Obama meets with CEOs to discuss improvements to U.S. cyber security

President Barack Obama will sit down on Wednesday with corporate leaders to discuss efforts to improve cyber security in private industries amid rising concern about hacking attacks emanating from China.

The White House said that in the meeting, to take place in the Situation Room, Obama would discuss efforts to address the cyber threat and solicit the CEOs’ input on how the government and private sector can best work together to improve the country’s cyber security.

More from Reuters.com @ http://www.reuters.com/article/2013/03/12/usa-obama-cyber-idUSL1N0C4HPK20130312

U.S. security firm claims China’s military controls ‘most prolific hackers in the world’

China’s army controls some of the most prolific hackers in the world, according to a new report Tuesday by an Internet security firm (Mandiant) that traced a host of cyberattacks to an anonymous building in Shanghai.

Mandiant said its hundreds of investigations over the past three years showed that groups hacking into US newspapers, government agencies, and companies “are based primarily in China and that the Chinese government is aware of them.”

The report focused on one group, which it called “APT1″ from the initials “Advanced Persistent Threat,” which it said had stolen huge quantities of information and was targeting critical infrastructure such as the US energy grid.

More from RawStory.com @ http://www.rawstory.com/rs/2013/02/19/u-s-security-firm-claims-chinas-military-controls-most-prolific-hackers-in-the-world/

United States the target of a massive cyber-espionage effort

The US intelligence community has concluded that America is the target of a massive cyber-espionage campaign that is threatening its competitiveness, The Washington Post reported.

Citing unnamed officials, the newspaper said the conclusion is contained in the National Intelligence Estimate, a classified report that represents the consensus view of the US intelligence community.

The report identifies China as the country most aggressively seeking to penetrate the computer systems of US businesses and institutions to gain access to data that could be used for economic gain, the paper said.

The document, according to the Post, identifies energy, finance, information technology, aerospace and automotive companies as the most frequent targets of cyber-attacks.

Outside experts have estimated the damage to the US economy in the tens of billions of dollars, the paper said.

The National Intelligence Estimate names three other countries — Russia, Israel and France — as having engaged in mining for economic intelligence but makes clear that cyber-espionage by those countries pales in comparison with China’s effort, the paper notes.

The administration of President Barack Obama is trying to counter the electronic theft of trade secrets by lodging formal protests, expelling diplomatic personnel, imposing travel and visa restrictions, and complaining to the World Trade Organization, the Post said.

From RawStory.com @ http://www.rawstory.com/rs/2013/02/11/united-states-the-target-of-a-massive-cyber-espionage-effort-report/

How M.I.T. Ensnared a Hacker

In the early days of 2011, the Massachusetts Institute of Technology learned that it had an intruder. Worse, it believed the intruder had been there before.

Months earlier, the mysterious visitor had used the school’s computer network to begin copying millions of research articles belonging to Jstor, the nonprofit organization that sells subscription access to universities.

The visitor was clever — switching identifications to avoid being blocked by M.I.T.’s security system — but eventually the university believed it had shut down the intrusion, then spent weeks reassuring furious officials at Jstor that the downloading had been stopped.

However, on Jan. 3, 2011, according to internal M.I.T. documents obtained by The New York Times, the university was informed that the intruder was back — this time downloading documents very slowly, with a new method of access, so as not to alert the university’s security experts.

“The user was now not using any of the typical methods to access MITnet to avoid all usual methods of being disabled,” concluded Mike Halsall, a senior security analyst at M.I.T., referring to the university’s computer network.

What the university officials did not know at the time was that the intruder was Aaron Swartz, one of the shining lights of the technology world and a leading advocate for open access to information, with a fellowship down the road at Harvard.

Mr. Swartz’s actions presented M.I.T. with a crucial choice: the university could try to plug the weak spot in its network or it could try to catch the hacker, then unknown.

The decision — to treat the downloading as a continuing crime to be investigated rather than a security threat that had been stopped — led to a two-day cat-and-mouse game with Mr. Swartz and, ultimately, to charges of computer and wire fraud. Mr. Swartz, 26, who faced a potentially lengthy prison term and whose trial was to begin in April, was found dead of an apparent suicide in his Brooklyn apartment on Jan. 11.

