< Follow on Twitter >

February Newsletter #1 2015

NSA Penetrating North Korea with Malware

The NSA has been targeting North Korea and its impenetrable system for a long time. New revelations have been brought to light and the NSA has started to equip the USA for possible digital wars in the near future, using surveillance and digital weapons to enhance its existing power.

Though North Korea has been the prime suspect of the recent Sony Pictures hack last November according to the FBI, there is still great room to doubt such a claim. Especially after the new revelations from Edward Snowden and the reports from Der Spiegel, with the voice of Jacob Appelbaum and others, suspicion has been raised and nobody believes that North Korea is to blame for everything turning bad in the world. It is customary on behalf of the NSA to be linked to tactics of unauthorized surveillance, with the example of last year's report proving that the Agency has backdoors for a number of different devices toward collecting data.

A new wave of documents, leaked by Edward Snowden and published by the Der Spiegel magazine, demonstrates how the NSA has used its servers as hacking platforms (i.e. FOXACID) to hack in the system of foreign governments by implanting a malware. Other components involved in the attacks are Turbine and Turmoil, belonging to the Turbulence family exploitation systems. According to Snowden, the NSA also secretly tapped into South Korean network espionage on North Korean networks to collect information.

"Spurred by growing concern about North Korea's maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document." reports The New York Times.

The NSA hackers compromised the North Korean systems by spreading malicious code through spear phishing campaigns:

"The N.S.A.'s success in getting into North Korea's systems in recent years should have allowed the agency to see the first "spear phishing" attacks on Sony — the use of emails that put malicious code into a computer system if an unknowing user clicks on a link — when the attacks began in early September, according to two American officials."

One of the hacking scenarios described in the documents leaked by Snowden describes how the NSA's Tailored Access Office hijacked a botnet known by the codename "Boxingrumble" that initially was used to target the computers of Chinese and Vietnamese dissidents and was being used to target the DOD's unclassified NIPRNET network.

"The NSA was able to deflect the attack and fool the botnet into treating one of TAO's servers as a trusted command and control (C&C or C2) server. TAO then used that position of trust, gained by executing a DNS spoofing attack injected into the botnet's traffic, to gather intelligence from the bots and distribute the NSA's own implant malware to the targets." reports ArsTechnica.

Based on the new leaks from the world-renowned whistleblower Edward Snowden, the NSA is preparing the USA for digital wars. The Agency has been building its defensive line and asking for people who enjoy breaking things to join their cause. As it seems, thorough preparation is taking place for the digital wars to come – the Internet is certain to play a crucial role to the wars of the future, after all. In order to prevail, they have been aiming to the establishment of the innovative and extremely powerful D weapons (with D referring to Digital), after the Atomic, Biological and Chemical ones of the past.

James A. Lewis is an expert in cyberwarfare working at the Center for Strategic and International Studies in Washington. He commented on the determination and certainty of Barack Obama to accuse North Korea of the recent Sony hack:

"Attributing where attacks come from is incredibly difficult and slow. The speed and certainty with which the United States made its determinations about North Korea told you that something was different here — that they had some kind of inside view."

Such haste and lack of doubt surely raise an eyebrow as to how the United States of America have managed to get solid proof of North Korea's guilt on the matter.

Der Spiegel brought to public attention another top secret document, which reveals that the NSA obtained data from places like North Korea. The document sheds light on the methods used by spying agencies worldwide, with information collected one way or another and data transferred to various destinations. As a result, all the revelations agree that the NSA has been accurate and to the point toward penetrating one of the most powerful systems in the world and that the data collected is meant to help in cases of cyberwarfare.

http://securityaffairs.co/wordpress/32592/intelligence/

FBI access to PRISM surveillance program expands

US Federal Bureau of Investigation (FBI) access to overseas surveillance collected by the National Security Agency (NSA) has expanded in recent years, with the law enforcement agency gaining access to collected, but unprocessed data, in 2009, according to a report released by the government.

The FBI's access to email and other data collected from overseas targets in the NSA's Prism program has been growing since 2008, according to a 2012 U.S. Department of Justice inspector general's report declassified last Friday by the DOJ. The agency made the highly redacted inspector general's report public in response to a Freedom of Information Act request by the New York Times.

In 2008, the FBI began reviewing email accounts targeted by the NSA through the Prism program, according to the report and a New York Times story.

