Huge Computer Virus Attacking Sensitive Information

Story first appeared in USA Today.

A massive, data-slurping cyberweapon is circulating in the Middle East, and computers in Iran appear to have been particularly affected, according to a Managed IT Service.

Moscow-based Kaspersky Lab ZAO said the "Flame" virus was unprecedented both in terms of its size and complexity, possessing the ability to turn infected computers into all-purpose spying machines that can even suck information out of nearby cell phones.

This is on a completely different level. It can be used to spy on everything that a user is doing.

The announcement sent a ripple of excitement across the computer security sector. Flame is the third major cyberweapon discovered in the past two years, and Kaspersky's conclusion that it was crafted at the behest of a national government fueled speculation that the virus could be part of an Israeli-backed campaign of electronic sabotage aimed at archrival Iran.

Although their coding is different, there was some evidence to suggest that the people behind Flame also helped craft Stuxnet, a notorious virus that disrupted controls of some nuclear centrifuges in Iran in 2010.

Whoever was behind Flame had access to the same exploits and same vulnerabilities as the Stuxnet guys. Two teams may have been working in parallel to write both programs.

Stuxnet revolutionized the cybersecurity field because it targeted physical infrastructure rather than data, one of the first demonstrations of how savvy hackers can take control of industrial systems to wreak real-world havoc.

So far, Flame appears focused on espionage. The virus can activate a computer's audio systems to eavesdrop on Skype calls or office chatter, for example. It can also take screenshots, log keystrokes, and — in one of its more novel functions— steal data from Bluetooth-enabled cell phones.

Tehran has not said whether it lost any data to the virus, but a unit of the Iranian communications and information technology ministry said it had produced an anti-virus capable of identifying and removing Flame from its computers.

Speaking Tuesday, Israel's vice premier did little to deflect suspicion about the Jewish state's possible involvement in the latest attack.

Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it. Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.

Flame is unusually large.

Malicious programs collected by U.K. security firm Sophos averaged about 340 kilobytes in 2010, the same year that Kaspersky believes Flame first started spreading. Flame weighs in at 20 megabytes — nearly 60 times that figure.

A professor of computing at the University of Surrey in southern England, said the virus was modular — meaning that functions could be added or subtracted to it as needed. He compared it to a smartphone, saying that, depending on what kind of espionage you want to carry out, you just add apps.

He was particularly struck by Flame's ability to attack Bluetooth-enabled devices left near an infected computer.

Bluetooth is a short-range wireless communications protocol generally used for wireless headsets, in-car audio systems or file-swapping between mobile phones. Woodward said that Flame can turn an infected computer into a kind of industrial vacuum cleaner, copying data from vulnerable cell phones or other devices left near it.

The chief executive of Cyber-Ark, an Israeli developer of information security, said he thought four countries, in no particular order, had the technological know-how to develop so sophisticated an electronic offensive: Israel, the U.S., China and Russia.

It was 20 times more sophisticated than Stuxnet, with thousands of lines of code that took a large team, ample funding and months, if not years, to develop. It's a live program that communicates back to its master. It asks, 'Where should I go? What should I do now?' It's really almost like a science fiction movie.

It's not clear what exactly the virus was targeting. Kaspersky said it had detected the program in hundreds of computers, mainly in Iran but also in Israel, the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

The company has declined to go into detail about the nature of the victims, saying only that they range from individuals to certain state-related organizations or educational institutions.

The Kaspersky researcher, said stolen data was being sent to some 80 different servers, something which would give the virus's controllers time to readjust their tactics if they were discovered. He added that some of Flame's functions still weren't clear.

Kaspersky said it first detected the virus after the United Nations' International Telecommunication Union asked it for help in finding a piece of malware that was deleting sensitive information across the Middle East. The company stumbled across Flame when searching for that other code, it said.

Spokespeople for the Geneva-based Telecommunication Union didn't return emails seeking comment.

The discovery of the Flame virus comes just days after nuclear talks between Iran and six world powers in Baghdad failed to persuade Tehran to freeze uranium enrichment. A new round of talks is expected to take place in Moscow next month.

The Israeli vice premier, told Army Radio on Tuesday that the talks in Iraq yielded no significant achievement except to let Iran buy time. He appeared to take a swipe at President Obama by saying it might even be in the interest of some players in the West to play for time.

For more Electronics News, visit the Electronics America blog.

For more national and worldwide Business News, visit the Peak News Room blog.

