The U.S. is aggressively targeting ISIS in cyberspace, attempting to halt the group's ability to communicate electronically, Secretary of Defense Ash Carter said Thursday.
His comments build on those from earlier this week when, for the first time, the Department of Defense admitted to an active offensive cyberspace mission.
"There is no reason why these guys ought to be able to command and control their forces," Carter said Thursday morning at a Microsoft-sponsored event in Seattle.
Drawing a parallel with the use of more conventional tools of warfare like missiles, Carter said the attacks are intended to hit the heart of ISIS operations.To read this article in full or to leave a comment, please click here
The U.S. is aggressively targeting ISIS in cyberspace, attempting to halt the group's ability to communicate electronically, Secretary of Defense Ash Carter said Thursday.
US Secretary of Defense Ashton Carter spoke last at the RSA conference after NSA Director Rogers and Attorney General Lynch because he was prepared for a more substantive dialog with the RSA Conference audience. He had real news to deliver, his opinion to share about encryption that is central to the FBI and Apple iPhone encryption dispute and innovation programs to pitch.Carter is a different sort of Washington bureaucrat. A PhD in medieval history and particle physics from Yale with a second PhD from Oxford who was a Harvard professor of world affairs and held high level Department of Defense (DoD) roles during the Clinton and Obama administrations.To read this article in full or to leave a comment, please click here
In one case pirates – actual pirates – boarded cargo ships armed with a list of which shipping containers contained jewelry and went straight to them, stole the gems and left.In another, attackers took control of the mainframe at a water district, mixed sewage with the drinking water, boosted the chlorine to dangerous levels and stole customer information.These are two of 18 representative case studies in Verizon’s new Data Breach Digest, a compendium of anonymized customer investigations performed by the company’s Research, Investigations, Solutions and Knowledge (RISK) Team and released at RSA Conference 2016.+ NOT AT THE SHOW? Follow all the news from RSA 2016 +To read this article in full or to leave a comment, please click here
The next time you see a billboard on the side of the road, it may also be scanning you.A geolocation-tracking feature on billboards owned by Clear Channel Outdoor gives the company new ways to target advertising and measure its effectiveness. The service has caught the eye of privacy advocates, who worry that the so-called Radar tracker will be able to collect massive amounts of information from smartphones in cars driving past.To read this article in full or to leave a comment, please click here
Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.To read this article in full or to leave a comment, please click here
For the third time in less than a year, security researchers have found a method to attack encrypted Web communications, a direct result of weaknesses that were mandated two decades ago by the U.S. government.These new attacks show the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today.The field of cryptography escaped the military domain in the 1970s and reached the general public through the works of pioneers like Whitfield Diffie and Martin Hellman, and ever since, the government has tried to keep it under control and limit its usefulness in one way or another.To read this article in full or to leave a comment, please click here
The Internet of Things (IoT) is disrupting just about every industry. But it may get disrupted itself as the nation’s legal and regulatory system slowly catches up with the massive security and privacy risks it creates.
Not anytime soon, however. “Work in progress” was the operative phrase at a panel session at this week’s RSA conference titled, “Flaming toasters to crashing cars – the Internet of Things and mass liability.”
Most of the problem with establishing legal liability surrounding the IoT is that while its growth is regularly called “explosive,” there is a lot more, and bigger, exploding yet to come.
The number of connected things is expected to expand so exponentially that one of the panelists, Jay Brudz, an attorney at Drinker Biddle & Reath, declared that “Internet of Things” is already a “dumb phrase. In years to come, it’s going to be everything but computers with a human interface, so it’s just going to be the Internet,” he said.To read this article in full or to leave a comment, please click here
The US Department of Energy said it has whittled 92 teams down to 9 finalists for its competition that aims to double the current amount of energy captured from ocean waves.Each of the finalists in the Wave Energy Prize and two alternates will now receive seed DOE funding to develop a 1/20th-scale model of their deep water wave energy converter (WEC) devices. The final round of testing will take place this summer at the nation's most advanced wave-making facility—the Naval Surface Warfare Center's Maneuvering and Seakeeping Basin in Carderock, Maryland.To read this article in full or to leave a comment, please click here
The arrest of Diego Dzodan, the vice president of Facebook for Latin America, by Brazilian federal police in Sao Paulo has stirred up controversy in the country.The executive was arrested on Tuesday morning after Facebook, the parent company of WhatsApp, declined to follow the orders of a court in the state of Sergipe to turn over information on application usage by people accused of drug trafficking.After the arrest, the company filed a habeas corpus petition that was reviewed and granted by a judge in the highest state court in Sergipe early Wednesday, leading to Dzodan’s release, according to local media.The police, however, acted appropriately in the case, according to Frederico Meinberg Ceroy, the president of the Brazilian Digital Law Institute. Facebook and WhatsApp, which has no official representation in the country, are the only two large technology companies that do not cooperate with law enforcement in Brazil in such cases, he pointed out.To read this article in full or to leave a comment, please click here
A regular refrain within the online security community is that privacy is dead.
David Adler’s talk at RSA Tuesday, titled “Where you are is who you are: Legal trends in geolocation privacy and security,” was about one of the major reasons it is so, so dead.
