Tag: critical infrastructure

Funding Cut, Military’s List of Critical Defense Technologies Languishes

The U.S. Department of Defense is failing to adequately maintain its main reference list of vital defense technologies that should be banned from export, despite rules requiring its use and upkeep, according to a new report from the Government Accountability Office (GAO). The Militarily Critical Technologies List (MCTL) is “outdated and updates have ceased,” the GAO found in a report released this week. The list was intended as the DOD’s main resource for tracking sensitive technology and preventing its export to foreign nations or entities. But the government agencies charged with using the list say it is too broad and out-of-date to be of much use and have long since abandoned it. Now budget cuts to the program that maintains the list are forcing export control officials in the government to use alternative information sources and informal “networks of experts” to tell them what technologies are in need of protection, […]

Council of Foreign Relations Hackers Also Hit US-based Turbine Maker

The web site of the Council of Foreign Relations (CFR) may not have been the only target of sophisticated attackers who used a previously unknown (“zero day”) vulnerability in Microsoft’s Internet Explorer web browser to compromise the computers of those who visited the site, a new report claims. Eric Romang, a Luxembourg-based security expert at the firm Zataz.com said that he has discovered an almost identical compromise to the CFR hack on the web site of Capstone Turbine Corporation, a California-based manufacturer of small, energy-efficient power turbines. His investigation uncovered malicious files similar to those used on the CFR site that were used to launch a so-called “heap spray” attack against visitors using the Internet Explorer web browser, triggering the zero day vulnerability. Romang was among the first to isolate the script used to launch the drive by download attack used on the CFR web site. Writing on Wednesday, he said […]

In Iran, New Data Wiping Malware on the Loose

Iran’s Computer Emergency Response Team (IR-CERT) issued a warning on Sunday about a newly discovered malicious program that is erasing hard drives on infected systems in that country – just the latest data-destroying malware to appear there. IR-CERT said that an investigation by its Maher center found that the malware “wipes files on different drives in various predefined times,” including disk partitions and user profiles. However, the malware isn’t widespread and doesn’t appear linked to “other sophisticated targeted attacks,” the alert said – in a possible reference to the Stuxnet and Flame malware, both of which targeted Iranian critical infrastructure. Subsequent analysis by independent security firms confirmed most of the details of the IR-CERT warning. Writing on Monday, Jamie Blasco of the firm Alien Vault said the malware was “just another wiping malware” and “very simple,” and could have been delivered in a variety of ways – from USB drive […]

FBI Issued Alert over July Attack on HVAC System

The FBI issued an alert to businesses in July after unknown attackers breached a computer used to control the heating, ventilation and air conditioning (HVAC) system of a New Jersey company, accessing a graphical user interface for the system, including a floor play layout of the company’s office. The attacks came after an Anonymous affiliated hacker, using the handle @ntisec, published links to vulnerable ICS systems running software from the firm Tridium online. The links included the address of an administrative system that controlled the HVAC system used by US Business 1, a New Jersey company that installs air conditioning systems for other companies, according to a copy of the July, 2012 Situational Information Report (PDF), issued by the Newark Division of the FBI. The alert concerning the February and March, 2012 attack was released by the web site Public Intelligence on Saturday. The FBI did not respond to a request for comment from Security […]

Report Warns of Growing ‘Dark Side’ of Cyberspace

The head of a prominent human rights groups has warned that increased state involvement in cyberspace, including surveillance, censorship, propaganda campaigns and offensive cyber operations threatens the future of the Internet as much as endemic problems like cyber crime – part of a growing “dark side” to cyberspace. Writing in the Penn State Journal of Law and International Affairs,  Ronald Deibert, Director of Citizen Lab and Canada Centre for Global Security Studies said that threats to human rights and individual liberties come from a variety of states – from authoritarian regimes, to Latin American narco-states to liberal democracies in the West, as governments increasingly leverage the power of the Internet to monitor citizens’ behavior and impose limits on free expression. Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, has played a key role in high-profile investigations of cyber espionage including the now-infamous Ghost Net attacks on […]