Cyber Security Intelligence

Twitter< Follow on Twitter >

May Newsletter #3 2014

Fake Stories about Missing Malaysia Airline

After the Bermuda Triangle hoax about the missing Malaysia Airlines flight MH370, there has been an explosion of bizarre stories on social media claiming the plane has been found and the passengers are safe.

Twitter and Facebook seem to be the preferred sites for the fake stories. It is feared that some of the links might prompt users to take part in surveys wherein they enter their personal information, which could be exploited, by marketers and hackers.

India Sets New Aircraft Tracking Rules After MH370 Disappearance

India's civil aviation regulator said on Wednesday it has set new rules for local airlines to ensure real time tracking of aircraft, a decision it said was prompted by the disappearance of Malaysian Airlines flight MH370.

The new rules will apply to both passenger and cargo planes, the Directorate General of Civil Aviation (DGCA) said in a statement.

It said carriers have been asked to use onboard Aircraft Communications Addressing and Reporting System (ACARS) or Automatic Dependent Surveillance - Broadcast (ADS-B) for real time tracking.

The regulator also asked airlines to devise a procedure for effective tracking of aircraft while flying over areas where there is no coverage from ACARS or ADS-B.

'Europe to toughen black box rules after MH370'

The European Aviation Safety Agency has drawn up proposals to make it easier to find black boxes from missing aircraft, in the strongest official reaction so far to the disappearance of a Malaysia Airlines jet, sources familiar with the matter said.

The proposals will bring into force some recommendations that were put forward by France after the loss of an Air France jet in the Atlantic in 2009, but which were never implemented.

These include the addition of a new pinger frequency, making it easier to locate the recording devices under water.

An opinion due to be published by the agency also calls for an increase in the minimum amount of recording time on cockpit voice recorders to make it easier to understand plane crashes.

Flight MH370 is believed to have crashed in the southern Indian Ocean some seven hours after it went missing on March 8, meaning the standard two-hour recording loop would not cover conversations during the crucial early stages of the flight.

Snowden files show British Spying oversight

A report says the current system of oversight of MI5, MI6 and GCHQ, pictured, is 'designed to scrutinise the work of George Smiley, not the 21st-century reality'.

‘The current system of oversight belongs to a pre-internet age, a time when a person's word was accepted without question. What is needed is a scrutiny system for the 21st century, to ensure that sophisticated security and intelligence agencies can get on with the job with the full confidence of the public’ (Paragraph 170).

Regulation of Britain's intelligence agencies is so weak and ineffective that it undermines their credibility and that of parliament, the all-party Commons home affairs committee has concluded.

Edward Snowden's disclosures of the scale of mass surveillance are "an embarrassing indictment" of the weak nature of the oversight and legal accountability of Britain's security and intelligence agencies, MPs have concluded.

169. ‘Our decision to examine the oversight system following the theft of a number of documents from the National Security Agency by Edward Snowden. The documents were stolen in order to publicise mass surveillance programmes run by a number of national intelligence agencies. The documents were sent to several journalists and subsequently press reports detailing the programmes have been published in a number of countries. There have been criticisms of the newspapers who have published details of the programmes but Alan Rusbridger, Editor of The Guardian newspaper responded to those criticisms by noting that the alternative to having the newspapers-and you can criminalise newspapers all you like and try to take them out of this-the next leak or the next Edward Snowden or the next Chelsea Manning will not go to newspapers. They will dump the stuff on the Internet. [197]

One of the reasons that Edward Snowden has cited for releasing the documents is that he believes that the oversight of security and intelligence agencies is not effective. [198] It is important to note that when we asked British civil servants-the National Security Adviser and the head of MI5-to give evidence to us they refused. In contrast, Mr. Rusbridger came before us and provided open and transparent evidence.’

A highly critical report by the Commons home affairs select committee published on Friday calls for a radical reform of the current system of oversight of MI5, MI6 and GCHQ, arguing that the current system is so ineffective it is undermining the credibility of the intelligence agencies and parliament itself.

The MPs say the current system was designed in a pre-internet age when a person's word was accepted without question. "It is designed to scrutinise the work of George Smiley, not the 21st-century reality of the security and intelligence services," said committee chairman, Keith Vaz. "The agencies are at the cutting edge of sophistication and are owed an equally refined system of democratic scrutiny. It is an embarrassing indictment of our system that some in the media felt compelled to publish leaked information to ensure that matters were heard in parliament."

The cross-party report is the first British parliamentary acknowledgement that Snowden's disclosures of the mass harvesting of personal phone and internet data need to lead to serious improvements in the oversight and accountability of the security services.

The MPs say they decided to look at the oversight of the intelligence agencies following the theft of a number of National Security Agency documents by Snowden in order to publicise the mass surveillance programmes run by a number of national intelligence agencies.

