Cyber Security Intelligence

Twitter< Follow on Twitter>

Most CIA analysts didn't use the NSA's Spy program

A newly-released document from the Central Intelligence Agency's (CIA) own internal watchdog found that the government's controversial warrantless surveillance and bulk data collection program was so secretive that the agency was unable to make "full use" of its capabilities even several years after the September 11 attacks. Initially, only top-level CIA officials were cleared on its use, rather than rank-and-file "CIA analysts and targeting officers."

STELLAR WIND, the code name for the highly secretive President's Surveillance Program (PSP, or "The Program"), was created in the wake of the September 11 attacks. The legal justification for the PSP has changed multiple times over the years, and today it stands under the Foreign Intelligence Surveillance Act Amendments Act (FISA AA) of 2008, which remains law.

The CIA IG report writes that under the PSP, there were three "sets of data" collected.

The first set included the content of individually targeted telephone and e-mail communications. The second consisted of telephone dialing information—the date, time, and duration of calls; the telephone number of the caller; and the number receiving the call—collected in bulk. The third data set consisted of e-mail transactional data collected in bulk.

Several factors hindered the CIA in making full use of the capabilities of the PSP. Many CIA officers told us that too few CIA personnel at the working level were read into the PSP. Officials told us that CIA and targeting officers who were read in had too many competing priorities and too many other available information sources and analytic tools, many of which were more easily accessed and timely, to fully utilize the PSP.

CIA officers also told us that the PSP would have been more fully utilized if and targeting officers had obtained a better understanding of the program's capabilities. Many CIA officers noted that there was insufficient training and legal guidance concerning the program's capabilities and the use of PSP-derived information.

Ars Technica:

Forget Hackers, The Biggest Internet Security Threat Is Much Closer to Home

High profile, embarrassing data hacks like the Sony email breach and the Target credit card scandal receive the bulk of the media attention, but there's a bigger threat to Internet security that's much closer to home.

The 2015 Data Breach Investigation Report conducted by Verizon shows that the biggest threat to your private information may actually be you!

Phishing campaigns, which send malicious emails disguised as legitimate correspondence, have become not only more prevalent but also more effective in tricking Internet users to open them. In past years, the DBIR reported that the overall effectiveness of phishing campaigns was between 10%-20%. However, in this year's report, DBIR notes that the trend has worsened "with 23% of recipients now opening phishing messages and 11% clicking on attachments."

Unfortunately, the scammers have become far cleverer with their campaigns, according to the report.

Now, these messages are rarely sent in isolation. Many are sent as part of a slow and steady campaign. The numbers again show that a campaign of just 10 emails yields a greater than 90% chance that at least one person will become the criminal's prey.

So how can you protect yourself? The authors of the DBIR take some solace knowing that Internet users do not open or interact with 75% of phishing emails. In the past, Internet users could simply use common sense to stay safe from predatory e-mail scams, but because the phishing campaigns include smarter techniques today, the report suggested three solutions to limit the problem:

Better email filtering before messages arrive in user in-boxes

Developing and executing an engaging and thorough security awareness program
Improved detection and response capabilities

In many cases, however, it's human diligence and not technology that represent the frontline of defense. This can be maximized in a business setting.

"One of the most effective ways you can minimize the phishing threat is through effective awareness and training," said Lance Spitzner from the SANS Institute, a cooperative research and education organization, which focuses on security issues.

Motley Fool:

France's Intelligence Bill: Legalising Mass Surveillance

The French government claims its new Intelligence Bill is defined in opposition to the American and British models – but this just doesn't hold once the text is examined - Quite the contrary!

Recently French Prime Minister Manuel Valls organised a press conference to announce the Intelligence Bill that his government had just adopted and was presenting to Parliament. Confronting the media, Valls sought to dismiss growing concerns that the bill, the contents of which had been leaked to the press a few days earlier, would undermine the right to privacy. "This has nothing to do with the generalised surveillance of citizens", Valls said to journalists. He even went on to claim that the bill would "forbid" mass surveillance.

This posture came all the more naturally to the French Government as it has kept its head down and weathered the storm since the Snowden disclosures began almost two years ago. Even when documents exposing the cooperation between the French General Directorate for External Security (DGSE) and the NSA and other Five-Eyes agencies (the LUSTRE agreement) came to light, public officials either refrained from any comment or issued denials. Today, the Valls government is claiming that the bill is simply a matter of securing the legitimate intelligence collection practices of the French security services, which hitherto lacked a proper legal framework.

These reassurances, however, do not survive proper scrutiny. A close reading of the Bill shows that it authorises the government to engage in preventive surveillance of private communications and public spaces for a broad range of motives – from terrorism to economic espionage and the monitoring of social movements – without proper ex ante control. It also orchestrates the legal whitewashing of mass surveillance, and legalizes tools and policies that directly echo those of other surveillance superpowers, like the US, the UK or Germany. Three examples are particularly telling.

The most fiercely debated item of the bill relates to so-called Internet "black boxes" aimed at detecting terrorist threats. Article 2 makes provision for the Prime Minister to require telecom operators and online platforms to install technical devices on their infrastructure (networks or servers) that will use custom algorithms to detect suspicious online behaviour.

According to examples quoted by government ministers and high-ranking officials in the intelligence community, the goal is to detect the use of particular encryption protocols or web browsing habits. Though the government denies this is the case, there is every indication that these black boxes will deploy some kind of Deep Packet Inspection (DPI) technology.

From a British and American perspective, these black boxes are hardly news. In the UK, a similar provision was debated as early as 2000, and eventually subsumed in the Regulatory Investigative Powers Act, section 12. More recently, documents leaked by Mark Klein, a former AT&T employee turned whistleblower, revealed that the NSA had implemented DPI technologies to monitor Internet traffic on US soil.

Traditionally surveillance has been justified by the practical limitations to the ability of states to engage in mass surveillance outside of their territory. But in the age of global and digital communications networks, where whole civilian populations have become subject to systematic surveillance, this outdated "laissez-faire" approach does not only completely negate the universality of human rights when it comes to foreigners. It also leads to opportunistic strategies where the cross-border nature of communications is used to bypass the checks-and-balances that protect the state's own citizens, all within the comfort of the national territory.