Mr. Swartz’s supporters called M.I.T.’s decision a striking step for an institution that prides itself on operating an open computer network and open campus — the home of a freewheeling programming culture. M.I.T.’s defenders viewed the intrusion as a computer crime that needed to be taken seriously.

M.I.T. declined to confirm any of these details or comment on its actions during the investigation. The university’s president, L. Rafael Reif, said last week, “It pains me to think that M.I.T. played any role in a series of events that have ended in tragedy.” He appointed a professor, Hal Abelson, to analyze M.I.T.’s conduct in the investigation. To comment now, a spokeswoman for the university said, would be “to get ahead of that analysis.”

Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed internal timeline of the events, a security expert was able to locate that new method of access precisely — the wiring in a network closet in the basement of Building 16, a nondescript rectangular structure full of classrooms and labs that, like many buildings on campus, is kept unlocked.

In the closet, Mr. Halsall wrote, there was a netbook, or small portable computer, “hidden under a box,” connected to an external hard drive that was receiving the downloaded documents.

At 9:44 a.m. the M.I.T. police were called in; by 10:30 a.m., the Cambridge police were en route, and by 11 a.m., Michael Pickett, a Secret Service agent and expert on computer crime, was on the scene. On his recommendation, a surveillance camera was installed in the closet and a second laptop was connected to the network switch to track the traffic.

More from the NY Times:

European Union maps out a new cyber-security plan

The European Commission on Thursday launched a new cyber-security plan, aimed at safeguarding vital information systems and bolstering the bloc’s defences against a growing criminal threat.

The plan calls on member states to set up specialised agencies to ensure the security of information networks and rapid intervention units to counter any cyber attack.

These bodies should cooperate to improve the resilience of information systems, on which all aspects of life increasingly depend, and bolster overall defences against crime.

To highlight the scale of the problem, the Commission cited World Economic Forum research estimating there is a 10 percent chance of a major critical information infrastructure breakdown in the coming decade, which could cost $250 billion.

Cybercrime meanwhile costs even more, with security firm Symantec saying victims worldwide lose around 290 euros billion each year.

“The more people rely on the Internet the more people rely on it to be secure. A secure Internet protects our freedoms and rights and our ability to do business. It’s time to take coordinated action,” said Neelie Kroes, EU Commissioner in charge of the bloc’s Digital Agenda.

EU foreign affairs head Catherine Ashton highlighted the importance of cyber-security to the bloc’s wider political aims.

“For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online. Fundamental rights, democracy and the rule of law need to be protected in cyberspace,” Ashton said.

More from RawStory.com @ http://www.rawstory.com/rs/2013/02/07/eu-

Controversial Cyber Bill CISPA To Be Reintroduced

The Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cybersecurity bill that would set up a system for the government to collect information from Web and telcom companies on user activities thought to be potentially dangerous to national security, passed the U.S. House in April but stalled after that, with a distinctly different Senate version failing to pass in August.

Now one of CISPA’s major bipartisan cosponsors, Rep. Dutch Ruppersberger (D-Md.), who first introduced the legislation along with Rep. Mike Rogers (R-Mich.), is saying that he will reintroduce the bill this year and is working with the White House to ensure it makes it into law, The Hill reported Tuesday evening.

Web freedom advocacy groups and activists criticized the initial version as potentially paving the way for companies and governments to violate user privacy by accessing information and taking law enforcement actions against users without warning.

Separately, Rogers in an address Wednesday said the U.S. was “under siege” on the Internet, as countries including Russia, China and Iran developed capabilities of launching cyber attacks, the Hill reported.

From TalkingPointsMemo at http://livewire.talkingpointsmemo.com/entry/controversial-cyber-bill-cispa-to-be-reintroduced

Massive security hole lets hackers control millions of cameras, printers and routers

A newly discovered exploit in a technology standard known as “universal plug and play” (UPnP) is big enough that hackers on the Internet could remotely access and control “millions” of compatible devices like cameras, printers and routers, security researchers said Tuesday.

Researchers working for the security firm Rapid7 said they found bugs in the UPnP standard that exposes personal devices to being remotely accessed and controlled. That means an enterprising hacker could, say, exploit the bug to print unwanted messages on a personal printer, or turn on a webcam unbeknownst to the owner.

