29 March 2012

NSA's top spook blames China for RSA hack


The director of the US National Security Agency has named China as the country behind last year's high profile hack against RSA that resulted in the extraction of data related to SecurID tokens.
The information extracted in the March 2011 hack was later used in an unsuccessful attack against Lockheed Martin. Other US defence contractors, including L-3 Communications, were also rumoured to have been targeted but this remains unconfirmed.
RSA offered replacement tokens in the wake of the attack, which relied on a combination of spear phishing and malware that exploited a zero-day Adobe Flash exploit..........

China has long been the prime suspect in the RSA hack but has never been named as such until this week..................

Click here to read more .... 

Solutions : www.xcyss.in

Australian teen arrested in multinational hacker swoop


Two teenagers have been arrested in Australia and the Netherlands in a multinational operation for allegedly hacking into a Dutch telecom firm and several universities.....................
An Australian teen and a 17-year-old Dutch boy were arrested last week in their own countries on suspicion of hacking into servers in nine nations....................
The student told investigators he had read a message in his university chat room in which the writer claimed to have hacked into KPN. KPN, the largest telecom operator in the Netherlands, has taken steps to minimise damage. Based on information from South Korean police, Japan and Australia also launched separate investigations.................
The hackers allegedly met in an internet chat room and broke into the servers of KPN and universities in South Korea, Japan, Germany, Britain, Norway, Bulgaria, Ukraine, the Czech Republic and the Netherlands, between December and January.................
The purpose of the alleged hacking was unclear but this case underlines the importance of international cooperation in cyber crimes......................


Click here to read more .... 

Solutions : www.xcyss.in

27 March 2012

Man uses facebook to abuse girl friend, jailed

A man in Britain, who befooled his 21-year-old girl friend to perform sexual acts online by creating his fake identities on Facebook, has been jailed for seven years.
Darrell Bingham, 49, posed as an American football player on the social networking site and subjected her to a twisted six-month campaign of sexual abuse...........
He threatened to send topless pictures of this girl to her work colleagues if she disobeyed. She was forced to perform sex acts on herself day and night on a webcam..................

Click here to read more .... 

Solutions : www.xcyss.in

26 March 2012

Couple arrested for creating ‘spouse swapping’ Facebook page

Egyptian security forces have arrested a married couple who created a Facebook page for spouse swapping.
The husband, an accountant, and his wife, a nursery principal, got the idea after seeing a similar page set up by a Qatari man six months ago...............

Police officials received information that several couples had become members of the Facebook page, which appeared to organise swaps for married couples...........

A controversial 1961 Egyptian law allows suspects to be prosecuted for prostitution even if no money was exchanged.
Click here to read more .... 

Solutions : www.xcyss.in

Android malware steals banking credentials


Security researchers at McAfee have discovered a malicious Android application capable of grabbing banking passwords from a mobile device without infecting the user's computer........
The latest piece of Android malware, dubbed FakeToken, contains man-in-the-middle functionality to hijack two-factor authentication tokens and can be remotely controlled to grab the initial banking password directly from the infected mobile device...............
When the application is installed, the malware even goes so far as to mimic the targeted bank's logo and colour scheme, adding a certain credibility to the scheme, and making it hard for users to distinguish between the legitimate and malicious applications.
The original file that contains the malware also includes a list of the control servers that the malware can connect to, as well as a mobile number that the data from the compromised phone can be sent to via SMS, Threat Post notes.
The malware also creates a service that listens for commands from the control server. The commands can include installing a new list of control servers or requesting that the malware gather and send all of the contacts from the compromised phone................

Solutions : www.xcyss.in

Chrome extensions malware hijacks Facebook profiles


Kaspersky Lab has found malware-laden Chrome extensions, along with a criminal gang playing cat and mouse with Google by releasing several variations of its wares.
The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google's very own Chrome Web Store.
The malware pretends to be a Flash Player installer but instead downloads a Trojan which writes messages to a victim's Facebook profile and automatically Likes certain pages................