Their report says Alan Rusbridger, editor of the Guardian, responded to criticism of newspapers that decided to publish Snowden's disclosures, including the head of MI6's claim that it was "a gift to terrorists", by saying that the alternative would be that the next Snowden would just "dump the stuff on the internet".

The MPs say: "One of the reasons that Edward Snowden has cited for releasing the documents is that he believes the oversight of security and intelligence agencies is not effective. It is important to note that when we asked British civil servants – the national security adviser and the head of MI5 – to give evidence to us they refused. In contrast, Mr. Rusbridger came before us and provided open and transparent evidence."

The report makes clear the intelligence chiefs should drop their boycott of wider parliamentary scrutiny. "Engagement with elected representatives is not, in itself, a danger to national security and to continue to insist so is hyperbole," it says.

But a move by Labour and Lib Dem MPs to congratulate the Guardian and other media outlets for "responsibly reporting" the disclosures – saying they had opened a "wide and international public debate" – was voted down by four Tory MPs.

Yvette Cooper, the shadow home secretary, said the report showed there was a cross-party consensus behind Labour's proposals, including reform of the commissioners system and an opposition chair of the ISC. "The government should now set out plans for oversight reforms," she said.

Nick Clegg has also outlined proposals for reforming the oversight system.

Cooper added that the select committee had added their voice to the growing number of MPs, who were calling for reform. She said that the police and security services needed to keep up with the challenges of the digital age but stronger safeguards and limits to protect personal privacy and sustain confidence in their vital were also needed: "The oversight and legal frameworks are now out of date," said the shadow home secretary. Emma Carr, of Big Brother Watch, the privacy campaign group, said: "When a senior committee of parliament says that the current oversight of our intelligence agencies is not fit for purpose, ineffective and undermines the credibility of parliament, the government cannot and must not continue to bury its head in the sand."

NSA Spy Defence and Snowden will cost lives

The NSA has never said much about the open secret that it collects and sometimes even pays for information about hackable flaws in commonly used software. But in a rare statement following his retirement last month, former NSA chief Keith Alexander acknowledged and defended that practice. In doing so, he admitted the deeply contradictory responsibilities of an agency tasked with defending Americans’ security and simultaneously hoarding bugs in software they use every day.

“When the government asks NSA to collect intelligence on terrorist X, and he uses publicly available tools to encode his messages, it is not acceptable for a foreign intelligence agency like NSA to respond, ‘Sorry we cannot understand what he is saying’,” Alexander told the Australian Financial Review, which he inexplicably granted a 16,000-word interview. “To ask NSA not to look for weaknesses in the technology that we use, and to not seek to break the codes our adversaries employ to encrypt their messages is, I think, misguided. I would love to have all the terrorists just use that one little sandbox over there so that we could focus on them. But they don’t.”

The NSA has been widely criticized for using its knowledge of security flaws for spying, rather than working to patch those flaws and make Internet users more secure. Alexander’s defense of the practice boils down to the notion that separating friend and foe when seeking to break codes has become a nearly impossible task.

“The interesting change has been the diffusion of encryption technologies into everyday life,” he told AFR. “It used to be that only, say, German forces used a crypto-device like Enigma to encipher their messages. But in today’s environment encryption technology is embedded into all our communications.”

At other points in his statement, Alexander argued that the NSA does disclose some of the vulnerabilities it finds in software to those who can patch the flaws, insisting that it focuses its bug-hunting primarily on defense, rather than using vulnerabilities for offensive purposes. He also went further, stating that the NSA “categorically [does] not erode the defenses of U.S. communications, or water down security guidance in order to sustain access for foreign intelligence.”

The longest-serving director of the US National Security Agency says former contractor Edward Snowden has become a Russian puppet and was responsible for the most damaging intelligence breach in history.

In the most comprehensive interview of his career, General Keith Alexander told The Australian Financial Review that Mr. Snowden’s theft and leaking of more than 100,000 classified documents meant lives would be lost as a result of adversaries being made aware of intelligence methods, and criticised the award of the Pulitzer Prize to newspapers who published the documents.

General Alexander is at the centre of a polarising debate on surveillance practices triggered by Mr. Snowden’s decision to publicise how the NSA hoovers up ­global communications data when collecting foreign intelligence. He said the NSA had been “vilified and misrepresented in the press” but had been guilty of “terrible public relations” in explaining the issue to the public.

In a wide-ranging discussion, which is published in full on The Australian Financial Review website, the former spy chief said accusations that the NSA was building personal dossiers on citizens based on phone call metadata were untrue, and warned that North Korean cyber-attacks on South Korea’s banks last year could have easily triggered outright war.

“At the end of the day, I believe people’s lives will be lost because of the Snowden leaks because we will not be able to protect them with capabilities that were once effective but are now being rendered ineffective because of these revelations,” he said. “It’s the greatest damage to our combined nations’ intelligence systems that we have ever suffered. And it has had a huge impact on our combined ability to protect our nations and defend our people.”

