Category Archives: Cybersecurity

EU to set up anti-cybercrime body

EU ministers on Monday proposed to set up a cybercrime centre as part of a longer term strategy to cope with internet scams, fraud and child pornography. Foreign ministers gathered in Luxembourg asked the European Commission to draw up a feasibility study looking at the creation of a body that would assess trends in cybercrime all across the EU and facilitate cross-border information sharing among various national investigators dealing with such cases. Despite increased cross-border investigations, criminals are still in a safe haven due to the lack of harmonisation among the 27 different legal systems in the EU, making it easy for internet fraudsters to set up bogus companies in one member state and scam victims in other countries. The centre would try to tackle these issues by evaluating the preventive and investigative measures carried out in member states and by training police, judges and prosecutors who specialise in this field. It could be located within the bloc’s police agency, Europol, based in the Hague, which has already developed a “European cybercrime platform.” But the efficiency of this platform is somewhat doubtful, as ministers ask for “consolidation” and “revision” of its functions, “in order to facilitate the collection, exchange and analysis of information.” From a legal point of view, EU states have still to ratify the Convention on Cybercrime adopted in 2001 by the Council of Europe, the Strasbourg-based human rights organisation, and adopt a common position on practical issues such as blocking IP addresses and revocation of domain names

Google cyberattack hit password system-NY Times

A December cyberattack on Google Inc computers hit the company’s password system that millions of people worldwide use to access almost all of the company’s Web services, The New York Times said, citing a person with direct knowledge of the investigation. The closely-guarded program is considered a crown jewel at Google, enabling users and employees to sign in with their password only once to operate various services including e-mail and business applications, the newspaper said in its April 20 edition. Code-named Gaia for the Greek goddess of the earth, and still in use under the name Single Sign-On, the program was described publicly only once at a technical conference four years ago, the newspaper said. The intruders do not appear to have stolen passwords of Gmail users, and Google quickly started to bolster security, the newspaper said. But the theft leaves open a possibility, perhaps faint, that the intruders may find weaknesses that Google might not know about, the newspaper said, citing independent computer experts. Google disclosed the hacking on Jan. 12, when on its website it reported having detected “a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.”

US lifts lid on top secret plan for internet security

The White House has declassified parts of a top secret plan outlining how government will protect the nation’s computer networks from cyber warfare. The announcement by cybersecurity tsar Howard Schmidt was made at the world’s biggest security event. The move is aimed at encouraging greater co-operation between academia, government and the private sector. “We must continue to seek out innovative new partnerships – not only within government, but also among industry, government and the American public,” Mr Schmidt told delegates at the event, hosted by the security company RSA in San Francisco. It was his first major speech to industry peers since being appointed to the job in December 2009. The Comprehensive National Cybersecurity Initiative (CNCI) was introduced in 2008 by then-President George W Bush. There are 12 parts to the CNCI, including cyber counterintelligence and deterrence strategies. For the first time the government has published a general description of what they are on its website. The CNCI funds a number of sensitive projects including the government’s Einstein technology, which focuses on securing the vast computer network that operates under the domain, as well as detecting attempts to access those systems.

Intel says hackers attacked around same time as Google was hit

Intel Corp said it faced a “sophisticated” hacker attack in January about the same time as the recently publicized Chinese hacker attacks on Google Inc, but noted no clear link between the two events.

Google would not comment on whether Intel was one of the roughly 20 unnamed companies that the world’s No. 1 Internet search engine said had been similarly targeted in attacks that originated in China.

The attack was just one of what the world’s largest chipmakers said were regular attempts on its computer systems, Intel said in a filing under a heading about potential theft or misuse of the company’s intellectual property.

“The only connection is timing,” Intel spokesman Chuck Mulloy said, declining to elaborate. The company first publicized the attack and pointed out the similarity in timing to the move on Google in an annual filing with the U.S. Securities and Exchange Commission.

Now that Google has publicly admitted to being successfully attacked without much damage to their reputation, analysts said other companies are rethinking their typically tight-lipped approach to security breaches.

Recent changes to disclosure laws and increased awareness of cyber-security may also have prompted Intel to come clean, analysts say.

But Intel did not say who was behind the attacks, from where in the world they originated, or what information, if any, had been taken.

Asked whether Intel had spoken or worked with Google on this issue, Mulloy said: “Our security folks work very closely and collaboratively throughout the industry.”

“Companies are facing these threats and attacks all the time,” Fred Pinkett, vice president of product management for Core Security Technologies, said.

In targeting companies like Intel, which have one of the largest intellectual property portfolios in the world, hackers may have been looking for bragging rights.

“Very rarely are they really trying to commit industrial espionage, because it’s really hard to do that without getting caught,” said Todd Feinman, chief executive of Identity Finder.

The reason Intel probably publicized the hack attempts was to minimize the company’s legal risks, he added. “The advantage is that you’re protecting yourself for when it finally does happen and something really bad occurs, because you can say ‘we disclosed this information on our 10-K.'”

