McConnell – Winning the Cyber-war We’re Losing

Mike McConnell postulates that the United States is fighting a cyber-war today, and they are losing. It’s that simple. As the most wired nation on Earth, the US offers the most targets of significance, yet cyber-defenses are woefully lacking. The problem is not one of resources; even in current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge.

The stakes are enormous. To the extent that the sprawling US economy inhabits a common physical space, it is in our communications networks. If an enemy disrupted our financial and accounting transactions, our equities and bond markets or our retail commerce, or created confusion about the legitimacy of those transactions, chaos would result. Our power grids, air and ground transportation, telecommunications, and water-filtration systems are in jeopardy as well.

Read the Washington Post article

3 Charged in ATM Skimming Scheme

Score one for the GOOD-GUYS! Three men have been charged in connection with an ATM skimming scheme resulting in the theft of more than US $137,000 from Massachusetts banks over a six week period.

The skimmers were affixed to ATMs Bank of America and Citizens Bank harvesting data from cards’ magnetic strips and hidden cameras were used to capture personal identification numbers. Ivaylo Hristov, Anton Venkov and Vladislav Vladev have been charged with bank fraud, aggravated identity theft and using counterfeit ATM cards. Hristov and Vladev were also charged with possession of device-making equipment. They each face up to 57 years in prison and US $1.25 million fines. Venkov faces up to 42 years in prison and a US $1.25 million fine. Throw the book at them, they are a blight on humanity!!

Register Article

‘Sophisticated’ Hack Hit Intel in January

According to Wired, Intel is the latest US company to acknowledge that it was hacked in January in a sophisticated attack that occurred at the same time that Google, Adobe and others were targeted. The giant California-based chip maker was rumored to have been among some 34 companies that were targeted, but said on Tuesday there was no evidence to tie its hack to the Google attack.

“We did not see the kind of broad-based attack as described by Google, companies routinely see hackers trying to get into their system. It is a risk factor and that’s why it was in the 10-K. We’ve seen no loss of [intellectual property] as a result of any of these attacks.”

Read More

Phishing, SQL Injection Attacks Surged in 2009

Hackers continued to have great success taking advantage of vulnerabilities in applications, such as Adobe Acrobat, and Web browsers to compromise unsuspecting users’ machines or data, according to IBM’s annual X-Force Trend and Risk Report. That’s in spite of an overall decline in the number of new software vulnerabilities last year, IBM says. Big Blue’s security research and development group reported that in 2009, the total number of bugs in document readers and multimedia applications surged 50%, leading to a dramatic increase in phishing attacks targeting banks and other financial services providers during the second half of the year.


10 Years Have Got Behind You…

Holy malware variants, Batman.  10 years have come and gone.  Channel web has a slide show covering the last 10 year timeline in malware developments.  What started with simple email attacks and widely released viruses has given way to botnets, stealthy info stealing Trojans, iFrame and SQL injection attacks.  Going forward, cybercriminals appear to be leaning toward corporate and political espionage, with sophisticated malware designed to disrupt civil infrastructure and swipe intellectual property from competitors.

TaoSecurity On Senate Committee Testimony

Amazing what happens when you’re sick a couple of days.  looks like Richard Bejtlich has started a decent thread on his TaoSecurity blog regarding US Director of National Intelligence Dennis Blair’s US Senate Select Committee on Intelligence hearing testimony.

In his testimony, DNI Blair began his Annual Threat Assessment of the US Intelligence Community with the following.  The word "began" is highlighted because this section wasn’t buried in the middle of the document.  He discussed digital threats right from the start.

The national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure… This critical infrastructure is severely threatened.

Read the entire article here:

Beware Twitter Direct Messages “LOL – Is This You?”

Twitter continues to experience Direct Message Phishing Attacks as people fall for a fake Direct Message with an innocuous looking “LOL – is this you?” or “This you????” and a link to a fake Twitter login site.

If you’re using high security settings in your browser with phishing warnings in place heed the warning and close the window.  It’s hard to believe that people still buy that direct messages they get are real, but when you get phished, and you’ve just entered your password, it is imperative that you return to your twitter account immediately by typing the address into the browser address bar of a new browser window, then change your password.

If you find that your account is sending these Direct Messages, your account has been compromised and you need to stop the messages from going out by changing your password quickly.