For more local and state of Michigan Business News, visit the Michigan Business News blog.

For more Health News, visit the Healthcare and Medical News blog.

For more Real Estate News, visit the Commercial and Residential Real Estate blog.

For more Law News, visit the Nation of Law blog.

For more Advertising News, visit the Advertising, Marketing and Media blog.

For more Environmental News, visit the Environmental Responsibility News blog.

For information on website optimization or for the latest SEO News, visit the SEO Done Right blog.

Cybersecurity Touchy Subject for US & China

Story first appeared on Politico.com.

Asserting that cyberattacks against the U.S. don't come only from China, the U.S. and Chinese defense ministers said they agreed Monday to work together on cyber issues to avoid miscalculations that could lead to future crises.

The Defense Secretary said that since China and the United States have advanced cyber capabilities, it is important to develop better cooperation.

There are other countries, actors, others involved in some of the attacks that both of the countries receive. But because the United States and China have developed technological capabilities in this arena it's extremely important that they work together to develop ways to avoid any miscalculation or misconception that could lead to crisis in this area.

China's minister of national defense offered a vigorous defense of his country, saying through an interpreter that, all of the cyber attacks targeting the United States do not come from China.

Just six months ago, however, senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.

It was the most forceful and detailed airing of U.S. allegations against Beijing after years of private complaints, and it signaled the opening salvo of a broad diplomatic push to combat cyberattacks that originate in China.

Cybersecurity was just one of the many issues discussed by the two leaders during their meeting, but it is also one of a number of contentious topics that rattle the often rocky relationship between the two nations.

The U.S. needs to start laying the ground work for better understanding by the Chinese of what is expected from them in cyberspace. As well as putting better Security Solutions in place among their own technology.

As an example American officials want to know who to talk to when Chinese hackers breach U.S. computer networks. And if there is a cyber incident in China, the US needs the Chinese to feel confident that they can call up and ask, 'was it you?', and get a straight answer.

Chinese officials have routinely denied the cyberspying, insisting that their own country also is a victim of such attacks. And they note that the hacking is anonymous and often difficult to track.

U.S. cybersecurity experts acknowledge that attribution can be difficult, and that while they can trace an attack to China, it is often difficult to track directly to the Chinese government. Last December's report by U.S. intelligence agencies said America must openly confront China and Russia in a broad diplomatic push to combat cyberattacks that are on the rise and represent a persistent threat to U.S. economic security.

And, separately, several cybersecurity analysts have concluded that as few as 12 different Chinese groups, largely backed or directed by the government there, commit the bulk of the cyberattacks that aim to steal critical data from U.S. companies and government agencies. Officials estimate that the stealthy attacks have stolen billions of dollars in intellectual property and data.

Because people and businesses in both China and American have been victims of cyberattacks, officials have been talking more about building a better relationship so that they can work together.

Law enforcement is one area of cybersecurity where the two nations have begun to build partnerships, but so far it has been extremely limited. Lewis said that in 2011, U.S. authorities requested assistance from the Chinese 11 times, and in seven of the cases received no information. But, he said the Chinese cooperated with U.S. law enforcement in a high profile financial fraud case late last year.


For more technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Microsoft Knocks Out Another Botnet

Story first appeared in The New York Times.

Last Friday, Microsoft employees and federal marshals raided command centers in Pennsylvania and Illinois used by criminals to run a botnet, a cluster of infected computers used to steal personal and financial information from millions of victims.

But two days earlier, a separate group of cybersecurity researchers based in San Francisco quietly took down another botnet using more technical means. The five researchers, from four security firms — Crowdstrike, Dell SecureWorks, the Honeynet Project and Kaspersky Labs – worked together to decrypt and successfully commandeer the so-called Kelihos.b botnet that was using over 100,000 infected computers to blast pharmaceutical spam and, in some cases, steal Bitcoins, a virtual currency that is impossible to recover once stolen.

The two takedowns were not timed to coincide with one another, nor were the two groups even aware they were operating in tandem. But they point to a renewed effort by technologists to take the lead in combating digital crime rather than waiting for law enforcement authorities to take action.

Microsoft has preferred to take botnets down through court actions.  Including Friday’s raid, Microsoft has disrupted four botnets in the last few years through civil suits. In each case, Microsoft sought secret court orders that allowed it to seize Web addresses and servers that run the botnets, without first alerting their owners.