General Alexander conceded that the US government had no way of knowing how much more Mr. Snowden had taken, and refuted suggestions he had leaked the documents due to public interest.

In comments that will raise the ire of many supporters around the world, he said only a fraction of the leaks had anything to do with Americans’ civil liberties and that he believes Russian intelligence is now “driving” Mr. Snowden.

He said that Mr. Snowden’s choreographed questioning of President Vladimir Putin on Russian television was “probably organised to help improve Snowden’s credibility so . . . it would appear as if he’s an independent actor”.

“So we absolutely need to know what Russia’s involvement is with Snowden. And I think that is now going to be a job for law enforcement, counterintelligence and those related areas,” he said.

He forecast more problems would emerge in eastern Ukraine as President Putin sought to “secure his borders and his legacy” and believes globalisation is perversely contributing to greater ­geopolitical instability at the same time as both cyber and terrorist attacks are on the rise.

“With what’s going on across North Africa, the Middle East and the Pacific, I think you can conclude the world has become a less stable place,” he said.

“These unfolding crises are getting worse-they are deepening. The prospects of a serious regional conflict in the next decade are higher than they have been in the past.”

In addition to stating that the “enormous amount of espionage taking place” was “far greater than most people understood,” General Alexander said all nations were “moving towards developing offensive cyber capabilities” that could inflict physical damage on targets.

“These capabilities are expanding and there are real risks, which can only be managed by fixing your network security,” he said. He explicitly referenced the “Stuxnet” cyber-attack, which has been unofficially attributed to the US and Israel that infiltrated and destroyed almost one-fifth of Iran’s nuclear ­centrifuges by exploiting four undiscovered holes in Microsoft’s Windows ­operating system.

The general said there were real risks of cyber warfare escalating to physical conflict.

He said recent North Korean cyber attacks on South Korea’s banks could have spiraled quickly out of control and said Middle Eastern attackers “nearly disabled a major US telecommunications company” in 2012. “If that [North Korean] attack had been more severe, we simply don’t know how South Korea might have responded, and whether we could constrain that response,” he said.

He said there was a “significant ­probability for miscalculation in these cases – with catastrophic ramifications for everyone” because the “lack of ­transparency on red lines, and agreed escalation protocols, was especially acute in cyberspace”.

“What we’re seeing is more folks testing these boundaries with mounting numbers of state-on-state cyber-probes and sometimes cyber-attacks…The obvious public ones are the “wiper” viruses we have seen used against Saudi Aramco, RASGAS [a Qatari LNG company], and South Korea. “General Alexander said he was “greatly disappointed” The Washington Post and The Guardian had been “rewarded” with the Pulitzer Prize after putting “so many lives at risk” by revealing vital intelligence capabilities ­and “vilifying” and “misrepresenting” the NSA.

A Guardian News & Media spokeswoman denied it had done anything wrong.

“It’s a shame that some members of the intelligence establishment are more keen to defend the right of governments to gather mass data on their citizens than to recognise the legitimate role of a free press in encouraging responsible public debate,” she said. General Alexander said he sympathised with those who felt their privacy had been violated following the Snowden revelations, but blamed misrepresentation by the media.

“The problem is that it is being portrayed in the press that everyone’s data was being exploited by the PRISM program, which is wrong. The people are being misinformed and I believe that is a disservice to our country,” he said. “At the end of the day if a bad person is on one of those media platforms planning an attack, NSA’s mission is to help stop this from happening within the confines of the constitution and US laws . . . where we failed was explaining the difference between myth and reality.”

He said suggestions the NSA had over-stepped its remit were misguided and had been found to be untrue, with every independent investigation finding that the NSA was doing exactly what Congress and the administration had asked it to do. Professor ­Geoffrey Stone, a civil libertarian and constitutional lawyer who was one of five people appointed by President Barack Obama to review the NSA’s operations following leaks, backed General Alexander’s claims.

“I went into the NSA with preconceptions that the media had shaped, which is that the NSA was running amok and the Review Group’s job was to stop them from doing so,” he said in an interview.

“What I discovered was that what the NSA was doing was almost entirely within what was authorised by statute, judicial decision, and executive order.

“The problem is not with the NSA, but those who have given it these ­authorities.”

Professor Stone said it was easy for the media to demonise the NSA, but “much more complicated to say members of Congress, the President and the executive branch, and the Foreign Intelligence ­Surveillance Court had not done their jobs properly”.

General Alexander was adamant that revelations about NSA surveillance techniques could have dire consequences, and compared it to earlier leaks, which many have linked to the success of the 9/11 terrorist attacks.

“Think about in 1998 when somebody disclosed that we were monitoring Osama bin Laden’s communications via his Satcom phone.

