Cloud Computing Security Guidance

The Cloud Security Alliance has released its latest guide titled "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1" which can be found here.

Hackers Intercepted Drone Spy Videos

Insurgents in Iraq have hacked into live video feeds from Predator drones, a key weapon in a Pentagon spy system that serves as the military's eyes in the sky for surveillance and intelligence collection.

Though militants could see the video, there is no evidence they were able to jam the electronic signals from the unmanned aerial craft or take control of the vehicles, a senior defense official said Thursday, speaking on condition of anonymity to discuss sensitive intelligence issues.

Obtaining the video feeds can provide insurgents with critical information about what the military may be targeting, including buildings, roads and other facilities.

Shiite fighters in Iraq used off-the-shelf software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, the Wall Street Journal reported Thursday. The hacking was possible because the remotely flown planes have an unprotected communications Relevant Products/Services link. .. More >>

FAA glitch causes widespread US air travel delays

ATLANTA – Air travelers nationwide scrambled to revise their plans Thursday after an FAA computer glitch caused widespread cancellations and delays for the second time in 15 months. TheFederal Aviation Administration said the problem, which lasted about four hours, was fixed around 9 a.m., but it was unclear how long flights would be affected.

It started when a single circuit board in a piece of networking equipment at a computer center in Salt Lake City failed around 5 a.m., the FAA said in a statement.

That failure prevented air traffic control computers in different parts of the country from talking to each other. Air traffic controllers were forced to type in complicated flight plans themselves because they could not be transferred automatically from computers in one region of the country to computers in another, slowing down the whole system. .. More >>

Hackers Plan to Clobber the Cloud, Spy on Blackberries

October 05, 2009 — IDG News Service — A new era of computing is on the rise and viruses, spies and malware developers are tagging along for the ride.

The new playground for hackers is "the cloud," the term for computer applications and services hosted on the Internet. Some of the devices making the cloud more popular these days are BlackBerries and other smartphones.

"The focus [of security] is definitely moving towards 'the cloud' and to the security of embedded devices (Android, iPhone) to more advanced client-side attacks which leverage on Web 2.0 technologies, such as attacks on Facebook, Twitter and other popular sites," said Dhillon Andrew Kannabhiran, host and organizer of the Hack In The Box (HITB) security conference in Kuala Lumpur, Malaysia this week.

HITB is one of the most prominent security conferences in Asia and now runs twice a year. The big show is in Malaysia, while the newer, yet smaller HITB is held in Dubai. The conference brings together leading security experts and draws self-proclaimed hackers, but Kannabhiran says it's not a wild hacker party. It offers knowledgeable presentations by leading experts in an informal setting, where people can ask questions and meet presenters at events throughout the week.

"Clobbering the Cloud" and "Spying on BlackBerry Users for Fun" are actually titles of two presentations slated for the HITB conference on Wednesday. Other interesting titles include "How to Own the World - One Desktop at a Time" and "Offensive Cloud Computing With Hadoop and Backtrack." .. More >>

SKorea to train 3,000 'cyber sheriffs': report

SEOUL — South Korea plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites, a report said Sunday.

The "cyber sheriffs" would be tasked with "protecting corporate information and preventing the leaks of industrial secrets," Yonhap news agency said.

In the event of cyber attacks, the National Intelligence Service, the country's main spy agency, would set up a taskforce including civilian and government experts to counter the online threats, it added. ... More >>

Government Is Falling Behind on Cybersecurity, Report Finds

"Cyber In-Security" says the federal government is falling behind in the race to keep its computer operations safe because the workforce has too few well-trained cybersecurity experts.

"Critical government and private sector computer networks are under constant attack from foreign nations, criminal groups, hackers, virus writers and terrorist organizations," says the study, published by the Partnership for Public Service and Booz Allen Hamilton. .. More >>

Insider May Have Breached More Than 10,000 Patient Records At Johns Hopkins

An employee at Johns Hopkins Hospital may have leaked the personal information of more than 10,000 patients in an identity fraud scam.