To paraphrase Adler, founder of the Adler Law Group, it is not so much that in today’s connected world there is a single, malevolent Big Brother watching you. It’s that there are dozens, perhaps hundreds, of “little brothers” eagerly watching you so they can sell you stuff more effectively. Collectively, they add up to an increasingly omniscient big brother.
“Everything is gathering location data – apps, mobile devices and platforms that you use,” he said. “Often it is being done without your knowledge or consent.To read this article in full or to leave a comment, please click here
This week at the RSA security conference, Microsoft announced the succinctly named Windows Defender Advanced Threat Detection product. The solutions (which really needs a better or at least shorter name) is focused on helping an organization's IT department detect threats to Windows 10 machines after the perimeter network has been penetrated. This is an important and pragmatic recognition of the fact that despite most solutions focusing on perimeter security, sometimes the outside line gets broken and hackers find a way in.To read this article in full or to leave a comment, please click here
Google’s Vice President Security and Privacy Engineering Gerhard Eschelbeck spoke yesterday to a packed house at the RSA Security Conference about his professional life. Google operates in a fishbowl because its business model depends on both consumers, enterprise users and privacy regulators trusting it to store vast amounts of data in its data centers. Given this scrutiny and gigantic computing scale makes Google intriguing. It’s a benchmark establishing best security practices.Eschelbeck’s stark mission statement “to protect users’ data” speaks of the alignment of his security group with the company’s cloud services and advertising business model.To read this article in full or to leave a comment, please click here
Just in case its motion to vacate wasn't enough, Apple late Tuesday filed an appeal of a California judge's order requiring it to help the FBI defeat the password protection on the iPhone of one of the San Bernardino mass shooters.Apple's lawyers filed the appeal "in an abundance of caution," to cover the possibility that an appeal is the most appropriate way to oppose Magistrate Judge Sheri Pym's Feb. 16 order, they said in a court filing.To read this article in full or to leave a comment, please click here
The U.S. Department of Defense plans to ask computer security experts to Hack the Pentagon as part of a push to improve its cyber defenses.The initiative is similar to the bug bounty programs run by commercial software companies seeking to reward hackers who report security vulnerabilities in code. The DOD says it's the first cyber bug bounty program in the history of the federal government.The DOD program, which will launch in April, will ask participants to examine its public Web pages, searching out vulnerabilities and attack launching points.But the program will only go that far. The DOD's classified networks will be off-limits to the participants, and they won't be free to launch actual attacks on any of the department's public-facing sites.To read this article in full or to leave a comment, please click here
A Turkish citizen who led an operation that hacked into the systems of credit and debit card processing companies between 2011 and 2013 has pleaded guilty in a court in New York, according to officials.Ercan Findikoglu, 34, also known by his online nicknames Segate, Predator, and Oreon, pleaded guilty to computer intrusion conspiracy, access device fraud conspiracy, and effecting transactions with unauthorized access devices before District Court Judge Kiyo A. Matsumoto of the U.S. District Court for the Eastern District of New York.Findikoglu was arrested in Germany in 2013 and was extradited to the U.S. in 2015. He could face up to over 57 years of imprisonment on sentencing, according to the U.S. Attorney’s Office in the Eastern District of New York. The operations of his group inflicted more than US$55 million in losses on the global financial system, it added.To read this article in full or to leave a comment, please click here
The FBI might be able to copy the hard drive of an iPhone used by a mass shooter without triggering the device's auto-erase functions, thus eliminating the agency's need to take Apple to court, a company executive said Tuesday.Instead of forcing Apple to help defeat the iPhone password security that erases the device's contents after 10 unsuccessful attempts, it may be possible to make hundreds of copies of the hard drive, said Bruce Sewell, Apple's senior vice president and general counsel.Apple doesn't know the condition of the iPhone used by San Bernardino mass shooter Syed Rizwan Farook, so it's unclear if mirroring the hard drive would work, but it's possible, Sewell said during a congressional hearing.To read this article in full or to leave a comment, please click here
A 31-year-old Florida man got 10 years behind bars for hacking women’s social media accounts including Facebook, stealing pictures and personal information and posting it on pornographic websites.Specifically Michael Rubens was sentenced to 10 years in prison for cyberstalking, unauthorized access to a protected computer and aggravated identity theft, a $15,000 fine and $1,550 in restitution his crimes, according to acting Northern District of Florida U.S. Attorney Christopher Canova.+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here
Bipartisan legislation introduced in Congress on Monday calls for creating an independent, 16-member national commission on security and technology challenges.Including its two House and Senate sponsors, the legislation has eight co-sponsors in the Senate and 16 in the House. Sen. Mark Warner (D-Va.), a member of the Senate Intelligence Committee, and House Homeland Security Chairman Michael McCaul (R-Tex.) are the principle sponsors.The commission would have two members drawn from each of the following fields: cryptography, global commerce and economics, federal law enforcement, state and local law enforcement, consumer-facing technology, enterprise technology, the intelligence community and the privacy and civil liberties community.To read this article in full or to leave a comment, please click here
The Internal Revenue Service has issued its second major warning about tax scams in a little over a month– this one involving a phishing email scheme that look a like a message from company executive requesting personal information from employees.The IRS said the scheme has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.+More on Network World: Yikes! 10,000 IRS impersonation scam calls are placed every week+To read this article in full or to leave a comment, please click here