Cyber attacks on the USA (catch all)

[AdamG]

The Pentagon official at the top of the US Defense Department’s cyber program says that an attack on the United States’ computer systems is not just on the way but that America is now more vulnerable than ever.

National Security Agency Director Army Gen. Keith Alexander, who also heads the Pentagon’s Cyber Command unit, tells reporters this week that the US is coming close to being hit with a computer attack that could devastate the country. Speaking before a crowd this week, Alexander warns, "The conflict is growing [and] the probability for crisis is mounting.”

The US Congress is currently tasking itself with finding a way to fight cyberterrorism, but the inability to fully find a way to balance security with civil liberties has raised objections across the country. Alexander dismissed these concerns during this week’s address, however, insisting that the NSA does not "hold data on American citizens” and equated the US government’s association with major Internet entities as one that is relatively hands-off.

*

http://rt.com/usa/news/cyber-nsa-way-alexander-858/

* References this :

National Security Agency whistle blowers Thomas Drake, former senior official; Kirk Wiebe, former senior analyst; and William Binney, former technical director, return to “Viewpoint” to talk about their allegations that the NSA has conducted illegal domestic surveillance. All three men are providing evidence in a lawsuit by the Electronic Frontier Foundation against the NSA.

Drake says the spying affects “the entire country,” citing a “key decision made shortly after 9/11 which began to rapidly turn the United States of America into the equivalent of a foreign nation for dragnet blanket electronic surveillance.”

http://current.com/shows/viewpoint/v...nto-your-life/

[AdamG]

A catch-all thread, of incidents that may or may not be related.

PlaceRaider: The Military Smartphone Malware Designed to Steal Your Life

The US Naval Surface Warfare Center has created an Android app that secretly records your environment and reconstructs it as a 3D virtual model for a malicious user to browse

http://www.technologyreview.com/view...phone-malware/

Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.

http://freebeacon.com/white-house-hack-attack/

[AdamG]

This month, some of America's largest banks became the targets of hackers -- but should we be concerned?

Since Sept 19, the websites for the Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank have all been hit by denial of service (DoS) attacks. This common online attack directs vast amounts of traffic to a website, causing it to overload and deny normal users from accessing a website entirely -- or slowing it down to the point of being unusable. To bring down large websites, attackers may use botnets to flood a site with requests at the same time.

http://www.zdnet.com/what-do-cyberat...ry-7000005041/

Verizon Communications Inc. is helping to investigate a series of cyber attacks that have disrupted the websites of the biggest U.S. banks over the past two weeks, a company official said.

Verizon is looking into the attacks, which commandeered commercial servers to overwhelm the sites with traffic, for some of the affected banks and assisting the federal government through the National Cybersecurity and Communications Integration Center, said Sean McGurk, managing principal for industrial control systems cybersecurity for the New York-based company and formerly director of the center led by the Department of Homeland Security.

http://newyork.newsday.com/business/...izon-1.4055301

[AdamG]

In June, many Google users were surprised to see an unusual greeting at the top of their Gmail inbox, Google home page or Chrome browser. “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”

On Tuesday, tens of thousands more Google users will begin to see that message. The company said that since it started alerting users to malicious — probably state-sponsored — activity on their computers in June, it has picked up thousands more instances of cyberattacks than it anticipated.

http://bits.blogs.nytimes.com/2012/1...ttack-targets/

[AdamG]

IDG News Service - The wave of cyberattacks against a half-dozen U.S. financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches.

The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.

http://www.computerworld.com/s/artic...ubside_for_now

[AdamG]

In a blunt admission designed to prod action, Defense Secretary Leon Panetta Thursday night told business executives there has been a sudden escalation of cyber terrorism and that attackers have managed to gain access to control systems for critical infrastructure.