According to a report filed to the administrator of the state of Maryland's Identity Theft Program (PDF), some 31 individuals with connections to Johns Hopkins have reported identity thefts since Jan. 20. Law enforcement agencies suspect the thefts might be part of a fraudulent driver's license scheme discovered in neighboring Virginia.

In researching the thefts, members of the Johns Hopkins security department discovered that a single employee who worked in patient registration may have used her access privileges to review data on more than 10,000 patients while working at the hospital. The now-former employee is expected to be indicted for stealing the data, the report states.

The hospital emphasizes that the breach was not a hacking incident, but that the employee had access to the records as part of her job... More >>

Hackers Arrested In China After Feud Causes Major Outage

DDoS feud between underground gaming services allegedly caused temporary Internet outage across more than 20 provinces .. More >>

Thousands of Vulnerabilities Detected In FAA's Air Traffic Control Apps

A government audit (PDF) has pinpointed more than 3,800 vulnerabilities -- 763 of which are high-risk -- in the Federal Aviation Administration's Web-based air traffic control system applications, including some that could potentially put air travel at risk.

The U.S. Department of Transportation report, with the help of auditors from KPMG, determined that the ATC's Web-based applications aren't secured from attacks or unauthorized access, and that the FAA hasn't set up the necessary intrusion-detection functions to catch security incidents at ATC locations.

And the FAA's Air Traffic Organization, which heads up ATC operations, received more than 800 security incident alerts in fiscal 2008, but still had not fixed 17 percent of the flaws that caused them, "including critical incidents in which hackers may have taken over control of ATO computers," the report says.

The auditors tested 70 of the FAA's ATC Web applications, including ones that provide information to the general public, as well as to pilots and controllers, and some internal apps. Of the vulnerabilities they discovered, nearly 2,600 were considered low-risk threats, such as unprotected folders of sensitive data and weak passwords... More >>

Researchers Find Massive Botnet On Nearly 2 Million Infected Consumer, Business, Government PCs

Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the U.S.

The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains -- 51 of which are U.S. government ones, according to Ophir Shalitin, marketing director of Finjan, which recently found the botnet. Shalitin says the botnet is controlled by six individuals and is hosted in Ukraine. .. More >>

Computer Spies Breach Fighter-Jet Project

WASHINGTON -- Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.

Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. .. More >>

Conficker worm hits University of Utah computers

SALT LAKE CITY (AP) — University of Utah officials say a computer virus has infected more than 700 campus computers, including those at the school's three hospitals.

University health sciences spokesman Chris Nelson said the outbreak of the Conficker worm, which can slow computers and steal personal information, was first detected Thursday. By Friday, the virus had infiltrated computers at the hospitals, medical school, and colleges of nursing, pharmacy and health.

Nelson says patient data and medical records have not been compromised.

"That's secured in a much deeper way because of the implications," he said.

Nelson said the virus is mainly attacking personal computers and could be siphoning login and password data, credit card numbers and banking information.

Directions for purging the virus from personal computers and equipment like thumb drives, digital cameras and smart phones has been distributed to staff and students.

Information technology staff shut of Internet access for up to six hours at some campus locations Friday so they could isolate the virus. They were expected to work through the weekend to eradicate it from the system. .. More >>

Some articles on penetration testing

Six hours to hack the FBI

5 free penetration testing tools

Cost effective penetration testing

Core Impact penetration testing tool (not free)

Electric Power Grid Vulnerabilities

The following is a collection of news articles (non-exhaustive) on the vulnerabilities of the power grid and alleged penetration. Click the titles of the articles below for further information.

Simulated attack points to vulnerable power infrastructure (Sept 28,2007)

Critical infrastructure often under attack (Nov 11, 2008)

Power grid is found susceptible to cyberattack (March 21, 2009)

Electric Grid in US Penetrated by Spies (April 8, 2009)

China denies attack on US power grid (April 9, 2009)

 

Senate bill would give feds bigger cybersecurity role in private sector

Legislation calls for new security standards for government and critical infrastructure systems
By Jaikumar Vijayan

April 1, 2009 (Computerworld) Two U.S. senators are proposing legislation that would give federal officials significant new authority to create and enforce data security standards both for government agencies and key parts of the private sector.