Click here to read more .... 

Solutions : www.xcyss.in

23 March 2012

Man to plead guilty over hacking into celebrity emails to access nude photos


A MAN accused of hacking into the email accounts of film star Scarlett Johansson and other celebrities to access nude photos and private information has agreed to plead guilty to federal charges, prosecutors have said.
Christopher Chaney of Jacksonville, Florida, will plead guilty on Monday to nine criminal counts, including unauthorised access to a computer an d wiretapping, according to a plea agreement filed in US District Court in Los Angeles. The charges carry a maximum sentence of 60 years in prison, although federal sentencing guidelines often call for less time behind bars...........
He was charged with 26 counts of cyber-related crimes for hacking into emails Johansson, "Black Swan" star Mila Kunis and pop star Christina Aguilera. Other victims were identified only by their initials: BP, JA, LB and LS.........


Click here to read more .... 

Solutions : www.xcyss.in

21 March 2012

Hacker, suspected of 6 million user info leak, detained

The man suspected of hacking into China's largest website for programmers and leaking personal information of over 6 million users last December has been detained on charges of illegal acquisition of computer data.........

The leak, considered the biggest in China's Internet history, occurred on December 21 when the personal information of more than 6 million users of the China Software Developer Network (CSDN) was exposed on the Internet for free downloading...............

The leaked information contained user IDs, passwords and e-mail addresses in clear text. The leak had rippling effects on other websites, including online shopping, gaming, social networking and even financial service websites.


The suspect surnamed Zeng admitted to hacking into the CSDN server in April 2010 through a system loophole and sneaking into an online recharge platform and a stock brokerage system.
Click here to read more .... 

Solutions : www.xcyss.in

20 March 2012

Cyber threat from abroad on the rise


Cyber attacks on China launched from bases overseas surged in 2011, rising to 8.9 millioncomputers affected from 5 million the previous yearaccording to a network security report.
Japan was the source of most attacks (22.8 percent), followed closely by the United States(20.4 percentand the Republic of Korea (7.1 percent).
The reportreleased on Monday by China's National Computer Network Emergency ResponseTechnical Team and Coordination Centerfound that 11,851 Internet protocol addressesbased overseas had controlled 10,593 Chinese websites last year. This shows that Chinese websites still face a serious problem from being maliciously attacked by foreign hackers or IP addresses....................
Attacks included destroying serversdistorting website content and stealing personal data fromChinese Web users.............
Although it was discovered that many hackers used Trojan Horse-style programs simply to stealpersonal data......... 

Click here to read more .... 

Solutions : www.xcyss.in

Phishing gang steals victim's life savings of $1.6M


Police in Britain busted up a 14-person cybercrime gang accused of fleecing a single victim out of her $1.6 million life savings.
Arrested in early morning raids last Thursday in London and the West Midlands, the 12 men and two women were detained for their alleged part in the scheme, which involved sending rigged emails, to the victim, ZDNet reported, tricking her into essentially handing over her bank account credentials to a fake banking website set up by the scammers.
When the victim, a United Kingdom citizen living abroad, entered her login credentials, the cybercriminals were able to siphon her savings. The Metropolitan Police Central e-crime Unit (PCeU) said the 14 people passed the stolen funds off to money mules, who took a cut, anywhere from 9,000 to 75,000 pounds, before passing the cash off again to the masterminds of the massive phishing scam.
In all, the phishing gang made off with a total of about $1.6 million...........

Click here to read more .... 

Solutions : www.xcyss.in

19 March 2012

Advertising trojan with Swiss signature


A trojan called Mediyes is currently circulating in Germany. As reported by Kaspersky, the unusual thing about this trojan is that it was signed with a valid private key that belongs to Swiss company Conpavi AG. Conpavi promotes itself as a consultancy firm for e-governance projects, for example for the city of Lucerne.
Kaspersky says that it has sighted several versions of the dropper that were signed by Conpavi between December 2011 and 7 March 2012. This suggests that the criminals had access to the company's private key over a prolonged period of time. The private key was issued by a VeriSign Certificate Authority that is considered trustworthy by most operating systems.
On an infected system, the malware hooks into the browser to invisibly intercept any search engine queries and forward them to the server of an advertising network. Kaspersky says that the server is located in Germany and responds by sending links from the Search123 partner program..........