Open Democracy:

Is the US - Iran Cyber War Over?

Washington and Tehran have come to an understanding on nuclear weapons. The international agreement reached recently on Iran's nuclear program may stall the country's aspirations to build The Bomb. But US officials and cyber security experts aren't betting that Iran will give up its pursuit of another strategic arsenal: cyber weapons, which the country has been rapidly acquiring and using against US targets. And the American cyber espionage campaign against Iran experts and officials expect to continue.

Recently the Obama administration prepared its latest offer to lift some economic sanctions on Iran as part of the tentative nuclear deal, the White House issued a new executive order that allows the United States to sanction countries and individuals who conduct cyber operations that pose a "significant threat" to national security. One provision of the order, which covers threats to "economic health or financial stability," looks deliberately tailored to Iran, which US intelligence officials blame for a series of massive denial-of-service attacks that shut down the websites of American banks in 2012.

Sanctionable offenses include "causing a significant disruption to the availability of a computer or network of computers." As an example, the White House listed denial-of-service attacks. And the day he issued the order, President Obama wrote in a blog post for Medium that "Iranian hackers have targeted American banks" and said the US government needed new tools "to go after bad actors" who are beyond the reach of US law enforcement or whose governments won't stop them.

A former US intelligence officer who worked on cyber operations told The Daily Beast that the United States was putting Iran on notice, that while the nuclear negotiations may have borne fruit, the US was still ready to punish Iran anew over its aggressive cyber programs, which include espionage targeting US energy companies. "As a country, we're saying, "Enough, we're not going to tolerate it,'" the former official said.

US officials have been eager to publicly blame Iran for some of the most damaging cyber attacks in the United States in recent memory. Director of National Intelligence James Clapper has said that Iran was responsible for an attack on the Sands casino company in 2014, in which intruders stole and destroyed data from the company's computers. In testimony before the Senate Armed Services Committee in February, Clapper put that attack in the same category as North Korea's assault on Sony, which prompted retaliatory cyber strikes from the United States, as well as a new round of sanctions on individuals and companies in the Hermit Kingdom.

A second former senior US intelligence official who maintains close ties to current leaders said the last thing spy agencies will do now is decrease the amount of intelligence-gathering against Iran. He said, that intelligence gathering is central to verifying whether Iran is living up to its end of the deal. And, he said, those close to Clapper are speculating that he may actually want to collect more intelligence on Iran.

Iran's supreme leader, Ali Khameini, who must give his blessing to any final deal, has exhorted Iranian students, whom he calls "cyber war agents," to prepare for battle against Iran's enemies in cyberspace.

Some analysts think that by launching cyber operations against the United States, Iran was trying to send a message that it wouldn't be bullied at the nuclear negotiation table and that, regardless of how those talks turned out, cyberspace was a new territory that Iran wouldn't cede.

Daily Beast:

Germany Spied on EU Officials for the US

German intelligence services spied on top French officials and the European Commission on behalf of the American spy agency NSA, according to an article in Sueddeutsche Zeitung.
Germany's BND foreign intelligence agency helped the National Security Agency (NSA) carry out "political espionage" by surveilling "top officials at the French Foreign Ministry, the Elysee Palace and European Commission" the German daily paper is to report.

Long portrayed as a victim of snooping by allies, Chancellor Angela Merkel's government has grappled this week with embarrassing reports of German spying on European firms on behalf of the United States.

Citing intelligence agency documents, the Bild daily have reported that the German chancellor's office was informed in 2008 during Merkel's first term of German involvement in US economic espionage but did not react.

According to Sueddeutsche Zeitung, spying on companies could only have taken place in isolated cases as the United States searched for "information on illegal exports."

"The heart (of the problem) is political espionage of European neighbors and institutions of the European Union," the paper claims, citing a source with knowledge of BND's procedures.
German Interior Minister Thomas de Maiziere, a trusted Merkel lieutenant who served as chief of staff at the Chancellor's Office from 2005-2009, has offered to provide an explanation next week to a parliamentary committee looking into NSA practices.

However, the opposition has already accused the government of lying for saying that it knew nothing about any economic espionage by the NSA.

"I reject categorically the assertion that the government has not told the truth," Merkel spokesman Steffen Seibert said Wednesday at a regular press conference.

Germany reacted with outrage at revelations in 2013 by fugitive US intelligence leaker Edward Snowden that the NSA was conducting massive Internet and phone data sweeps, including in Germany.

The revelations, which included claims the NSA tapped Merkel's mobile phone, strained ties between Washington and Berlin.

Security Week:

Is Germany Paranoid About US Spying ?

Germany and the United States have enjoyed a special relationship ever since World War II. But today, the strength of that relationship is being tested by differences over personal privacy rights: Germans deeply distrust how the US handles digital data.

When asked in 2013 whether they thought the US government respects its citizens' personal freedom, 81% of Germans said yes. But in 2014, after the Snowden revelations made clear the extent of US National Security Agency (NSA) spying, that number dropped to 58%.

"There's a historical context for Germans' sacrosanct view of privacy, because this country had the Nazi dictatorship and then the East German government with the Stasi," Sudha David-Wilp, a fellow at the German Marshall Fund, tells Quartz from Berlin. "The Snowden revelations created mistrust: Is America really a benign power?"

The idea of personal data privacy is deeply ingrained in German culture. Germans even have a word for it: Datensparsamkeit, the principle of only collecting the bare minimum of data necessary.

"Anonymity is part of our idea of freedom," Kai Biermann, a technology journalist for the national weekly newspaper Die Zeit, tells Quartz. Datensparsamkeit is written into Germany's 2003 Federal Data Protection Act (English version here).

In June 2014, the German Bundestag, or national parliament, canceled its internet-service contract with US telecom Verizon, opting to entrust its data to German company Deutsche Telekom, instead. The alleged tapping of Angela Merkel's personal cell phone in Dec. 2013, has led the German chancellor to compare the NSA to the East German secret police, and German citizens remain outraged at the NSA's actions in their country—just yesterday, Apr. 23, national news magazine Der Spiegel revealed (link in German) that the agency had monitored Western European businesses for more than a year.