The Cybersecurity Act of 2009, which was introduced by Sens. Olympia Snowe (R-Maine) and Jay Rockefeller (D-W.Va.), would empower the National Institute of Standards and Technology (NIST) to establish "measurable and auditable" security standards for all networks and systems run by federal agencies, government contractors and businesses that support critical infrastructure services. In addition, NIST would be charged with developing a standard for testing and accrediting software built by or for those groups.

The bill also calls for the creation of a national cybersecurity adviser's office within the Executive Office of the President. Under the proposal, the new operation would be modeled after the Office of the U.S. Trade Representative and have the power to compel federal agencies to comply with government security mandates.

According to a statement posted on Snowe's Web site Wednesday, the new legislation is aimed at reinforcing ongoing cybersecurity efforts within the government while also ensuring that proper safeguards are implemented for critical infrastructure targets within the private sector, such as banking and power systems. .. More >>

Conficker/Downadup Evolves To Defend Itself

The enigmatic Conficker worm has evolved, adopting new capabilities that make it more difficult than ever to find and eradicate, security researchers say.

In a blog published late last week, researchers at Symantec said they found "a completely new variant" of Conficker, sometimes called Downadup, that is being pushed out to machines previously infected with earlier versions of the worm.

The new variant, which Symantec calls W32.Downadup.C, appears to have defensive capabilities that weren't present in earlier versions. While it spreads in the same manner, "Conficker.C" can disable some of the tools used to detect and eradicate it, including antivirus and other antimalware detection tools.

W32.Downadup C also can switch domains at a much greater rate, Symantec said. "The Downadup authors have now moved from a 250-a-day domain-generation algorithm to a new 50,000-a-day domain generation algorithm," the researchers reported. "The new domain generation algorithm also uses one of a possible 116 domain suffixes." .. More >>

'The Analyzer' Hack Probe Widens; $10 Million Allegedly Stolen From U.S. Banks

Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks, also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global "cashout" conspiracy.

The U.S. hacks have resulted in at least $10 million in losses, according to court records obtained by Threat Level, and are just part of a larger international conspiracy to hack financial institutions in the United States and abroad. .. More >>

Expert: Hackers Penetrating Control Systems

The networks powering industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths, a control systems expert said Thursday.

Joseph Weiss, managing partner of control systems security consultancy Applied Control Solutions, didn't detail the breach that caused deaths during his testimony before a U.S. Senate committee, but he did say he's been able to find evidence of more than 125 control systems breaches involving systems in nuclear power plants, hydroelectric plants, water utilities, the oil industry and agribusiness.

"The impacts have ranged from trivial to significant environmental damage to significant equipment damage to deaths," he told the Senate Commerce, Science and Transportation Committee. "We've already had a cyber incident in the United States that has killed people." .. More >>

Industrial Control Systems Killed Once and Will Again, Experts Warn

On June 10th, 1999 a 16-inch diameter steel pipeline operated by the now-defunct Olympic Pipeline Co. ruptured near Bellingham, Washington, flooding two local creeks with 237,000 gallons of gasoline. The gas ignited into a mile-and-a-half river of fire that claimed the lives of two 10-year-old boys and an 18-year-old man, and injured eight others.

Wednesday, computer-security experts who recently re-examined the Bellingham incident called its victims the first verified human causalities of a control-system computer incident. They argue that government cybersecurity standards currently under debate might have prevented the tragedy. ... More >>

French fighter planes grounded by computer virus

French fighter planes were unable to take off after military computers were infected by a computer virus, an intelligence magazine claims.

The aircraft were unable to download their flight plans after databases were infected by a Microsoft virus they had already been warned about several months beforehand.

At one point French naval staff were also instructed not to even open their computers.

Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year, but according to reports the French military ignored the warning and failed to install the necessary security measures. >> More ..