Then, in October 2009, the FBI requested that information collected under the Prism program be "dual routed" to both the NSA and the FBI so that the FBI "could retain this data for analysis and dissemination in intelligence reports," according to the IG's report.

And in April 2012, the FBI began nominating email addresses and phone numbers that the NSA should target in it surveillance program, according to the document.

The IG's report, however, concluded that the FBI took a responsible approach toward the surveillance program. The FBI's Prism team "implemented its targeting procedures with commendable deliberation, thoroughness and professionalism," the report said.

The NSA's Prism program targets email messages and other digital communications by people outside the U.S. in an effort to deter terrorism. The NSA reportedly accessed the networks of Google, Yahoo, Apple and other Internet companies to gain access to users' communications, although some companies have insisted that they were not willing partners in the surveillance programs, as original leaks by former NSA contractor Edward Snowden suggested.
The Prism program isn't supposed to target U.S. communications, but some domestic communications are inadvertently collected, according to oversight reports.

http://www.computerworld.com/article/2867788/fbi-access-to-surveillance

Hacking Paranoia: Switzerland Cashing In By Marketing Itself As A 'Safe Haven' For Storing Data

Switzerland, facing an erosion of the banking secrecy laws that helped make it the world's banker, is now touting its reputation as a safe and stable haven to become a global data vault. More and more companies are flocking to the wealthy Alpine country to stock data in an era of increasing espionage and hacking, and the Swiss are reaping the benefits of the paranoia.

Thanks to Switzerland's long-held banking secrecy tradition, the country enjoys a global reputation for security and privacy. But amid international pressure, the country is being forced to shed the protective shield that has made its banks so attractive, and has agreed within the next two years to automatically exchange account details with other countries. While Swiss banks are suffering, the country's data storage companies are booming.

In the wake of revelations from former US intelligence contractor Edward Snowden of widespread snooping by the National Security Agency, they are touting Switzerland's cherished reputation to draw clients from around the globe. With its 61 data centres, tiny Switzerland is currently Europe's fifth largest data hub, according to the Data Center Map website.

Swiss laws on the issue are one of the most restrictive in the world: Personal data is defined as a "precious good" that can under no circumstances be handed over to governments or authorities without authorisation from a judge. This has been a magnet for companies such as Multiven, an IT services firm that quit California's Silicon Valley in 2009 for Zurich.

But experts say that in today's rapidly changing electronic world, nothing is 100 percent foolproof or safe. "We have to admit that in our present societies, total and absolute protection is impossible," said Jean-Henry Morin, a professor of information systems at Geneva University, referring to the recent cyber attack on Sony, the biggest in US corporate history.

Some Swiss data vaults are located in exotic locales like a massive high-tech underground bunker used by Deltalis, which brands itself as "the most secure data centre". Housed in one of the country's numerous Cold War era army barracks, it is tucked away from view behind four-ton steel doors built to withstand a nuclear attack. The tight security includes biometric scanners and an armed guard while its exact GPS location remains a jealously guarded secret.

http://uk.businessinsider.com/afp-swiss-bank-on-safe-haven

Malaysia Airlines targeted by 'Cyber Caliphate'

A group calling itself "Official Cyber Caliphate" said it hacked the official website of national carrier Malaysia Airlines (MAS), but the airline said its data servers remained intact and passenger bookings were not affected.

The website, www.malaysiaairlines.com, showed a photograph of a lizard in a top hat, monocle and tuxedo, surrounded by the messages '404 - Plane Not Found' and 'Hacked by Lizard Squad - Official Cyber Caliphate'. A rap song could be heard. In a statement, MAS said the website was not hacked, but that users were redirected to a hacker website. It said the official site would be back up within 22 hours.

"Malaysia Airlines assures customers and clients that its website was not hacked and this temporary glitch does not affect their bookings and that user data remains secured," it said. Some media reports said the hacked website had earlier carried the words "ISIS will prevail" but the slogan could no longer be seen. ISIS is the acronym of the militant Islamic State group that has proclaimed a caliphate after seizing territory in Iraq and Syria.

Malaysia Airlines lost two flights last year. Flight MH370 disappeared last March with 239 passengers and crew on board and Flight MH17 was shot down over eastern Ukraine on July 17, killing all 298 passengers and crew.