“After that, we never heard bin Laden’s communications again. And he was free to go on and develop the 9/11 plots,” he said.

General Alexander advocated closer co-operation between the public and private sector to pre-emptively establish “secure zones” that leverage off the government’s hardened cyber defences.

“When you look at the investments government has made in protecting its most valuable information assets, I think we are obliged to help the private sector do the same thing,” he said.

“We’ve got to provide that same opportunity for those citizens who would like to capitalise on the level of security we have developed in government – to allow them to ‘opt-in’ inside our cyber defences.”

Intelligence community watchers expressed their interest in hearing General Alexander’s views on such a wide range of topics in the Financial Review’s interview.

Scott Borg, director of the US Cyber Consequences Unit, said that as the chief officer of America’s cyber capabilities, General Alexander commanded an awesome military force, as well as being the boss of “the world’s most powerful intelligence-gathering organisation.”

In a profile last year Wired Magazine, which did not interview General Alexander, concluded that “never before has anyone in America’s intelligence sphere come close to his degree of power”.

Mr. Borg said, “General Alexander’s “worst case scenario,” describing escalating cyber-attacks leading to a major physical war was not at all unlikely”.

“If anything he understates this danger: an all-out cyber assault could potentially inflict a level of damage that would only be exceeded by a nuclear war,” he said.

After reviewing the 17,500-interview transcript, which also covered specific NSA operations, the metadata and encryption debates, and Australia’s decision to ban Huawei from the National Broadband Network, Mr. Borg said it was “the most extensive and illuminating interview he had ever seen with General Alexander”.

Cyber Network Fusion

Terrorists, insurgents and criminal gangs are becoming more sophisticated and advanced in the ways in which they use a variety of social networks to exchange information and discuss actions as they are happening or about to take place.

The more sophisticated and knowledgeable groups now use one social network to begin a conversation with an individual within their group and to start an action. They will begin their first connection and conversation in a common network with brief vague comments and then on a particular word or sentence the two or more having the conversation will immediately stop using that network. The group will directly move to another social network and continue the orders or conversation. Again at a planned point and after a few comments and responses they will move to another social network. This will happen a half dozen times using different social networks with each particular phone connection. The last conversation and connection is then completed using a more secure and closed network. This network connection is purposely used making it harder for any observers to penetrate.

This method of Cyber Network Fusion has really given the dark users more privacy and independence from spying agencies and the police who are trying to track their discussions and actions.

Intelligence and criminal monitoring agencies and police have found this switching of networks very difficult to deal with intellectually and practically and it is giving the insurgency groups a real operational advantage.

Trying to get the government or police and their IT systems to be able to switch and move rapidly from one system to the next has proved very difficult and some agencies have failed to monitor this gang activity.

Japan and EU Agree on Cyber Security Agreement

Leaders met in Brussels this week, agreeing to a formal cyber dialogue and to share knowledge going forward.

Senior European Union officials including Council president Herman Van Rompuy met their Japanese counterparts for high-level talks in Brussels this week aimed at fostering greater co-operation on cyber security.

In a joint press statement released on Wednesday, Japanese prime minister Shinzo Abe, EU Council president Van Rompuy and European Commission president José Barroso said they had decided to launch an “EU-Japan Cyber Dialogue”.

This will focus on “promoting cooperation on cyberspace through exchanges of our respective extensive experience and knowledge”, the statement noted.

“Facing more severe, widespread and globalised risks surrounding cyberspace and the need to protect human rights online, protection of a safe, open and secure cyberspace is needed,” it added.

BH Consulting CEO Brian Honan, special advisor on Internet security at Europol’s European Cybercrime Centre (EC3), told Infosecurity Magazine that any improvements in co-operation between nation states should be welcomed in the fight against cybercrime.

“Too often we focus on stopping the symptoms of the cybercrime – such as botnets and DDOS attacks – but not on stopping those actually behind the attacks. Greater international cooperation between police forces will help in putting these people behind bars,” he added.

“These agreements can help in the quicker processing of international warrants and just as importantly in the sharing of intelligence data relating to online criminals and gangs.”

However, such international agreements are not a silver bullet, he warned.

“We shouldn’t overlook there are still a large number of countries which offer safe havens for cybercriminals either by having lax cybercrime laws or ineffective policing in this area,” argued Honan. “It is these countries that we need to help develop their law enforcement capabilities and develop better cooperation from.”

Four Strategies to Prepare for Cyber Attacks

Cyber attacks threaten all of us. White House officials confirmed in March 2014 that federal agents told more than 3,000 U.S. companies that their IT deployments had been hacked, according to The Washington Post. Meanwhile, Bloomberg reports that the Securities and Exchange Commission (SEC) is looking into the constant threats of cyber attacks against stock exchanges, brokerages and other Wall Street firms.

