Archives

shutterstock_115505548

Malware campaign spying on energy industry in U.S. and Europe

Symantec researchers have uncovered a malware campaign of a hacker group called “dragonfly” targeting the western energy sector. The hackers installed a trojan on computers belonging to energy companies in the US and Europe and therefore had remote access to their system.

According to Symantec, “among the targets were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.”

Dragonfly spread one of the trojans called Havex by hacking websites of companies selling software used in industrial control systems (ICS). The campaign gave attackers the chance to spy on energy comapnies and also sabotage their systems. Symantec states that the malware campaign “follows in the footsteps of Stuxnet“.

Symantec researchers have uncovered a malware campaign of a hacker group called “dragonfly” targeting the western energy sector. The hackers installed a trojan on computers belonging to energy companies in the US and Europe and therefore had remote access to their system. According to Symantec, “among the targets were energy grid operators, major electricity generation […]

hacking attack

State-sponsored hackers breached UK government network

Foreign hackers managed to hack into the UK government’s secure network and gained access to a system administrator account, Cabinet Office minister Francis Maude has revealed. He described the hackers as a “state-sponsored hostile group”. According to Maude, the attack was discovered at an early stage and “dealt with to mitigate any damage”.

Maude made the comment at IA14, the UK government’s yearly held conference for cyber security and information assurance decision makers. In detail, Maude told the audience: “Those who would do us harm have been busy over the past 2 years. I can tell you of a recent case where a state-sponsored hostile group gained access to a system administrator account on the Government Secure Intranet. Fortunately this attack was discovered early and dealt with to mitigate any damage. For that – and in many other cases – we can be thankful that we have some brilliant people working to keep us safe.”

 

 

,,,,,,,

Foreign hackers managed to hack into the UK government’s secure network and gained access to a system administrator account, Cabinet Office minister Francis Maude has revealed. He described the hackers as a “state-sponsored hostile group”. According to Maude, the attack was discovered at an early stage and “dealt with to mitigate any damage”. Maude made […]

shutterstock_35841916

Pentagon worries about F-35 fighter jet’s vulnerability to cyber attacks

According to an official of the Pentagon, the latest fighter jet being developed for the U.S. Armed Forces, is not entirely safe when it comes to hacking attacks. The comment of the official led to a major outcry since the F-35 has been plagued by technical flaws and budget overruns. In late April, the jet build by Lockheed Martin failed the stealth test.

The jet’s vulnerability to hackers is a result of the so called ALIS.ALIS is the computer system that sends information to the helmet displays of the pilots. F-35 pilots have an augmented reality overview drawn from six cameras across the body of the plane. When the pilots looks around, instead of seeing the cockpit he sees the world around him.

ALIS does that for him. Therefore the pilot carries the system, which looks like a desktop computer, with him to the plane and plugs it in a slot in the cockpit. All the information about his mission and all the data is on that laptop. Whoever is able to get into this system, could mislead the pilot, sabotage the mission or even bring the jet down without firing a bullet. The Pentagon is trying to downplay the comment.

shutterstock_106142831

US government files charges against Chinese military officials for cyber espionage

The US Justice Department on Monday accused five Chinese military officials of cyber espionage. The defendants are being accused of stealing data from six US companies and unions.

Attorney general Eric Holder told reporters at a press conference on Monday that the US plans on  bringing the Chinese officials to the US to face the charges. A press release published on the FBI website states that this is the ‘first time criminal charges are filed against known state actors for hacking”. It says further: “The indictment alleges that the defendants conspired to hack into American entities to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises (SOEs).” Accused are five Chinese military officials who are members of the People’s Liberation Army cyber unit known as Unit 61398.

The accusations come shortly after the Snowden revelations made clear that at least some of the National Security Agency’s surveillance program carried an economic benefit. Some media suggest that the recent charges could backfire on the NSA.

,,,,,

The US Justice Department on Monday accused five Chinese military officials of cyber espionage. The defendants are being accused of stealing data from six US companies and unions. Attorney general Eric Holder told reporters at a press conference on Monday that the US plans on  bringing the Chinese officials to the US to face the […]

New York skyline (photo: www.flickr.com/photos/sopasnor)

U.S. Regulators plan on issuing cybersecurity assessments for banks

The Federal Financial Institutions Examination Council (FFIEC) announced last week that it wants to work on identifying vulnerabilities in the U.S. banking system, especially when it comes to smaller community banks. FFIEC is an agency in charge of developing standards and principles for the U.S. banks. In the statement, the agency also said it plans to raise awareness for cyber threats.

The statement was part of the talk “Executive Leadership of Cybersecurity. What Today’s CEO Needs to Know About The Threats They Don’t See”. In the talk, CEOs are advised to think about “How is the staff at my institution providing me with accurate and timely information about our risks and our ability to mitigate them, so that I can prioritize our resource allocations and inform the board of directors?”

The agency points wants to build a “security culture” to make sure it can identify, measure, mitigate and monitor risks in the financial industry. Therefore, the FFIEC announced to implement a new vulnerability and risk-mitigation assessment. The agency also plans on implementing a regulatory self-assessment of supervisory policies and processes. FFIEC wants to give both tests a short pilot phase and then set them in place later this year.

