Hackers Penetrated Pentagon Computer Systems, Called Most Severe on US Military Network

Computer hackers suspected of working from Russia successfully penetrated Pentagon computer systems in one of the most severe cyber attacks on US military networks, according to reports. The electronic attack was so serious that Admiral Mike Mullen, the chairman of the joint chief of staff, briefed President George W Bush and Robert Gates, the defense secretary. "This one was significant, this one got our attention," said an official, speaking anonymously. more»

World Bank Removes CIO Following Recent Cyberattacks

According to recent reports, The World Bank has effectively removed a vice president who served as its chief information officer while struggling to deal with a series of embarrassing cyberattacks. The World Bank Group's network, which had been raided repeatedly by outsiders for more than a year, is one of the largest repositories of sensitive data about the economies of every nation. Servers in the institution's highly restricted Treasury unit were deeply penetrated with spy software, and the invaders also had full access to the rest of the bank's network for nearly a month in June and July, sources say. At least six major breaches have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. more»

Criminals Regain Control of Srizbi Botnet, Spam Volume Rising

Experts are that the spam volumes may spike significantly over the next few days now that one of the world's largest networks of compromised computers used for blasting out junk email has been brought back to life, reports Brian Krebs of the Washington Post. "The Srizbi botnet, a collection of more than half a million hacked PCs that were responsible for relaying approximately 40 percent of all spam sent worldwide, was knocked offline two weeks ago due to pressure from the computer security community." more»

Feds Urged to Deploy DNSSEC and Signing of the Root Zone

Security experts and leading vendors are urging the U.S. federal government for the rapid adoption of DNSSEC and signing of the root zone. In recent weeks, the National Telecommunications and Information Administration (NTIA) has received 30-plus comments in favor of securing DNS root zone data. These comments are from the Internet Architecture Board (IAB) and the Internet Society as well as ISPs and domain name operators such as PayPal, Akamai Technologies, NeuStar, Comcast and Afilias. more»

High-Profile Botnet Shutdowns Giving Rise to Virtual Malware Next Year, Experts Predict

Virus writers are likely to unleash increasingly sophisticated strains of malware next year in an attempt to bounce back from some high-profile botnet shutdowns in 2008, according to new predictions from managed security provider MessageLabs. The company predicted that hackers will launch new attacks in which malware will exist as a virtualisation layer running directly on the hardware and undiscoverable by the operating system. more»

US Concerned Over Chinese Cyber Espionage

China is actively conducting cyber espionage as a warfare strategy and has targeted U.S. government and commercial computers, according to a new report from the U.S.-China Economic and Security Review Commission. "China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report recently delivered to Congress. more»

Cybercrime, Underground Economy Booming, Stolen Credit Card Data Main Driver

Credit card information is the most advertised category of goods and services on the underground economy accounting for 31 percent of the total, according to recent data found by security experts. In a report released today by Symantec, stolen credit card numbers are reported to sell for as little as $0.10 to $25 per card with the average advertised stolen credit card limit at more than $4,000. According to calculations, the potential worth of all credit cards advertised during the reporting period was $5.3 billion. more»

Phishers Expand Number of Top Level Domains Abused, Policy Changes Found Effective in Prevention

The new Global Phishing Survey released by the Anti-Phishing Working Group (APWG) this month reveals that phishing gangs are concentrating their efforts within specific top level domains (TLDs), but also that anti-phishing policies and mitigation programs by domain name registrars and registries can have a significant and positive effect. The number of TLDs abused by phishers for their attacks expanded 7 percent from 145 in H2/2007 to 155 in H1/2008. The proportion of Internet-protocol (IP) number-based phishing sites decreased 35 percent in that same period, declining from 18 percent in the second half of 2007 to 13 percent in the first half of 2008. more»

