By SIOBHAN GORMAN
The Wall Street Journal
OCTOBER 23, 2009
WASHINGTON -- The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S.
company that appears to have been sponsored by Beijing.
The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.
The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing trade with China, is made up largely of former U.S. government officials in the national security field.
The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report [1]. The analysts wouldn't name the company described in the case study, describing it only as "a firm involved in high-technology development."
The report didn't provide a damage assessment and didn't say specifically who was behind the attack against the U.S. company. But it said the company's internal analysis indicated the attack originated in or came through China.
Friday, 23 October 2009
Botnet click fraud at record high
By Dan Goodin in San Francisco
The Register
23rd October 2009
Malware-infected computers are increasingly being used to perpetrate click fraud, according to a study released Thursday that found their contribution was the highest since researchers began compiling statistics on the crime.
In the third quarter of this year, 42.6 percent of fraudulent clicks were generated by computers that were part of botnets, compared with
36.9 percent the previous quarter and about 27.6 percent in the same period of 2008. The increase comes as criminals trying to profit from click fraud take advantage of new advances in malware that make the practice harder to detect.
"As the botnets get more sophisticated, they're able to perpetrate more click fraud," said Paul Pellman, CEO of Click Forensics, the advertising auditing firm that prepared the report. "They're finding new ways of being distributed, and that's reflected in the data."
The jump in botnet use over the past year comes as the overall amount of click fraud dropped, from 16 percent of all paid ads in Q3 of 2008 to
14.1 percent last quarter. That means manual forms of click fraud, in which large numbers of individuals engage in the practice, has decreased by an even larger margin. Many of those people get paid to knowingly gin the advertising results, while others are tricked into it.
The Register
23rd October 2009
Malware-infected computers are increasingly being used to perpetrate click fraud, according to a study released Thursday that found their contribution was the highest since researchers began compiling statistics on the crime.
In the third quarter of this year, 42.6 percent of fraudulent clicks were generated by computers that were part of botnets, compared with
36.9 percent the previous quarter and about 27.6 percent in the same period of 2008. The increase comes as criminals trying to profit from click fraud take advantage of new advances in malware that make the practice harder to detect.
"As the botnets get more sophisticated, they're able to perpetrate more click fraud," said Paul Pellman, CEO of Click Forensics, the advertising auditing firm that prepared the report. "They're finding new ways of being distributed, and that's reflected in the data."
The jump in botnet use over the past year comes as the overall amount of click fraud dropped, from 16 percent of all paid ads in Q3 of 2008 to
14.1 percent last quarter. That means manual forms of click fraud, in which large numbers of individuals engage in the practice, has decreased by an even larger margin. Many of those people get paid to knowingly gin the advertising results, while others are tricked into it.
Time Warner Cable Exposes 65, 000 Customer Routers to Remote Hacks
Forwarded from: *Hobbit*
And why was a similar hue and cry not raised two+ years ago over Actiontec's similar backdoor they deliberately built into DSL modems branded for Verizon?
http://techno-fandom.org/~hobbit/pix/vzdsl/
And why was a similar hue and cry not raised two+ years ago over Actiontec's similar backdoor they deliberately built into DSL modems branded for Verizon?
http://techno-fandom.org/~hobbit/pix/vzdsl/
Zurich security breach affects 51,000 customers
By Gill Montia
Insurance Daily
October 22, 2009
Zurich Insurance plc has announced that it has written to around 51,000 general insurance customers and other parties in the UK regarding the loss of a back-up data tape in South Africa.
The tape, which also holds details of customers and other parties in South Africa and Botswana, was lost in August 2008 during a routine transfer to a data storage centre.
Zurich says its investigation have revealed deficiencies in the management of data tape security procedures.
The letters set out the recommended precautionary measures that customers can take as well as the steps that Zurich UK has in place to support policyholders.
Insurance Daily
October 22, 2009
Zurich Insurance plc has announced that it has written to around 51,000 general insurance customers and other parties in the UK regarding the loss of a back-up data tape in South Africa.
The tape, which also holds details of customers and other parties in South Africa and Botswana, was lost in August 2008 during a routine transfer to a data storage centre.