Click here to read more ....

Solutions : www.xcyss.in

Cyber Criminals Selling Millions of U.S military email addresses


Web based underground market service currently selling Millions of harvested U.S government and U.S military harvested emails addresses to potential spammers, and find out just how easy it is to purchase that kind of data within the cyber crime ecosystem.
Cyber criminals are getting more sophisticated in their scams and phishing schemes, which are designed to steal personal data and financial information. Spammers and virus creators are motivated by money and backed by organized crime on a global scale. They are also launching massive attacks on anti-spam organizations in an attempt to bring them down...........
Spammers buy lists from brokers that continuously harvest email addresses from newsgroups, chat rooms, web sites, Internet directories, and more. Spammers also run dictionary attacks, throwing billions of combinations of words and numbers at an email database to find valid address combinations................ 

Click here to read more .... 

Solutions : www.xcyss.in

"Fileless" malware installs into RAM


Researchers at Kaspersky Labs have found malware which, unusually, does not install any files on its victims PCs.
The researchers aren’t quite sure how unusual it is, describing it as both “unique” and “very rare”, but no matter how scarce this type of malware is it does sound rather nasty as it “… uses its payload to inject an encrypted dll from the web directly into the memory of the javaw.exe process.” That mode of operation means Windows and MacOS are both affected by the exploit, which is hard for many antivirus programs to spot given it runs within a trusted process.
Once under your machine’s guard, the malware tries to attack Windows User Account Control so it install the Lurk Trojan and connect to an associated botnet. That installation attempt is the malware’s key task, as living in RAM means fileless malware won’t survive a system reboot..............


Solutions : www.xcyss.in

Microsoft: Hacking code could have leaked

Microsoft's process for sharing information about security vulnerabilities in its products came under fire Friday after a roadmap for exploiting a severe, recently discovered flaw appeared on a hackingwebsite in China. 

The guideline, known as "proof-of-concept" code, most likely leaked from one the more than 70 security companies that get advance warnings from the company about major new holes, according to the researcher who found the flaw................... 

"The details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protections Program partners," said Yunsun Wee, Microsoft's director of its Trustworthy Computing effort...............  
Click here to read more .... 

Solutions : www.xcyss.in

Microsoft: Hacking code could have leaked

16 March 2012

Over 100 Govt websites hacked in 3 months


A total of 112 government websites belonging to various state government agencies, Planning Commission and Finance Ministry were hacked in the three-month period ending February 2012, Parliament was informed on Wednesday...............
These hacked websites belonged to the agencies in the government of Andhra Pradesh, Madhya Pradesh, Rajasthan, Tamil Nadu, Maharashtra, Gujarat, Kerala, Orissa, Uttar Pradesh, Sikkim and Manipur. It also included agencies of Ministry of Finance, Health, Planning Commission and Humar Resource Development.
The website of Bharat Sanchar Nigam Ltd was hacked on December 4, 2011 by the 'H4tr!ck' hacker group.............

Click here to read more .... 

Solutions : www.xcyss.in

15 March 2012

Cyber thieves eye super funds


OLDER Australians are being targeted for their superannuation funds by criminals using stolen identity information to gain access to personal accounts, the Australian Federal Police have warned.
Superannuation fraud is the latest earner for organised criminals who are targeting unsuspecting victims nationwide, with victims remaining unaware for years that they have been duped..........
Criminals exploit a range of techniques including phishing to first steal the identity of victims, before transferring their superannuation money into self-managed accounts or applying for hardship payments. Identity rules around self-managed funds and hardship payments are weak. The bank accounts receiving the stolen funds are not checked against existing records and can be in multiple names..........
The AFP said fraudsters also target older people with investment scams that offer early access to super money, or the promise of large financial gains, in increasingly sophisticated operations that appear legitimate.......... 

