Articles Posted in Cybersecurity

WASHINGTON ,— Invasion of privacy in the Internet age. Expanding the reach of law enforcement to snoop on e-mail traffic or on Web surfing. Those are among the criticisms being aimed at the FBI as it tries to update a key surveillance law.

With its proposed amendment, is the Obama administration merely clarifying a statute or expanding it? Only time and a suddenly on guard Congress will tell.

Federal law requires communications providers to produce records in counterintelligence investigations to the FBI, which doesn’t need a judge’s approval and court order to get them.

WikiLeaks’ chief claims his organization doesn’t know who sent it some 91,000 secret U.S. military documents, telling journalists that the website is set up to hide the source of its data from those who receive it.

Editor-in-chief Julian Assange says the added layer of secrecy helps protect the site’s sources from spy agencies and hostile corporations. He acknowledged that the site’s anonymous submissions raised concerns about the authenticity of the material, but said the site has not yet been fooled by a bogus document.

Assange made the claim in a lengthy hour talk before London’s Frontline Club late Tuesday, in which he outlined the workings of WikiLeaks and defended its mission.

In response to a report in the Wall Street Journal, the National Security Agency revealed some information about its plans for “Perfect Citizen,” which it described as a research and engineering effort around vulnerability assessment and capabilities development. The National Security Agency revealed some information about the nature of its “Perfect Citizen” cyber-security program after a report about the agency’s plans surfaced in the media. While the agency is unwilling to confirm or deny some details of the Wall Street Journal article, the agency described Perfect Citizen as a “vulnerabilities-assessment and capabilities-development” effort, and stressed that there is no monitoring activity involved. “Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems,” NSA spokesperson Judith Emmel said in a statement. “This contract provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks, which is a critical part of NSA’s mission of defending the nation.” Defense contractor Raytheon was reported by the Journal to have received the contract for the project. According to the Journal, Perfect Citizen would involve placing sensors across a variety of computer networks belonging to government agencies and private sector companies involved in critical infrastructure in order to protect against cyber-attacks. The focus would be large, typically older systems designed without Internet connectivity or security in mind, the Journal reported.

See www.eweek.com/c/a/Security/NSA-Cyber-Security-Program-Details-Revealed-275248

Many Companies Continue to Ignore the Issue (Pittsburgh Post-Gazette, 22 June 2010) – After a year of high-tech breaches at some of the nation’s biggest companies, a provision in a Senate bill calls on the White House to encourage a market for cybersecurity insurance to protect businesses from debilitating costs brought on by hacking and compromised information. The bill, introduced by Sens. Jay Rockefeller, D-W.V., and Olympia Snowe, R-Maine, says the president or his appointee must report to Congress on “the feasibility of creating a market for cybersecurity risk management” one year after the bill’s passing. But a crashed server policy is not as easy to write as a crashed car policy. Many businesses are deterred by an application process described as appropriately exhaustive but forever imprecise. The process is complicated by the tricky nature of monetizing data. Web experts always have held that “information wants to be free.” But how much is it worth when it’s stolen? Companies lost an average of $234,000 per breach in 2009, a recent report by the Computer Security Institute in New York found. But a report released last Tuesday by the Carnegie Mellon CyLab found that 65 percent of its Fortune 1,000 respondents were not reviewing their companies’ cybersecurity policies. Jody Westby, a researcher who worked on the CyLab report that indicated board negligence, said the insurance provision in the cybersecurity bill was a mandate by an ill-informed Congress. “This is interventionist, regulatory, heavy-handed action by Congress,” said Ms. Westby from an technology best practices conference in Burkina Faso, West Africa. “This isn’t anything that Congress is going to fix,” she said. “It’s something boards in America need to fix.”

For more information please visit: http://www.post-gazette.com/pg/10173/1067262-96.stm AND/OR http://www.knowconnect.com/mirln/current/

WASHINGTON – Internet search firm Google Inc. is finalizing a deal that would let the U.S. National Security Agency help it investigate a corporate espionage attack that may have originated in China, the Washington Post reported yesterday.

The aim of the investigation is to better defend Google, the world’s largest Internet search company, and its users from future attacks, the Post said, citing anonymous sources with knowledge of the arrangement.

The sources said Google’s alliance with the NSA — the intelligence agency is the world’s most powerful electronic surveillance organization — would be aimed at letting them share critical information without violating Google’s policies or laws that protect the privacy of online communications.

The ongoing conflict between Google and China escalated earlier this month as Google announced it had discovered that the hacking of its servers had originated from the Chinese government.

The hacking code used was traced to China’s territory, but not to the Chinese government, which, not surprisingly, denies any connection to the attack. How Google came to the conclusion that the hack had come from the Chinese government has yet to be disclosed.

China currently has the most Internet users of any country in the world. JP Morgan and Chase estimates that Google will make roughly six hundred million dollars in the Chinese market in 2010. Withdrawing from China would clearly be a poor business decision.

Twitter reset passwords for an unknown number of users on Tuesday whose accounts appeared to have been compromised via phishing.

“As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite,” the company said in a statement.

Some Twitter users apparently “used their Twitter username and password to sign up for an untrusted third-party application which then posted Tweets to their account,” a spokeswoman said.

Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing, according to experts.

For several years, piracy groups that run services allowing music, video and software to be illegally shared online have been using legal loopholes across a wide range of countries as a way of escaping prosecution for copyright infringement.

In the last year there has been a significant shift, say piracy experts, as the groups have worked to stay beyond the reach of western law enforcement.