By Brian Krebs
Krebs on Security
February 3rd, 2010
Hackers broke into computer systems at a Massachusetts chapter of the United Way last month and attempted to make off with more than $150,000 from one of the nation.s largest charities.
Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization.s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers.
"We were able to pretty much capture things as they were happening,"
Latimore said. "Fortunately, we saw it on the day that it occurred."
The intruders attempted to send more than $110,000 in unauthorized payroll transfers to at least a dozen individuals across the United States who had no prior business with the United Way chapter. At least one large wire transfer was attempted, for nearly $40,000, to a 32-year-old man in New York.
Thursday 4 February 2010
Military Intelligence: IDF is prepared for Cyberwarfare
By Arnon Ben-Dror
Israel Defense Forces
03 February 2010
In a paper published by the head of the Military Intelligence Directorate, Major General Amos Yadlin, in the Intelligence Research Center Journal, described the development of cyberwarfare, computer attacks in the 21st century, and the capabilities required from armies to fight this medium successfully.
According to Maj. Gen. Yadlin, cyberwarfare is divided into three areas:
intelligence gathering, defense and attack. "Anyone who is able to hack (personal computers, cell phones and internet) ends up knowing quite a lot. If you catch my drift," warned the Military Intelligence chief in the article.
"Just imagine the damage a single skilled hacker could cause if he penetrated the systems of the infrastructure, transportation and communications companies," continued Maj. Gen. Yadlin. Additionally he spoke of the attacks on government sites, banks and communications in Estonia following the crisis with Russia, which accused Russia of cyberwarfare; the attack on local networks during the war in Georgia, where Russia was also accused; and the attacks on computer networks in the U.S. and South Korea, where North Korea was blamed for penetrating into U.S and South Korean servers. None of the charges against the aggressor countries, stressed Yadlin, were verified even until now.
Maj. Gen. Yadlin, concerned about the potential defensive capabilities,
stated: "Many people believe that defense must go hand in hand with intelligence gathering and attack. Cyber power gives the little guys the kind of ability that used to be confined to superpowers. Like unmanned aircraft, it's a use of force that can strike without regard for distance or duration, and without endangering fighters' lives."
The head of the Military Intelligence Directorate reminded that the United States has already established a cyber command, and in Britain there is an official body that deals with the issuet "because they understand the responsibility for dealing with this evolving new world,"
and stressed that "proper dimension for cyber warfare fits with Israel's conception of security. No great natural resources are required. It's all available right here, without any dependence on foreign aid, in an area with which Israeli young people are very familiar."
"Staying ahead of the game is important in light of the dizzying change of pace in the cyber world: at most, a few months in response to a change, compared to the years that pilots have."
Maj. Gen. Amos Yadlin concluded: "Every day I meet the soldiers and officers whose job is to march us confidently ahead into this new world.
With them we will be able to compete in the Cyber Premier League."
Israel Defense Forces
03 February 2010
In a paper published by the head of the Military Intelligence Directorate, Major General Amos Yadlin, in the Intelligence Research Center Journal, described the development of cyberwarfare, computer attacks in the 21st century, and the capabilities required from armies to fight this medium successfully.
According to Maj. Gen. Yadlin, cyberwarfare is divided into three areas:
intelligence gathering, defense and attack. "Anyone who is able to hack (personal computers, cell phones and internet) ends up knowing quite a lot. If you catch my drift," warned the Military Intelligence chief in the article.
"Just imagine the damage a single skilled hacker could cause if he penetrated the systems of the infrastructure, transportation and communications companies," continued Maj. Gen. Yadlin. Additionally he spoke of the attacks on government sites, banks and communications in Estonia following the crisis with Russia, which accused Russia of cyberwarfare; the attack on local networks during the war in Georgia, where Russia was also accused; and the attacks on computer networks in the U.S. and South Korea, where North Korea was blamed for penetrating into U.S and South Korean servers. None of the charges against the aggressor countries, stressed Yadlin, were verified even until now.
Maj. Gen. Yadlin, concerned about the potential defensive capabilities,
stated: "Many people believe that defense must go hand in hand with intelligence gathering and attack. Cyber power gives the little guys the kind of ability that used to be confined to superpowers. Like unmanned aircraft, it's a use of force that can strike without regard for distance or duration, and without endangering fighters' lives."