Click here to read more .... 

Solutions : www.xcyss.in

14 March 2012

Microsoft warns of RDP attack within next 30 days


Microsoft has released six updates in this month's patch Tuesday, including one critical hole that Redmond warns will be hit in the next 30 days.
The critical flaw covers all versions of Windows and is found in the Remote Desktop Protocol (RDP). It allows attackers to run code remotely behind the firewall, although Vista users and above can activate the Remote Desktop’s Network Level Authentication (NLA) to trigger an authentication request. RDP is disabled by default, but is often activated..............

Click here to read more .... 

Solutions : www.xcyss.in

BBC suffers cyber-attack following Iran campaign-chief


The BBC has suffered a sophisticated cyber-attack following a campaign by Iranian authorities against its Persian service, director-general Mark Thompson said on Wednesday.
Thompson also reported attempts to jam satellite feeds of the British Broadcasting Corporation services into Iran and to swamp its London phone lines with automated calls...........
Last month, Thompson accused Iranian authorities of arresting and threatening the families of BBC journalists to force them to quit the Persian news service..........


Solutions : www.xcyss.in

12 March 2012

Cops nab mobile net workmen for snarfing punters' data


Police in South Korea have arrested five men working as sub-contractors for the country’s two biggest mobile companies. The men were nabbed on suspicion of snarfing personal information and location data from potentially hundreds of thousands of mobile users and selling it on to private detectives.
The Korea Herald reported that the men had been subcontracted to manage online friend tracking services for SK Telecom and KT, which between them have close to 90 per cent of the mobile market in the country.
However, the men allegedly developed software designed to harvest personal user information and location data without the knowledge of the user and then sold it on for up to 300,000 won (£168) per set of information..............


Click here to read more .... 

Solutions : www.xcyss.in

Combat cybercrime before it's too late


AUSTRALIAN businesses are suffering a crime spree - and don't even know it.
A global survey by consultancy firm PwC shows 47 per cent of companies suffered "economic crime" in the past year, up from 40 per cent................

PwC also highlighted the rising threat of cybercrime, which was the second-highest form of crime in the survey.
Businesses and governments are increasing their reliance on cyber technologies such as cloud computing, online banking and social networks...............

In tandem, the rate of change for new technology is increasing and organisations are struggling to keep up with the risks of introducing and using new technology.About 30 per cent of organisations suffered from a form of cybercrime in the past year and most of them simply don't understand the need to protect themselves.................

The increasing prevalence and far reaching impact of cybercrime means it is no longer just an issue for the IT department alone................

The rising use of USBs to transport information is also a risk in that they may be exposed to networks that haven't been properly secured or has been specifically targeted..............

Click here to read more .... 
Solutions : www.xcyss.in

09 March 2012

‘Stratfor email disputes Osama burial’


In a new twist to the Osama bin Laden saga, emails leaked from an intelligence analysis firm suggest that the body of the al-Qaeda leader was actually sent to the US for cremation and not buried at sea.
According to the emails, Osama was killed in a US raid on his compound in Abbottabad, Pakistan, and was transported to the US and cremated. The emails were allegedly obtained by the hacker group Anonymous from Stratfor, a private organisation dealing with analysis of intelligence and geopolitical situations, the Daily Mail reported......................

Click here to read more .... 

Solutions : www.xcyss.in

BPAS: 'Anonymous' hacker held over illegal breach of abortion website


An internet hacker has been arrested on suspicion of illegally breaching the British Pregnancy Advisory Service (BPAS) website after threatening to release the names of women who have had abortions.............

The hacker, using the pseudonym Pablo Escobar – a notorious Columbian drug baron – claimed to hold the "entire database and contract details" of women who had used Britain's biggest abortion clinic..........

He claimed to have accessed the names of women who had undergone terminations and was threatening to release them into the public domain.............

Click here to read more .... 