The Malaysian government took the airline private late last year.

http://www.reuters.com/article/2015/01/26/us-malaysia-airline-cybercrime

Google kept search warrant information from WikiLeaks

Wikileaks has made an official complaint about what it sees as underhand tattle tonguing from Google and accused the firm of handing over WikiLeaks staffers' digital doodahs to their detriment.

A letter from the puff-cheeked whistleblowing outfit slams Google for apparently not struggling to resist demands from the US government and not letting WikiLeaks know that such things were happening. WikiLeaks says that warrants were served on its staffers' info in 2012, but that the organisation heard about this only recently. WikiLeaks suggests that if the group had had more of a clue it would have been in a better position to defend itself.

"WikiLeaks' lawyers have written to Google and the US Department of Justice concerning a serious violation of the privacy and journalistic rights of WikiLeaks' staff," it said. "Investigations editor Sarah Harrison, section editor Joseph Farrell and senior journalist and spokesperson Kristinn Hrafnsson have received notice that Google had handed over all their emails and metadata to the US government on the back of alleged 'conspiracy' and 'espionage' warrants carrying up to 45 years in prison."

As if that wasn't enough Wikileaks has also cottoned on to facts about the US case against head honcho Julian Assange, who is in a heck of a lot of trouble. "Importantly, the warrants reveal for the first time a clear list of the alleged offences the US government is trying to apply in its attempts to build a prosecution against Julian Assange and other WikiLeaks staff," it added. "The offences add up to a total of 45 years of imprisonment."

Google, which releases regular transparency reports and blogs about its efforts to limit and resist sharing, gave us its response in a short statement.

"We don't talk about individual cases. Obviously, we follow the law like any other company. When we receive a subpoena or court order, we check to see if it meets the letter and the spirit of the law before complying," said a spokesperson. "And if it doesn't we can object or ask that the request is narrowed. We have a track record of advocating on behalf of our users."

Google's transparency pages offer some additional information, including that the firm can sometimes keep information from a subjector when a statute or court order tells it to.

http://www.theinquirer.net/inquirer/news/2391986/google

Apple iOS Backdoor: Snowden says iPhone is a Government Spy

Infamous former NSA contractor Edward Snowden thinks that Apple's iPhone has "unique computer software" that authorities can activate remotely to be in a position to gather information about the user.

Edward Snowden, the infamous former contractor for the National Security Agency who leaked thousands of pages of previously classified NSA intelligence documents, reportedly thinks that Apple's iPhone has "unique computer software" that authorities can activate remotely to be in a position to gather details about the user.

"Edward never utilizes an iPhone he's got a very simple telephone," said the lawyer of Snowden, Anatoly Kucherena, in an interview with the Russian media business RIA Novosti.
"The iPhone has special application that can activate itself without the need of the owner obtaining to press a button and gather facts about him that is why on security grounds he refused to have this telephone," Kucherena added.

It is not clear if the "special software program" getting referred to in the interview is created up of common diagnostic tools, or if the NSA whistleblower thinks intelligence agencies from the United States have discovered a way to compromise the mobile operating system developed by Apple.

Apple was amongst the very first organizations accused of participating in the PRISM data-mining project of the NSA, following the release by Snowden of the agency's classified documents. The project reportedly involved extracting video, audio, pictures, documents, emails and connection logs from devices, permitting analysts to track the movement of the device's user and the communications that they are getting or sending out. At the time the accusations were quickly denied by Apple, stating that the organization is not involved in the PRISM project and that it does not grant government agencies direct access to any Apple's servers.

Succeeding leaks showed that the NSA developed spyware that would target iPhones, allowing intelligence agencies to access messages, live microphone feeds, data contained in the devices and location information.

Apple stated that the firm has under no circumstances been involved with the NSA in the creation of backdoor software for any of the company's items. In addition, Apple mentioned that it is not conscious of any alleged programs by the NSA to target the company's merchandise such as the iPhone, as the firm values the security and privacy of its users.

http://www.uniongazette.com/technology/edward-snowden-apple-iphone

US Military Is Building Advanced Military Drones

For the Pentagon, drones are cheaper to buy and to operate than regular fighter jets. An armed MQ-9 Reaper drone runs about $14 million, compared to $180 million or more for an F-35 Joint Strike Fighter. But unlike barrel-rolling a jet, the business of actually operating a unmanned aerial vehicle, UAV, for the military is lonely, thankless, and incredibly difficult.
It's no wonder the Pentagon doesn't have enough drone pilots to meet its needs, a problem certain to persist as the military increases its reliance on unmanned systems, especially in areas where it has no interest in putting boots on the ground, like Pakistan or Iraq. The solution that the military is exploring: increasing the level of autonomy in UAVs to allow one pilot to manage several drones at once.