The German state department warns on its travel website that when you enter the United States, laptops or other electronic storage media may be searched by the US border authorities. At SXSW in Austin, Texas, this year, a Berlin-based attendee told me that he had brought a burner laptop and smartphone to Austin because he didn't trust the US with his data. At first I thought he was being unusually paranoid. Then I asked a number of tech-savvy Germans about this and heard the same thing.

"I have many friends working with information technology who refuse to travel to USA because of the border-crossing-laws," Markus Beckdahl of the blog NetzPolitik tells Quartz. "I wouldn't bring my used devices and would clean all my software to not bring any private communication and passwords."

"I would only take blank gadgets with me with clean hard drives [to the US]," says Biermann. "Many people on the streets are scared by the US. They fear not only the NSA but also the dominance of enterprises like Google and Facebook."

"It is common now to put a sticker over your laptop camera," he adds. "I see it a lot here. There is a constant fear of being spied by your own devices."

And it's not just the people on the street. In 2013 and 2014, the German ministry for family, seniors, women and children actually distributed free webcam-covering stickers to inhibit surveillance.


Disapproved: UK College of Policing Blacklists Former Officers for Data Misdeeds

The College of Policing has proudly informed the world that 59 former police officers, which were either sacked or resigned, have been placed on a blacklist barring them from re-entering the police service due to "data misuse".

Within a mere year of existing the "Disapproved Register" has already been graced with the names of 444 police officers, among whom have been two superintendents and four chief inspectors.

A variety of misdeeds led to the ex-coppers being blacklisted, but today's sub-list of 59 were barred from any return to policing thanks to their data wrongdoings.

The College of Policing has proudly hailed the numbers as showing how effective the police are at investigating internal misconduct.

Chief Constable Alex Marshall stated: "Confidence remains high in policing with a recent poll showing 66 per cent of the public who were asked said they generally trusted police to tell the truth, which is the highest figure since 1983."

That Ipsos MORI poll also showed that in 2014 29 per cent of the public would not trust a policeman to tell the truth, with only four per cent undecided.

While internal investigations may have found those on the "Disapproved Register" guilty of misconduct, police officers have until recently been able to retire or resign to avoid dismissal. The Home Office is now enforcing new regulations to prevent that.

The Register:

US Police Suffer Malware Attacks & Pay Ransom

Recently a number of local US police departments revealed how unprepared they are to face the 21st century threat posed by cyber-criminals.

The computer files of the Houlton, Boothbay Harbor, Damariscotta, Wiscasset and Waldoboro police departments and the Lincoln County Sheriff's Office were taken hostage when an aggressive form of malware was loaded onto them and encrypted their files.

The departments paid a ransom to regain access. But this wasn't the ransom payment of movies. There was no briefcase with unmarked bills or a dead drop. Everything was done over the Internet and the ransoms were paid in the online currency bitcoins.

What these police departments were hit with was a relatively new form of malware known as "crypto-ransomware," which first came onto the scene about two years ago.

According to the Symantec 2014 Internet Security Threat Report released earlier this month, ransomware attacks more than doubled from 4.1 million in 2013 to 8.8 million in 2014. The most dramatic climb was in the kind of attack that disabled the Maine police departments' computer files: crypto-ransomware attacks, which rose from 8,274 attacks in 2013 to 373,342 in 2014. That's a 4,412 percent rise.

The Maine police departments affected weren't the first law enforcement agencies to be hit. Several other police departments also have been hit by ransomware, among them the Swansea Police Department in Massachusetts in 2013; the Durham Police Department in New Hampshire and the Dickson County Sheriff's Office in Tennessee in 2014; and the Tewksbury Police Department in Massachusetts and the Midlothian Police Department in Illinois earlier this year.
With the exception of the Durham police, every department gave in to the demands of the cyber-criminals and paid the ransom.

So how does crypto-ransomware work? According to Rahula Kashyap, chief security architect at Bromium, a California-based cybersecurity firm, crypto-ransomware gains a foothold in a computer by taking advantage of outdated and weak security software or applications, like Web browsers, that haven't been updated with the latest security patches.

Typically, cyber-criminals cast a spam dragnet to try to ensnare thousands of computers in hopes of landing a number that are insecure. One of the most common ways to do this is through an email attachment pretending to be an invoice, a bill or a delivery confirmation. Once the attachment is opened, the malware installs and quickly encrypts all the files so the owner can't access them.

The computers at the Houlton Police Department were snared by an email purporting to have a quote for an order, and it appears that Lincoln County police were hit by a similar email.
Police departments in particular maintain open and closed case files that are key to protecting victims and pursuing criminals. Once the malware encrypted these departments' files, there were no backups to fall back on, which ratchets up the pressure to pay the ransom.

Bangor Daily News:

Tackle Insider Threat and Protect Your Organization

Live Event Date: May 13, 2105 @ 1:00 p.m. ET / 10:00 a.m. PT

Your data is a valuable asset that can quickly transform into a liability when breached. Organizations often become hung up on combating external breaches, while the insider threat doesn't get the attention it deserves. To manage both external and internal threats, new approaches to security are required, particularly in regards to authorized internal users who have legitimate access to sensitive information.

Join TITUS and a guest speaker from Forrester Research for this webinar, and learn how you can sharpen your security edge by implementing tools to identify sensitive information, developing policies that protect data, and running reports that help recognize and prevent internal threats.

Learn how to:
- Accurately identify the sensitivity and value of corporate information
- Create policies and metrics that matter
- Establish a culture of security and privacy throughout your organization
- Integrate security and risk into the big picture

Featured Speakers are Heidi Shey - Security and Risk Analyst, Forrester Stephane Charbonneau - Chief Technology Officer (TITUS) Lenny Liebmann - Moderator, IT Business Edge

Attend this live eSeminar and be automatically entered to win a new iPad Air! Official Rules for more details.


Hacked: Or, How to Become a Four-Star General

Retired Gen. Keith Alexander is best known as the man at the center of the National Security Agency (NSA) metadata collection program, revealed by whistleblower Edward Snowden. Speaking at the RSA Conference on April 24, Alexander talked about his life after retiring from the NSA in 2014.

Alexander was onstage with Ted Schlein, partner at Kleiner Perkins Caufield & Byers, who asked the former director of the NSA how he became a four-star general. It was all due to a hack, Alexander said.

"Someone hacked into the Department of Defense [DoD] network," he said.

