” Five years ago, Utah government computer systems faced 25,000 to 30,000 attempted cyberattacks every day.
At the time, Utah Public Safety Commissioner Keith Squires thought that was massive. “But this last year we have had spikes of over 300 million attacks against the state databases” each day: a 10,000-fold increase.
Why? Squires says it is probably because Utah is home to the new, secretive National Security Agency computer center, and hackers believe they can somehow get to it through state computer systems.
” I really do believe it was all the attention drawn to the NSA facility. In the cyberworld, that’s a big deal,” Squires told a legislative budget committee Tuesday. “I watched as those increases jumped so much over the last few years. And talking to counterparts in other states, they weren’t seeing that amount of increase like we were.” “
” It was the spring of 2011 when the European Commission discovered it had been hacked. The intrusion into the EU’s legislative body was sophisticated and widespread and used a zero-day exploit to get in. Once the attackers established a stronghold on the network, they were in for the long haul. They scouted the network architecture for additional victims and covered their tracks well. Eventually, they infected numerous systems belonging to the European Commission and the European Council before being discovered.
Two years later another big target was hacked. This time it was Belgacom, the partly state-owned Belgian telecom. In this case, too, the attack was sophisticated and complex. According to published news reports and documents leaked by Edward Snowden, the attackers targeted system administrators working for Belgacom and used their credentials to gain access to routers controlling the telecom’s cellular network. Belgacom publicly acknowledged the hack, but has never provided details about the breach.
” Now it appears that security researchers have found the massive digital spy tool used in all three attacks. Dubbed “Regin” by Microsoft, more than a hundred victims have been found to date, but there are likely many others still unknown. That’s because the espionage tool—a malicious platform capable of taking over entire networks and infrastructures—has been around since at least 2008, possibly even earlier, and is built to remain stealth on a system for years.
The threat has been known since at least 2011, around the time the EU was hacked and some of the attack files made their way to Microsoft, who added detection for the component to its security software. Researchers with Kaspersky Lab only began tracking the threat in 2012, collecting bits and pieces of the massive threat. Symantec began investigating it in 2013 after some of its customers were infected. Putting together information from each, it’s clear the platform is highly complex and modulated and can be customized with a wide range of capabilities depending on the target and the attackers’ needs. Researchers have found 50 payloads so far for stealing files and other data, but have evidence that still more exist.
“ It’s a threat that everyone has detected for some time, but no one has exposed [until now],” says Eric Chien, technical director of Symantec’s Security Technology and Response division.
The researchers have no doubt that Regin is a nation-state tool and are calling it the most sophisticated espionage machine uncovered to date—more complex even than the massive Flame platform, uncovered by Kaspersky and Symantec in 2012 and crafted by the same team who created Stuxnet. “
” Two Twitter accounts belonging to American racial segregation org Ku Klux Klan, @KuKluxKlanUSA and @YourKKKCentral, have been seized by Anonymous as part of the hacker-activist entity’s new campaign, #OpKKK.
At 6:31pm PST Anonymous said it has knocked the website belonging to “Traditionalist American Knights of the Ku Klux Klan” — the group responsible for the Ferguson threats — offline.
ZDNet has also received an unconfirmed statement that Anonymous has compromised KKK member email accounts, and a phone harassment campaign is being conducted on KKK members. The message is in full at the end of this article. “
” Russian computer hackers placed a “digital bomb” capable of sabotaging data and derailing the US economy into Nasdaq’s computer systems, it has emerged.
The cybercriminals slipped the “cybergrenade” into Nasdaq’s computer network in 2010 using malware capable of spying and stealing data, according to Bloomberg Businessweek.
The bomb was never set off, but had the capability of derailing stock market computers. An FBI system monitoring of US internet traffic picked up the alert and found that the hackers had used “zero day” vulnerabilities.
Zero days are previously unknown flaws in computer code that allow hackers to easily take remote control of a computer.
A similar type of malware has been designed and built by Russia’s main spy agency, the Federal Security Service of the Russian Federation. However, Russian officials denied any government connection to the security breach.
Investigators also discovered evidence that the Russian malware was being used by a sophisticated Chinese cyberspy known to be operating a thriving criminal business.”
” A key Iranian cyber war operative may have been killed in an “internal dispute,” cabinet minister and former Shin Bet intelligence chief Yaakov Peri said Thursday.
Peri, the minister of science, was speaking on Israel Radio as Iran denied reports that Cyber War Headquarters commander Mojtaba Ahmadi, who was recently found dead northwest of Tehran, had been assassinated. Iran’s Revolutionary Guards said he had died in a “horrific incident,” but ruled out assassination. “The main reason of the event and the motive of the attacker has not been specified,” added a Revolutionary Guards statement quoted by Reuters.
On Wednesday, Britain’s Telegraph newspaper reported that Ahmadi had gone missing on Saturday, and that his body was discovered in a wooded area near the town of Karaj.
He had been shot twice through the heart at close range by two people on a motorbike, the UK report said, quoting Alborz, a website linked to the Revolutionary Guards. “I could see two bullet wounds on his body and the extent of his injuries indicated that he had been assassinated from a close range with a pistol,” an eyewitness was quoted as telling the Iranian website.”
” Cyber security and warfare are on par with a credible nuclear deterrent in the defense priorities of the United States, the U.S. Navy’s top admiral said on Monday, after the Pentagon accused China of trying to hack into its computer networks.