Solutions : www.xcyss.in

Researchers find MYSTERY programming language in Duqu Trojan


Security researchers are appealing for help after discovering that part of the Duqu Trojan was written in an unknown programming language.
Duqu is a sophisticated Trojan reckoned to have been created by the same group behind the infamous Stuxnet worm. While the finely tuned Stuxnet worm was designed to home in on specific industrial control systems – namely systems controlling high-speed centrifuges used by Iran's controversial nuclear enrichment plants – Duqu was created to fulfil the slightly different role of a backdoor where intruders could slip into SCADA-based systems and nick confidential information...................

Click here to read more .... 

Solutions : www.xcyss.in

China cyber capability endangers U.S. forces


Chinese cyberwarfare would pose a genuine risk to the U.S. military in a conflict, for instance over Taiwan or disputes in the South ChinaSea, according to report for the U.S. Congress.
Operations against computer networks have become fundamental to Beijing's military and national development strategies over the past decade.................

Click here to read more .... 

Solutions : www.xcyss.in

07 March 2012

Five arrested in high-profile cyberattacks


Top members of the computer hacker group "Anonymous" and its offshoots were arrested and charged Tuesday after a wide-ranging investigation used the help of a group leader who was working as a secret government informant.

Five of the suspects, considered by investigators among the "most sophisticated hackers in the world," were arrested in the United States over their alleged role in high-profile cyberattacks against government agencies and large companies..........

Authorities have said that leader within the organization was secretly working with government officials and aided their investigation.

Anonymous is considered a loosely tied group of hackers, that have spawned affiliate bodies, and in recent years have focused their efforts on coordinating cyberattacks for political reasons or as retribution for the activities of governments and large corporations.


Click here to read more .... 

Solutions : www.xcyss.in

06 March 2012

Stuxnet: Computer worm opens new era of warfare


The most pernicious computer virus ever known wasn't out to steal your money, identity, or passwords. So what was the intricate Stuxnet virus after? Its target appears to have been the centrifuges in a top secret Iranian nuclear facility. Stuxnet showed, for the first time, that a cyber attack could cause significant physical damage to a facility. Does this mean that future malware, modeled on Stuxnet, could target other critical infrastructure -- such as nuclear power plants or water systems? What kind of risk do we face in this country?............


For the past few months now, the nation's top military, intelligence and law enforcement officials have been warning Congress and the country about a coming cyberattack against critical infrastructure in the United States that could affect everything from the heat in your home to the money in your bank account. The warnings have been raised before, but never with such urgency, because this new era of warfare has already begun..........


The first attack, using a computer virus called Stuxnet was launched several years ago against an Iranian nuclear facility, almost certainly with some U.S. involvement. But the implications and the possible consequences are only now coming to light...............


There is reason for concern. For more than a decade, the U.S. military establishment has treated cyberspace as a domain of conflict, where it would need the capability to fend off attack, or launch its own. That time is here. Because someone sabotaged a top secret nuclear installation in Iran with nothing more than a long string of computer code.................


After several failures, Congress is once again trying to pass the nation's first cybersecurity law. And once again, there is fierce debate over whether the federal government should be allowed to require the owners of critical infrastructure to improve the security of their computer networks. Whatever the outcome no one can say the nation hasn't been warned............


Click here to read more .... 

Solutions : www.xcyss.in

Two foreigners hack bank account


Two foreigners, Evans Ukah Mendi, 34, from Cameroon and William Tambo, 37, from South Africa were arrested for hacking the bank account of a company and stealing Rs 16 lakh, police said on Monday.......


The fraudsters had hacked the password of the company’s account to buy goods online, and transferred Rs 2,32,682 to Futurebazar, Rs 6,37,141 to Fashionandyou and Rs 7,11,290 to TV 18.

Futurebazar and TV 18 were suspicious over transaction of such a large amount of money....................



Click here to read more .... 

Solutions : www.xcyss.in

05 March 2012

Michael Jackson's entire back catalogue stolen by hackers


MICHAEL Jackson's entire back catalogue has been stolen by internet hackers.