What had happened is that the NSA saw some information from the Department of Defense in foreign space where it should not have been.

"At the time, NSA was not able to look into the DoD network," Alexander recounted. "After 10 days, we were allowed in and found 1,500 pieces of malware."

Alexander said that the malware was discovered on a Friday afternoon and within 24 hours, a plan was put in place to correct the issues and build a better system. At the time, he said, Russia was blamed for the incident. As a result of that incident, US Cyber Command was formed, in June 2009, and Alexander got his fourth star.

There was also some discussion about Snowden. Alexander was asked by Schlein if he were to send Snowden a Christmas card, what would it say?

"I would send him the oath, the one he claims he took. Maybe he should have read it all," Alexander said as the audience broke into spontaneous applause.

While Alexander didn't provide full details on what his company is doing, he did outline the problem space and where IronNet Cyber Security fits in. Alexander said that visibility is important for IT security. As such, situational awareness is critical, and the ability to provide a way of seeing traffic at network speed is critical. The IronNet platform aims to help provide better visibility to help organizations defend their own networks, he said.


Will Cyber Insurance Providers Reward Good Security?

Last week the chief of Lloyds of London claimed that his business had seen a 50% increase in demand for cyber insurance products in the first quarter of 2015. The UK government working in partnership with insurance broker Marsh in Marsh has highlighted that around 98% of large UK companies have no form of insurance against a data breach or cyber-attack.

There are three key factors that will drive demand for cyber insurance products in the immediate future:

1. Data breaches are on the rise and more damaging than ever.
2. Government is backing the UK cyber insurance industry to become a world leader.
3. There are sweeping privacy reforms underway in the EU.

So what does cyber insurance actually get you? In an article for legal news site Out-Law cyber liability specialist Ian Birdsey of Pinsent Masons explained, "There is a financial indemnity up to potentially significant levels of indemnity or cover in the region of hundreds of millions of pounds; and access to an expert panel of vendors often at preferential rates in the event of a data breach." He added, "The underwriting process is also likely to focus on various key aspects of risk management."

That means you can expect to be able to claim for the financial impact of a breach, which seems like a good safety net. But it's the underwriting process that raises concerns: What are these "key aspects" of risk management? Would a business judged to be less risky qualify for a lower premium?

It's the second question that is of greatest interest to any IT security professional is, who is looking to do the best job for the business they work in. To take car insurance as an example, customers who use a "dashcam" in their cars recording all of their journeys receive a substantial discount on their premiums. The same should surely applies to those organisations whom have made significant investments to reduce their risk of being the victim of an insider attack, malware or hack?

If you're now considering cyber insurance to help you respond in the event of a breach be sure to challenge that provider to be clear about the steps you can take with your policies or technology to keep your premium down.


How To Hack a Military Drone

Recently published research has given hackers a manual for breaking into unmanned systems, according to an Israeli defense company.

A downing of a CIA stealth drone by Iranians occurred a month after one such paper was published (entitled - The Requirements for Successful GPS Spoofing Attacks) noted Esti Peshin, director of cyber programs for Israel Aerospace Industries, a major defense contractor. In December 2011, the Christian Science Monitor reported that Iran navigated a CIA unmanned aerial vehicle safely down to the ground by manipulating the aircraft's GPS coordinates.

The 2011 study, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, detailed how to mimic GPS signals to fool GPS receivers that aid navigation. "It's a PDF file… essentially, a blueprint for hackers," Peshin said.
Peshin said she does not know whether the CIA drone was overtaken using GPS spoofing or even whether the attacker read the study. But she underscored how easily available the publication is online.

In the study, the researchers explained where an attacker must be located to generate fake signals capable of fooling GPS receivers. They also described ways to replace legitimate signals with an attacker's bogus signals, so the target ends up "losing the ability to calculate its position."

The authors of the Swiss study offered some advice on how to neutralize GPS deception, for instance, by hiding the exact positions of GPS receivers. Their intention was not to aid and abet terrorists, but rather to highlight "effective receiver-based countermeasures, which are not implemented yet in current standard GPS receivers," the researchers said.

While the academics did not mean any harm, hackers could have quickly exploited their instructions before vendors had time to fortify satellite-guided vehicles, Peshin said.

The Pentagon is currently working to insulate UAV navigation and surveillance from outside interference. Specifically, special software on a forthcoming hacker-proof Boeing Little Bird helicopter drone would shield communications from tampering.


US Is Still the Biggest Source of Surging Malware Attacks

Contrary to popular perception, a majority of the cyber attacks on US companies originate from inside the country rather than from the outside.

For all the attention placed on state-sponsored actors and cybercrime gangs in Russia, China and East Europe, nearly a third of the IP addresses associated with malicious activity and 48 percent of malicious URLs are US-based a report from security vendor Webroot shows. Over 75 percent of all phishing sites are hosted on servers inside the country, the report noted.

The Webroot report is based on an analysis of information gathered by the company's BrightCloud threat intelligence service. It showed that malware and the infrastructure for hosting and distributing it, is growing fast.

On average, there are a staggering 12 million malicious IP addresses operating on the Internet on any give day with 85,000 new addresses being launched daily. While the IP addresses come from all over the world, over 30 percent of them are from the US followed by China with 23 percent and Russia with 10 percent.

When Webroot looked at where malicious URLs are located, Russia and China were barely on the list while the US topped with France in a distance second place.

"The United States is the number one source of attacks, number one in terms of attack victims and number one in terms of attackers," said Mike Malloy, executive vice president of products and strategy at Webroot.

One reason why so many malicious URLs are located in the US could simply be that malicious attackers know that URLs in high-risk countries are automatically blocked by geo-filtering services, he said.

The top five companies impersonated by phishing sites in 2014 were Google, Facebook, Yahoo, Apple and Dropbox. The reason why phishers have gravitated towards such sites is pretty simple, Malloy says.

"The credentials to these sites are often the master password to a bunch of other applications," Malloy said. "There are a lot of applications that ask whether you want to log in with your Facebook ID or you Google ID," he said. By gaining access to the usernames and passwords to these sites, phishers often can unlock numerous other accounts as well, he said.

