN’s World Summit on the Information Society in 2003 and 2005, the US found itself in the lonely position of fending off efforts by other governments to exert UN or other multilateral control over the Internet.”
Noting that several UN member states have backed the idea of controlling Internet governance, Web domain registries and cybersecurity, McDowell went on to advise: “We should continue to rely on the ‘bottom up’ nongovernmental Internet governance bodies that have a perfect record of keeping the Web working. Changing course now could trigger an avalanche of irreversible international regulation.”
Independently aiming to step up its cyber control, eWeek Europe is reporting that the UK this week launched a Cyber Security Challenge program to address its current IT security skill shortage.
Read more…
Cybersecurity News 