U.S. would lose the cyber war says former intelligence chief

The United States would lose a cyberwar if it fought one today, a former US intelligence chief has warned. Michael McConnell, a retired US Navy vice admiral who served as ex-president George W. Bush’s director of national intelligence, also compared the danger of cyberwar to the nuclear threat posed by the Soviet Union during the Cold War. “If we went to war today in a cyberwar, we would lose,” McConnell told a hearing Tuesday on cybersecurity held by the Senate Committee on Commerce, Science and Transportation. Tuesday’s hearing came a little over a month after Internet giant Google revealed that it and other US companies had been the target of a series of sophisticated cyberattacks originating in China. “National security and our economic security are at stake,” said Democratic Senator Jay Rockefeller, the panel’s chairman and a co-sponsor of a bill seeking to bolster public and private sector cybersecurity cooperation. McConnell pointed to US President Barack Obama’s appointment of a cybersecurity coordinator in December and his national cybersecurity initiative as moves in the right direction, but said they were not enough. He called for establishing a National Cybersecurity Center modeled after the National Counter Terrorism Center set up after the September 11, 2001 attacks on New York and Washington. The center would integrate elements of the Pentagon’s proposed Cyber Command, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center and the cyber operations of the Federal Bureau of Investigation, state and local governments and the private sector

Chinese schools deny link to Google attack

A prestigious Chinese university and a lesser-known vocational school have denied a report they were the source of recent cyber attacks on Internet giant Google and other U.S. corporations, Xinhua news agency said on Saturday. A representative of Shanghai Jiaotong University, considered one of China’s best, said the allegations in a New York Times report were baseless and even if the school’s computers appeared to be involved, it did not mean the hackers were based there. The Communist party boss at Lanxiang Vocational School, the other institution fingered in the report, also denied any role. Google announced in January that it had faced a “highly sophisticated and targeted attack” in mid-December, allegedly from inside China, and declared that it was no longer willing to censor search results in the country as required by Beijing. The attacks have been a source of friction in Sino-U.S. relations at an already tense time

Probe traces Google attacks to 2 Chinese schools: report

Recent cyber attacks on Google and other American corporations have been traced to a top Chinese university as well as a school with ties to the Chinese military, the New York Times reported on Thursday, citing people involved in the investigation. Those people told the Times that the Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School. They said the attacks may have started as early as April 2009 – earlier than previously thought. According to the report, investigators believe there is evidence suggesting a link to a computer science class at the vocational school taught by a Ukrainian professor. Google jolted U.S.-China ties with its January 12 announcement that it had faced a “highly sophisticated and targeted attack” in mid-December, allegedly from inside China. More than 20 other companies were also targeted, though Google said a primary target was dissidents’ email accounts. Jill Hazelbaker, Google’s director of corporate communications said that the company’s investigation is ongoing, but otherwise declined to comment. The Chinese schools were not immediately available for comment, but the Times said they had not heard that American investigators had traced the Google attacks to their campuses

China shuts down largest hacker training website

China has closed what it claims to be the largest hacker training website in the country and arrested three of its members, domestic media reported on Monday. The “Black Hawk Safety Net” website taught hacking techniques and provided malicious software downloads for its 12,000 members in exchange for a fee, the Wuhan Evening News newspaper reported this weekend, citing police in Huanggang, just east of Wuhan. Hacking from China has received international attention since Google Inc threatened to quit China last month after a serious hacking attempt originating from China, resulting in the theft of its intellectual property. China has denied involvement in the hacking episode and said it does not condone hacking. The website was shut in late November and three of its members arrested on suspicion of criminal activity, the newspaper reported, without saying why the news was only released now

Microsoft to patch 17-year-old computer bug

A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

The February update for Windows will close the loophole that dates from the time of the DOS operating system. First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since. The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as “critical”.

Home hijack

The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs. Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7. The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.

As well as fixing holes in many versions of Windows, the update also tackles bugs in Office XP, Office 2003 and Office 2004 for Apple Macintosh machines. The bumper update is not the largest that Microsoft has ever released. The security update for October 2009 tackled a total of 34 vulnerabilities. Eight of those updates were rated as critical – the highest level.

In January 2010, Microsoft released an “out of band” patch for a serious vulnerability in Internet Explorer that was being exploited online. The vulnerability was also thought to be the one used to attack Google in China. Following the attack on Google, many other cyber criminals started seeking ways to exploit the loophole. Also this week, a security researcher has reported the discovery of a vulnerability in Internet Explorer that allows attackers to view the files held on a victim’s machine. Microsoft has issued a security bulletin about the problem and aims to tackle it at a future date. At the moment there is no evidence that this latest find is being actively exploited online.

EU reviews Internet security after emissions trading scheme phishing fraud

An email “phishing” fraud against the European Union’s greenhouse gas Emissions Trading Scheme (ETS) has prompted the executive European Commission to revise its Internet security guidelines, the Commission said. German officials said on Wednesday that online fraudsters had targeted international carbon markets to steal emissions permits from companies and sell them illegally. The ETS is the 27-country European Union’s main tool to force industry to cut greenhouse gas emissions. It allows companies to buy emissions permits from others when cutting those emissions is too expensive. The permits are administered by registries. “The Commission intends to review the security measures applicable to ETS registries and will prepare revised security guidelines for registries and an action plan aiming at harmonising approach in case of future such incidents,” the EU executive said on Thursday. The Commission said a limited number of fraudulent transactions had been carried out, with fake emails sent to users asking them to log on to a malicious website, pretending to be that of a registry, and disclose their user codes and passwords. This kind of scam is known as “phishing.” They said six German companies had been hit by the scam, and companies in New Zealand and Australia had also been affected. The EU executive said it was alerted by the Netherlands and Norway, and it had informed all other member states to take appropriate security measures immediately.