The attacks that compromised computer systems at Facebook, Twitter, Apple Corp. and Microsoft were part of a wide-ranging operation that relied on many “watering hole” web sites that attracted employees from prominent firms across the U.S., The Security Ledger has learned. The assailants responsible for the cyber attacks used at least two mobile application development sites as watering holes in addition to the one web site that has been disclosed: iPhoneDevSDK.com. Still other watering hole web sites used in the attack weren’t specific to mobile application developers – or even to software development. Still, they served almost identical attacks to employees of a wide range of target firms, across industries, including prominent auto manufacturers, U.S. government agencies and even a leading candy maker, according to sources with knowledge of the operation. More than a month after the attacks came to light, many details remain under tight wraps. Contacted by The Security […]
Tag: crime
Obama Lays Down The Law On Cyber Espionage
The Obama Administration on Wednesday released a report detailing new Administration measures to protect U.S. trade secrets and intellectual property. The report: “Administration Strategy on Mitigating the Theft of U.S. Trade Secrets” (PDF) establishes a new foundation for cooperation between the U.S. government and the private sector. It comes just days after a bombshell, 60-page report by the security firm Mandiant that described the activities of “APT1” – a hacking group that Mandiant claims is actually a cyber warfare unit of China’s People’s Liberation Army (PLA). In a post on the Whitehouse blog, the Administration said the Strategy is a continuation of Obama Administration policy to protect U.S. companies from the theft of trade secrets. Under the new Strategy, the Administration will take a “whole government” approach, using diplomatic pressure via the State Department, coordinated, international legal pressure through the Department of Justice and FBI. The U.S. will tap the […]
Weekend Security Reads – Our Picks
This was another eventful news week in the security world – stories about hacks on two, prominent newspapers, and a widespread hole in UPnP, a technology that all of us use, but never pay much attention to. (Always a dangerous combination.) Let’s face it, Friday is a time for decamping from the office, not taking on some weighty new mental project or thought provoking issue. But, come Sunday morning over coffee, you might just be ready to switch your higher cognitive functions on again. If so, here are some Security Ledger picks for good weekend reads: Hacking the Old Gray Lady – Slate.com The top security story this week was the string of revelations about sophisticated, targeted attacks against leading U.S. newspapers, including The New York Times and The Wall Street Journal. The Washington Post may also have been infiltrated, according to a report on Krebsonsecurity.com. The attacks by so-called […]
New York Times Hack Puts Antivirus on Defensive
The big news this morning is the New York Times’ scoop on…well…itself. According to a report in today’s paper, the Times’s computer network was compromised for more than four months by attackers believed to be located in China. The attacks followed a Times exposé on the wealth accumulated by family members of China’s prime minister, Wen Jiabao – one of a series of reports in Western media outlets that raised questions about corruption and influence peddling in China’s ruling Communist Party. Attackers planted 45 pieces of information-stealing malware on Times systems, despite the presence of antivirus software from Symantec Corp. protecting those systems before, during and after the hack. The story is fueling debate about the value of anti-virus software and prompted Symantec to issue a statement defending its technology, but warning that signature-based antivirus is not enough to stop sophisticated attacks. According to the Times report, the attacks used compromised systems on […]
School Shooters May Tip Their Hand In Facebook Rants
School shootings have occurred with sickening regularity in the United States in the last decade. The shootings happen in all types of communities, while the shooters come from all different backgrounds. But almost all of them have one thing in common: they used social media to vent their anger and, often, declare their murderous intentions ahead of time. An analysis of common trends in school shootings by the New Jersey Fusion Center said social media sites like Facebook are a common element in the majority of school shootings, with students who have conducted or planned attacks against their schools publicizing their anger and or intentions on sites like Facebook. The “Situational Awareness Report” (PDF) on “School Shooting Commonalities” is dated November 15, 2012, predating the horrific shooting at Sandy Hook Elementary School in Newtown, Connecticut that killed 26. In that case, the shooter, Adam Lanza, was described as a loner who spent hours […]
