China

Senator Warns of DHS Struggle with Cyber Security

U.S. Senator Tom Coburn (R-OK) used his final days in office to warn that the U.S. Department of Homeland Security (DHS) is struggling to fulfill its mission to protect the nation from cyber attack. The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (PDF) was released on Saturday, as the retiring Senator from Oklahoma was leaving office. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.” The warnings on DHS cyber operations were part of a larger critique of the Department in the report, in which Coburn called on reforms of Homeland Security focused on accountability and streamlining. Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber […]

Continue Reading

The Moral of Sony? Stop Doing Attribution

The hack of Sony Pictures Entertainment, which first came to light on November 24th, devolved this week into a chaotic international “whodunnit” with conflicting reports attributing the incident to everything from the government of North Korea to the government of China to global hacktivist group Anonymous to disgruntled Sony employees. For sure: those attributing the attack to hacking crews within the military of the Democratic Peoples Republic of Korea (DPRK) had their argument bolstered by reports in the New York Times and elsewhere claiming that the U.S. government now believes that the DPRK, under the leadership of Kim Jong Un, was responsible for the devastating hack. Officials at Sony Pictures Entertainment clearly believe the connection is credible, ordering the cancellation of the release of the Sony Pictures film The Interview following threats of violence on theaters showing the film. That acceded to a key demand of the hackers, who have used the […]

Continue Reading

Cyber Resilience? Sony Employees Back To Faxes and Face to Face

There’s a fascinating article on TechCrunch that cites a current (anonymous) Sony Pictures Entertainment employee talking about life at the company in the wake of a crippling November 24th cyber attack that wiped out thousands of computer systems and stole terabytes of data from the company. According to the story, Sony employees have resorted to using circa 1990s fax machines to transmit documents and – horror – having face to face communications in lieu of texting, e-mail or social networking, all of which are disabled within Sony’s environment. [Read more Security Ledger coverage of the Sony Pictures hack here.] “We had barely working email and no voicemail so people talked to each other,” the source tells TechCrunch. “Some people had to send faxes. They were dragging old printers out of storage to cut checks…It was crazy.” “That is what a major corporate security breach sounds like,” TechCrunch writes. “The squeal […]

Continue Reading

Malicious or Obnoxious? Chinese Mobile Vendor CoolPad Uses Secret Backdoors

CoolPad, an up-and-coming Chinese mobile phone maker, is shipping high-end, Android smart phones with so-called “back door” access built into the phone’s software. That, according to research by the firm Palo Alto Networks. Palo Alto researchers Claud Xiao and Ryan Olson released a report identifying the suspicious remote access software, which they dubbed “CoolReaper” on Wednesday. According to the report, the so-called “backdoor” program was shipped with stock operating systems (or ROMs) used by Coolpad’s “high end” phones in China and Taiwan. The software, which appears to have been created and managed by Coolpad, runs on top of the Android operating system and allows the company to remotely manage the phone independent of the wishes of its owner: pushing applications to the device without the user’s consent or notification, wiping data and applications, sending over-the-air (or OTA) updates to the phone, transmitting device data and sending arbitrary phone calls and SMS […]

Continue Reading

U.S. Weather Systems Victims of Cyber Attack

The Washington Post is reporting that hackers from China breached the network of the National Oceanic and Atmospheric Administration (NOAA) in September, forcing cyber security teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses. The article cites sources within the government and Congress. The intrusion occurred in late September. However, NOAA officials gave no indication that they had a problem until Oct. 20, according to three people familiar with the hack and the subsequent reaction by NOAA, which includes the National Weather Service. According to the report, NOAA officials believe that actors based in China are responsible for the attack. The report also claims that efforts to respond to it resulted in an interruption in some key services, including NOAA’s National Ice Center Web Site, a partnership with the U.S. Navy and U.S. Coast Guard to monitor conditions for navigation. That two-day outage skewed the accuracy […]

Continue Reading
1 11 12 13 14 15 23