In a speech in New York City, Panetta said the recent activities have raised concerns inside the U.S. intelligence community that cyber terrorism might be combined with other attacks to create massive panic and destruction on par with the Sept. 11, 2001 attacks.

http://www.washingtonguardian.com/pa...-cyber-stunner

[AdamG]

WASHINGTON (AP) - U.S. authorities believe that Iranian-based hackers were responsible for cyberattacks that devastated Persian Gulf oil and gas companies, a former U.S. government official said. Just hours later, Defense Secretary Leon Panetta said the cyberthreat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.

http://apnews.myway.com/article/20121012/DA1RSBPG0.html

[AdamG]

When is a cyberattack an act of war?
By Ellen Nakashima, Published: October 26

On the night of Oct. 11, Defense Secretary Leon Panetta stood inside the Intrepid Sea, Air and Space Museum, housed in a former aircraft carrier moored at a New York City pier, and let an audience of business executives in on one of the most important conversations inside the U.S. government.

Welcome to the new world of “drip, drip cyber attacks,” in the words of Tufts University law professor Michael J. Glennon. The nature of cyberspace, he says, creates the potential for “a mysterious airliner accident here, a strange power blackout there, incidents extending over months or years,” generally “with no traceable sponsorship.”

http://www.washingtonpost.com/opinio...8_story_1.html

[AdamG]

The U.S. financial services industry has issued a warning that a Russian cyber-gangster is preparing to rob American banks and their customers of millions of dollars.

In addition, the computer security firm McAfee has reported that the cyber-criminal, who calls himself “Thief-in-Law,” already has infected the hundreds of computers of unwitting American customers in preparation to steal their bank account data.

The warning was issued Thursday by the Financial Services Information Sharing and Analysis Center (FS-ISAC), which shares information throughout the financial sector about terrorist and online threats, said Douglas Johnson, vice president for risk management at the American Bankers Association.

“FS-ISAC has sent out several notices warning about this gentleman,” Mr. Johnson told The Washington Times.

According to McAfee, Thief-in-Law has installed malicious software programs, known as “malware,” on hundreds of computers as part of his plan, dubbed “Project Blitzkrieg.” The malware steals passwords and login information, which hackers can use to drain victims’ bank accounts online.

Read more: http://www.washingtontimes.com/news/...#ixzz2F3HCYgrP

[AdamG]

Related

Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA’s advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I’m weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.

http://krebsonsecurity.com/2012/10/p...ks/#more-17096

[AdamG]

(Reuters) - Homeland Security Secretary Janet Napolitano warned on Thursday that a major cyber attack is a looming threat and could have the same sort of impact as last year's Superstorm Sandy, which knocked out electricity in a large swathe of the Northeast.

http://www.reuters.com/article/2013/...90N1A320130124

A jihadist website posted a new threat by al Qaeda this week that promises to conduct “shocking” attacks on the United States and the West.

The posting appeared on the Ansar al Mujahidin network Sunday and carried the headline, “Map of al Qaeda and its future strikes.”

The message, in Arabic, asks: “Where will the next strike by al Qaeda be?” A translation was obtained by Inside the Ring.

“The answer for it, in short: The coming strikes by al Qaeda, with God’s Might, will be in the heart of the land of nonbelief, America, and in France, Denmark, other countries in Europe, in the countries that helped and are helping France, and in other places that shall be named by al Qaeda at other times,” the threat states.

The attacks will be “strong, serious, alarming, earth-shattering, shocking and terrifying.”

Read more: http://www.washingtontimes.com/news/...#ixzz2Jg8CH8dt

[AdamG]

The Energy Department has been hit by a major cyber-attack, which resulted in the personal information of several hundred employees being compromised and could have been aimed at obtaining other sensitive information, The Washington Free Beacon reports.

Read more: http://www.foxnews.com/politics/2013...#ixzz2JxTT3nw8

[davidbfpo]

Apparently a rare White House comment on matters cyber, entitled 'Heartbleed: Understanding When We Disclose Cyber Vulnerabilities' and all beyond me:http://www.whitehouse.gov/blog/2014/...lnerabilities?

Meantime over here a RUSI comment on how the UK responds:

The UK’s Computer Emergency Response Team (CERT) was launched this week to universal nods of approval. Questions remain, however, over how it will achieve its aims and what value it will add in an increasingly crowded UK network of cyber security teams.

See:https://www.rusi.org/analysis/commen.../#.U1-mfqJZAdU

[AdamG]

(Reuters) - A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security.