In the case of Kelihos.b, researchers took a more technical approach. They successfully reverse-engineered the botnet’s structure and analyzed its cryptography, then injected their own file into its communication network. That file instructed infected computers to send any information to a “sinkhole” controlled by Crowdstrike, rather than to the command-and-control server run by criminals.

Within a few minutes of infiltrating Kelihos.b, over 85,000 infected computers started communicating with Crowdstrike’s sinkhole. As more infected users went online, Crowdstrike said that figure quickly jumped to 110,000. By Friday, researchers said the criminals behind Kelihos.b had already abandoned the botnet and moved on.

By dismantling their tools this way, the researchers said they gleaned valuable information about the criminals’ techniques. Experts advise that it is best for companies to employ a professional Managed IT Service to police their online security.

Of the infected machines, 84 percent were exploited using a loophole in Microsoft Windows XP. Researchers also noted that the vast majority of infections — a quarter of all identified machines — were in Poland and that the botnet’s creators spread Kelihos.b through a “pay-per-install” model typically favored by hackers in Eastern Europe. A senior lawyer in Microsoft’s digital crimes unit, said he had a high degree of confidence that the  culprits behind the botnet Microsoft took down last Friday were also based in Eastern Europe.

That information could potentially be valuable in combating future threats. Unless a botnet’s owners and clients are put behind bars, takedowns tend to be temporary. Microsoft’s earlier disruption of a Waledac botnet, for example, lasted only as long as the time it took its creators to modify its architecture slightly to create a new botnet. Kelihos.b is a second-generation version of Kelihos, another botnet that was shut down last September.


For more technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Former FBI Agent Joins IT Startup

Story first appeared in The Wall Street Journal.
The FBI’s former top cyber cop is joining an upstart computer security firm that aims to guard firms targeted by foreign intelligence services.

The cyber cop, who garnered attention last month when he said the U.S. is not winning the battle against hackers, has joined CrowdStrike, Inc., to lead a unit that will provide instant response for hacking incidents, and identify those trying to compromise computer systems.

The formation of Irvine, Calif.-based CrowdStrike was announced earlier this year by the CEO, a former McAfee executive.

A start-up is an unusual choice for someone coming from a senior FBI position. His last three predecessors all took security jobs with Fortune 500 firms.

The former cyber cop states that he wants to stay in the fight against hackers, but in the private sector, which he has long argued does not do enough to protect sensitive corporate data and intellectual property from cyber intruders.

Ideally, CrowdStrike will service all types of corporations, both private sector and government sector, and any entities with wide-ranging networks. The company will focus on security solutions within a network to curb computer hacking.

He will be president of CrowdStrike Services, one of three divisions of the new company. In a statement, the CEO said he and the cyber cop share a belief that industry can’t rely on the government alone to address the problem of targeted intrusions.

The other two parts of the company are an Intelligence team, and a Technology office.


For technology and electronics related news, visit the Electronics America blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Cybersecurity Is Necessary for NASA

First appeared in USA Today

It sounds like the plot of a campy science fiction flick: Thieves steal a laptop containing the codes used to command and control the International Space Station.

Except it happened.

The March 2011 theft of the unencrypted computer was one of 5,408 cybersecurity incidents — many foreign-based — the space agency reported during the past two years, according to NASA Inspector General Paul Martin.

The incidents, which include the installation of malicious software and unauthorized access to NASA systems, have caused disruptions and cost taxpayers millions in missing equipment and repairs.

Some cases are clearly more serious than others, such as the theft of space station algorithms, though there's nothing to indicate the ISS was affected in any meaningful way.

"The threat to NASA's information security is persistent and ever-changing," warned Rep. Paul Braun, R-Ga., who chairs a House Science, Space and Technology subcommittee that conducted a hearing on cybersecurity lapses Wednesday. "Unless NASA is able to continuously innovate and adapt, their data systems and operations will continue to be in danger.”

These incidents are among those the inspector general's office says have taken place since 2010:

—Terra and Landsat-7, both Earth observation satellites, "have each experienced at least two separate instances of interference apparently consistent with cyberactivities against their command and control systems."

—An unidentified NASA center released to the public 10 surplus computers connected to the space shuttle program that weren't properly sanitized and may have contained sensitive data.

—Intruders stole credentials for more than 150 NASA employees in one cyber attack, while another intrusion provided hackers access to key information and user accounts at the Jet Propulsion Lab in Pasadena, Ca.