The head of the Military Intelligence Directorate reminded that the United States has already established a cyber command, and in Britain there is an official body that deals with the issuet "because they understand the responsibility for dealing with this evolving new world,"
and stressed that "proper dimension for cyber warfare fits with Israel's conception of security. No great natural resources are required. It's all available right here, without any dependence on foreign aid, in an area with which Israeli young people are very familiar."
"Staying ahead of the game is important in light of the dizzying change of pace in the cyber world: at most, a few months in response to a change, compared to the years that pilots have."
Maj. Gen. Amos Yadlin concluded: "Every day I meet the soldiers and officers whose job is to march us confidently ahead into this new world.
With them we will be able to compete in the Cyber Premier League."
Report Details Hacks Targeting Google, Others
By Kim Zetter
Threat Level
Wired.com
February 3, 2010
Until now we've only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan. About 34 mostly undisclosed companies were breached.
Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack.
What the information indicates is that the attack that hit Google is identical to publicly undisclosed attacks that have quietly plagued thousands of other U.S. companies and government agencies since 2002 and are rapidly growing. They represent a sea change from the kinds of attacks that have commonly hit networks and made headlines.
"The scope of this is much larger than anybody has every conveyed," says Kevin Mandia, CEO and president of Virginia-based computer security and forensic firm Mandiant. "There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now."
Mandiant released the report last week at a closed-door cybercrime conference, sponsored by the U.S. Defense Department, in an effort to make companies aware of the threat.
Threat Level
Wired.com
February 3, 2010
Until now we've only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan. About 34 mostly undisclosed companies were breached.
Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack.
What the information indicates is that the attack that hit Google is identical to publicly undisclosed attacks that have quietly plagued thousands of other U.S. companies and government agencies since 2002 and are rapidly growing. They represent a sea change from the kinds of attacks that have commonly hit networks and made headlines.
"The scope of this is much larger than anybody has every conveyed," says Kevin Mandia, CEO and president of Virginia-based computer security and forensic firm Mandiant. "There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now."
Mandiant released the report last week at a closed-door cybercrime conference, sponsored by the U.S. Defense Department, in an effort to make companies aware of the threat.
Black Hat: Microsoft Enhances SDL Offerings
By Thomas Claburn
InformationWeek
February 3, 2010
At the Black Hat security conference in Washington, D.C., on Tuesday, Microsoft introduced new software, a new membership program, and guidance to enhance its Secure Development Lifecycle (SDL) development methodology.
The software is the first public beta of MSF for Agile Software Development plus SDL Process Template for VSTS 2008, MSF-A+SDL for short, a template that helps development teams integrate SDL processes into their Visual Studio Team System development environment.
It is based on Microsoft's SDL-Agile processes, which aim to provide structure for development projects that happen on a more accelerated time line than the typical SDL project.
A version of the template for Visual Studio 2010 will be available shortly after Visual Studio 2010 is released in April.
Microsoft is also expanding its SDL Pro Network to include a new membership category called Tools. Organizations that join as Tools members provide services related to the deployment of security tools, like static analyzers, fuzzers, or binary analyzers.
The company announced seven new SDL Pro Network members: Fortify, Veracode, and Codenomicon in the Tools category; Booz-Allen Hamilton, Casaba Security, and Consult2Comply in the Consulting Member category; and Safelight Security Advisors in the Training Member category.
[...]
InformationWeek
February 3, 2010
At the Black Hat security conference in Washington, D.C., on Tuesday, Microsoft introduced new software, a new membership program, and guidance to enhance its Secure Development Lifecycle (SDL) development methodology.
The software is the first public beta of MSF for Agile Software Development plus SDL Process Template for VSTS 2008, MSF-A+SDL for short, a template that helps development teams integrate SDL processes into their Visual Studio Team System development environment.
It is based on Microsoft's SDL-Agile processes, which aim to provide structure for development projects that happen on a more accelerated time line than the typical SDL project.
A version of the template for Visual Studio 2010 will be available shortly after Visual Studio 2010 is released in April.
Microsoft is also expanding its SDL Pro Network to include a new membership category called Tools. Organizations that join as Tools members provide services related to the deployment of security tools, like static analyzers, fuzzers, or binary analyzers.
The company announced seven new SDL Pro Network members: Fortify, Veracode, and Codenomicon in the Tools category; Booz-Allen Hamilton, Casaba Security, and Consult2Comply in the Consulting Member category; and Safelight Security Advisors in the Training Member category.
