Secret Service, IBM, Others Form Alliance to Fight Cyber Crime, Identity Theft

A coalition of leading corporate, government and academic institutions today announced the formation of the Center for Applied Identity Management Research (CAIMR). CAIMR plans include developing research and solutions for identity management challenges such as cyber crime, terrorism, financial crimes, identity theft and fraud, weapons of mass destruction, and narcotics and human trafficking. The Center brings cross-disciplinary experts in criminal justice, financial crime, biometrics, cyber crime and cyber defense, data protection, homeland security and national defense to address identity management challenges that impact individuals, public safety, commerce, government programs and national security. more»

Global Threat to U.S. Cybersecurity a Major Concern, Says FBI

Shawn Henry, the newly appointed Assistant Director of FBI's Cyber Division has warned that "a couple dozen" countries are eager to hack U.S. government, corporate and military networks. Although specific details of countries in question were not discussed, reporters were informed during yesterday's meeting that cooperation with overseas law enforcements is of highest priority at FBI and so far there has been great success fostering partnerships. more»

Cyber Security Forecast for 2009: Data and Mobility Key Part of Emerging Threats

Georgia Tech Information Security Center (GSTISC) today held its annual Security Summit on Emerging Cyber Security Threats and released the GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year... According to the report, data will continue to be the primary motive behind future cyber crime-whether targeting traditional fixed computing or mobile applications. "It's all about the data," says security expert George Heron -- whether botnets, malware, blended threats, mobile threats or cyber warfare attacks. more»

Two Europeans Charged for DDOS Attacks in U.S.

A British man and a German man have been indicted by a federal grand jury on charges of conspiring to intentionally cause damage to the computers of two U.S.-based retail satellite companies by launching large-scale distributed denial of service (DDOS) attacks that shut down the companies' websites. The two men were allegedly hired by the owner of Orbit Communication, currently wanted by the FBI, to carry out DDOS attacks. Those attacks were directed at the public websites of two of Orbit's competitors, Rapid Satellite of Miami, Florida, and Weaknees of Los Angeles. If convicted, Walker and Gembe face 15 years in prison. more»

Cybersecurity Lacking Coordinated Strategy for Sharing Intelligence

During yesterday's cyber security hearing held by the U.S. House Permanent Select Committee on Intelligence, experts expressed concern over lack of coordinated strategy or mechanism for sharing intelligence about intrusions with companies as well as the need for a systematic way for companies to share information with the government. "U.S. intelligence agencies are unable to share information about foreign cyber attacks against companies for fear of jeopardizing intelligence-gathering sources and methods," reports Ellen Nakashima of the Washington Post. Telecom companies may monitor and collect data to protect their own networks, but they cannot share that information freely with the federal government absent a court order, said James A. Lewis, the Canadian Security Intelligence Service (CSIS) commission program manager. more»

U.S. Cybersecurity Faces Challenges, Says GAO

The U.S. federal government cybersecurity team with primary responsibility for protecting the computer networks of government and private enterprise is facing challenges, according to a draft Government Accountability Office (GAO). Keith Epstein, a correspondent in BusinessWeek's Washington bureau reports: "...GAO draft report describes US-CERT as bedeviled by frequent management turnover, bureaucratic challenges that prevent timely sounding of alarms, a lack of access to networks across wide swaths of critical terrain, and an inability to fill large numbers of positions with qualified workers." more»

Rising Concerns Over UN Anti-Cyberattack Plan: Could End Internet Anonymity

Recent reports suggest that the International Telecommunication Union (ITU), a United Nations agency, is "quietly drafting technical standards, proposed by the Chinese government," aimed at preventing Internet attacks which could also put an end to anonymity on the Internet. At an up coming ITU meeting in Geneva next week, telecommunication experts will be discussing draft recommendation of "IP Traceback" use case and requirements, looking at ways to identify the source of packets sent across IP (Internet Protocol) networks. more»

U.S. Congress Fears Cyberattack on Electric Power Grids

The potential for "cybersecurity" attacks on the United State's electric power grids has spurred politicians to consider legislation to broaden federal authority over electric companies.