A hole this large has likely already been exploited on a selective, individual basis, researchers warned, noting that something like 40 to 50 million network devices make use of UPnP.

Rapid7′s announcement was confirmed Tuesday night by the United States Computer Emergency Readiness Team (US-CERT), which warned that “hundreds of vendors” that supply network-enabled hardware rely upon UPnP, including major firms like Cisco’s Linksys, D-Link, Belkin and Netgear. The agency recommended those manufacturers begin immediately updating their software to close the vulnerability — a process which could take months.

“We recommend Linksys customers visit our website to understand if their home router is affected, and learn how to disable UPnP through the user interface to avoid being impacted,” a Cisco spokesperson told Forbes.

Rapid7 has also released a network scanning tool that should identify devices that are running UPnP and direct users to instructions to disable it. “Given the high level of exposure and potential impact of a successful attack, Rapid7 strongly recommends that UPnP be disabled” on any hardware currently running it, they advised.

From RawStory.com (http://s.tt/1za9b)

NSA cybersecurity program to protect power grid confirmed

Newly released documents confirm that the National Security Agency (NSA), America’s top cyberespionage organization, is spearheading a cloaked and controversial program to develop technology that could protect the US power grid from cyberattack.

Existence of the program, dubbed Perfect Citizen, was revealed in a 2010 Wall Street Journal article. But intriguing new details are revealed in documents released by the NSA last month to the Electronic Privacy Information Center (EPIC), an Internet privacy group that petitioned for them in 2010 under the Freedom of Information Act.

Of the 188 pages of documents released by the agency, roughly half were redacted to remove classified information. Even so, the documents show Perfect Citizen to be in the fourth year of a five-year program begun in 2009. Valued at up to $91 million, the Perfect Citizen technology is being developed by Raytheon, the Waltham, Mass., defense contractor that won it.

More from Raw Story: http://www.rawstory.com/rs/2013/01/04/secret-nsa-cybersecurity-program-to-protect-power-grid-confirmed/

The $1 billion opportunity in cybersecurity

With companies under threat from evolving cyberattacks, what opportunity is there in the security market to expand?

Reuters reports that the cybersecurity market may be worth billions in the coming years, as attacks increase in complexity and sophistication. Far from the realms of a hacker hiding out in a bedroom, cyberattacks can now be state-sponsored, conducted by hacktivist teams from across the globe, and even the average person can now easily learn basic hacking methods.

For businesses, the future state of security can be a worry. A single attack can release confidential emails, take down an entire network, or result in customer account details being thrown into a text document and uploaded online through services like Pastebin. These incidents can cost a small fortune to rectify — whether you’re an SME or enterprise — as well as damage a firm’s reputation and reduce customer trust.

U.S. carrier AT&T is one company that can see a silver lining amidst the worry, and view cyberthreats as a promising business opportunity worth billions of dollars.

Speaking about cyberattacks at the Morgan Stanley TMT conference, Frank Jules, president of AT&T’s global enterprise unit said:

“We see them on a daily basis and they are now getting smaller instead of coming in huge waves, which were easier for us to detect.

Every chief information officer at major corporations that I meet wants to talk about security. I think this will be a $40 billion market one day.”

Due to this, companies are expected to double or triple spending on security in the coming years. AT&T, for example, has seen double the amount of attacks against its networks in the past four months than previously recorded, and governments aren’t safe either; hacktivist group GhostShell recently released 2.5 million accounts from Russian authorities for the public to download.

Threats to business and government come in many guises. From malware that is estimated to cost advertisers $900,000 per day to retail store customer accounts being stolen or viruses that are opened via email and spread through networks, a single error — caused by accessing a malicious site or opening a seemingly innocent email — can cause havoc.

A painful prospect in a fragile economy it may be, but for businesses heavily reliant on digital storage and networks, raising security investment now may be the only way to stop cyberattacks costing a firm far more in the long run.

From Charlie Osborne at SmartPlanet.com : http://www.smartplanet.com/blog/bulletin/the-1-billion-opportunity-in-cyber-security/5572?tag=content;siu-container