Admiral Jonathan Greenert, the chief of naval operations, told Reuters the defense department’s cyber program had continued unabated despite the political gridlock about the U.S. budget deficit and enforced spending cuts in other areas.
“The level of investment that we put into cyber in the department is as protected or as focused as it would be in strategic nuclear,” Greenert said in an interview in Singapore just before the start of the three-day Reuters Cybersecurity Summit in Washington (link.reuters.com/dam97t).”
” The computer network on the U.S. Navy’s Littoral Combat Ship is vulnerable to hacking, according to findings by Navy cybersecurity specialists.
A “red team” assigned to test weaknesses in computer systems found major deficiencies last year on Lockheed Martin Corp.’s USS Freedom, said a government official familiar with the findings who asked not to be identified because the Navy report hasn’t been made public. The Freedom, the first of the new ships to be deployed, sailed to Singapore last month for eight months of testing of its manning and logistics operations.
The estimated price to build each vessel has doubled to $440 million, and its ability to survive to fight after an attack has been questioned.
The Littoral Combat Ship depends for its combat capability on communicating with better-armed vessels through its “Total Ship Computing Environment,” a maritime battle network linked by computers and sensors. The Navy and the Pentagon’s weapons testing office declined to say whether the vulnerabilities would affect operations of the ship or coordination with other vessels.
The program may face added scrutiny this year, starting tomorrow with a hearing on Navy ship programs convened by the House Armed Services Committee’s seapower panel. The U.S. Government Accountability Office also is working on a review that may be published in June.
The LCS depends on mission modules that are supposed to be swapped out depending on the duty at hand. The GAO said last month that the Navy plans to purchase 30 of a planned 52 vessels by 2018, before the first fully combat-capable modules for surface warfare, counter-mine operations and anti-submarine patrols are ready.
The modules the Navy has accepted so far “do not yet meet requirements,” GAO said.”
” The prospect of a North Korean missile test is causing concern in Japan, which is easily within range. In Tokyo, Yoshihide Suga, a government spokesman, said that Japan was preparing for a “worst-case” scenario, and urged China and Russia to play “significant roles” in defusing tensions. Experts and officials have dismissed Pyongyang’s threats to launch nuclear strikes against the US, given the rudimentary state of its weapons capability. But it could cause widespread disruption with a cyberattack, according to a defector who worked for the regime’s 3,000-member cyberwarfare unit.
The regime’s next move could be to break into US computer networks to steal information and spread viruses, Jang Se-yul, who defected to the South in 2008, told the Observer. North Korea’s hackers are suspected of being behind recent cyberattacks that paralysed computer networks at several South Korean banks and broadcasters.
“It would demonstrate that North Korea is a strong cyberpower,” Jang said. “Their prime target is the US, and they’ve been preparing for something like this for years, including when I was there in the 1990s. I can’t say how successful they would be, but it’s a possibility.” “
” North Korea’s official Twitter and Flickr accounts have been hacked and two of its main websites defaced, in hacker group Anonymous’s latest efforts to disrupt the communist county’s online presence.
Last week, hackers that purported to be part of the ‘hacktivist’ collective claimed to have swiped 15,000 passwords from North Korea’s Uriminzokkiri.com news and information site in response to the North Korean regime and its nuclear weapons program. While that feat remains unclear since the hackers posted details of just six of the accounts that they claimed to have gotten, there is no doubt about the latest efforts.
Here’s a screenshot of the hacked tweets from @uriminzok, which has around 15,000 followers. The first of which was sent at 22:45 PDT on Wednesday.”
” A Pastebin note from hackers claims that the group has members inside of North Korea who are helping with the efforts against authorities in the country:
We have a few guys on the ground who managed to bring the real internet into the country using a chain of long distance WiFi repeaters with proprietary frequencies, so they’re not jammed (yet). We also have access to some N.K. phone landlines which are connected to Kwangmyong through dial-ups. Last missing peace of puzzle was to interconnect the two networks, which those guys finally managed to do.”
” Computer-savvy teens are putting down their game controllers — at least temporarily — for code writing and virus-sweeping. Call it “Red Dawn: Part Deux: Teen Cyber-Commandos.”
At events like the CyberLympics, CyberPatriot contest or just-announced “Toaster Wars,” sponsored by the National Security Agency, high school geek squads are competing to see who does the best job at preventing unauthorized computer intrusions.
This growing interest in cyberdefense comes at a time when the Pentagon officials are warning against damaging computer attacks from China and other nations, while stoking concerns that the United States education system hasn’t trained enough cyber-warriors to protect either military or civilian computer systems.
While the students are taught advanced computer skills, they also receive training in computer ethics, according to Scott Kennedy, assistant vice president and principal systems engineering manager at SAIC, a defense contractor and cybersecurity provider based in Northern Virginia. In fact, some students have been kicked out for getting into other team’s computers, or issuing denial of service attacks.”
The Washington Post recently revealed that Obama signed the directive — called Presidential Directive 20 — to give “a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace[.]”
The directive states that, before turning to military cyber units, the government will first turn to law enforcement or “traditional network defense techniques before asking military cyberwarfare units for help or pursuing other alternatives,” senior government officials who saw the classified document told the Washington Post.
“For the first time, the directive explicitly makes a distinction between network defense and cyber operations to guide officials charged with making often rapid decisions when confronted with threats,” reported The Washington Post Wednesday.”
YouViewed/Editorial 