Hillary Clinton’s emails and server misconduct are the least of our worries. The fact that her server was receiving files that passed through or originated on the State Department servers is enough to know she exposed her private system to hackers. The US system is/was/has been compromised, for years, since before Hillary tapped in her new network. Michael McCaul, a Texas Congressman and Chairman of The House Committee On Homeland Security called Clinton “careless” and said she “potentially did harm” to national security. Earlier this week McCaul said this:
One thing is clear from FBI Director Comey’s announcement today—Secretary Clinton was not fully honest in her representation of her use of email to the American people. She was careless with classified and sensitive information and potentially did harm to the United States and our national security. Secretary Clinton will still have to answer to and be held accountable by the American people. Continue reading
States are having trouble recruiting top cybersecurity workers, lawmakers are told
Many states aren’t confident of their ability to respond to cyberattacks on physical infrastructure such as water and electric systems, U.S. emergency response officials say.
The U.S. government could do several things to help states improve their response to cyberattacks, including increased funding for technology training programs, cybersecurity experts told a House of Representatives committee Tuesday.
WASHINGTON (Reuters) – U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.
The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network. Continue reading
China has made two things absolutely clear this year: 1) if Beijing thinks you may be inclined to sell stocks into a falling market, the consequences for you could be dire, and 2) the PLA navy is quite serious about projecting China’s maritime ambitions to the rest of the world.
Evidence of the latter point is readily observable in the South China Sea, where dredgers have been busy for months building man-made islands atop reefs in the Spratlys much to the chagrin of Washington and its regional allies.
Then there was the PLA’s unexpected arrival in Yemen back in March when a naval frigate showed up in Aden and evacuated 225 foreign nationals.
And who can forget the five ships that cruised by just 12 miles off the coast of Alaska as Obama toured the state.
“Response” is exactly what’s allowing this to happen. It’s the culture of reactionary ‘patch and pray” that continues to be the industry norm instead of proactive defense that is the issue. Reactionary means only reacting, therefore you have to wait for something to happen.
Obama administration’s diplomatic, legal response is encouraging more cyber attacks
The United States will continue to suffer increasingly damaging cyber attacks against both government and private sector networks as long as there is no significant response, according to a recent U.S. intelligence community assessment.
Disclosure of the intelligence assessment, an analytical consensus of 16 U.S. spy agencies, comes as the Obama administration is debating how to respond to a major cyber attack against the Office of Personnel Management. Sensitive records on 22.1 million federal workers, including millions cleared for access to secrets, were stolen by hackers linked to China’s government. Continue reading
One can only imagine how much more the threat is multiplied because of the “patch and pray” culture America was warned about as early as 1998. Nobody in the industry cares until after the problem happens, then they stick a band-aid on it.
Potential to ‘take down’ U.S. power grids, water systems and other critical infrastructure
While experts have long signaled that the U.S. power grid and related systems are vulnerable to physical attacks by terrorists and other individuals, the U.S. government is now warning that sensitive computer systems that maintain the grid are increasingly being attacked, according to a Congressional Research Service (CRS) report that was not made public until the Federation of American Scientists (FAS) disclosed it this month.
These types of computer viruses are able to comb internal systems for private information in a clandestine manner; they can also be used to wrest control of certain computers away from their owners.
“In recent years, new threats have materialized as new vulnerabilities have come to light, and a number of major concerns have emerged about the resilience and security of the nation’s electric power system,” the report says. “In particular, the cyber security of the electricity grid has been a focus of recent efforts to protect the integrity of the electric power system.” Continue reading
An intensifying cyber security war between the United States and China highlights mutual strategic suspicion between the two countries, according to a research paper recently published the Center for a New American Security, a Washington-based think tank on China’s cyber security strategy.
The paper said that while the internet has caused an unprecedented impact on China’s traditional financial and media sectors, the biggest task for Beijing is taking innovation and cyber security into consideration while mapping out regulations for internet supervision and governance. Continue reading
BOSTON (Reuters) – Iranian hackers have infiltrated major airlines, energy companies, and defense firms around the globe over the past two years in a campaign that could eventually cause physical damage, according to U.S. cyber security firm Cylance.
The report comes as governments scramble to better understand the extent of Iran’s cyber capabilities, which researchers say have grown rapidly as Tehran seeks to retaliate for Western cyber attacks on its nuclear program.
“We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety,” Cylance said in an 87-page report on the hacking campaign released on Tuesday. Continue reading
The days of using a password to access a bank account or cellphone will soon be a thing of the past, President Obama’s top cybersecurity adviser said Thursday.
The risk of getting hacked by criminals has grown so widespread that far more sophisticated identification technology — including biometric scanning devices — will become the norm, said Michael Daniel, the White House’s cybersecurity coordinator.
“You’ve started to see some of that with the emergence of the fingerprint readers,” said Mr. Daniel, adding that the technology will become increasingly mainstream as cellphone cameras, “hard” card readers and other authentication gadgets replace the annoying process for millions of Americans of punching in a password to confirm their identity.
In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.
As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.
The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Continue reading
Japanese-Israel military intelligence collaboration in cyber security was at the center of bilateral defense agreements reached in Tokyo Monday, May 12, between Prime Minister Shinzo Abe and visiting Prime Minister Binyamin Netanyahu, debkafile’s military and intelligence sources report. The two leaders agreed to join forces against China’s cyber war capabilities, some of which Beijing has transferred to Iran’s Revolutionary Guards and the North Korean armed forces.
Netanyahu and Abe agreed that Israeli cyber specialists would visit Japan to help set up cyber security programs for combating potential attacks on military infrastructure, strategic utilities and companies. Officers of Japan’s Self-Defense forces would also visit Israel to attend Israel Defense Forces courses on this subject.
More exclusive details about the cyber collaboration agreed on between Japan and Israel in the coming DEBKA Weekly out next Friday. Continue reading
Marc Gilbert got a horrible surprise from a stranger on his 34th birthday in August. After the celebration had died down, the Houston resident heard an unfamiliar voice coming from his daughter’s room; the person was telling his sleeping 2-year-old, “Wake up, you little slut.” When Gilbert rushed in, he discovered the voice was coming from his baby monitor and that whoever had taken control of it was also able to manipulate the camera. Gilbert immediately unplugged the monitor but not before the hacker had a chance to call him a moron. Continue reading
Several power utilities say they face a barrage of cyber attacks on their critical systems, a report by two Democratic lawmakers found echoing warnings from the Obama administration that foreign hackers were trying to bring down the U.S. power grid. Continue reading
The clandestine army unit, known as Unit 61398, “went quiet for a while — they changed the nature of their activities, they removed some of the tools that they had been using inside of different companies,” said Richard Bejtlich of Mandiant, which specializes in defending companies from cyber attacks and purging malware from computer networks that have been breached. Continue reading
Chinese hackers “bombard” the Pentagon’s computer systems “by the millions each and every day” searching for a point of entry into the sensitive U.S. computing systems, according to officials speaking at an event on cybersecurity on Tuesday.
Former Attorney General Michael Mukasey and other high-level former U.S. officials warned during a discussion at The American Center for Democracy (ACD) that the U.S. government is woefully underprepared to combat and repel even the most benign type of cyber attack. Continue reading