Somewhat less surprisingly, Webroot research also showed that Internet users are under growing siege from a variety of malware threats. In Dec 2014, the company noted an over 50 percent increase in phishing activity most likely as a result of the holiday season. The company determined that the average Internet user has a 30 percent chance that he or she will fall victim to a phishing attack involving a zero-day threat for which no remediation is available.

Meanwhile, the number of trustworthy mobile applications fell from 52 percent of all applications in 2013 to 28 percent in 2014. About 50 percent were moderately trustworthy, or suspicious, while the remainder were outright malicious or unwanted. The data shows that threats are extremely dynamic in nature and that IP address blacklists need to be updated constantly to keep up with new attacks and attackers, Webroot said.

Dark Reading:

US Oil & Gas Cyber Security Focus of Attack

US oil and gas cybersecurity market sees global cyberattacks rise by 179% to reach 6,500 per year (Source: Changes in technology used to manage oil and gas plants and pipelines are all putting them at greater risk of cyberattacks, meaning the oil and gas industry should be taking extra caution to protect information and its link to national security.

Building on the success of their Cyber Security meetings in London and Oslo, SMi takes Oil and Gas Cyber Security to North America, providing the perfect location and audience to address the most pressing cyber security issues facing the oil and gas sector.

2-day event programme includes key presentations, case studies, technology sessions, panel debate and live demonstrations delivered by leading Cyber Security Experts, IT Security Specialists, Computer Scientists and Researchers, and many others.

For more information, please go

The two-day conference will provide delegates with the perfect opportunity to gain a complete overview of the industry in North America and is a fantastic chance for information gathering, idea sharing and problem solving debate.

• Understand the current key market regulations to set a new standard across the industry
• Learn the importance of cyber security in supply chain management applicable to the oil and gas sector
• Discuss the effect of the plummeting oil price on physical and cyber security
• Evaluate live demos on how to block oncoming attacks and minimise the clean up
• Hear about the latest technology and software available
• Listen to the latest industry relevant case studies and discern the lessons learned

Event programme includes an interactive half-day pre-conference Workshop (12th May 2015, Marriott West Loop Hotel, Houston): Cybersecurity Frameworks and Architectures.

Ein News:

Banks Hires ex-GCHQ Chief to Fight Cybercrime

An exterior view of the Standard Chartered headquarters

Standard Chartered has appointed the former head of Britain's security and intelligence body GCHQ to its new financial crime committee as part of efforts to strengthen its cyber defense.
The Asia-focused bank said Iain Lobban would become a member and senior advisor to the committee responsible for matters including anti-money laundering, sanctions compliance and prevention of corruption.

Lobban was director of GCHQ, Britain's electronic intelligence gathering agency, from mid-2008 to late 2014.

Standard Chartered said cybersecurity had been at the heart of Lobban's role in recent year. Cyber criminals pose a rising threat to the public and private sector, and banks are being targeted by increasingly sophisticated criminals trying to steal money or client data, cause havoc in financial markets or score political points.

Standard Chartered said Lobban's appointment is for a two-year renewable term. The Committee was announced in December as part of the bank's attempt to combat financial crime and improve conduct and compliance capabilities.

Standard Chartered announced the committee a day after U.S. authorities extended monitoring of the bank until the end of 2017, which follows the bank's $667 million fine in 2012 over violations related to U.S. sanctions on Iran and other countries.


US Defense Secretary Defines New Cybersecurity Strategy

While the security industry gathered in San Francisco for the massive RSA Conference, just down the road at Stanford University in Palo Alto, Defense Secretary Ash Carter described in a speech there the Department of Defense's updated cybersecurity strategy that includes more transparency about its mission and operations and a "renewed partnership" with the technology industry.

"As Secretary of Defense, I believe that we in the Pentagon – to stay ahead – need to change and to change we need to be open, as I say, we have to think outside of our five-sided box," Carter said in a speech at Stanford yesterday.

At the heart of the DoD's cyber defense strategy is deterrence, stopping malicious behavior before it occurs, and identifying from where the attack came. "In some ways, what we're doing about this threat is similar to what we do about more conventional threats. We like to deter malicious action before it happens, and we like to be able to defend against incoming attacks – as well as pinpoint where an attack came from," he said. "We've gotten better at that because of strong partnerships across the government, and because of private-sector security researchers like FireEye, Crowdstrike, HP – when they out a group of malicious cyber attackers, we take notice and share that information."

But the deterrence strategy doesn't mean DoD won't take other actions when needed, he said. "And when we do take action – defensive or otherwise, conventionally or in cyberspace – we operate under rules of engagement that comply with international and domestic law."

"We must continue to respect, and protect, the freedoms of expression, association, and privacy that reflect who we are as a nation. To do this right, we again have to work together. And as a military, we have to embrace openness," Carter said. "Today dozens of militaries are developing cyber forces, and because stability depends on avoiding miscalculation that could lead to escalation, militaries must talk to each other and understand each other's abilities. And DoD must do its part to shed more light on cyber capabilities that have previously been developed in the shadows."

Carter shared a story about an attack earlier this year on DoD's unclassified military networks by Russian hackers. "It's never been publicly reported," he said of the incident.

"Earlier this year, the sensors that guard DoD's unclassified networks detected Russian hackers accessing one of our networks. They'd discovered an old vulnerability in one of our legacy networks that hadn't been patched," he noted.

The department detected the compromise and a team of incident responders was on the case within 24 hours, he said. "After learning valuable information about their tactics, we analyzed their network activity, associated it with Russia, and then quickly kicked them off the network, in a way that minimized their chances of returning."

Carter said the department also has a goal to better defend DoD information networks, lock down data, and protect military missions from cyberattack. "We do this in part through deterrence by denial, in line with today's best-in-class cybersecurity practices – building a single security architecture that's both more easily defendable, and able to adapt and evolve to mitigate both current and future cyber threats. This to replace the hundreds of networks – separate networks – that we now operate in the Department of Defense," he said.

"We have to strengthen our network defense command and control to synchronize across thousands of these disparate networks, and conduct exercises in resiliency…so that if a cyberattack degrades our usual capabilities, we can still mobilize, deploy, and operate our forces in other domains – air, land, and sea – despite the attack," he said.

Carter this week ordered the consolidation of IT services in DoD and in the Washington, DC capital region, he said, for better defenses and cost savings.