Trojan Virus affects thousands of pirated copies of Apple’s iWork ‘09 Suite - Botnets attack websites

Malware masquerading as part of Apple’s iWork ‘09 suite has targeted unsuspecting Mac users foolish enough to illegally download and install the pirated version of the software commonly found on warez sites around the Web.

Once iWork ‘09 is downloaded and installed, the trojan horse named OSX.Trojan.iServices.A, obtains unrestrained root access, which it immediately uses to connect to a remote server over the Internet. A secondary download installs malware that makes victims part of a botnet army that is said to be attacking undisclosed websites. According to Mac antivirus software maker Intego, this is the latest reminder of the growing popularity of Apple’s OS X and virus & malware developers. Over the past year, a mix of trojans and exploits have been targeting OS X at increasing rates. >> More ..

Electronics Firm Faces FTC Lawsuit Following Multiple Hacks

Warning to security professionals: If you don't do your job right, then it might not only be a firing offense -- it might be a federal offense.

Case in point: An online seller of computer supplies and other consumer electronics today agreed to settle Federal Trade Commission (FTC) charges that it violated federal law by failing to provide reasonable security to protect sensitive customer data. The FTC is charging that the company didn't do enough to prevent SQL injection attacks that compromised customer data. >> More ..

Four Threats For '09 That You've Probably Never Heard Of (Or Thought About)

The 2009 potential threats are ... mainly large-scale Internet threats that could trickle down to your organization. We're talking Internet network infrastructure attacks, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable -- human casualties as a result of a cyberattack.  >> More ..

Insider plot to take down Fannie Mae's (a mortgage lender) servers thwarted

Washington (DC) - On October 29, 2008, a vigilant senior Unix engineer happened across a "logic bomb" that was allegedly planted by a contractor, Rajendrasinh Babubhai Makwana, who had worked in their Urbana, MD facility until October 24, 2008 when his contract was terminated. The script was set to activate on January 31, 2009 and would completely wipe all of Fannie Mae's 4,000 servers. According to engineers, had it done so it would've caused "millions of dollars in damage, and possibly shut down operations for a week." ..>> More ..

Israel hacks Arab TV station - Cyberspace becomes battleground in Gaza conflict

Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda. >> More ..

2008: A year of cowboys in IT security

Security pundits are fond are characterising personalties in information security with reference to Westerns - hence hackers wear either a "black hat" or a "white hat" like their cowboy counterparts.

Probably the biggest security story of the year was the take-down of infamous cybercrime hosting outfit McColo. The rogue ISP hosted the command and control systems for three botnets - Srizbi, Rustock and Mega-D. Junk mail levels temporarily fell to a third their normal level following the takedown of McColo in November. >> More ..

US cybersecurity defences fail to thwart mock cyberattack

Critical US electronic systems have failed to withstand a simulated cyberattack.

Participants in a recent cyber-warfare exercise told Reuters that the exercise highlighted problems in leadership, communications and readiness. The two-day exercise brought together 230 government agencies, private firms and other participants. Participants were split into two groups - attackers and defenders - before each developed tactics for attacking and defending critical infrastructure systems, such as those controlling banking, telecommunications and utilities. >> More ..

London Hospital back online after computer virus shutdown

Computer systems at three major London hospitals are largely back online on Friday morning, three days after a major computer virus outbreak forced staff to disconnect the network.

IT systems at St Bartholomew's (Barts), the Royal London Hospital in Whitechapel and the London Chest Hospital in Bethnal Green were taken down on Tuesday following infection by the Mytob worm. The three hospitals make up the Barts and the London NHS Trust. >> More ..

DDoS attack floors Georgia prez website

A denial of service attack hit government websites in the former Soviet republic of Georgia over the weekend amid growing diplomatic tensions between the country and Russia.

The DDoS assault on the website of Georgian President Mikhail Saakashvili rendered it unavailable over the weekend. The attack was run via botnet networks of compromised PCs. Shadowserver charts the command and control servers used in the attack, in an analysis here. >> More ..