U.S. security firm claims China’s military controls ‘most prolific hackers in the world’

China’s army controls some of the most prolific hackers in the world, according to a new report Tuesday by an Internet security firm (Mandiant) that traced a host of cyberattacks to an anonymous building in Shanghai.

Mandiant said its hundreds of investigations over the past three years showed that groups hacking into US newspapers, government agencies, and companies “are based primarily in China and that the Chinese government is aware of them.”

The report focused on one group, which it called “APT1″ from the initials “Advanced Persistent Threat,” which it said had stolen huge quantities of information and was targeting critical infrastructure such as the US energy grid.

More from RawStory.com @ http://www.rawstory.com/rs/2013/02/19/u-s-security-firm-claims-chinas-military-controls-most-prolific-hackers-in-the-world/

United States the target of a massive cyber-espionage effort

The US intelligence community has concluded that America is the target of a massive cyber-espionage campaign that is threatening its competitiveness, The Washington Post reported.

Citing unnamed officials, the newspaper said the conclusion is contained in the National Intelligence Estimate, a classified report that represents the consensus view of the US intelligence community.

The report identifies China as the country most aggressively seeking to penetrate the computer systems of US businesses and institutions to gain access to data that could be used for economic gain, the paper said.

The document, according to the Post, identifies energy, finance, information technology, aerospace and automotive companies as the most frequent targets of cyber-attacks.

Outside experts have estimated the damage to the US economy in the tens of billions of dollars, the paper said.

The National Intelligence Estimate names three other countries — Russia, Israel and France — as having engaged in mining for economic intelligence but makes clear that cyber-espionage by those countries pales in comparison with China’s effort, the paper notes.

The administration of President Barack Obama is trying to counter the electronic theft of trade secrets by lodging formal protests, expelling diplomatic personnel, imposing travel and visa restrictions, and complaining to the World Trade Organization, the Post said.

From RawStory.com @ http://www.rawstory.com/rs/2013/02/11/united-states-the-target-of-a-massive-cyber-espionage-effort-report/

How M.I.T. Ensnared a Hacker

In the early days of 2011, the Massachusetts Institute of Technology learned that it had an intruder. Worse, it believed the intruder had been there before.

Months earlier, the mysterious visitor had used the school’s computer network to begin copying millions of research articles belonging to Jstor, the nonprofit organization that sells subscription access to universities.

The visitor was clever — switching identifications to avoid being blocked by M.I.T.’s security system — but eventually the university believed it had shut down the intrusion, then spent weeks reassuring furious officials at Jstor that the downloading had been stopped.

However, on Jan. 3, 2011, according to internal M.I.T. documents obtained by The New York Times, the university was informed that the intruder was back — this time downloading documents very slowly, with a new method of access, so as not to alert the university’s security experts.

“The user was now not using any of the typical methods to access MITnet to avoid all usual methods of being disabled,” concluded Mike Halsall, a senior security analyst at M.I.T., referring to the university’s computer network.

What the university officials did not know at the time was that the intruder was Aaron Swartz, one of the shining lights of the technology world and a leading advocate for open access to information, with a fellowship down the road at Harvard.

Mr. Swartz’s actions presented M.I.T. with a crucial choice: the university could try to plug the weak spot in its network or it could try to catch the hacker, then unknown.

The decision — to treat the downloading as a continuing crime to be investigated rather than a security threat that had been stopped — led to a two-day cat-and-mouse game with Mr. Swartz and, ultimately, to charges of computer and wire fraud. Mr. Swartz, 26, who faced a potentially lengthy prison term and whose trial was to begin in April, was found dead of an apparent suicide in his Brooklyn apartment on Jan. 11.

Mr. Swartz’s supporters called M.I.T.’s decision a striking step for an institution that prides itself on operating an open computer network and open campus — the home of a freewheeling programming culture. M.I.T.’s defenders viewed the intrusion as a computer crime that needed to be taken seriously.

M.I.T. declined to confirm any of these details or comment on its actions during the investigation. The university’s president, L. Rafael Reif, said last week, “It pains me to think that M.I.T. played any role in a series of events that have ended in tragedy.” He appointed a professor, Hal Abelson, to analyze M.I.T.’s conduct in the investigation. To comment now, a spokeswoman for the university said, would be “to get ahead of that analysis.”

Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed internal timeline of the events, a security expert was able to locate that new method of access precisely — the wiring in a network closet in the basement of Building 16, a nondescript rectangular structure full of classrooms and labs that, like many buildings on campus, is kept unlocked.

In the closet, Mr. Halsall wrote, there was a netbook, or small portable computer, “hidden under a box,” connected to an external hard drive that was receiving the downloaded documents.

At 9:44 a.m. the M.I.T. police were called in; by 10:30 a.m., the Cambridge police were en route, and by 11 a.m., Michael Pickett, a Secret Service agent and expert on computer crime, was on the scene. On his recommendation, a surveillance camera was installed in the closet and a second laptop was connected to the network switch to track the traffic.

More from the NY Times:
http://www.nytimes.com/2013/01/21/technology/how-mit-ensnared-a-hacker-bucking-a-freewheeling-culture.html?pagewanted=all&_r=0

European Union maps out a new cyber-security plan

The European Commission on Thursday launched a new cyber-security plan, aimed at safeguarding vital information systems and bolstering the bloc’s defences against a growing criminal threat.

The plan calls on member states to set up specialised agencies to ensure the security of information networks and rapid intervention units to counter any cyber attack.

These bodies should cooperate to improve the resilience of information systems, on which all aspects of life increasingly depend, and bolster overall defences against crime.

To highlight the scale of the problem, the Commission cited World Economic Forum research estimating there is a 10 percent chance of a major critical information infrastructure breakdown in the coming decade, which could cost $250 billion.

Cybercrime meanwhile costs even more, with security firm Symantec saying victims worldwide lose around 290 euros billion each year.

“The more people rely on the Internet the more people rely on it to be secure. A secure Internet protects our freedoms and rights and our ability to do business. It’s time to take coordinated action,” said Neelie Kroes, EU Commissioner in charge of the bloc’s Digital Agenda.

EU foreign affairs head Catherine Ashton highlighted the importance of cyber-security to the bloc’s wider political aims.

“For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online. Fundamental rights, democracy and the rule of law need to be protected in cyberspace,” Ashton said.

More from RawStory.com @ http://www.rawstory.com/rs/2013/02/07/eu-
maps-out-new-cyber-security-plan/

Controversial Cyber Bill CISPA To Be Reintroduced

The Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cybersecurity bill that would set up a system for the government to collect information from Web and telcom companies on user activities thought to be potentially dangerous to national security, passed the U.S. House in April but stalled after that, with a distinctly different Senate version failing to pass in August.

Now one of CISPA’s major bipartisan cosponsors, Rep. Dutch Ruppersberger (D-Md.), who first introduced the legislation along with Rep. Mike Rogers (R-Mich.), is saying that he will reintroduce the bill this year and is working with the White House to ensure it makes it into law, The Hill reported Tuesday evening.

Web freedom advocacy groups and activists criticized the initial version as potentially paving the way for companies and governments to violate user privacy by accessing information and taking law enforcement actions against users without warning.

Separately, Rogers in an address Wednesday said the U.S. was “under siege” on the Internet, as countries including Russia, China and Iran developed capabilities of launching cyber attacks, the Hill reported.

From TalkingPointsMemo at http://livewire.talkingpointsmemo.com/entry/controversial-cyber-bill-cispa-to-be-reintroduced