,,,,,,,

The Federal Financial Institutions Examination Council (FFIEC) announced last week that it wants to work on identifying vulnerabilities in the U.S. banking system, especially when it comes to smaller community banks. FFIEC is an agency in charge of developing standards and principles for the U.S. banks. In the statement, the agency also said it plans […]

shutterstock_87200170

Police departments realize impending threat of cyber attacks

Police authorities around the world are starting to realize they need more manpower and skills to face cybercrime. FBI Director James Comey told reporters last Friday that the fight against cybercrime ist one of his most urgent priorities. “There is a huge amount of it going on at all different levels”, Comey said about cybercrime.

Currently the FBI investigates mainly national security threats or botnets, where countless computers get infected with malware. Comey told reporters that state and local police are constantly seeking help from his agency because they simply don’t have the equipment to deal with cyber crimes. “The 17,000 police agencies in the United States have got to become digitally literate,” Comey said.

Comey is not the only one perceiving the impressive development of cybercrime issues. UK’s police chief Pete O’Doherty just warned the public that seven out f 10 frauds are now cyber crimes.  “Cyber crime is rapidly increasing, both in volume and in complexity”, the head of the UK’s National Fraud Intelligence Bureau said.

Apart from U.S. and U.K. police departments, even India starts to worry about cyber security. The  former director of the Central Bureau of Investigation, R K Raghavan, thinks that soon there will be more victims of digital crime than of real-world-incidents. Furthermore, Naked Security reports that the director of the European Cybercrime Centre (EC3), Troels Oerting, also expressed concerns about the rise of cybercrime. He told the attendees of the InfoSec conference that cybercrime would “change the world as I know it.”

shutterstock_7159030

Europe carries out cyber stress test

European countries train for a serious cyber attack. European Union Agency for Network and Information Security (ENISA) carries out a cyber stress test with more than 400 cyber security professionals from 29 countries and 200 organisations according to ENISA. The stress test called “Cyber Europe” takes place every two years and trains the European countries’ reaction to major cyber incidents.

Although ENISA doesn’t divulge what kind of incidents are being drilled, it can be assumed that participants train for massive massive distributed denial-of-service attacks (DDoS), attacks on power grids and cyber-security breaches. “Participants in the exercise have to address several technical challenges such as incident detection, investigation, mitigation and information exchanges at technical level. During the first phase of the exercise participants across Europe will have to deal with 16 cyber-security incidents”, says ENISA on its website.

,,,,,,,,

European countries train for a serious cyber attack. European Union Agency for Network and Information Security (ENISA) carries out a cyber stress test with more than 400 cyber security professionals from 29 countries and 200 organisations according to ENISA. The stress test called “Cyber Europe” takes place every two years and trains the European countries’ […]

webdoc_share_v2_all

German newspaper FAZ features netwars / out of CTRL webdoc

German nationwide newspaper Frankfurter Allgemeine Zeitung (FAZ) featured the netwars / out of CTRL web documentary. “The web documentary shows the best parts of our new digital possibilities and combines it with the most dangerous ones”, FAZ says. The interactive web documentary explores in five episodes the impending threat of cyberwarfare. Actor Nikolai Kinski starrs as the digital arms dealer and shows the audience that one never knows who is in control.

Check out the trailer for netwars / out of CTRL:

,,,,,,

German nationwide newspaper Frankfurter Allgemeine Zeitung (FAZ) featured the netwars / out of CTRL web documentary. “The web documentary shows the best parts of our new digital possibilities and combines it with the most dangerous ones”, FAZ says. The interactive web documentary explores in five episodes the impending threat of cyberwarfare. Actor Nikolai Kinski starrs […]

shutterstock_70559788

Dutch student sells his ‘data soul’ to highest bidder

Dutch student and artist Shawn Buckles has auctioned all his private data in an online auction to the highest bidder in order to prove a point about loss of privacy in the age of big data. Buckles set up a website with an online bidding system in March, the auction actually ended on April 12th.

He received 53 bids, news website The Next Web ended up as the highest bidder. For €350 ($483) The Next Web received his personal profile, location track records, train track records, his personal calendar, email and online conversations, his thoughts and consumer preferences as well as his browsing history.

Buckles told wired.com, The Next Web will use his data on it’s forthcoming conference to adress the pissue of privacy. The money is supposed to go to Dutch organization Bits of Freedom, fighting for digital rights.

Buckles also published a pamphlet on privacy, saying ‘Our right to privacy is at stake.’ and that the day will come we need the right to privacy.

Not all of his friends liked his move. Buckles told wired.com that some of them weren’t pleased about the fact he not only published his emails and chat logs, but their answers as well. Buckles not only decided to sell his own online data but theirs as well. The outcry of some of his friends seems to prove his point.

Bildschirmfoto 2014-04-11 um 12.28.11

netwars / out of CTRL on focus.de

German news portal focus.de features netwars / out of CTRL on it’s website. Focus.de writes about the TV documentary. Berlin based hacker Felix “FX” Lindner conducts a stress test regarding the vulnerability of critical infrastructure in Germany. FX hacks his way into the control system of a German energy supplier. The hack has been arranged with the Eberhard Oehler, head of the energy supplier Stadtwerke Ettlingen. He wanted to know how vulnerable he is – the energy supplier Stadtwerke Ettlingen brings light, water and gas to 20.000 households in Southern Germany.

TV documentary netwars – war on the Web is still available on Arte’s mediathek.