The Defense Advanced Projects Research Agency, DARPA, put out a call for ideas as part of the "Collaborative Operations in Denied Environment" or CODE project. Today, the majority of the drones that the military is using in the fight against ISIL require two pilots. The agency is looking to build packs of flying machines that communicate more with one another as with their operator, which, in turn, would allow a single operator to preside over a unit of six or more drones. Together, the flying robot pack would "collaborate to find, track, identify and engage targets," according to a press release.

It's the "engage" portion of that release that rings of Skynet, the robotic tyrant system made famous by the "Terminator" movie franchise. But the drones that DARPA is envisioning would not be firing on human targets without approval from another human. The request also states that the targeting would be under "under established rules of engagement." What are those rules when it comes to robots? In deciding what drones should and should not be allowed to do, the Defense Department relies on a 2012 directive that states that autonomous weapons "shall be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force."

Even so, the legality of US drone strikes, particularly those in which civilians die as a result of the strike, remains a matter of some dispute. Ben Emmerson, the United Nation's special rapporteur on human rights and counter-terrorism, authored a report in 2013 that found that 33 drone strikes may have violated International Humanitarian Law.

A separate U.N. report by Christof Heyns, the UN special rapporteur for extrajudicial, summary or arbitrary executions, noted that improvements to military drones would inevitability trickle down to civilian systems. The report questioned whether any government could hold true to a promise to never allow a robot to pull the trigger.

Likewise, military technology is easily transferred into the civilian sphere. Even proponents of greater military investment in unmanned systems have cautioned that increasing the amount of autonomy in armed flying robots carries some big risks.

Improving the autonomy in armed drones decreases the likelihood of uplink communication hacking. The only thing scarier than a heavily armed robot that can do (some) thinking for itself, is a flying missile-tipped droid that's been hijacked by the enemy.

http://www.defenseone.com/technology/2015/01/us-military-building-gangs

Application of unmanned military systems

The field of Unmanned Systems is rapidly developing, as part of other burgeoning sectors, such as artificial intelligence, robotics and cyber. In the course of 2013, INSS carried out a study, which focused on Unmanned Vehicles. This program is designed to execute studies incorporating long-term technological projection and formulating policy. The following summarized the first of these studies, in an effort to serve as a model for subsequent ones.

1. The current status:
The current level of credibility unmanned ground and sea systems feature is considered quite low, in particular compared with unmanned aerial systems (UAS). Unmanned systems suffer from the lack of technical maturity when it comes to certain missions such as detection of explosive charges in open areas or in urban environments. These insights are in line with experts' assessment that unmanned systems are currently where household computers used to be in the 1980's. Furthermore, there is a great potential for a far-reaching improvement within 20 years.

2. In the future, we will see a major improvement in the performance of Autonomous systems, along with the level of trust we can have for them.

Unmanned systems are in for a significant improvement in terms of their respective abilities to gather intelligence, carry out reconnaissance missions, monitor sectors and detect targets, distinguish friendly enemy from friendly ones, as well as carry out damage assessment of enemy targets, i.e. infrastructure. These systems will have become simpler to operate. High system autonomy will allow each operator to control a larger number of vehicles at once. Respective systems will exhibit high levels of execution and high levels of credibility both singularly and as parts of larger formations. Furthermore, "wild cards" may well be introduced – systems with capabilities we nowadays perceive as fantastic, whose application would be tantamount to a 'game changer' compared with what we are familiar with today.

The primary consequences of these technology projections are that the bulk of military tactical missions could be planned in advanced and executed autonomously (with no human involvement) within 20 years. Using swarms of autonomous systems will play a growing part of the current face of the battlefield, and will greatly alter the pace of fighting, as well as other element of combat.

http://i-hls.com/2015/01/application-unmanned-military-systems-experts-weigh/

Did the White House Use Drone Killing Technology?

