EU ministers on Monday proposed to set up a cybercrime centre as part of a longer term strategy to cope with internet scams, fraud and child pornography. Foreign ministers gathered in Luxembourg asked the European Commission to draw up a feasibility study looking at the creation of a body that would assess trends in cybercrime all across the EU and facilitate cross-border information sharing among various national investigators dealing with such cases. Despite increased cross-border investigations, criminals are still in a safe haven due to the lack of harmonisation among the 27 different legal systems in the EU, making it easy for internet fraudsters to set up bogus companies in one member state and scam victims in other countries. The centre would try to tackle these issues by evaluating the preventive and investigative measures carried out in member states and by training police, judges and prosecutors who specialise in this field. It could be located within the bloc’s police agency, Europol, based in the Hague, which has already developed a “European cybercrime platform.” But the efficiency of this platform is somewhat doubtful, as ministers ask for “consolidation” and “revision” of its functions, “in order to facilitate the collection, exchange and analysis of information.” From a legal point of view, EU states have still to ratify the Convention on Cybercrime adopted in 2001 by the Council of Europe, the Strasbourg-based human rights organisation, and adopt a common position on practical issues such as blocking IP addresses and revocation of domain names
A December cyberattack on Google Inc computers hit the company’s password system that millions of people worldwide use to access almost all of the company’s Web services, The New York Times said, citing a person with direct knowledge of the investigation. The closely-guarded program is considered a crown jewel at Google, enabling users and employees to sign in with their password only once to operate various services including e-mail and business applications, the newspaper said in its April 20 edition. Code-named Gaia for the Greek goddess of the earth, and still in use under the name Single Sign-On, the program was described publicly only once at a technical conference four years ago, the newspaper said. The intruders do not appear to have stolen passwords of Gmail users, and Google quickly started to bolster security, the newspaper said. But the theft leaves open a possibility, perhaps faint, that the intruders may find weaknesses that Google might not know about, the newspaper said, citing independent computer experts. Google disclosed the hacking on Jan. 12, when on its website it reported having detected “a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.”
The White House has declassified parts of a top secret plan outlining how government will protect the nation’s computer networks from cyber warfare. The announcement by cybersecurity tsar Howard Schmidt was made at the world’s biggest security event. The move is aimed at encouraging greater co-operation between academia, government and the private sector. “We must continue to seek out innovative new partnerships – not only within government, but also among industry, government and the American public,” Mr Schmidt told delegates at the event, hosted by the security company RSA in San Francisco. It was his first major speech to industry peers since being appointed to the job in December 2009. The Comprehensive National Cybersecurity Initiative (CNCI) was introduced in 2008 by then-President George W Bush. There are 12 parts to the CNCI, including cyber counterintelligence and deterrence strategies. For the first time the government has published a general description of what they are on its website. The CNCI funds a number of sensitive projects including the government’s Einstein technology, which focuses on securing the vast computer network that operates under the dot.gov domain, as well as detecting attempts to access those systems.
Intel Corp said it faced a “sophisticated” hacker attack in January about the same time as the recently publicized Chinese hacker attacks on Google Inc, but noted no clear link between the two events.
Google would not comment on whether Intel was one of the roughly 20 unnamed companies that the world’s No. 1 Internet search engine said had been similarly targeted in attacks that originated in China.
The attack was just one of what the world’s largest chipmakers said were regular attempts on its computer systems, Intel said in a filing under a heading about potential theft or misuse of the company’s intellectual property.
“The only connection is timing,” Intel spokesman Chuck Mulloy said, declining to elaborate. The company first publicized the attack and pointed out the similarity in timing to the move on Google in an annual filing with the U.S. Securities and Exchange Commission.
Now that Google has publicly admitted to being successfully attacked without much damage to their reputation, analysts said other companies are rethinking their typically tight-lipped approach to security breaches.
Recent changes to disclosure laws and increased awareness of cyber-security may also have prompted Intel to come clean, analysts say.
But Intel did not say who was behind the attacks, from where in the world they originated, or what information, if any, had been taken.
Asked whether Intel had spoken or worked with Google on this issue, Mulloy said: “Our security folks work very closely and collaboratively throughout the industry.”
“Companies are facing these threats and attacks all the time,” Fred Pinkett, vice president of product management for Core Security Technologies, said.
In targeting companies like Intel, which have one of the largest intellectual property portfolios in the world, hackers may have been looking for bragging rights.
“Very rarely are they really trying to commit industrial espionage, because it’s really hard to do that without getting caught,” said Todd Feinman, chief executive of Identity Finder.
The reason Intel probably publicized the hack attempts was to minimize the company’s legal risks, he added. “The advantage is that you’re protecting yourself for when it finally does happen and something really bad occurs, because you can say ‘we disclosed this information on our 10-K.'”
The United States would lose a cyberwar if it fought one today, a former US intelligence chief has warned. Michael McConnell, a retired US Navy vice admiral who served as ex-president George W. Bush’s director of national intelligence, also compared the danger of cyberwar to the nuclear threat posed by the Soviet Union during the Cold War. “If we went to war today in a cyberwar, we would lose,” McConnell told a hearing Tuesday on cybersecurity held by the Senate Committee on Commerce, Science and Transportation. Tuesday’s hearing came a little over a month after Internet giant Google revealed that it and other US companies had been the target of a series of sophisticated cyberattacks originating in China. “National security and our economic security are at stake,” said Democratic Senator Jay Rockefeller, the panel’s chairman and a co-sponsor of a bill seeking to bolster public and private sector cybersecurity cooperation. McConnell pointed to US President Barack Obama’s appointment of a cybersecurity coordinator in December and his national cybersecurity initiative as moves in the right direction, but said they were not enough. He called for establishing a National Cybersecurity Center modeled after the National Counter Terrorism Center set up after the September 11, 2001 attacks on New York and Washington. The center would integrate elements of the Pentagon’s proposed Cyber Command, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center and the cyber operations of the Federal Bureau of Investigation, state and local governments and the private sector
A prestigious Chinese university and a lesser-known vocational school have denied a report they were the source of recent cyber attacks on Internet giant Google and other U.S. corporations, Xinhua news agency said on Saturday. A representative of Shanghai Jiaotong University, considered one of China’s best, said the allegations in a New York Times report were baseless and even if the school’s computers appeared to be involved, it did not mean the hackers were based there. The Communist party boss at Lanxiang Vocational School, the other institution fingered in the report, also denied any role. Google announced in January that it had faced a “highly sophisticated and targeted attack” in mid-December, allegedly from inside China, and declared that it was no longer willing to censor search results in the country as required by Beijing. The attacks have been a source of friction in Sino-U.S. relations at an already tense time
Recent cyber attacks on Google and other American corporations have been traced to a top Chinese university as well as a school with ties to the Chinese military, the New York Times reported on Thursday, citing people involved in the investigation. Those people told the Times that the Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School. They said the attacks may have started as early as April 2009 – earlier than previously thought. According to the report, investigators believe there is evidence suggesting a link to a computer science class at the vocational school taught by a Ukrainian professor. Google jolted U.S.-China ties with its January 12 announcement that it had faced a “highly sophisticated and targeted attack” in mid-December, allegedly from inside China. More than 20 other companies were also targeted, though Google said a primary target was dissidents’ email accounts. Jill Hazelbaker, Google’s director of corporate communications said that the company’s investigation is ongoing, but otherwise declined to comment. The Chinese schools were not immediately available for comment, but the Times said they had not heard that American investigators had traced the Google attacks to their campuses