IETF Debates DNS Security: Fix It or Push for DNSSEC

The Internet engineering community is grappling with what to do about a serious flaw in the DNS discovered this summer, and the ongoing debate brings to mind a famous quotation from Voltaire: "The perfect is the enemy of the good." At issue is whether the group should use its resources to encourage DNS registries, ISPs and enterprises to upgrade to the ultimate DNS security solution known as DNSSEC; or whether it should tweak the DNS protocols to address the so-called 'Kaminsky bug' as an interim step. The issue is being debated at a meeting of the IETF, the Internet's leading standards body, being held here this week. more»

We Must Avoid Cyber Crisis Equivalent to Current Financial Crisis, Urge Experts

Cybercrime is likely to wreak as much havoc as the credit crisis in the coming years if international regulation is not improved, some of the world's top crime experts said on Wednesday. Damage caused by cybercrime is estimated at $100 billion annually, said Kilian Strauss, of the Organization for Security and Cooperation in Europe (OSCE). more»

Cybersecurity Improvement Needs Partnership Not Regulation, Says Industry Group

The market-based, voluntary approach that the Bush administration has used to encourage companies to improve cybersecurity is not sufficient and the incoming Obama administration should form a cybersecurity social contract with industry based on economic incentives, according to a new report by Internet Security Alliance (ISAlliance). ISAlliance has released a report suggesting a cybersecurity social contract through which government would encourage and reward corporations by potentially working cybersecurity into procurement and loan processes, along with possible awards programs that could be used as marketing advantages. more»

Despite Baffling Delays in DNSSEC, Wide-Spread Adoption Close, Says DNS Inventor Paul Mockapetris

Flaws in the current DNS system, most notably the Kaminsky Vulnerability publicly exposed in July 2008, have left Internet uses exposed to potential attacks. DNS inventor Dr. Paul Mockapetris, chief scientist and chairman of IP address infrastructure software provider Nominum, points out that the DNSSEC has been under development for 15 years and the adoption remains low with only Sweden and Puerto Rico signing up to the system. "It baffles me," Mockapetris said of the delay. "On the one hand I'm never baffled by how long standards processes take, but 15 years sounds like a lot to me. I think we've lost 10 years of progress with DNS technology due to this stupid food fight around DNSSEC. We've been at it for 10 years, I think there's five years of good work there." more»

If Obama Gets His Way, All Americans Would Have Broadband Internet Access

Barack Obama's Internet-fueled campaign has transformed the way Americans choose a president. Now, the president-elect's administration plans to change the way Americans -- and government -- use technology. If Obama gets his way, all Americans would have broadband Internet access, whether they live in big cities or remote villages. Online life would be safer, with better defenses against cybercriminals. And there would be greater access to government, with online services to let anyone question members of the president's cabinet or track every dime of the U.S. budget. "I think it's not going to happen in the first 100 days, but I think a lot of this can happen in the first term," Ben Scott, policy director of Free Press, a media reform organization based in Washington, said. more»

DDoS Attacks Getting More Powerful, ISPs Report Concern Over New Threats and Budget Pressures

Massive distributed denial of service (DDoS) attacks against ISPs and their customers have almost doubled over the past year, according to a new security report. Attacks on networks making them unavailable to intended users -- also known as distributed denial of service (DDoS) attacks -- exceeded 40 gigabits in the last year according to Arbor Networks' annual survey of ISPs from North America, South America, Europe and Asia. more»

One in Four DNS Servers Still Unpatched for The Kaminsky Vulnerability, Says New Worldwide Study

One in four DNS servers are still vulnerable to the Kaminsky flaw, according an annual survey of DNS servers conducted by network services vendor Infoblox and Internet testing and measurement group, The Measurement Factory. "Given the heightened awareness of DNS server vulnerabilities due to the recent Kaminsky discovery, it is surprising to see how many organizations are still leaving their DNS systems as potential victims of attack," said Cricket Liu, Vice President of Architecture at Infoblox and author of O'Reilly & Associates' DNS and BIND, DNS & BIND Cookbook, and DNS on Windows Server 2003. more»