Sony music suffered its second major security breach in a year, with thieves targeting songs and unreleased material by the superstar singer. It's alleged they downloaded more than 50,000 music files, worth £160million, in the biggest ever cyber attack on a music company..........
The hack was discovered during routine monitoring of social networking sites, Jackson fan sites and hacking forums..................

Click here to read more .... 

Solutions : www.xcyss.in

03 March 2012

Top G-Man says Anonymous, not Al-Qaeda, will be top security threat


Cybersecurity threats will overtake terrorism as the top US national security concern, FBI Director Robert Mueller told the RSA Conference on Thursday.

The FBI director warned that foreign groups are stealing US intellectual property and innovation. “We are losing data, we are losing money, we are losing ideas and we are losing innovation. And as citizens, we are increasingly vulnerable to losing our information".......................
Solutions : www.xcyss.in

02 March 2012

Terrorist hackers waiting in the wings


Concern about cyberterrorism was evident this week among security experts at the RSA security conference, who find that some people with extremist views have the technical knowledge that could be used to hack into systems.
Cyberterrorism does not exist currently in a serious form, but some individuals with extremist views have displayed a significant level of knowledge of hacking, so the threat shouldn't be underestimated.
Extremists commonly use the Internet to communicate, spread their message, recruit new members and even launder money in some cases. They've even built their own file and email encryption tools to serve this goal and they use strong algorithms that cannot be cracked. 
The researcher has seen members of extremist forums publish guides on how to use penetration testing and computer forensics tools like Metasploit, BackTrack Linux or Maltego, vulnerability scanning, SQL injection techniques, and on using Google search hacks to find leaked data and more.
SCADA systems used in industrial facilities could represent a target for cyberterrorist attacks..... 
Solutions : www.xcyss.in

Laptop with ISS Command Codes Stolen from NASA in 2011

An unencrypted laptop stolen from NASA last year contained codes used to control the International Space Station (ISS), the space agency's inspector general told Congress on Wednesday in written testimony discussing NASA's cybersecurity—or lack thereof.


Such security incidents resulted in losses of more than $7 million.
In 2010 and 2011, NASA said it experienced 47 cyberattacks by well-heeled and skillful hacking operations known as "Advanced Persistent Threats."
NASA has a $1.5 billion annual IT budget, of which approximately $58 million is spent on IT security. But the space agency is way behind the curve when it comes to encrypting some of its most vulnerable IT assets. Federal agencies encrypt about 54 percent of their laptops and other mobile devices on average, but as of Feb. 1, 2012, NASA had only encrypted 1 percent of its own mobile systems.

The space agency is also deficient in routine IT upkeep. For example, a May 2010 OIG audit found that only 24 percent of applicable computers on a mission network were monitored for critical software patches and only 62 percent were monitored for technical vulnerabilities. The detailed control test of this network identified several high-risk technical vulnerabilities on a system that provides mission support to manned and unmanned spacecraft....

Click here to read more .... 

Solutions : www.xcyss.in

Dutch account holders plagued by cyber crime


Cyber criminals have developed a method to transfer money from the account holders of various Dutch banks.
The criminals use a virus to break into the secure connection between the bank and the accountholder when they are online and insert additional payments to foreign bank accounts.
Each day, several account holders are duped this way. The scheme is known as man-in-the-middle because the criminals place themselves between the bank and the account holder.
The Dutch Banking Association says the man-in-the-middle scheme is just one of the ways in which cyber criminals seek to rob account holders. Another example is phishing, in which people are directed to a phoney website where they are asked to fill in their personal data.

Click here to read more .... 

Solutions : www.xcyss.in

EC-Council Academy & Hacker Halted Asia Pacific Hacked By eMP3R0r TEAM

Official website EC-Council Academy - Leading IT Security Training Provider in Malaysia get hacked by eMP3R0r TEAM. They have also breached the official site Hacker Halted 2011 Asia Pacific - Hacker Halted Asia Pacific is a complete and comprehensive information security conference, with information security experts from all around the world presenting and discussing global information security topics and threats. The hackers have created deface mirror on Zone-H. Later the hacked pages have been removed by the authority and the whole site has been restored to its normal format..... 
Click here to read more .... 