At about 3 a.m. on Monday 26th January, a small quadcopter drone, or unmanned aerial vehicle, crashed on the White House lawn. White House officials said that the drone, by itself, was unarmed and didn't represent a threat. Authorities quickly located the owner, a government employee, who has managed (so far at least) to convince the Secret Service that he made an innocent mistake flying his drone outside of the White House in the wee hours of the morning.

The White House won't comment on whether or not they took any special steps to bring down the small UAV. But the White House may have employed the same anti-drone technology that the military is trying to perfect to protect ships and planes from future drone swarms. There are plenty of ways to knock a drone out of the sky, everything from surface to air missiles to hunter-killer robots to, yes, lasers. But for a cheap off-the-shelf drones operating off a simple radio or Wi-Fi signal, the best method is simple jamming.

For the military, signal jamming is an increasingly important component of electromagnetic warfare, or EW. It's an area of growing concern as the electromagnetic spectrum, an area where the United States once enjoyed sole dominance, is becoming increasingly crowded.

http://www.defenseone.com/technology/2015/01/did-white-house-use-drone

Industrial Internet of Things: Big Opportunities and Challenges

The "Industrial Internet of Things" (IIoT) could contribute $14.2 trillion to world output by 2030, according to new research by Accenture. But these potential gains are at risk because neither companies nor governments are taking sufficient actions to put in place the conditions necessary for the wide adoption of new digital technologies, the firm says.

The IIoT, which enables new digital services and business models based on intelligent connected devices and machines, is expected to particularly boost growth in mature markets, according to the report, "Winning with the Industrial Internet of Things."

By 2030, capital investments in the IIoT and the productivity gains that should follow are expected to add $6.1 trillion to the United States' cumulative gross domestic product (GDP). If the U.S. were to invest 50% more in IIoT technologies and improve enabling factors, such as its skills and broadband networks, the gain could reach $7.1 trillion by 2030, raising its GDP 2.3% higher in 2030 than trend projections.

But the report shows that these gains are at risk, in part because 73% of companies have yet to make concrete plans for the IIoT, according to a survey of more than 1,400 global business leaders, of whom 736 are CEOs. Only 7% of those surveyed have developed a comprehensive strategy with investments to match.

"The Industrial Internet of Things is here today, helping to improve productivity and reduce costs," Paul Daugherty, CTO at Accenture, said in a statement. "But its full economic potential will only be achieved if companies move beyond using digital technology to make efficiency gains alone and unlock the value of data to create new markets and revenue streams. That means radically changing how they do business: working with competitors, forming partnerships with other industries, redesigning organizational structures and investing in new skills and talent."

http://www.information-management.com/news/Industrial-Internet-of-Things

Kaspersky Lab Presents a Forecast for 2045

Robots Serving People and Robots Replacing People

About 30 years ago the personal computer began to make its way into regular use – and it went on to transform society and the way we live our lives. Kaspersky Lab's experts decided to mark that anniversary by looking further into the future and imagining how information technology might develop and change our lives in the new digital realities of 2045, 30 years from now.

Robots Everywhere

Before long it's likely that the world's population will include billions of people and billions of robots, with the latter doing almost all of the heavy, routine labor. People will work on improving the software for the robots and the IT industry will be home to companies developing programs for robots just like they now develop apps for users to download and install.

Mechanical People

To a certain extent the boundaries between robots and humans will become blurred. Transplants will start using electronically controlled artificial organs and prosthesis will be a routine surgical procedure. Nanorobots will travel deep into the body to deliver drugs to diseased cells or perform microsurgery. Specially installed sensors will monitor people's health and transmit their findings into a cloud-based storage that can be accessed by the local doctor. All of this should lead to a considerable increase in life expectancies.

Smart Homes

Moreover, people will live in smart homes where most creature comforts will be fully automated. The software that runs the house will take care of energy, water, food and supplies consumption and replenishment. The residents' only concern will be to ensure there is enough money in their bank accounts to pay the bills.

Hyper Intelligence

Our digital alter egos will finally be fully formed within a single global infrastructure capable of self-regulation and involved in managing life on the planet. The system will operate a bit like today's TOR; the most active and effective users will earn moderator rights. The system will be geared towards distributing resources between people, preventing armed conflict and other humanitarian actions.

