Month: November 2009

He also made known that the most sophisticated adversaries are capable of altering software and hardware destined for the US during their passage through the global supply chain route, can remotely intrude on US networks, monitor communication and position insiders within those networks, and that all this may “provide them with pre-positioned capabilities to conduct computer network attacks.”

The Cyber Division’ latest success was the Operation Phish Phry.

At the consumer level, the FBI organized the Internet Crime Complaint Center (IC3), whose website is the leading national cyber crime incident reporting portal.

http://www.net-security.org/secworld.php?id=8537

Felahy, his wife Marwah Felahy, and her brother Mustafa Abdul Aljaff operated several microchip brokerage companies that imported chips from Shenzhen, in China’s Guangdong province. They would buy counterfeit chips from China or else take legitimate chips, sand off the brand markings and melt the plastic casings with acid to make them appear to be of higher quality or a different brand, the U.S. Department of Justice said in a press release. He is expected to be sentenced next year in U.S. District Court for the District of Columbia.

Two years ago, the Defense Advanced Research Projects Agency funded a program called Trust in Integrated Circuits, to investigate the problem. The next year, the U.S. Federal Bureau of Investigation (FBI) broke up a distribution network for counterfeit Cisco Systems routers, seizing $3.5 million worth of components.

http://www.computerworld.com/s/article/9141438/Man_pleads_guilty_to_selling_fake_chips_to_US_Navy?source=CTWNLE_nlt_dailyam_2009-11-25

“We don’t believe we’ve seen cases of cyber-warfare,” said Dmitri Alperovitch, vice president of threat research at McAfee.

There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the US critical infrastructure is vulnerable.

However, experts are putting dots together and seeing patterns that indicate that there is increasing intelligence gathering and building of sophisticated cyber-attack capabilities, according to the report titled “Virtually Here: The Age of Cyber Warfare.” “While we have not yet seen a ‘hot’ cyber-war between major powers, the efforts of nation-states to build increasingly sophisticated cyber-attack capabilities and in some cases demonstrate a willingness to use them, suggest that a ‘Cyber Cold War’ may have already begun,” the report says.

Because pinpointing the source of cyber-attacks is usually difficult if not impossible, the motivations can only be speculated upon, making the whole cyber-war debate an intellectual exercise at this point. For instance, Alperovitch speculates that the July 4 attacks denial-of-service on Web sites in the US and South Korea could have been a test by an foreign entity to see if flooding South Korean networks and the transcontinental communications between the US and South Korea would disrupt the ability of the US military in South Korea to communicate with military leaders in Washington, DC, and the Pacific Command in Hawaii.

http://en.mercopress.com/2009/11/18/cyber-war-is-here-and-to-stay-ask-us-china-russia-israel-and-france

Larry Clinton, president of the Internet Security Alliance, told senators that public apathy and ignorance played as much a role in the current state of cyber security as the unwillingness of corporate entities to take responsibility for securing the public’s data. “Many consumers have a false sense of security due to their belief that most of the financial impact resulting from the loss of personal data will be fully covered by corporate entities like the banks,” he said.

As for corporate and government entities that collect and store the public data, they “do not understand themselves to be responsible for the defense of the data,” said Clinton, whose group represents banks, telecoms, defense and technology companies and other industries that rely on the internet. “The marketing department has data, the finance department has data, etc, but they think the security of the data is the responsibility of the IT guys at the end of the hall.”

A 2009 Price Waterhouse Cooper study on global information security found that 47 percent of companies are reducing or deferring their information security budgets, despite the growing dangers of cyber incursions.

To improve cyber security, the public sector would have to institute sufficient market incentives to motivate companies to protect the public’s interests. Philip Reitinger, director of the National Cyber Security Center at the Department of Homeland Security, said that end users also need to be made aware of the simple things they can do to protect themselves — such as keeping software and anti-virus up to date.

“We need to, as a nation and as an IT echo system, continue to make it more simple for people to institute protections to determine if they’ve been compromised and to make sure they stay secure,” said Reitinger, a former Microsoft executive.

Civil liberties were also a concern of the panelists as they discussed privacy issues around the government’s implementation of Einstein 1 and 2 — programs designed to help monitor and protect government civilian networks — and Einstein 3, which the National Security Agency is currently developing for the same purpose. Reitinger said that DHS provides privacy and civil liberties training for those with the U.S. Computer Emergency Readiness Team who are responsible for implementing Einstein. He also said that the DHS’s Office of Cybersecurity and Communications has an oversight officer whose job is to ensure compliance with the rules.

One panelist, Larry Wortzel a retired army intelligence officer, made the case for the NSA to take the lead on the government’s cyber security initiatives, despite the agency’s public stance that it has no interest in assuming the position. “If, in fact, the NSA has technical capabilities beyond those of the providers, why should you be relying on the providers in areas where the NSA actually has greater capability?”

http://www.wired.com/threatlevel/2009/11/cyber-attacks-preventable/

The unorthodox console approach has been so effective that agents are scouring eBay to find the best deal on another 40 consoles to round out their collection.

Agents need computing power to break these codes because while a search warrant allows them to seize incriminating documents or digital evidence, the Fourth Amendment grants suspects the right to withhold their password information.

http://www.gamepro.com/article/news/212992/federal-government-using-ps3-to-crack-pedophile-passwords/