DHS did not identify the utility in a report that was issued this week by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

"While unauthorized access was identified, ICS-CERT was able to work with the affected entity to put in place mitigation strategies and ensure the security of their control systems before there was any impact to operations," a DHS official told Reuters on Tuesday.

Such cyber attacks are rarely disclosed by ICS-CERT, which typically keeps details about its investigations secret to encourage businesses to share information with the government. Companies are often reluctant to go public about attacks to avoid potentially negative publicity.

http://www.reuters.com/article/2014/...A4J10D20140521

[AdamG]

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?

The White House says the devastating cyber attack on Sony Pictures was done with "malicious intent" and was initiated by a "sophisticated actor" but it would not say if that actor was North Korea.

Spokesman Josh Earnest says the matter is still under investigation.

http://www.npr.org/blogs/thetwo-way/...e-proportional

[selil]

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?


http://www.npr.org/blogs/thetwo-way/...e-proportional

Great question asked by a lot of people. Not being answered either.

[Bill Moore]

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?


http://www.npr.org/blogs/thetwo-way/...e-proportional

Attribution is frequently challenging in cyber, but I suspect we will know with some degree of certainty, or we won't respond.

What would be a proportionate response for the hermit kingdom when it comes to cyber? Blocking the Dear Leader's access to porno?

[OUTLAW 09]

Weaponization of code is one of the most important elements of the "new hybrid" war UW strategy and next to the weaponization of information two elements we are totally unprepared to handle.

As one coming from the active world of internet security I see many large enterprise corporations that would also have not been able to suppress such an attack---US companies and the government have throw literally millions of dollars at the problem but it is like a checklist mentality---do I have this check, do I have that check and on and on.

At the end of the checklist they "feel" fully protected and are stunned when something like Sony occur.

My phone has not stopped ringing since Sony and I must thank Sony for "awakening" CEOS, CTOs and CIOs to the seriousness of the problem.

But here is the single most important issue---no major company drives offensive defensive internet security--most companies rely on a defensive mode concept and that no longer works. Also we are seeing a paradigm change that most companies still have not seen---away from a structured approach of internet security to a distributed multifunctional team approach which some of us were already pushing in 2004 and it was laughed at.

If one would see in articles on a daily basis concerning the dark internet sites being driven by criminals that even offer now total software hacking packages---ie you buy it just like regular software complete with a technical help desk if the software does not work--then we might hear a new tone coming from American end users but until then Sony types events will start increasing. Actually in the area of say the consumer world we see massive computer break-ins daily now with literally millions of CC data stolen and resold on the dark sites.

We often think American computer types are the greatest but there is a generation of Russians, Ukrainians, Chinese, NKoreans, and Iranians that are far better at cyber warfare/ cyber criminal activities than we are.

[AdamG]

Working under the code name Sabu, Hector Monsegur was responsible for some of the most notorious hacks ever committed. As he told "CBS This Morning" co-host Charlie Rose earlier this month, Monsegur began cooperating with the FBI after getting caught. He now works as a security researcher.

"For something like this to happen, it had to happen over a long period of time. You cannot just exfiltrate one terabyte or 100 terabytes of data in a matter of weeks," Monsegur said. "It's not possible. It would have taken months, maybe even years, to exfiltrate something like 100 terabytes of data without anyone noticing."

Monsegur said there's also a chance the hack could have originated from China.

"I mean, it's possible," he said. "It might be a North Korean inside China."

Some of the investigators point to malware written in Korean, but Monsegur said that doesn't necessarily mean the hackers are Korean.

"Well, it doesn't tell me much. I've seen Russian hackers pretending to be Indian. I've seen Ukrainian hackers pretending to be Peruvian.There's hackers that pretend they're little girls. They do this for misinformation, disinformation, covering their tracks," he said. "Do you really think a bunch of nerds from North Korea are going to fly to New York and start blowing up movie theaters? No. It's not realistic. It's not about 'The interview.' It's about money. It's a professional job."

Monsegur thinks it's also possible this was an inside job, that an employee or consultant downloaded all the information from Sony's servers and then sold it to someone else.

http://www.cbsnews.com/news/sony-hac...s-responsible/

Shave with Occam's Razor

[selil]

My quick comments on investigating digital crime (less about this and more about general concepts) http://selil.com/archives/6129