[...]
Phishing Scam Cripples European Emissions Trading
Spiegel Online
02/03/2010
Sneaky cyber-thieves have made millions by fraudulently obtaining European greenhouse gas emissions allowances and reselling them. The scam has hampered trading of the credits, which are seen as an important tool in curbing climate change, in several European countries.
Most Internet users are familiar with the e-mail scam known in the jargon as "phishing." A plausible-looking e-mail arrives in your in-box, supposedly from your bank or a Web site like Ebay, informing you that your account has been "compromised" and that you urgently need to log in to the company's Web site to rectify matters. The catch is that the Web site the e-mail directs you to is a spoof created by the hackers, meaning that anyone who falls for the trick is unwittingly handing over their all-important user names and passwords to the criminals.
Savvy e-mail users know to delete such e-mails straight away. But canny thieves have now used the technique to make money in a very 21st century fashion -- by fraudulently gaining access to companies' greenhouse gas emissions allowances and selling them on.
According to a report in the Wednesday edition of the Financial Times Deutschland, hackers sent e-mails last Thursday to several companies in Europe, Japan and New Zealand which appeared to originate from the Potsdam-based German Emissions Trading Authority (DEHSt), part of the EU's Emission Trading System (EU ETS). Ironically, the e-mail said that the recipient needed to re-register on the agency's Web site to counter the threat of hacker attacks.
[...]
02/03/2010
Sneaky cyber-thieves have made millions by fraudulently obtaining European greenhouse gas emissions allowances and reselling them. The scam has hampered trading of the credits, which are seen as an important tool in curbing climate change, in several European countries.
Most Internet users are familiar with the e-mail scam known in the jargon as "phishing." A plausible-looking e-mail arrives in your in-box, supposedly from your bank or a Web site like Ebay, informing you that your account has been "compromised" and that you urgently need to log in to the company's Web site to rectify matters. The catch is that the Web site the e-mail directs you to is a spoof created by the hackers, meaning that anyone who falls for the trick is unwittingly handing over their all-important user names and passwords to the criminals.
Savvy e-mail users know to delete such e-mails straight away. But canny thieves have now used the technique to make money in a very 21st century fashion -- by fraudulently gaining access to companies' greenhouse gas emissions allowances and selling them on.
According to a report in the Wednesday edition of the Financial Times Deutschland, hackers sent e-mails last Thursday to several companies in Europe, Japan and New Zealand which appeared to originate from the Potsdam-based German Emissions Trading Authority (DEHSt), part of the EU's Emission Trading System (EU ETS). Ironically, the e-mail said that the recipient needed to re-register on the agency's Web site to counter the threat of hacker attacks.
[...]
PACAF stands up Information Protection Directorate
Pacific Air Forces Public Affairs
2/3/2010
JOINT BASE PEARL HARBOR HICKAM, Hawaii -- As the cyberspace battlefield broadens, Pacific Air Forces leadership created the Directorate of Information Protection to effectively protect information across the enterprise.
The structure is mirrored at each wing across the area of responsibility.
The organization goal is to provide an enterprise-wide approach to prevent compromises, loss, unauthorized access, disclosure, destruction, distortion or non-accessibility of information over the life cycle of information and ensure commanders have effective processes and the right people in place to provide a focused, seamless, functional and supportive environment for protecting information at all levels to conduct effective air, space and cyberspace operations.
Information protection refers to the collective policies, processes and use of risk management and mitigation actions instituted to prevent the compromise, loss or unauthorized access of information over its life cycle, regardless of physical form or characteristics.
Information protection encompass multiple disciplines and programs, such as Information security, Personnel Security, Industrial Security, Physical Security, Security Education Training, Classification/Declassification management, Original Classification Authority training, Operation Security, Communication Security, Sensitive Compartmental Information, Special Programs, Technical Communication, Foreign Disclosure, Public Release, and Restricted Data.
These processes are executed through a collaborative established Security Advisor Groups at each installation.
"We want to change the culture of our personnel and make information protection methodologies routine and transparent to our business processes to correctly protect vital information on behalf of our warfighter," said Johnny Bland, PACAF/IP director. "Our goal is not only to protect sensitive information, controlled unclassified information and classified information, but to ensure every PACAF personnel understand the importance of protecting information. Information protection affects every PACAF active-duty member, Reservist, Guardsman, civil servant and contract employee, regardless of rank or position. We all have information protection responsibilities."