Solutions : www.xcyss.in

01 March 2012

World Economic Forum´s Global Risks 2012 Report

In its seventh edition, the World Economic Forum´s Global Risks Report features more refined risk descriptions and rigorous data analysis covering 50 global risks. It aims to improve public and private sector efforts to map, monitor, manage and mitigate global risks. It is also a “call to action” for the international community to improve current efforts at coordination and collaboration, as none of the global risks highlighted respects national boundaries.


Top 10 Technological Risks

1. Critical systems failure: single-point system vulnerabilities trigger cascading failure of critical information infrastructure and networks.
2. Cyber-attacks: state-sponsored, state-affiliated, criminal or terrorist cyber attacks.
3. Failure of intellectual property regime: ineffective intellectual property protections undermine research and development, innovation and investment.
4. Massive digital misinformation: deliberately provocative, misleading or incomplete information disseminates rapidly and extensively with dangerous consequences.
5. Mineral resource supply vulnerability: growing dependence of industries on minerals that are not widely sourced with long extraction-to-market time-lag for new sources.
6. Massive incident of data fraud/ theft: criminal or wrongful exploitation of private data on an unprecedented scale.
7. Proliferation of orbital debris: Rapidly accumulating debris in high-traffic geocentric orbits jeopardizes critical satellite.    
8. Unintended consequences of climate change mitigation: Rapidly accumulating debris in high-traffic geocentric orbits jeopardizes critical satellite infrastructure. Attempts at geoengineering or renewable energy development result in new complex challenges.
9. Unintended consequences of nanotechnology: The manipulation of matter on an atomic and molecular level raises concerns on nanomaterial toxicity.
10. Unintended consequences of new life science technologies: Advances in genetics and synthetic biology produce unintended consequences, mishaps or are used as weapons.



 Solutions : www.xcyss.in

U.S. logs on for cyberwar with differing strategies


Battle lines drawn: government's power to patrol private networks vs. privacy, civil liberties

Hackers are infiltrating networks and personal computers daily. Most often, victims don't even know they've been infiltrated until the damage is done......The question now is just who will help prepare the U.S. to better position itself for the longer war?.....

One example of that came from former director of National Intelligence Mike McConnell speaking this week at a cyber panel at George Washington University.

McConnell suggested granting the super secret National Security Agency the power to patrol private networks, both foreign and domestic, for signs of attack.

Such suggestions make some who are concerned about privacy and civil liberties, queasy.

......
Click here to read more ....

 Solutions : www.xcyss.in

NATO’s Cyber Capabilities: Yesterday, Today, and Tomorrow



NATO’s central missions of collective defense and cooperative security must be as effective in cyberspace as
they are in the other domains of air, land, sea, and space. The Alliance started this process after suffering its first major cyber attacks in 1999, during Operation Allied Force, but more than a decade later it is still playing catch up.  The recent NATO cyber defense policy gives the Alliance a strong boost, giving priority to defense of NATO’s own networks.  But now the Alliance should “double down” on a core set of priorities, leveraging the best capabilities, policies, and practices from member nations and industry partners

.... Read full report at http://www.acus.org/files/publication_pdfs/403/022712_ACUS_NATOSmarter_IBM.pdf


Recommendations:



To develop cyber capabilities, NATO should focus its efforts on the following areas.  These first seven recommendations are general and could apply to any military organization facing challenges in cyberspace.

1. Pursue a relevant standard, such as the widely understood ISO/IEC 27001 and 27002 or the newer RMM, which has more focus on performance during crises.

2. Invest resources in the basics.  Incident response, information sharing, resilience, properly maintaining
computers to “patch” them from being vulnerable, and generally executing the new strategy.

