How Russian Hackers Stole the Nasdaq

In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.

As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.

The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Continue reading

Japanese-Israel defense accords cover cyber security cooperation against China, North Korea and Iran

Japanese-Israel military intelligence collaboration in cyber security was at the center of bilateral defense agreements reached in Tokyo Monday, May 12, between Prime Minister Shinzo Abe and visiting Prime Minister Binyamin Netanyahu, debkafile’s military and intelligence sources report. The two leaders agreed to join forces against China’s cyber war capabilities, some of which Beijing has transferred to Iran’s Revolutionary Guards and the North Korean armed forces.

Netanyahu and Abe agreed that Israeli cyber specialists would visit Japan to help set up cyber security programs for combating potential attacks on military infrastructure, strategic utilities and companies. Officers of Japan’s Self-Defense forces would also visit Israel to attend Israel Defense Forces courses on this subject.

More exclusive details about the cyber collaboration agreed on between Japan and Israel in the coming DEBKA Weekly out next Friday. Continue reading

The Terrifying Search Engine That Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors And Power Plants

Marc Gilbert got a horrible surprise from a stranger on his 34th birthday in August. After the celebration had died down, the Houston resident heard an unfamiliar voice coming from his daughter’s room; the person was telling his sleeping 2-year-old, “Wake up, you little slut.” When Gilbert rushed in, he discovered the voice was coming from his baby monitor and that whoever had taken control of it was also able to manipulate the camera. Gilbert immediately unplugged the monitor but not before the hacker had a chance to call him a moron. Continue reading

Some US Utilities Say They’re Under Constant Cyber Attack

Several power utilities say they face a barrage of cyber attacks on their critical systems, a report by two Democratic lawmakers found echoing warnings from the Obama administration that foreign hackers were trying to bring down the U.S. power grid. Continue reading

Chinese military unit said to resume cyber spying

The clandestine army unit, known as Unit 61398, “went quiet for a while — they changed the nature of their activities, they removed some of the tools that they had been using inside of different companies,” said Richard Bejtlich of Mandiant, which specializes in defending companies from cyber attacks and purging malware from computer networks that have been breached. Continue reading

Taking Cybersecurity Seriously — Former government officials warn against complacency on the cyber front

Chinese hackers “bombard” the Pentagon’s computer systems “by the millions each and every day” searching for a point of entry into the sensitive U.S. computing systems, according to officials speaking at an event on cybersecurity on Tuesday.

Former Attorney General Michael Mukasey and other high-level former U.S. officials warned during a discussion at The American Center for Democracy (ACD) that the U.S. government is woefully underprepared to combat and repel even the most benign type of cyber attack. Continue reading

Obama’s Cyber Dodge – White House cyber report won’t focus on China

The Obama administration plan to counter massive cyber espionage from China will not focus on a single country, a White House official said.

The administration is set to release its “Strategy to Mitigate the Theft of U.S. Trade Secrets” at a press conference of senior officials, including Attorney General Eric Holder.

“This strategy is not focused on any one country nor is it focused on cybersecurity exclusively, though cyber does play an important role in the strategy,” the official said. Continue reading

Massive bank cyberattack planned

Security firm McAfee on Thursday released a report warning that a massive cyberattack on 30 U.S. banks has been planned, with the goal of stealing millions of dollars from consumers’ bank accounts.

RSA startled the security world with its announcement that a gang of cybercriminals had developed a sophisticated Trojan aimed at funneling money out of bank accounts from Chase (JPM, Fortune 500), Citibank (C, Fortune 500), Wells Fargo (WFC, Fortune 500), eBay (EBAY, Fortune 500) subsidiary PayPal and dozens of other large banks. Known as “Project Blitzkrieg,” the plan has been successfully tested on at least 300 guinea pig bank accounts in the United States, and the crime ring had plans to launch its attack in full force in the spring of 2013, according to McAfee, a unit of Intel (INTC, Fortune 500). (McAfee was founded by John McAfee, who is wanted for questioning as part of a Belize murder investigation, but he no longer has any ties to the company.) Continue reading

‘Malicious Disruptions’ Threaten Financial System: Fed Official

A top Federal Reserve official warned on Tuesday of potential risks to financial stability from cyberattacks on the U.S. payments system and from a looming funding gap in public pensions.

Lockhart is the latest in a string of government officials and corporate executives who have warned of the potential danger of cyberattacks on the U.S. In October, Defense Secretary Leon E. Panetta warned that the U.S. faced the possibility of a “cyber-Pearl Harbor” from hackers who could dismantle the nation’s power grid, transportation system, and financial and government networks. Continue reading

Auditor warns Canada lagging on cyber security

Canada “has been slow” to set up firewalls to protect against cyber threats to critical infrastructure, leaving the nation vulnerable to crippling attacks, the auditor general warned Tuesday.

In a report, Auditor General Michael Ferguson said the government has made only “limited progress” over the past decade to safeguard electrical grids, telecommunications infrastructure, banking systems, manufacturing and transportation, as well as its own computers. Continue reading

China cyberattacks hit Japan in island row: police

At least 19 Japanese websites, including those of a government ministry, courts and a hospital, have come under cyberattack, apparently from China, police said Wednesday.

Many of the websites were altered to show messages proclaiming Chinese sovereignty over the Diaoyu islands, a Japanese-administered chain Tokyo calls Senkaku, the National Police Agency (NPA) said in a statement.

On Sunday afternoon, when the attack was most intense, 95 percent of traffic to the bureau’s website was from China, Kyodo said, citing minister Tatsuo Kawabata.

Full article: China cyberattacks hit Japan in island row: police (Defence Talk)

Homeland Security warns of hackers targeting popular Niagara software

The Department of Homeland Security on Friday warned that a popular system used by organizations around the world to manage millions of machines and devices over the Internet is vulnerable to attack from hackers.

The software system known as the Niagara Framework enables corporate, military, health-care and other users to remotely control or monitor medical devices, elevators, video cameras, security systems and a wide array of other sensitive operations.

In an alert issued Friday, cybersecurity officials said that Niagara users should immediately prohibit guest users, bolster passwords, cut off direct access to the Internet and take other steps to prevent hackers from exploiting configuration and software flaws.

Last week, Niagara’s maker, Richmond-based Tridium, privately warned customers about security problems. On Thursday, months after the firm was first notified of the issues, Tridium released a public alert.

Tridium’s parent company, Honeywell, issued a statement Friday responding to the alert.

Full article: Homeland Security warns of hackers targeting popular Niagara software (Washington Post)

Foreign Spies Are Already Planted Throughout The US Military Computer Networks

The attack on American military computer networks has been so thorough, and so successful, security experts now say the U.S. should quit trying to stop it, and assume spies are already inside.

Security experts testifying before the Senate Armed Services said last week that it’s time the U.S. stopped building up its computer defense, and start retaliating against nations accessing U.S. networks.

Full article: Foreign Spies Are Already Planted Throughout The US Military Computer Networks (Business Insider)