Senior leaders all agree that when Information protection staffs are fully mature, they will serve as a single entity to develop and execute policies and procedures to safeguard all levels and types of information using an enterprise-wide approach.
For more information, call DSN 449-2801/2802/2804.
2/3/2010
JOINT BASE PEARL HARBOR HICKAM, Hawaii -- As the cyberspace battlefield broadens, Pacific Air Forces leadership created the Directorate of Information Protection to effectively protect information across the enterprise.
The structure is mirrored at each wing across the area of responsibility.
The organization goal is to provide an enterprise-wide approach to prevent compromises, loss, unauthorized access, disclosure, destruction, distortion or non-accessibility of information over the life cycle of information and ensure commanders have effective processes and the right people in place to provide a focused, seamless, functional and supportive environment for protecting information at all levels to conduct effective air, space and cyberspace operations.
Information protection refers to the collective policies, processes and use of risk management and mitigation actions instituted to prevent the compromise, loss or unauthorized access of information over its life cycle, regardless of physical form or characteristics.
Information protection encompass multiple disciplines and programs, such as Information security, Personnel Security, Industrial Security, Physical Security, Security Education Training, Classification/Declassification management, Original Classification Authority training, Operation Security, Communication Security, Sensitive Compartmental Information, Special Programs, Technical Communication, Foreign Disclosure, Public Release, and Restricted Data.
These processes are executed through a collaborative established Security Advisor Groups at each installation.
"We want to change the culture of our personnel and make information protection methodologies routine and transparent to our business processes to correctly protect vital information on behalf of our warfighter," said Johnny Bland, PACAF/IP director. "Our goal is not only to protect sensitive information, controlled unclassified information and classified information, but to ensure every PACAF personnel understand the importance of protecting information. Information protection affects every PACAF active-duty member, Reservist, Guardsman, civil servant and contract employee, regardless of rank or position. We all have information protection responsibilities."
Senior leaders all agree that when Information protection staffs are fully mature, they will serve as a single entity to develop and execute policies and procedures to safeguard all levels and types of information using an enterprise-wide approach.
For more information, call DSN 449-2801/2802/2804.
Swiss Banks Achilles Heel Is Workers Selling Data
By Warren Giles
Bloomberg.com
Feb. 2, 2010
(Bloomberg) -- Swiss banks are discovering that the biggest threat to client privacy is their own workers.
German Chancellor Angela Merkel said yesterday her government may buy stolen data on Swiss bank accounts as French authorities comb information acquired from an employee of HSBC Holdings Plc's private bank in Geneva. The cases come two years after Germany paid 5 million euros ($7 million) for details filched from LGT Group in neighboring Liechtenstein.
"This is a kind of business war against Switzerland in which practices which were completely illegal have become acceptable," says Daniel Fischer, founder of Zurich-based Fischer & Partner law firm who specializes in banking law and fraud. "It's a huge danger for Swiss banks."
The willingness of governments to pay for stolen data is fanning tensions with France and Germany as Switzerland seeks to negotiate treaties implementing its commitment to cooperate with international tax probes. The Swiss government said last month it will draft a law barring officials from assisting foreign countries in cases involving theft of client details.
Bloomberg.com
Feb. 2, 2010
(Bloomberg) -- Swiss banks are discovering that the biggest threat to client privacy is their own workers.
German Chancellor Angela Merkel said yesterday her government may buy stolen data on Swiss bank accounts as French authorities comb information acquired from an employee of HSBC Holdings Plc's private bank in Geneva. The cases come two years after Germany paid 5 million euros ($7 million) for details filched from LGT Group in neighboring Liechtenstein.
"This is a kind of business war against Switzerland in which practices which were completely illegal have become acceptable," says Daniel Fischer, founder of Zurich-based Fischer & Partner law firm who specializes in banking law and fraud. "It's a huge danger for Swiss banks."
The willingness of governments to pay for stolen data is fanning tensions with France and Germany as Switzerland seeks to negotiate treaties implementing its commitment to cooperate with international tax probes. The Swiss government said last month it will draft a law barring officials from assisting foreign countries in cases involving theft of client details.
Subscribe to:
Posts (Atom)