3. Emphasize agility.  It was only fifteen years from the first flight of an airplane to the battle of Saint-Mihiel, the first coordinated air operation, under a single commander and in support of a ground attack.  Though we have over twice that many years experience in cyberspace, we do not yet have a similar understanding of what cyber conflict will eventually look like or how national militaries – much less NATO – should organize for it.  This means militaries will need to remain agile.  Options might include a heavier than normal reliance on capabilities from national members; learning to quickly procure and secure commercial IT systems; pooling and sharing; and collaboration with the private sector (see below).

4. Learn to fight through intrusions.  Neither NATO, nor the militaries of its member nations, will be able to
keep adversaries from intruding during a cyber conflict. As stated in the new US Department of Defense cyber strategy: “Operating with a presumption of breach will require DoD to be agile and resilient, focusing its efforts on mission assurance and the preservation of critical operating capability.” In line with the 2009 Strasbourg Summit Declaration, NATO exercises must fully integrate cyber into all its exercises and train to work through disruptions.  Just as air forces must fly and fight through hostile jamming, so must militaries also be able to operate when adversaries are inside their perimeter in cyberspace.


5. Develop and research advanced capability to stay ahead of the evolving threats.   Investment into research
and the next generation of security intelligence capability is needed but advanced security analytics – coupled with automation – will be required including through the existing Science for Peace and Security Program.

6. Develop an agenda for private sector collaboration, not just for information sharing, but in more substantive
ways as well. Many non-governmental organizations have significant capabilities to fight cyber crime, respond to incidents, and foster cooperation with other nations, making it productive and cost effective for NATO to collaborate.  While the current policy says that NATO “will work with partners, international organizations, academia, and the private sector in a way that promotes complementarity and avoids duplication,” this actually requires agility, fresh thinking and, above all, a plan to tie together efforts like the existing Framework for Collaborative Interaction, established by NATO’s Allied Command Transformation.

7. Treat cyber conflict as a national security problem for policymakers, not just a technical issue for computer security professionals. Policy makers must demand options that do not rely on exact attribution, such as ratcheting pressure against national leaders that encourage attacks,
whether or not those attacks can be traced to that nation’s infrastructure.  In addition, at the Chicago Summit of 2012, NATO should support important cyber norms, such as that
any alliance cyber operations will conform to the Laws of Armed Conflict and that NATO will not use or encourage third-party, non-state proxies to conduct cyber attacks on
its behalf.

The following ideas are specific to NATO:
8. Explore how a “phased adaptive” approach might apply to cyber defense.  Though the parallels to missile
defense are imperfect, NATO should consider structuring their future cyber defense plans into multiple phases
depending on future threats and technologies.  Phase 1 might improve NATO’s own defenses, while Phase 2
extends these to national militaries.  Later phases could include sharing information with the EU, infrastructure
providers, or erecting a cyber umbrella of warning and defenses.
 
9. Push multinational sharing of baseline capabilities.  NATO may not need a separate IT schoolhouse for
each nation’s military or service or separate national IT procurement programs, as Allies use the same Internet
for similar purposes and purchase generally identical computers and switches.  If nations can share aircraft
carriers then there are likely obvious options to share and pool cyber capabilities.  NATO must develop a mechanism in the medium term to connect military and civilian ministries.




12. Consider offensive coordination, not capability.  When the US military started exploring offensive cyber
capabilities, it began with small, embedded units who knew both traditional and cyber military operations – and had the proper clearances.  During future crises NATO might consider creating an ad hoc coordination cell.  These officers should apply, but not necessarily share, their knowledge of sensitive capabilities to help communicate the objectives of the Alliance’s operational commanders to
their relevant national cyber units.  This coordination group might be similar to the US Air Forces Cyber Operations Liaison Element.  In addition, as suggested by the Atlantic Council’s Franklin Miller, NATO should consider creating a group, modeled on NATO’s existing Nuclear Planning Group, to consider offensive cyber policy


Click here to read more .... 

 Solutions : www.xcyss.in