Carter said DoD will work more closely with the FBI, DHS, and other law enforcement to strengthen its cyber operations. "There are clear lines of authority in our government about who can work where, so as adversaries jump from foreign to U.S. networks, we need our coordination with our government to operate seamlessly."

Dark Reading:

Cybersecurity Policies for the Insurance Industry

Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem's cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses. The examination is currently underway and led by insurance regulators from California, Indiana, Maine, Missouri, New Hampshire, North Dakota and South Carolina. It should be noted that while this appears to be the first large scale multi-state examination of an insurer's cybersecurity practices, some insurance departments, such as Connecticut, have already been conducting review of an insurer's cybersecurity policies and procedures as part of its regular examinations.

Subsequently, NAIC released for comment two draft documents on cybersecurity. The first draft document, developed by NAIC's recently created Cybersecurity Task Force, is entitled "Principles for Effective Cybersecurity Insurance Regulatory Guidance" (the Principles). The Principles were designed to help state insurance departments identify cybersecurity risk and establish uniform standards to protect against it. The Principles also identify ways in which state regulators and NAIC can work with the insurance industry to flag these risks and work together on meaningful solutions.

The second draft document, developed by NAIC's Property and Casualty Insurance Committee, is NAIC's "Annual Statement Supplement for Cybersecurity Policies" (the Supplement). The Supplement reviews recent cybersecurity exposures.

In addition to NAIC's multi-state examination of Anthem, and its release of the draft Principles and Supplement, the New York State Department of Financial Services (NYDFS) is also looking into insurers' cybersecurity practices. NYDFS recently released the results of its cybersecurity survey of insurance companies. The survey inquired about insurers' current and future cybersecurity programs, including their use of third-party vendors. Forty-three insurance companies responded to the survey and provided insight into existing and planned cybersecurity programs, as well as the nature of measures taken by them to safeguard sensitive data and/or to protect against loss due to security incidents.

NYDFS is the principal regulator for insurance companies operating in the State of New York, as well as certain financial entities and other financial institutions. NAIC is the US standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five US territories.

JD Supra:

Russian Hackers Have Been Reading Obama's Emails

Some of President Obama's email correspondences were swept-up by Russian hackers last year, in a breach of the White House's unclassified computer system. This breach was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefing on the investigation.

The hackers, who also got deeply into the State Department's unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama's BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outsiders with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.

White House officials said that no classified networks had been compromised, and that the hackers had collected no classified information. Many senior officials have two computers in their offices, one operating on a highly secure classified network and another connected to the outside world for unclassified communications.

The president's closely guarded BlackBerry email account was not hacked, the Times said, but communications with other users were swept up.

Quoting "senior American officials briefed on the investigation", the Times said the hackers penetrated sensitive parts of the White House computer system, as well as the State Department. The hackers are presumed to be linked to the Russian government, if not necessarily working for it.

"It's the Russian angle to this that's particularly worrisome," the Times quoted a senior official as saying.

In February, Sony was the subject of an extensive and damaging hack, which Obama, in extensive and strongly worded warnings about cybersecurity, blamed on the government of North Korea.

NY Times:

Ein News:

Locked Shields: NATO Holds Major Cyber-Security Drill

Organized by the NATO Cooperative Cyber Defense Center of Excellence the largest cybersecurity exercise ever held in Estonia is underway. More than 400 computer experts and teams from 16 countries, as well as the NATO Computer Incident Response Capability (NCIRC), will participate in the cybersecurity drill, dubbed Locked Shields 2015.

Colonel Artur Suzik, director, NATO Cooperative Cyber Defense Center of Excellence said, "Locked Shields prepares computer emergency response specialist for the ever-changing cyber security landscape. Uniquely, we use realistic technologies, networks, and attack methods."

New technologies added to the cybersecurity drill annually

Col. Suzik added that new technologies and attack vectors were added every year to keep the cybersecurity drill at pace with real-world developments. Last year, Android devices, IP cameras, and VoiP attacks were added to the cybersecurity exercises.

The Locked Shields 2015 included ICS/SCADA Systems, Windows 8 and 10 operating systems and an element of active defense, according to Col. Suzik. He explained that the cybersecurity drills is scenario-based.

The NATO Cyber Defense Center of Excellence started the annual cybersecurity drill in 2010. The Government of Canada provided the financial grant for Locked Shield 2015. The grant will be used to purchase technical equipment for the cyber lab and supporting services to increase the capacity of the cybersecurity drill.

President Barack Obama and other world leaders decided to boost partnerships in cyber defense capabilities during a NATO summit in September. The world leaders also warned that a cyberattack against NATO members could trigger a collective defense response similar to a military aggression.

NATO advances efforts against cyber threats

NATO is advancing its efforts to address the wide range of cyberattacks targeting its networks on a daily basis. According to the organization, protecting its communications and information systems (CIS) is an urgent task given the growing sophistication of cyberattacks.

According to NATO, its cybersecurity program highlights the following:

1. Cyber defense is part of NATO's core task of collective defense.?NATO approved its first cyber defense policy in January 2008 following the cyberattacks against Estonia.
2. NATO is responsible for the protection of its communication networks.
3. Nations are and remain responsible for the security of their communications networks that need to be compatible with NATO's and with each other.
4. Allies are committed to enhancing information sharing and mutual assistance in preventing, mitigating and recovering from cyberattacks.
5. NATO is intensifying its cooperation with industry.
6. NATO enhances its capabilities for cyber education, training and exercises.

Separately, the U.S. Army and Estonia soldiers are part of the NATO Tornado military drills. According to RT News, NATO will use a laser training system to simulate actual battles during the military drills, which is the largest in the history of Estonia.

Almost 2,000 Estonian soldiers and divisions of US paratroopers will start the five-day Tornado drills, which will demonstrate the level of their readiness for larger Siil [Hedgehog] military exercises," according to General Staff of Estonia's Defense Forces. In May, 13,000 soldiers will participate in the Siil war games.

According to the report, NATO will use different versions of the Multiple Integrated Laser Engagement System (MILES) during the Tornado drills.?The presence of the US soldiers in the Baltic region is part of the Atlantic Resolve, which demonstrates the commitment of the United States to NATO members across Eastern Europe. The US is committed to international training and security cooperation.

