Archive for October, 2012

Forget Cyberwar, Sandy Puts Continuity Plans To the Test

October 29, 2012 21:16Comments Off
Forget Cyberwar, Sandy Puts Continuity Plans To the Test

We’ve all read a lot about the potentially devastating impact of a pre-emptive, nation-state backed cyber attack on our critical infrastructure in recent years. Why, it wasn’t more than two weeks ago that Defense Secretary Leon Panetta warned about the dire consequences of a “digital Pearl Harbor.” An “aggressor nation or extremist group,” he warned “could use these kinds of cybertools to gain control of critical switches … [and] derail passenger trains, or even more dangerous, trains loaded with lethal chemicals,” according to a report in Stars and Stripes.  “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.” It’s scary stuff, for sure. But not unprecedented. In fact: anyone on the Eastern Seaboard of the United States can look out their window right now and see a major dry run (more like a wet run) of a massive […]

Read more ›

FBI Surveillance of NY Fed Terror Suspect Included Facebook Chats

October 18, 2012 11:53Comments Off
FBI Surveillance of NY Fed Terror Suspect Included Facebook Chats

The FBI’s surveillance of Quazi Nafis, the alleged terror suspect who tried to blow up the New York Federal Reserve Bank, included Facebook chats between  Nafis, a co-conspirator and a confidential FBI source, according to a copy of the indictment released on Wednesday. The indictment details a months-long investigation of Nafis, a 21 year-old Bangladeshi and Queens, New York, resident who entered the U.S. on a visa in January, 2012. While much of the surveillance consisted of recorded phone- and in person conversations, Nafis also used Facebook in July to debate with his co-conspirators about whether his planned act of jihad was sanctioned under Muslim law. Nafis was arrested in New York’s financial district Wednesday after he attempted to detonate what he believed was a truck bomb parked outside the New York Federal Reserve bank. The bomb was assembled by Nafis and a co-conspirator using inert materials supplied by the […]

Read more ›

Are Security Firms Ducking Attribution for VOHO? (Rhymes with ‘Carolina’)

October 15, 2012 06:53Comments Off
Are Security Firms Ducking Attribution for VOHO? (Rhymes with ‘Carolina’)

RSA left few stones unturned in its recent report (PDF) on the so-called “VOHO” attacks against pro democracy, military industrial base and high finance firms. But one question that was notably left unanswered was perhaps the most important: “Who, or what, was behind the attacks?” Now the  lead RSA security researcher trusted with analyzing the malware used in recent “watering hole” attacks tells Security Ledger that the malware left some clues as to the origins of the attacks, which affected tens of thousands of systems in more than 700 organizations, but not enough to conclusively link VOHO to a specific group, country or actor. “It’s hard to tell,” said Chris Elisan, a Principal Malware Scientist at RSA and the lead investigator into the malware used in the VOHO attacks. “The malware is only part of it,” he said. Other parts of what Elisan called the “attack chain” are needed to identify […]

Read more ›

Microsoft: Freeware, Pirate Software Supply Chain Leads to Infections

October 9, 2012 23:12Comments Off
Microsoft: Freeware, Pirate Software Supply Chain Leads to Infections

The Internet is a dangerous place, in general. And, depending on what you’re looking for online, it might be very dangerous, indeed, according to Microsoft. Writing in the company’s latest Security Intelligence Report, Microsoft said that its Malware Protection Center (MMPC) has observed an increase in malicious code infections that emanate from what it calls the “unsecure supply chain”  - the informal network of legitimate and underground web sites that distribute freeware and pirated software. Freeware that promises to generate registration keys for popular products like Adobe’s Photoshop, Microsoft Windows and games such as Call of Duty were among the most commonly associated with malicious programs, Microsoft said.  Internet users hoping to unlock pirated software download the key generators believing that they will produce a valid registration key, but often end up infecting their system in the process. But malware authors and cyber criminal groups will also wrap their creations in with […]

Read more ›

FTC Releases Google Privacy Report – Minus The Juicy Details

October 4, 2012 17:012 comments
FTC Releases Google Privacy Report – Minus The Juicy Details

Google could tell you about its privacy practices except, well….they’re private. That’s the conclusion privacy advocates are drawing after the Federal Trade Commission took a black marker to an independent audit of the company’s privacy practices before releasing it to the group EPIC in response to a Freedom of Information Act (FOIA) request. The FTC released a copy of a Price Waterhouse Coopers audit (PDF) of Google that was mandated as part of a settlement with the FTC over complaints following a 2010 complaint from EPIC over privacy violations in Google Buzz, a now-defunct social networking experiment. However, the agency acceded to Google requests to redact descriptions of the search giant’s internal procedures and the design of its privacy program. “Part of that (Google Buzz) settlement requires that Google implement a ‘comprehensive privacy program,’ EPIC Consumer Protection Fellow David Jacobs wrote to Security Ledger. “Part of that settlement also requires that […]

Read more ›

After VOHO Attacks, Organizations Face Arduous Clean Up

October 2, 2012 11:25Comments Off
After VOHO Attacks, Organizations Face Arduous Clean Up

News about the so-called VOHO “watering hole” attacks have faded from the headlines, but the hard work for hundreds of organizations who were victims of the attacks has just begun. The first step for many firms is figuring out if they were victims.

Read more ›

Security Ledger Uses: