Pentagon Computer-Network Defense Command Delayed by Congressional Concerns
Ellen Nakashima writes in The Washington Post:
The Pentagon's plan to set up a command to defend its global network of computer systems has been slowed by congressional questions about its mission and possible privacy concerns, according to officials familiar with the plan.
As a result, the Defense Department failed to meet an Oct. 1 target launch date and has not held a confirmation hearing for the command's first director.
Although officials stress that the cyber command, as it is known, is an effort to consolidate existing offensive and defensive capabilities under one roof and involves no new authorities or broadening of mission, its potential for powerful new offensive capabilities -- some as yet unimagined -- have raised questions on Capitol Hill about its role, according to national security experts familiar with the concerns.
Key questions include: When do offensive activities in cyberspace become acts of war? How far can the Pentagon go to defend its own networks? And what kind of relationship will the command have to the National Security Agency?
The NSA has the skills and authority to encrypt military secrets and break enemy codes, but its involvement in the controversy over warrantless wiretapping several years ago has raised concerns about any role it will play in a cyber command.
We love Mr. Fish.
Happy New Year,
Happy New Year!
Happy New Year to One and All.
Remember The End of The World: Y2K Retrospect
All-in-all, a notable non-event.
But that didn't stop people from freaking out - 10 years ago tonight.
Twilight Zone Marathon on SyFy
One of the great things about holiday marathons -- The Twilight Zone Marathon on SyFy.
Mark Fiore: New Year's Redux
More Mark Fiore brilliance.
Via The San Francisco Chronicle.
Happy New Year,
Yes, 2009 SUCKED ASS.
Cyber Crooks Stalk Small Businesses That Bank Online
Byron Acohido writes on USA Today:
A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.
The reason: Cybergangs have inundated the Internet with "banking Trojans" — malicious programs that enable them to surreptitiously access and manipulate online accounts. A dedicated PC that's never used for e-mail or Web browsing is much less likely to encounter a banking Trojan.
And the bad guys are stepping up ways to get them onto PCs at small organizations. They then use the Trojans to manipulate two distinctive, decades-old banking technologies: Automated Clearing House (ACH) transfers and wire transfers.
ACH and wire transfers remain at the financial nerve center of most businesses. ACH transfers typically take two days to complete and are widely used to deposit salaries, pay suppliers and receive payments from customers. Wire transfers usually come into play to move larger sums in near-real time.
"Criminals go where the money is," says Avivah Litan, banking security analyst at Gartner, a technology consulting firm. "The reason they're going here is the controls are antiquated, and a smart program can often get the money out."
The Evil (Cyber) Empire: Inside The World of Russian Hackers
Yulia Taratuta, Igor Ivanov, Svetlana Zaitseva, and Mikhail Zygar write on Newsweek.com:
The assaults may seem to be political. In 2007, a cyberattack on Estonia, home of the popular Internet phone company Skype, paralyzed the country's entire government. Then, when the Russia-Georgia conflict flared in 2008, software suddenly became available to anyone wanting to wage their own personal cyberwar on the Georgian capital of Tbilisi. And later that year, Lithuania too became a cyber-victim when it vetoed negotiations between Russia and the European Union. Indeed, NATO takes the threat of cyber-warfare so seriously that it signed off on a special report on the topic during its parliamentary assembly last October. "Although there is no conclusive evidence that the cyberattacks in Georgia were executed or sanctioned by the Russian government," the NATO report notes, "there is no evidence that it tried to stop them, either."
Russian lawmaker Nikolai Kovalyov angrily dismisses these allegations as propaganda from the Cold-War era. "The report does not contain a single piece of evidence of the mythical Russian cyberthreat or a Russian trail from the cross-border cyberattacks," he says. Still, NATO has little doubt that—official or no—the attacks have a common Russian thread: the Russian Business Network (RBN), a shadowy cyberstructure that is reported to have sold hacking tools and software for accessing U.S. government systems. According to the NATO investigators, however, political subversion is little more than a sideline for these hackers. Their real goal: stealing money through scams, spam, and infiltrating the networks of Western banks.
Target Among Firms Hit by Gonzalez
A Reuters newswire article, via internetnews.com, reports that:
Target said it was among the victims of computer hacker Albert Gonzalez, mastermind of the biggest identity theft in U.S. history.
The 28-year-old college dropout pleaded guilty on Tuesday to charges that he stole more than 170 million payment card numbers by breaking into corporate computer systems from businesses including Target.
Gonzalez, under the plea agreement, faces 17 years to 25 years in prison when he is sentenced in March.
Target spokeswoman Amy Reilly said her company was among the victims, having had an "extremely limited" number of payment card numbers stolen by Gonzalez about two years ago.
She declined to say how many card numbers had been stolen, and described the term of the exposure as brief.
Google's Chrome OS Cited as Likely Hacker Vehicle
Aaron Ricadela writes on BusinessWeek:
Google's computer operating system, due to be released next year, may rank among software most targeted by hackers in 2010, according to a Dec. 29 report from the computer security company McAfee.
The Web-based operating system, dubbed Chrome, relies on a technology known as HTML 5 that's designed to help Web applications behave like PC software. Developers use HTML 5 language to ensure that software delivers fast response times and stores information that users can access even when they're not connected to the Internet.
Yet because sites written with HTML 5 can directly access a user's PC online or off, they may provide a rich target for cyber attacks, McAfee said in its "2010 Threat Predictions."
The popularity of Google's software, which includes a collaboration program, business applications that compete with Microsoft's Office suite, and other products, makes the company's Web sites alluring to hackers who hope to infect computers with malware that can spread spam or pilfer information, says Dave Marcus, director of security research at McAfee. "When a technology is widely used and adopted, the bad guys will latch onto it before the good guys do," he says. "Developers need to think about how [HTML 5] is going to be abused."
JibJab: Never a Year Like '09