Russia's General Staff, Lieutenant General Andrey Kartapolov noted that the operational combat training activities of NATO near the borders of the country increased by 80% last year. According to him, the military drills have a "clear anti-Russian orientation."


Rail Signals Can Be Hacked To Cause Crashes

Rogue employee could hack the new rail system and cause a crash

Prof David Stupples told the BBC that plans to replace ageing signal lights with new computers could leave the rail network exposed to cyber-attacks.

UK tests of the European Rail Traffic Management System are under way.

Network Rail, which is in charge of the upgrade, acknowledges the threat.

"We know that the risk [of a cyber-attack] will increase as we continue to roll out digital technology across the network," a spokesman told the BBC.

"We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place."

Once the ERTMS is up and running, computers will dictate critical safety information including how fast the trains should go and how long they will take to stop.

It is scheduled to take command of trains on some of the UK's busy intercity routes by the 2020s.

The system is already used in other parts of the world and there are no reported cases of it being affected by cyber-attacks.

In fact, it is designed to make networks safer by reducing the risk of driver mistakes.

But Prof Stupples - an expert in networked electronic and radio systems at City University in London - said if someone hacked into the system they could cause a "nasty accident" or "major disruption".

"It's the clever malware [malicious software] that actually alters the way the train will respond," he explained.

"So, it will perhaps tell the system the train is slowing down, when it's speeding up."

"Governments aren't complacent", the professor added.

"Certain ministers know this is absolutely possible and they are worried about it. Safeguards are going in, in secret, but it's always possible to get around them."

He added that he had spoken up to raise awareness of the threat.

"We keep security arrangements under constant review to take account of the threat and any new challenges we face," responded a spokeswoman for the Department of Transport.

According to the professor, the system is well protected against outside attack, but he says danger could come from a rogue insider.

Hundreds of signal boxes are being replaced as part of the upgrade

"The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed or coerced," he explained.

He added that part of the reason that transport systems had not already been hacked as frequently as financial institutions, and media organisations was that much of the technology involved was currently too old to be vulnerable.

All of that will change in the coming years, as aircraft, cars and trains become progressively more computerised and connected, he said.

Prof Stupples said he was working with Cranfield University to develop a security system that would tell when a train or other mode of transport was acting oddly. "It would take it back into a safe state," he explained.


Anonymous Hackers Taking On the Kremlin

In Russia, the data-leaking group Anonymous International struck again releasing an online archive (in Russian) of around 40,000 text messages that the group claims belong to Timur Prokopenko, a highly influential Kremlin official.

This is not the first time that the hacktivist group Anonymous International has targeted Prokopenko, who helped shape the Putin administration's domestic policy from 2012 to 2014.
In February of this year, the group published (Russian) roughly 9,500 emails allegedly belonging to Prokopenko. In addition to the SMS messages at the end of March, Anonymous International also leaked yet another trove of messages in early April, this time including correspondence lifted from the messaging app Telegram, and again supposedly from Prokopenko.

Anonymous International emerged at the end of 2013, when it published the full text of Vladimir Putin's New Year's national address a few hours before the speech was broadcast on television. Ever since, the group has busied itself with exposing the inner workings of certain political forces in Russia.

Anonymous International is widely known by the name that its "press office" goes by, Shaltai Boltai, which is the name nursery rhyme character Humpty Dumpty goes by in Russian.

The group publishes the leaks on its website, However, Russian media watchdog Roskomnadzor ordered access to the site blocked in July 2014, and it is accessible in Russia today only through a virtual private network or a mirror site. The group also tweets from the accounts @b0ltai, which is blocked in Russia, and @b0ltai2, a duplicate account that is still accessible in the country.

In a recent press conference, President Putin's press secretary Dmitry Peskov downplayed the group's latest information breach, saying, "I don't think a lot of people read these publications."
Judging by the chatter and interest generated online by Anonymous International's recent leaks, however, it is difficult to agree with Peskov's assessment.


'Killer Robots' Offer Both Risks & Advantages for Military Use

As Canada takes part in international talks on so-called "killer robots", documents show defence officials see risks but also military advantages to deploying deadly autonomous weapons.

The kind of artificially intelligent soldier-robot from the futuristic movie The Terminator may be a long way off, but policy analysts are grappling now with limits on the military use of robots

Records released under the Access to Information Act show officials at Foreign Affairs and National Defence are keeping an open mind as they carve out a Canadian position on the controversial systems, in spite of growing calls for a pre-emptive global ban.

Lethal autonomous weapons systems (LAWS) are not currently in use, but could eventually have the ability to select, target and engage in deadly attacks without human intervention.
Censored emails, reports and briefing papers released were prepared last spring when the first United Nations meeting was convened on the issue. One 17-page report outlines the Defence Department's "initial thinking" on the military, strategic, diplomatic and ethical implications, flagging moral questions but also potential benefits.

While Canada is not currently developing any lethal fully autonomous weapons systems it has an active research program on unmanned systems that informs policy on the opportunities and threats the technologies could pose.

Walter Dorn, a professor at the Royal Military College of Canada, has urged limits to ensure there is always an element of human decision-making in carrying out lethal force. No matter how advanced the technology, there is always the potential for glitches and malfunctions with technology that could harm soldiers or civilians.

"There is potential for great utility and great danger," he said.

In 2014, US Secretary of Defence Chuck Hagel, (left), is briefed by Brad Tousley on the Defence Advanced Research Projects Agency's ATLAS robot at the Pentagon. DARPA says Atlas is one of the most advanced humanoid robots ever built

But an international coalition of human rights activists, academics and security experts called the Campaign to Stop Killer Robots says that because technology is advancing so rapidly, world leaders must adopt a treaty to ban the weapons. Alex Neve, secretary general of Amnesty International Canada, said lethal weapons without human control, whether they're used for policing or military purposes, would violate international humanitarian law.

"Allowing robots to have power over life and death decisions crosses a fundamental moral line: the killing of humans by machines is an ultimate indignity in a certain sense, and humans should not be reduced to mere objects," he said.

The Defence Department documents point out countries like China and Russia that are "rapidly moving toward developing unmanned and autonomous systems," and that changes could revolutionize modern warfare.