Zurich says its investigation have revealed deficiencies in the management of data tape security procedures.
The letters set out the recommended precautionary measures that customers can take as well as the steps that Zurich UK has in place to support policyholders.
Feds' Security Spending On a Roll: Over 8 Percent Growth Over Next Five Years
By Kelly Jackson Higgins
DarkReading
Oct 22, 2009
The U.S. federal government's IT security spending will jump from $7.9 million to $11.7 billion in 2014 thanks to tightening federal security regulations, a 300 percent jump in attacks on feds' networks and systems during the past five years, and the Obama administration's emphasis on security, according to new data from research firm Input.
"We see this as a bright spot in federal spending," says John Slye, principal analyst at Input, which expects a compound annual growth rate of 8.1 percent for security from 2009 to 2014. "[Security] seems fairly immune to some of the economic pressures we're seeing...factors like the huge risk of exposure to the government and that security has taken front and center in the Obama administration" are some of the reasons for this spending, he says.
Input says the top 10 executive branch departments -- the Office of the Secretary of Defense, U.S. Air Force, Homeland Security, Army, Navy, Department of Energy, Health and Human Services, Justice Department, Treasury Department, and Commerce Department -- account for 65 percent of all federal IT spending.
Not surprisingly, intelligence agencies and the Defense Department lead overall federal IT spending growth, with an annual growth rate for spending of 8.4 percent and 8.2 percent, respectively, followed by civilian agencies at 7.9 percent. Intelligence spending will jump from
$1.9 billion this year to $2.8 billion in 2014; Defense, from $3.8 billion to $5.6 billion; and civilian, from $2.3 billion to $3.4 billion.
Security services represents the biggest chunk of the federal security spending budget, with $4.4 billion today versus $2.7 billion for software, and less than $1 billion for equipment. According to Input, the services sector will hit $6.6 billion in 2014; software, $3.9 billion; and equipment, $1.2 billion.
DarkReading
Oct 22, 2009
The U.S. federal government's IT security spending will jump from $7.9 million to $11.7 billion in 2014 thanks to tightening federal security regulations, a 300 percent jump in attacks on feds' networks and systems during the past five years, and the Obama administration's emphasis on security, according to new data from research firm Input.
"We see this as a bright spot in federal spending," says John Slye, principal analyst at Input, which expects a compound annual growth rate of 8.1 percent for security from 2009 to 2014. "[Security] seems fairly immune to some of the economic pressures we're seeing...factors like the huge risk of exposure to the government and that security has taken front and center in the Obama administration" are some of the reasons for this spending, he says.
Input says the top 10 executive branch departments -- the Office of the Secretary of Defense, U.S. Air Force, Homeland Security, Army, Navy, Department of Energy, Health and Human Services, Justice Department, Treasury Department, and Commerce Department -- account for 65 percent of all federal IT spending.
Not surprisingly, intelligence agencies and the Defense Department lead overall federal IT spending growth, with an annual growth rate for spending of 8.4 percent and 8.2 percent, respectively, followed by civilian agencies at 7.9 percent. Intelligence spending will jump from
$1.9 billion this year to $2.8 billion in 2014; Defense, from $3.8 billion to $5.6 billion; and civilian, from $2.3 billion to $3.4 billion.
Security services represents the biggest chunk of the federal security spending budget, with $4.4 billion today versus $2.7 billion for software, and less than $1 billion for equipment. According to Input, the services sector will hit $6.6 billion in 2014; software, $3.9 billion; and equipment, $1.2 billion.
Almost half ISO 27001 'compliant' firms break basic security requirements
Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance, according to a survey of IT managers.
Some 47 percent of firms in the UK said they were compliant with the standard. But forty-one percent of these said that they were using various non-compliant practices.
Bad practice by privileged users is putting European data at "high risk", according to the 'Privileged user management - it's time to take control' report. These practices included use of default user names and passwords, the granting of wider access than is necessary, failure to monitor the users, and an ignorance around the existence of privileged users in the first place.
Two hundred and seventy European IT managers, including 45 in the UK, were interviewed for the survey that was conducted by Quocirca.
Subscribe to:
Posts (Atom)