These attacks are going to happen, no matter what you do. Here, then, are four strategies to help you deal with cyber attacks and the threats they pose.

1. Have a Cyber attack Disclosure Plan

Many industries are regulated by state, local and federal governments and have specific rules about what must be disclosed to consumers during a cyber attack. This is especially true of the healthcare and financial verticals, where sensitive customer information is involved.

Sometimes in the wake of an attack, though, or even while an attack is still happening, the evolving situation can be murky enough that disclosure rules get broken -- or, at the very least, the disclosure process is delayed or confused. For that reason, it's important to plan ahead and develop an action framework when events that trigger a disclosure response occur.

Here are some considerations:

Understand the applicable regulatory framework. For publicly traded companies, the SEC generally has disclosure guidelines and timeframes. For financial institutions, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) handle this on the federal side. State regulations vary.

Engage your communications team. These employees are professionals who have developed relationships with media and other external stakeholders. They can help you control the messaging and disclosures that you're required to make, as well as advise on the timing and breadth of those statements.

Coordinate with the required departments. Most CIOs coordinate with the individual IT teams responsible for the area under attack -- as well as outside contractors and vendors helping with the mitigation and recovery, and applicable government agencies, to keep the disclosure plan on track. Identify key personnel ahead of time and make sure roles and next actions to carry out disclosure plans are known.

2. Understand What Targets Cybercriminals Value

The real question about cyber attacks isn't when they occur. Attackers constantly invent new ways to do everything, connectivity to the Internet is becoming more pervasive, and it's easier and cheaper than ever to acquire a botnet to do your bidding if you are a malfeasant. Cyber attacks will happen to you -- tonight, next week, next month or next year.

The real question about cyber attacks is where they will occur. Traditional attacks have really gone after most of the low-hanging fruit, such as payment information (witness the recent Target breach) or just general havoc wreaking, such as the Syrian Electronic Army's distributed denial of service (DDoS) attacks. Political or moral issues have motivated many attacks, or they've been relatively simple attempts to harvest payment information to carry out low-level fraud.

Future attacks could have more significant ramifications, though, including the attempt to retrieve more dangerous identity information such as Social Security numbers. In a recent panel discussion at the Kaspersky CyberSecurity Summit, Steve Adegbite, senior vice president of enterprise information security oversight and strategy at Wells Fargo, hinted that attackers may well be attempting to penetrate where the data is -- implying that new cloud technologies and data warehouses, as well as weaknesses in emerging technologies embraced by larger companies, could well be future targets for attackers.

Where cyber attacks will occur also pertains to the location of your enterprise. Threats in the United States will have a different profile than threats in Europe. Location matters in this equation. Take some time with your team to assess where cyber attacks are likely to be directed across your enterprise. Understand what may now be at an increased risk of attack, especially relative to the past.

3. Lobby for Budget to Defend Against, Mitigate Cyber attacks

IT budgets are no goldmine. CIOs have been used to having to do more with less for a long time now. If you've sung the praises to your management group about how you can save money by, for example, moving to the cloud or consolidating and virtualizing many servers, you might find yourself with reduced budgets and reduced headcounts -- right as the storm of cyber attacks threatens you. This isn't a preferred position.

Unfortunately, cyber attacks aren't only damaging. They're expensive, not only in terms of the cost of services being down but also the expense directly attributable to mitigating and defending them. Vendors with experience in reacting in real time to cyber attacks and mitigating their effects are tremendously expensive, both at the time of the event and hosting data during periods of inactivity in order to be prepared if and when an attack occurs. Purchasing the hardware and software necessary to properly harden your systems is expensive. This is an important line item, an important sub area, in your budget for which you need to account. Consider it insurance on which you will almost certainly collect.

Also, look for products and technologies rated at EAL 6+, or High Robustness, which is a standard the government, uses to protect intelligence information and other high-value targets.

Bottom line: Don't cannibalize your budget for proactive IT improvements and regular maintenance because you've failed to plan for a completely inevitable cyber attack.

4. In the Thick of an Attack, Ask for Help

When you're experiencing an attack, you need good information you can rely on. Others have that information. In particular, look for the following:

Join information-sharing consortiums that can help you monitor both the overall threat level for cyber attacks and the different patterns that attack victims have noticed. For example, the National Retail Federation announced a new platform to share information and patterns that aim to arrest the data breaches the industry has recently suffered. Financial services companies have set up an informational network, and other regulated industries often have a department of the governmental regulatory body that can serve as a contact point to help prevent this kind of illegal activity.

Develop a relationship with vendors with expertise on cyber attacks. It may be tempting to try to rely only on in-house resources and talent, both as a way to control costs and protect valuable information about your infrastructure, but many vendors and consulting companies have worked through multiple cyber attacks and have tremendous experience under their belts. Hiring one of these companies may well stop a cyber attacks before it does serious harm.