Deloitte Mock a Cyberattack to Teach Business How to Respond

A security breach or big data loss can trigger an emergency for the entire business, not just for the IT or security teams, so staffers from multiple departments must know how to react effectively in such situations.

This was one of the main lessons taught in a cyber incident war-gaming exercise held for the media in New York by consulting firm Deloitte. Deloitte typically conducts such exercises on behalf of large organizations that want to prepare for when they are hit by a major computer breach. In the event, the participants were executives from various companies.

The exercise is designed to prompt organizations to make decisions so "if there is a cyber-incident, it is better prepared," said Mary Galligan, who is Deloitte's director of cyber risk services and a former FBI agent with experience in online crimes.

Typically, security and IT staff in most organizations are aware of the probability of cybercrimes and are trained to react quickly should one occur. Other business departments of an organization are not usually as aware of what their roles would be in such a scenario, Galligan said. Even those executives who are well equipped to manage a crisis find that "a cyber incident happens faster than anything that they've been used to before," Galligan said.

This work includes not only finding out how the information leaked out and then correcting the problem, but also handling a range of secondary issues. The company must craft a media message and contact all the affected patrons. It must use social media and train its own employees to reassure customers that the retail establishment has taken the breach quite seriously. It must also work with business partners, merchandise manufacturers and banks to ensure they don't sue the company for damages. It must readjust its sales projections, as well as inventory levels, to handle the lull in business that will probably occur in the months to come.
Finally, they need to answer to the company's board of directors, who are often angrily looking for how these issues are being addressed.


How Mobility Is Revolutionizing Manufacturing

Over eighty percent of CEOs believe mobile technologies are now strategically important and are changing their business operations. Here are the ten ways that mobilization is revolutionize the manufacturing industry:

1. Integrating mobile CRM systems with distributed order management, pricing and fulfillment to improve customer responsiveness. Providing information to sales teams, prospects and customers when, where and how they need it is driving greater mobile CRM adoption. Respecting prospects' time and delivering a real-time response can make the difference between making a sale or not.

2. Generating quotes for build-to-order products that reflect the latest pricing and delivery dates available. A VP of Sales at a local manufacturer told me that when his team delivers the first complete quote immediately following in-depth discussions with a prospect, they win 70% of the time. Mobile integration of their configure, price and quote (CPQ) system to pricing and inventory systems makes it possible for a sales rep to get a complete quote done and delivered within hours of leaving a prospect.

3. Making distributed order management more transparent to sales while increasing order fulfillment accuracy. The more complex the product being built, the more the purchasing and procurement teams on the customer side want updates. One global leader in high tech distribution created a series of mobile applications their sales reps give to customers so they can request order status, delivery dates and configure order alerts that are delivered 24/7, anywhere in the world. The result: 76% reduction in order status calls to the enterprise sales teams and 13% increase in sales the first six months these apps were available.

4. Improving supplier traceability and quality levels using real-time analysis and reporting. Too often quality systems and processes are manually integrated or isolated from manufacturing systems. Mobility is starting to have an impact here, making it possible for supplier traceability, quality, non-conformance & corrective action (NC/CA), corrective and preventative action (CAPA), Statistical Process Control (SPC) and genealogy traceability data to be immediately made available plant-wide. Forward-thinking manufacturers are using this data to benchmark suppliers in real-time, all over mobile devices.

5. Replacing manually intensive inventory management systems with enterprise-wide mobile inventory tracking, traceability and reporting systems. An aerospace manufacturer producing mid-range personal and commercial aircraft is using an enterprise-wide mobile inventory tracking, traceability and reporting system. This manufacturer has worked so closely with the Federal Aviation Administration (FAA) they can now report production status to the work instruction level electronically, saving thousands of hours a year in government-mandated reporting paperwork. Mobility is saving this manufacturer thousands of hours and dollars a year.

6. Monitoring production workflow performance using dashboards accessible from mobile devices. A build to order engine manufacturers in the rust belt of the United States found that to complete just one customized engine, the entire order traveled six miles inside the building. By integrating mobile-based systems to provide real-time updates and propagate data through the production center, four miles was trimmed off the typical order workflow, saving two weeks of production time.

7. Tracking machine-level compliance and providing alerts to production engineering when maintenance is required. In highly regulated manufacturing industries including medical products, production machinery and systems need to be regularly calibrated to stay in compliance. Manufacturers are starting to use mobile-based sensors to capture this data and report it in real time. Production and quality engineering teams get the alerts immediately and can plan on how to keep an entire shop floor continuously in compliance.

8. Reducing Field Service call cancellations and delays by accurately communicating parts and staffing requirements. There is nothing more frustrating from a customer's perspective than waiting for a field service technician to show up, only to find they don't have the necessary parts or were told the problem was completely different than the one that needs to be solved. Cloud-based mobile platforms show significant potential here. Combining emerging mobile platforms with service optimization apps, manufacturers can get the right technician to the right customer problem with the right parts the first time.

9. Improving logistics and supply chain coordination with suppliers using mobile technologies. Manufacturers whose business models rely on rapid inventory turns, tight production schedules and thin margins are the leading early adopters of mobile technologies for logistics and supply chain coordination. High tech hardware manufacturers are a case in point, as are many distributors whose business models are shifting to value-added services over pick, pack and ship operations.

10. Making Manufacturing Intelligence the new normal in production operations. The CFO at a well-known auto parts manufacturer told me recently that her greatest challenge is taking shop floor data and interpolating it to financial results fast. Mobility is helping with the data collection, and this manufacturer is using advanced pattern detection and predictive analytics to get in front of production cost trends. Their financial models also include cost analysis, cost formulation tools, cost and defective monitoring analysis and comparative financial analysis tools. All of these can be accessed from a secured tablet by staff anytime.

Bottom line: Mobility is forcing manufacturers to compete in their prospects' and customers' timeframes while delivering greater value in less time than before.


Suits And Spooks

The first European edition of Suits and Spooks, the cyber security conference that brings together decision makers and influential thought leaders in the industry, Former intelligence officials, corporate executives and information security practitioners from the United States and Europe will gather for a limited attendance, single-track event focusing on some of the hottest cybersecurity and intelligence related topics.


techUK - 10 St Bride Street, London, EC4A 4AD!london-2015/cco8