Congress already has been consulting with federal agencies and industry associations over how to craft such legislation. On Thursday, legislators sought further input at a hearing before the House Energy and Commerce's subcommittee on energy and air quality. more»

Attack Traffic: 10 Countries Source of Almost 75% of Internet Attacks

A recent quarterly report titled "State of the Internet" has been released by Akamai providing Internet statistics on the origin of Internet attack traffic, network outages and broadband connectivity levels around the world. According to the report, during the first quarter of 2008, attack traffic originated from 125 unique countries around the world. China and the United States were the two largest traffic sources, accounting for some 30% of traffic in total. The top 10 countries were the source of approximately three quarters (75%) of the attacks measured. Other observations include... more»

Last Quarter Saw a Surge in the Number of Bot-Infected PCs

Security experts warn that there has been a threefold increase in the number of hijacked 'zombie' PCs over the last quarter. Brian Krebs reporting on WashingtonPost: "The estimates come from Shadowserver, a group of volunteers that monitor activity from robot networks or 'botnets,' large armies of hacked personal computers used for spam, phishing and all kinds of criminal activity. Shadowserver saw a rise from roughly 100,000 botted PCs to about 400,000 over the past three months." The apparent increase may be partly due to Shadowserver's deployment of more sensors detecting botnet attacks however it is also noted that criminals are getting more advanced at hiding bots. more»

Google Chrome Found Vulnerable to Carpet-Bombing

Just hours after the launch of Google's new web browser, reports have surfaced about its security vulnerability to carpet-bombing that can expose Windows users to hacker attacks. If exploited, hackers could potentially run unauthorized software on a victim's computer and then used to execute web-based computer attacks. Researcher Aviv Raff has discovered that it is possible to combine this vulnerability (also at one point affecting Apple Safari which uses the same WebKit technology used by Google's Chrome browser) and a Java bug discussed at this year's Black Hat conference, to trick users into launching executables direct from the new browser. more»

U.S. Slammed as Major Host for Cybercrime

While Russia and Ukraine are generally regarded as today's main cybercrime hubs, "a lot of their infrastructure is housed in the west, in the United States to be precise," writes Vincent Hanna of Spamhaus Project. "Without exception, all of the major security organizations on the Internet we know of agree that the 'Home' of cybercrime in the western world is a place known as Atrivo/Intercage. We ourselves have not come to this conclusion lightly but from many years of dealing with criminal operations hosted by Atrivo/Intercage, gangs of cybercriminals -- mostly Russian and East European but with several US online crime gangs as well -- whose activities always lead back to servers run by Atrivo/Intercage..." more»

Internet's Biggest Security Hole

Kim Zetter reporting on Wired: Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination. more»

Criminals Breach Online Booking System of Best Western Hotel Chain, 8 Million Customer Data Stolen

An exclusive report from Scotland's Sunday Herald newspaper says that an international criminal gang has managed to steal the identities of an estimated eight million guests of the Best Western hotel chain in a hacking raid that could ultimately net billions of dollars in illegal funds. According to the report, late on Thursday night, a previously unknown Indian hacker successfully breached the IT defenses of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia. It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007. more»

Cyberwar Against Britain Waged by Criminals and Terrorists

Britain's Government has warned that computer networks controlling electricity supplies, telecommunications and banking are under constant attack at a rate of thousands of times a day. According to reports, the cyberwar against Britain is waged by criminals and terrorists some of whom are backed by foreign stats. "If you take the whole gamut of threats, from state-sponsored organizations to industrial espionage, private individuals and malcontents, you're talking about a remarkable number of attempted attacks on our system -- I'd say in the thousands," Lord West of Spithead, the Security Minister said. "Some are spotted instantly. Others are much, much cleverer." more»