Using the security technology you have in place, understand what readings are important and what may well be just noise. In an effort to impress and appear complete, many software vendors monitor every little thing under the sun and spin up a multitude of readings that can mask or inadvertently dilute the notifications of serious problems. Use your technology wisely and understand what notifications refer to high-value targets so you can act earlier in the attack lifecycle.

Cloud Security Market worth $8.71 Billion by 2019

The increase in adoption of cloud computing, and growing demand for managed security services are playing a major role in shaping the future of cloud-based security services market.

A new report about the cloud security market segments the global market into various sub-segments with in-depth analysis and forecasting of revenues. It also identifies the drivers and restraints for this market with insights into trends, opportunities, and challenges.

The global cloud Security market witnessed higher growth, particularly after 2010, when majority of organizations started adopting cloud services for cost cutting, agility and flexibility of IT infrastructure. Also, this era experienced the emergence of cloud specific threats. Hence to balance the migration to cloud services without compromising security led to adoption of cloud security solutions by various industries. Presently, the market is buoyed by other major factors also including increasing dependence on cloud based services, growing host servers, overall growth of SaaS applications (Software as a Service) and emergence of cloud specific threats such as web application attack, brute force, vulnerability scan, and malware and botnet attacks.

Security applications delivered as cloud-based services provide a promising platform to manage threat and security concerns. The cloud-based services are gaining popularity because of the unique benefits it provides to the users, such as agility, scalability, and reduction in costs, business continuity, and flexibility of work practices.

Cloud security services have become crucial because it provides access to the most advanced security solutions. It addresses the most critical problems faced by the companies in the current work scenario, supporting the remote work force. As the number of mobile workers accessing the company’s private network is increasing, identity and access management has become of prime importance. Due to the increasing security threats and data breaches, the business risks associated to web and emails are also increasing.

Companies are also concerned about the data loss prevention and the log maintenance of the company’s employees and data process. All these problems can be resolved easily with the deployment of the services offered by the cloud security market. This is because it targets the specific security problems of cloud computing, and reduces the complexities related to the cloud.

This Report provides an in-depth analysis of the cloud security market across different industry verticals and regions. The vertical segment includes various industries such as government and public utilities, BFSI, IT and telecommunication, healthcare and life sciences, retail, manufacturing, media and entertainment, and transportation.

It is predicted that the future growth of this market will be based on increasing adoption of cloud computing by the small and medium size enterprises and proliferation of mobile devices, and Security/Software as a Service (SaaS) applications in business.

Heartbleed used to uncover data from cyber-criminals

Discovered in early April, Heartbleed lets attackers steal data from computers using vulnerable versions of some widely used security programs.

Now it has given anti-malware researchers access to forums that would otherwise be very hard to penetrate.

The news comes as others warn that the bug will be a threat for many years.

French anti-malware researcher Steven K told the BBC: "The potential of this vulnerability affecting black-hat services (where hackers use their skills for criminal ends) is just enormous."

Heartbleed had put many such forums in a "critical" position, he said, leaving them vulnerable to attack using tools that exploit the bug.

The Heartbleed vulnerability was found in software, called Open SSL, which is supposed to make it much harder to steal data. Instead, exploiting the bug makes a server hand over small chunks of the data it has just handled - in many cases login details or other sensitive information.

Mr. K said he was using specially written tools to target some closed forums called Darkode and Damagelab.

"Darkode was vulnerable, and this forum is a really hard target," he said. "Not many people have the ability to monitor this forum, but Heartbleed exposed everything."

Charlie Svensson, a computer security researcher at Sentor, which tests company's security systems, said: "This work just goes to show how serious Heartbleed is. You can get the keys to the kingdom, all thanks to a nice little heartbeat query."

Individuals who repeat the work of security researchers such as Mr. K could leave themselves open to criminal charges for malicious hacking.

The widespread publicity about Heartbleed had led operators of many websites to update vulnerable software and urge users to change passwords.

Paul Mutton, a security researcher at net monitoring firm Netcraft, explained that while that meant there was no "significant risk of further direct exploitation of the bug", it did not mean all danger had passed.

He said the problem had been compounded by the fact that a large number of sites had not cleaned up all their security credentials put at risk by Heartbleed.

In particular, he said, many sites had yet to invalidate or revoke the security certificates used as a guarantee of their identity.

"If a compromised certificate has not been revoked, an attacker can still use it to impersonate that website," said Mr. Mutton.

A greater role for NGOs in cyber crime awareness

Every minute, on an average, nearly 80 people in India fall prey to some form of cyber crime and the awareness initiatives in place to prevent them are not enough, Governor K. Rosaiah said here on Tuesday.

Mr. Rosaiah was quoting statistics from a Norton-Symantec study on internal security in our country as part of his address at the 10 anniversary celebrations of Cyber Society of India, an NGO working for awareness on cyber security, held in T Nagar.

