Fergie's Tech Blog
Saturday, June 04, 2011
Friday, June 03, 2011
Stolen Data Is Tracked to Hacking at Lockheed
Christopher Drew writes in the New York Times:
Lockheed Martin said Friday that it had proof that hackers breached its network two weeks ago partly by using data stolen from a vendor that supplies coded security tokens to tens of millions of computer users.
Lockheed’s finding confirmed the fears of security experts about the safety of the SecurID tokens and heightened concerns that other companies or government agencies could be vulnerable to hacking attacks.
The tokens, which are used to protect remote access to computer networks, are sold by the RSA Security Division of the EMC Corporation. RSA officials said Friday that they accepted Lockheed’s findings and were working with customers to offset the risks through other measures.
RSA disclosed in March that hackers had stolen data that could compromise a company’s SecurID system in a broader attack, and the breach of Lockheed, the nation’s largest defense contractor, is the first time that is known to have occurred.
More here.
Gmail Hack Targeted White House
Devlin Barrett and Siobhan Gorman write on WSJ.com:
People who work at the White House were among those targeted by the China-based hackers who broke into Google Inc.'s Gmail accounts, according to one U.S. official.
The hackers likely were hoping the officials were conducting administration business on their private emails, according to lawmakers and security experts.
The government has acknowledged senior administration officials were targeted in the "phishing'' attacks on hundreds of users of the email service. White House officials declined to discuss who was targeted.
The Obama administration reiterated Thursday that no official messages were compromised. But lawmakers and outside computer-security experts said recent White House history suggests administration officials sometimes use personal email to talk business, despite rules against doing so.
The Federal Bureau of Investigation and the Department of Homeland Security are working with Google to investigate. "These allegations are very serious," Secretary of State Hillary Rodham Clinton said Thursday.
More here.
Attackers Stole Secret Canadian Government Data
Julie Ireton writes for CBC.ca:
Hackers who attacked two of Canada's federal departments stole classified information before being discovered last January, CBC News has learned.
The revelation comes from documents obtained under Access to Information laws, and contradicts what the minister in charge said at the time.
Six months ago, hackers launched an unprecedented cyber attack on the federal government. In January, the government's computer system came under attack.
Hackers sent malicious emails to staff that appeared to be coming from senior managers. When staff opened the attachments, hackers found a path into the federal network, providing access to classified information.
"Indications are that data has been exfiltrated and that privileged accounts have been compromised," said a memo written Jan. 31, 2011.
More here.
UK: Spies Hack al-Qaida's Inspire Magazine
An AP newswire article by Paisley Dodds, via Salon.com, reports:
Britain's spy agencies have a new message for terrorists: make cupcakes, not war.
Intelligence agents managed to hack into the extremist Inspire magazine, replacing its bombmaking instructions with a recipe for cupcakes.
It's the first time the agents sabotaged the English-language magazine linked to U.S.-born Yemeni cleric Anwar al-Awlaki, an extremist accused in several recent terror plots.
The quarterly online magazine, which is sent to websites and email addresses as a pdf file, had offered an original page titled "Make a Bomb in the Kitchen of Your Mom" in one of its editions last year. The magazine's pages were corrupted, however, and the instructions replaced with the cupcake recipe.
"We're increasingly using cybertools as part of our work," a British government official who spoke on condition of anonymity to discuss intelligence matters said Friday, confirming that the Inspire magazine had been successfully attacked.
The hackers were reportedly working for Britain's eavesdropping agency, GCHQ, which has boosted its resources in the past several years.
More here.
Thursday, June 02, 2011
Identity Theft to Steal Tax Refunds Goes Through the Roof, Official Reports
The Internal Revenue Service has seen a nearly fivefold increase in taxpayer identity theft in the past few years — from 51,702 incidents in 2008 to 248,357 in 2010, Larry Margasak reports for the Associated Press. However, a government official recently told a congressional panel that the IRS hasn’t been chasing many of the perpetrators.
Tax identity thieves typically file returns for refunds earlier than legitimate taxpayers, who then receive notification from the IRS that two returns were filed using the same Social Security number, Margasak wrote.
According to the AP article, James White, director of strategic issues at the Government Accountability Office, said in testimony prepared for a subcommittee of the House Oversight and Government Reform Committee that "IRS officials told us that IRS pursues criminal investigations of suspected identity thieves in only a small number of cases."
White said that in fiscal 2010, the IRS' criminal investigations division launched slightly more than 4,700 investigations of all types — far less than the number of identity theft cases.
More here.
Wednesday, June 01, 2011
U.S. Defense Contractors Said to Be Bleeding Secrets to Cyber Foes
Jim Wolf writes for Reuters:
Top Pentagon contractors have been bleeding secrets for years as a result of penetrations of their computer networks, current and former national security officials say.
The Defense Department, which runs its own worldwide eavesdropping, spying and code-cracking systems, says more than 100 foreign intelligence organizations have been trying to break into U.S. networks.
Some of the perpetrators "already have the capacity to disrupt" U.S. information infrastructure, Deputy Defense Secretary William Lynn, who is leading remedial efforts, wrote last fall in the journal Foreign Affairs.
Joel Brenner, the National Counterintelligence executive from 2006 to 2009, said most if not all of the big defense contractors' networks had been pierced.
"This has been happening since the late '90s," he told Reuters Tuesday. He identified the main threats as coming from Russia, China and Iran.
"They're after our weapons systems and R&D," or research and development, said Brenner, now with the law firm of Cooley LLP in Washington.
More here.
Tuesday, May 31, 2011
Pentagon: Cyber Attacks Can Justify Armed Response
Grant Gross and Jaikumar Vijayan write on ComputerWorld:
The U.S. military is prepared to use physical attacks in response to cyberattacks, the U.S. Department of Defense said Tuesday.
The agency, preparing its first cyberspace strategy, is prepared to defend U.S. national security through "all available means," a DOD spokeswoman said.
The Wall Street Journal reported Tuesday that the DOD's Defense Strategy for Operating in Cyberspace, due to be released within the next month, will conclude that physical attacks may be justified in response to cyberattacks on U.S. targets.
The DOD is prepared to "conduct the full spectrum of cyberspace operations" in response to a cyberattack, but the agency's potential response is not limited to cybermeasures, the spokeswoman said. "All appropriate options would be on the table," as they would be in response to a physical attack, she said.
More here.
Second Defense Contractor L-3 'Actively Targeted' With RSA SecurID Hacks
Kevin Poulsen writes on Threat Level:
An executive at defense giant L-3 Communications warned employees last month that hackers were targeting the company using inside information on the SecurID keyfob system freshly stolen from an acknowledged breach at RSA Security.
The L-3 attack makes the company the second hacker target linked to the RSA breach — both defense contractors. Reuters reported Friday that Lockheed Martin had suffered an intrusion.
“L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,” read an April 6 e-mail from an executive at L-3’s Stratus Group to the group’s 5,000 workers, one of whom shared the contents with Wired.com on condition of anonymity.
It’s not clear from the e-mail whether the hackers were successful in their attack, or how L-3 determined SecurID was involved. L-3 spokeswomen Jennifer Barton declined comment last month, except to say: “Protecting our network is a top priority and we have a robust set of protocols in place to ensure sensitive information is safeguarded. We have gotten to the bottom of the issue.” Barton declined further comment Tuesday.
More here.