Tag: Government

DARPA Competition Seeks Autonomous Systems for Cyber Defense

We all know that ‘layer 8’ – humans – are the biggest attack surface in any IT environment. Companies can invest millions to harden their networks and endpoints. But all attackers have to do is convince one user to open a fake credit card bill for $20,000 or click a “You won’t believe this video!” link on Facebook and its game over. Our human failings came into the spotlight, most recently, with the breach at Target. According to news reports, the retailer had advanced threat detection software by FireEye deployed that actually alerted staff to some of the malicious activity that signaled the start of that (epic) hack.  Alas, Target’s IT staff in the U.S. dismissed the alerts, which were reported by a team working out of Bangalore, India. The result: 40 million credit card numbers were pilfered from Target’s network. That may be why the U.S. Department of Defense’s advanced […]

Continue Reading

Big GOV Shift To Secure Cloud?

For those of us covering the cyber security beat, there haven’t been many feel-good stories coming out of the federal government in – well – forever. Even before the advent of nation state sponsored hacking, the news was mostly of the federal government’s bloated and unwieldy IT infrastructure, byzantine procurement systems and the difficulty of attracting top talent away from private sector employers who could offer more pay, more autonomy and a better working environment.   Then came the gut wrenching display of offensive prowess by the U.S.’s main enemies – nations like China, Russia and Iran. Those stories started, in earnest, with news about operations like Titan Rain (in 2003) and continue to the present day. The problem has gotten so bad that the military’s preferred euphemism for Chinese hackers – “advanced persistent threat,” or “APT” has become part of the nomenclature of the IT security world far beyond […]

Continue Reading

China Hacking Indictments Day 2: Now For The Blowback

The big news yesterday was about the U.S. Justice Department announcing the first-ever criminal charges against a foreign country for cyberspying. The news today may well be about China (and other countries) taking retaliatory actions, including similar legal steps against individuals in this country, working on behalf of the NSA, CIA or other government agencies. The Justice Department on Monday announced that a grand jury in the Western District of Pennsylvania indicted five Chinese citizens (PDF) for charges that include computer hacking and economic espionage directed at six American companies in the nuclear power, metals and solar products industries. The indictment alleges that the five defendants conspired to hack into American companies on behalf of competitors in China, including state-owned enterprises.  The stolen information included intellectual property that would allow the Chinese firms to better compete with their American competitors. The hackers also stole confidential information regarding business negotiations and other deals that would aid the Chinese […]

Continue Reading

FireEye Report: Iranian Hacker Group Becoming More Sophisticated

A report from the security firm FireEye claims that hacking crews based in Iran have become more sophisticated in recent years. They are now linked to malicious software campaigns targeting western corporations and domestic actors who attempt to circumvent Internet filters put in place by the ruling regime.   The report, dubbed “Operation Saffron Rose,”(PDF)  was released on Tuesday. In a blog post accompanying the research, FireEye researchers say that it has identified a group of hackers it is calling the “Ajax Security Team” that appears to have emerged out of Iranian hacker forums such as Ashiyane and Shabgard. Once limited to website defacements, the Ajax team has graduated to malware-based espionage and other techniques associated with “advanced persistent threat” (APT) style actors, FireEye said. The researchers claim that the group has been observed using social engineering techniques to implant custom malware on victims’ computers. The group’s objectives seem to align with those […]

Continue Reading

Blade Runner Redux: Do Embedded Systems Need A Time To Die?

The plot of the 1982 film Blade Runner (loosely based on the 1968 novel Do Androids Dream of Electric Sheep by Philip K Dick) turns on the question of what makes us ‘human.’ Is it memories? Pain? Our ability to feel empathy? Or is it merely the foreknowledge of our own certain demise? In that movie, a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them.  In essence: the replicants want to become immortal. It’s a cool idea. And the replicants – pre-loaded with fake memories and histories – pose an interesting philosophical question about what it is that makes us humans. Our artificial intelligence isn’t quite to the ‘replicant’ level yet (the fictional tale takes place in 2019, so we have time). But some […]

Continue Reading
1 73 74 75 76 77 98