Further quoting the study, the Governor added that, across the globe, India tops in cases of spam attacks, and stands third in cases of computer virus attacks and overall cyber threats. “In such a scenario, NGOs like Cyber Society of India have a greater role to play to create awareness among people on the nuances of cyber crimes and the deep impact it can cause,” Mr. Rosaiah added.

The anniversary celebrations were marked by a one-day workshop on cyber crimes and e-security, which was inaugurated in the morning by the Governor. R.K. Raghavan, former director of CBI, speaking on the subject ‘Information Security and E-Governance’, made the point that the more cyber crime is neglected, the more vicious it becomes.

John Rose, assistant commissioner (cyber cell), Central Crime Branch of the city police, elaborated the cyber crimes prevalent in the Banking, Financial services and Insurance (BFSI) sector.

Cyber Crime Displacing Conventional Crime

Cybercrime is slowly displacing conventional crime and the Indian police in course of time will become equipped to handle such crimes, according to former director of the Central Bureau of Investigation R K Raghavan.

Speaking during a workshop on Cyber Crimes and e-security, organised by the Cyber Society of India here on Tuesday, Raghavan said that more people would become victims of cyber crime than of conventional crime.

On an average only two per cent of our population is affected by conventional crime like dacoity and theft but almost everyone who has access to the Internet is vulnerable to cyber crime.

“Each individual has the potential to become a victim with the spurt in smartphones,” he added.

However, Raghavan is against the creation of a dedicated police force on the lines of the CBI to tackle cyber crime. “People like me have successfully handled cyber crimes. The police personnel will be able to take care of cyber crime effectively within a decade,” he said.

Talking about the delay in implementation of the Crime and Criminal Tracking Network System (CCTNS), he said it was a matter of concern, as the country does not have a single national database. CCTNS was to link 14,000 police stations across the country and make biometric profiles of convicts.

Earlier Governor K Rosaiah inaugurated the workshop, which marked the 10th anniversary celebrations of the Cyber Society of India.

Speaking on the occasion, he said that there were 42 million cyber crimes occurring on a pan-India basis every year and last year alone 52 per cent of such victims suffered attacks, including malware, viruses, hacking, scans, fraud and theft.

The Governor said that on an average 80 people in India are victims of cyber crimes every minute.

He stated that the Cyber Society of India had a greater role to play to create awareness on the nuances of cyber crime and to educate people on how to guard themselves against such criminals.

Speaking on the occasion N Vittal, former central vigilance commissioner, hailed the electronic voting machine and the person behind its development, Sujatha Rangarajan. He said EVMs were foolproof and rejected the claim that they were tampered with in the 2011 Lok Sabha elections. “I want to make it clear, Union Finance Minister P Chidambaram’s election was fair,” he said.

Backlash against big data

A recent article in the Economist asks why there is a backlash against data? Several articles have been written across a broad spectrum of established journals/news outlets that are very much anti-big data. The Economist responded with a counter question asking whether we not we are just at an early adoption phase, similar to that of the Internet or television, and therefore is this backlash just quite natural?

When discussing ‘big data’, we are essentially referring to what is now possible in terms of large data analysis. Never before have we had access to such large amounts of data, thanks to the Internet, faster computers and better methods of data collection.

Big data refers to the idea that society can do things with a large body of data that that weren’t possible when working with smaller amounts. The term was originally applied a decade ago to massive datasets from astrophysics, genomics and internet search engines, and to machine-learning systems (for voice-recognition and translation, for example) that work well only when given lots of data to chew on. Now it refers to the application of data-analysis and statistics in new areas, from retailing to human resources.

The backlash began in mid-March, prompted by an article in Science by David Lazer and others at Harvard and Northeastern University. It showed that a big-data poster-child-Google Flu Trends, a 2009 project that identified flu outbreaks from search queries alone-had overestimated the number of cases for four years running, compared with reported data from the Centres for Disease Control (CDC). This led to a wider attack on the idea of big data.

The criticisms fall into three areas that are not intrinsic to big data per se, but endemic to data analysis, and have some merit. First, there are biases inherent to data that must not be ignored. That is undeniably the case. Second, some proponents of big data have claimed that theory (i.e., generalisable models about how the world works) is obsolete. In fact, subject-area knowledge remains necessary even when dealing with large data sets. Third, the risk of spurious correlations-associations that are statistically robust but happen only by chance-increases with more data. Although there are new statistical techniques to identify and banish spurious correlations, such as running many tests against subsets of the data, this will always be a problem.