—A Texas man pleaded guilty last year to hacking NASA computers, an incident that prevented some 3,000 registered users from accessing oceanographic data collected by the agency.

Martin told the House panel the agency's vulnerability stems from two issues: It's a high-profile target that generates plenty of sought-after data, and it offers potential hackers a wide array of entry points. 

NASA manages approximately 3,400 websites — nearly half of all the federal government's non-defense sites — and is home to some 176,000 individual e-mail addresses. Its assets include 550 information systems that control spacecraft, collect and process scientific data, and enable NASA to interact with colleagues and researchers in other agencies and universities around the globe, according to Martin.

"There are many gates to guard," NASA Chief Information Officer Linda Cureton told the House panel.

Sen. Bill Nelson, D-Fla., a member of the Intelligence Committee who rode on the space shuttle, said that while the country's national security computers are protected, he's concerned foreign hackers could infiltrate government computers through a back door provided by NASA or another non-defense agency.

"Of course it's worrisome," he said. "And that's what we're working on."

NASA has made some progress addressing problems Martin and his office have pointed out in the 21 audit reports his office has conducted over the past five years. Of the 69 recommendations the inspector general has made during that period, all but 18 have been fully addressed, officials said.

Martin said only 1% of the agency's laptops and other portable devices have been encrypted to prevent easy deciphering, which he called "very disturbing" given the highly sensitive nature of the information stored on them. More than half of the computers used government-wide are encrypted.

In addition, a risk assessment Cureton's office was supposed to have completed by August 2011 won't be finished until June.

"We are determined to improve NASA's capability to predict, prevent and effectively contain potential IT security incidents," she told lawmakers.

Cureton told the House panel the agency has taken a number of steps, including accelerating encryption of NASA laptops. But she said cybersecurity isn't taken as seriously as it should be because of "culture" issues. And much of the sensitive information is managed not by her office but by mission directorates. 

Martin said Cureton's efforts have been hampered because she doesn't control much of the budget devoted to improving cybersecurity.

"As we've all seen in Washington," Martin said, "when you don't control the funding, you have a difficult time getting folks' full attention."

THE NEW US TECHNOLOGY SECURITY PROGRAM

The U.S. Department of Homeland Security is researching using open-source software as a means for defending government networks for IMB Memory Upgrade. The open-source software can be manipulated to meet government needs without giving up security.
A new five-year, $10 million program aims to survey existing open-source software to find those like Baltimore IT Services that could fill "open security" needs. Called the Homeland Open Security Technology program, or HOST, it also may plant seed investments where needed to inspire innovative solutions that can fill gaps in cybersecurity defenses.
Although this idea is not to be the main solution, it is being seen as a viable option to raise security. Open-source software often gives users the right to change its code to suit their purposes, as well as to share or give away copies. That means the U.S. government could modify such software to suit its cybersecurity needs.
It also means that a federal agency could distribute software copies to all of its 10,000 employees without paying extra licensing fees for electronics such as a Toshiba Hard Drive.
The ultimate goal is for open source and open security to be considered whenever there's a tech solution needed, possible even through IT Services Maryland. They don't want it mandated for the government; they just want a level playing field.
Open-source software allows anyone change the core of the software, but that doesn't make for bad security. On the contrary, having such transparent innards means that a big open-source community of savvy programmers can root out any weaknesses.
Unfortunately, people can put a backdoor or Trojan Horse in just about anything, even possibly Voice Optimized DSL. The open-source model's ability to include transparency in development and maintenance can make it as secure, if not more secure than existing processes.
In fact, more than half of all Internet websites rely upon a popular open-source software product called Apache. That software runs the Web servers that serve as the heart of the Internet.
The open-source perk also means that the U.S. government is not at the mercy of companies that hold the license for proprietary cybersecurity software or a Hosted Voip Call Center. If bugs crop up or an exploiter penetrates the cybersecurity defenses, programmers can dive right into open-source software to fix it.
Many government employees who purchase security software or used HP storage arrays, simply don't realize that open-source choices exist so the HOST program aims to change that.
The Homeland Security effort has already begun comparing existing open-source products with the needs of government users, so that it can decide where to invest seed capital to encourage innovative solutions to meet those needs. But any open-source solutions for cybersecurity must ultimately stand on their own commercial success or they will die.
In a time when budgets are getting smaller, the government is tightening it’s belt and looking for alternative ways such as IC parts sourcing, to meet their needs without breaking the bank. Looking at alternatives such as open-source software could be one of the answers to their security woes.