3D Printing – Fast and Cheap

It won't just be dreary chores that are consigned to the history books – production of certain items will no longer be needed. Instead 3D printers will enable us to design and create what we need, from household items like dishes and clothes to the building bricks for a future home.

No More Computers

The PC might have started the whole IT boom, but by 2045 we'll probably only see it in museums. To be more precise we will no longer need a single tool for working with data – which is basically all a computer does. There will be an even greater range of smart devices and these different gadgets will steadily take over the functions of today's PCs. For example, financial analysis will be done by a server controlled by the organization concerned using electronic documents, not by an accountant on a personal computer.

Technophobia

Not everyone will be excited by a brave new robotic world, however. New Luddites (19-century workers who opposed the Industrial Revolution and tried to destroy machines) will likely emerge to oppose the development of smart homes, automated lifestyles and robots. The opposition to IT developments will shy away from using smart systems, appliances and robots for certain types of work, and will not have any digital identity.

"The current rate of development in IT makes it difficult to deliver precise predictions about where we will be in a few decades. However, it is clear that every year our technologies will get even smarter and the people who work with them will need to keep up. We can certainly be sure that cybercriminals will continue to make every effort to exploit any new IT advances for their own malicious purposes," said Alexander Gostev, Chief Security Expert at Kaspersky Lab. "But whatever our world looks like in 30 years, we should start improving its comfort, safety and well-being now. Technology is just a tool, and it is entirely up to us whether we use it for good or for evil."

http://i-hls.com/2015/01/kaspersky-lab-presents-forecast-2045/

The US and UK are to stage CyberWar against the Banks

The US and UK are to wage a series of cyber 'war games' against each other to test the resilience of the two country's defences against online criminals, beginning with a mock exercise directed at the banking and finance sector.

The joint initiative was unveiled by David Cameron's office as the UK Prime Minister begins two days of meetings with President Barack Obama in Washington.

Unnerved by the recent North Korean hack on Sony, Downing Street said the unprecedented exercise will aim to improve the flow of information between the US and UK about emerging cyber threats.

Under the plans, the US and UK will create a joint 'cyber cell' for information exchange between the FBI and UK security services, including MI5 and GCHQ.

The first of the war games will take place later this year, with the Bank of England, and banks in the City and on Wall Street in the firing line.

While in Washington, Cameron is also expected to press Obama on proposals to open a back door to get around the encryption defences erected by big technology companies to protect consumer data, a plan, which has caused consternation in hi-tech circles in the UK.

http://cyberwar.einnews.com/article/244882385/0tOz2WBQvEbrq3A4

Australia and US join forces in 'cyber war'

The US and Australia's alliance is looking to future battlefronts in cyber, hypersonic and electronic warfare, a US senior official says.

Christine Wormuth, the US undersecretary of defence for policy, says while the countries' traditional relationship will continue - such as fighting Islamic State jihadists in Iraq and Syria as part of an international coalition - their joint security efforts include new frontiers of science and technology.

"Our co-operation there cuts across a number of rapidly evolving fields like electronic warfare, hypersonics and a variety of initiatives in the cyber domain," she said in a speech at the Brookings Institution in Washington DC.

The US also hopes to increase the number of Marines it deploys to Darwin. "This year about 1150 Marines have come through Australia on a rotational basis and over the coming years we are working with Australia to be able to rotationally deploy as many as 2500 Marines on a yearly basis," she said.

The Five Eyes (Australia, New Zealand, Canada, UK and US) have been sharing secret intelligence, private data and cyber technology for years and this process is obviously on the increase.

http://cyberwar.einnews.com/article/245680684/cq4JfaLN-jkH_sAG

Research examines 'white hat' hackers in cyber warfare

Minghi Zhao, left, a doctoral candidate at the College of Information Sciences and Technology (IST), and Jens Grossklags, an assistant professor at the College of IST, are examining the dynamics of the white hat hacker community.

From the Heartbleed bug that infected many popular websites and services, to the Target security breach that compromised 40 million credit cards, malicious hackers have proved to be detrimental to companies' financial assets and reputations.

To combat these malevolent attackers, or "black hats," a community of benign hackers, i.e., "white hats," has been making significant contributions to cybersecurity by detecting vulnerabilities in companies' software systems and websites and communicating their findings. Researchers at Penn State's College of Information Sciences and Technology (IST) are studying white hat behaviors and how the talents of the white hat community can be most effectively used.