However these criticisms do not mean that big-data analysis has no merit whatsoever. Even the Harvard researchers who decried big data "hubris" admitted in Science that melding Google Flu Trends analysis with CDC’s data improved the overall forecast-showing that big data can in fact be a useful tool. And research published in PLOS Computational Biology on April 17th shows it is possible to estimate the prevalence of the flu based on visits to Wikipedia articles related to the illness. Behind the big data backlash is the classic hype cycle, in which a technology’s early proponents make overly grandiose claims, people sling arrows when those promises fall flat, but the technology eventually transforms the world, though not necessarily in ways the pundits expected. It happened with the web, and television, radio, motion pictures and the telegraph before it. Now it is simply big data’s turn to face the grumblers.

Rather than trying to ignore big data on one side of the debate, or becoming big data evangelists on the other, maybe we should be asking what we can do to help drive the conversation forward in terms of its practical application.$FILE/EY-The-Big-Data-Backlash.pdf

Australia says it will Employ Cyber Warfare

The Australian Defence Force has embraced cyber warfare, deception and disinformation through the Internet as key elements of future military operations. However the newly declassified ADF papers provide no guidance on how efforts to influence and deceive adversaries will not also mislead the Australian public and media.

While the Australian government has in recent years highlighted the need to defend Australia from cyber threats, including hacking and foreign spying, Australia’s preparedness and capabilities to undertake offensive cyber operations have remained a closely guarded secret.

However release of the Australian Defence Force’s newly revised ''Information Activities'' doctrine, approved by Defence chief General David Hurley last November, for the first time reveals the ADF will engage in offensive ''information operations'' in future military conflicts.

Declassified in response to a Fairfax Media freedom of information request, the new doctrine provides ''authoritative'' guidance for planning Defence Force operations aimed at ''undermining the adversary’s ability to develop, disseminate and execute sound decisions''.

Information operations are designed to ''persuade, convince, deter, disrupt, compel or coerce'' audiences that include foreign governments and military commanders, local chiefs and communities, non-governmental organisations as well as ''domestic players such as the general public and government''.

Offensive measures to be employed by the ADF against adversaries include ''computer network operations'' - otherwise known as cyber warfare - which are defined to include attacks on and exploitation of information and data networks.

The ADF’s information operations doctrine emphasises the importance of degrading an enemy's information systems as well as engaging in psychological warfare and deception. This includes ''manipulation, distortion, or falsification of evidence ... to influence the mind, decisions and actions of the adversary ... to form inaccurate impressions about friendly forces, squander intelligence assets, or fail to use other resources to best advantage''.

Significantly the doctrine also refers to ''special technical operations'' which use ''highly compartmented and closely protected'' capabilities that are ''particularly useful'' for offensive information operations.

''Some information-related capabilities are quite technical in nature and may require long lead times to be able to support the operation,'' the document says.

These new offensive capabilities, which were not discussed in the Australian Government’s 2013 Defence white paper, have been developed by the top secret Australian Signals Directorate with support from the Defence Science and Technology Organisation. It is understood the new capabilities range from denial of service attacks to sophisticated techniques to access foreign computer systems to destroy or change data including disseminating of false information.

Disclosures of highly classified United States and British documents by former US intelligence contractor Edward Snowden have revealed that the US National Security Agency and the UK’s Government Communications Headquarters have been developing offensive cyber warfare capabilities including ''information ops (influence and disruption)'', computer hacking, black propaganda and ''using online techniques to make something happen in the real or cyber world''.

These capabilities have been discussed at highly classified signals intelligence conferences held by the ''5-eyes'' intelligence partners - the US, UK, Canada, Australia and New Zealand.

In a recently published academic paper, signals intelligence and cyber warfare experts Professor Des Ball and Dr Gary Waters noted that the Australian Signals Directorate is ''a privileged party to cyber warfare developments in the United States and the United Kingdom''.

Offensive capabilities canvassed by Ball and Waters include use of cyber techniques to access electronic components in weapons systems, including “penetrating the ''firewalls'' protecting avionics systems and using wireless application protocols to insert ''Trojan horses''. This would conceivably allow Australian cyber specialists to effectively hijack adversary aircraft (and to choose between hard or soft landings for them).

''Australia strives to ensure that nothing is disclosed about these activities,'' Ball and Waters observe. ''But there are aspects of operational planning which ultimately cannot be disguised, including the development and assimilation of doctrine within the ADF and the procurement of particular capabilities.''

The newly released ADF doctrine notes information operations often involve ''complex legal and policy questions; requiring not just local review, but national-level co-ordination and approval''.

There is also an acknowledgment that the ADF must simultaneously deal with ''multiple audiences and voices'' including the Australian public.

However, there is no guidance on how propaganda and deception transmitted through the internet, including social media will be reconciled, with ADF public affairs and media liaison activities, which are ''the principal vehicle for the commander to maintain public support during the conduct of operations.''

''It is important to nurture public trust by providing clear, timely and accurate information in order to remain responsive to public expectations,'' the ADF’s new doctrine adds.

The full web site is currently under development and will be available soon!