According to the researchers, undisclosed vulnerabilities in publicly and privately deployed software systems are a significant contributing factor to potentially damaging security incidents. Black hat hackers search for unknown software vulnerabilities and attempt to derive benefit by either exploiting such vulnerabilities to steal data and damage service availability or by selling information about such vulnerabilities on black markets.

A recent example is the Heartbleed security bug that was discovered in April and dubbed one of the biggest security threats the Internet has ever seen. Heartbleed's target is the open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where sensitive data such as usernames, passwords and credit card numbers are stored. A further complication is the interconnected nature of the Internet—an attack on an individual website or server has the potential to affect numerous websites.

For example, in August 2013, a group claiming to be the Syrian Electronic Army was able to take down the New York Times by hacking into a website in Australia. According to media reports, the group gained control of the Times' domain name registrar, Melbourne IT. A domain name registrar is a site that sells domain names and controls a domain name server (DNS). By hacking into the DNS server, the group could redirect the traffic going to nytimes.com. The Syrian Electronic Army also said it hacked Twitter, which also reportedly uses Melbourne IT.

http://cyberwar.einnews.com/article/245756848/EXuY3KwTy6b32O1Z

Hackers For Hire

Have you ever wondered what fuels a hacker to invest his/her time, skills and resources into criminal activities? Is it for the money? Maybe. But many of these people get rich fast that they practically can't ever spend it. Take the Anonymous group for example. They are not hacking for personal gains. They hack to demonstrate just how easy it is to break the defenses of companies that hold your data, and to promote their ideology.

Whatever the motivation is for these hackers, there's a few characteristics they seem to all have in common, intelligence likely being on top of the list and these very smart people with most of them excelling in mathematics, physics, and other kinds of computational sciences.
They all started hacking in their early to mid teens, at a time when their moral compass was not yet developed. Most of them also greatly lack social skills and exhibit strong signs of Asperger's syndrome, symptoms of which can prove to be tremendous advantages when it comes to hacking.

Almost all the hackers that fall foul to the law say the same thing: "Please, please give us a chance to work in the legitimate industry. We just never knew how to get there, what we were doing. We want to work with you."

http://blog.lifars.com/2014/10/24/hire-the-hackers/

UK: New £3m cyber innovation centre in Gloucester

A new cyber innovation unit will open in Gloucester this week. Raytheon will officially launch the new unit, which has been set up to help protect computer networks from cyber attacks.

Richard Daniel, chief executive of Raytheon UK said: "Raytheon has invested £3 million and the centre will house more than 100 of the UK's most talented cyber professionals with expertise from big data and analytics to network defence. Raytheon works extremely closely with its supply chain and actively fosters innovation. To that end, the company is also announcing that it will be launching a new cyber innovation competition aimed at small to medium-sized businesses with prizes totaling £100,000."

Richard Graham, MP for Gloucester, noted how cyber threats have been capturing headlines across the world as attacks become more frequent and prominent. "Cyber security is an increasing issue for governments and businesses around the world and there is no better time to exploit this increased cyber awareness to ensure a safer digital economy. Our Prime Minister and President Obama called for greater US-UK cooperation in developing cyber capabilities. I welcome Raytheon's investment in innovation and its supply chain, which positions our city and country at the heart of a sector that will boost growth and jobs."

http://www.gloucestercitizen.co.uk/New-3m-cyber-innovation-centre-Gloucester

New Cyber Security School opening in London:

"Education is the most powerful tool we can use in the fight against cybercrime" said HP Enterprise CISO Andrea Simmons at the event launching the UK's newest cyber education centre.

The Global Institute of Cyber, Intelligence & Security (GICIS) is opening in London, pitching top-up courses to professionals looking to expand their knowledge in cybersecurity. Short courses including cyber resilience, security, military, policing, counter terrorism and financial crime are going to be offered by a new school focusing on cybersecurity skills.

GCIS's academic director Martin Wright said, "The cyber school aims to provide a better understanding of issues and solutions surrounding the nature of crime, cyber insecurity and terrorism."

http://www.cbronline.com/news/security/cybersecurity-school

http://cyberparse.co.uk/2015/01/21/gicis-launches-cyber-security-school-in-london/

 

The full web site is currently under development and will be available during 2015