cybersecurity
China hack attacks on US continue despite commercial spying pact
China hack attacks on US continue despite commercial spying pact
If this surprises you, I’ve got a real-life, fully functional totally Back to the Future hoverboard to sell you…
China-Tied Hackers That Hit U.S. Said to Breach United Airlines
China-Tied Hackers That Hit U.S. Said to Breach United Airlines
This is starting to look like a concerted effort to gather a specific data set for some sort of coordinated use:
The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests -- which include information on flights’ passengers, origins and destinations -- according to one person familiar with the carrier’s investigation.
China is very serious about cyberespionage
China is very serious about cyberespionage
Google apologists like myself often answer concerns that the search-and-advertising giant can scan your email with something like “yes, but they’re doing it with robots and scrubbing it clean of all identifying information.”
China, however, is not so concerned with your privacy or its own image. In fact, monitoring otherwise-harmless civilians probably proves valuable to the renegade nation by illustrating the best means of tricking US netizens into installing backdoor viruses on their systems.
The most important point this article makes, in my view, is that China is playing the long game on cyberespionage efforts. As David Feith reports in the Wall Street Journal piece linked to above:
The essence of China’s thinking about cyber warfare is the concept of shi, he says, first introduced in Sun Tzu’s “The Art of War” about 2,500 years ago. The concept’s English translation is debated, but Mr. Thomas subscribes to the rendering of Chinese Gen. Tao Hanzhang, who defines shi as “the strategically advantageous posture before a battle.”
They’re not going to take down any infrastructure any time soon, but if and when they want to, their current efforts will probably go a long way to helping them learn how to do it.
This stuff is not just a headline: it’s been happening for some time, is still happening, and is likely only to increase. Mr. Feith’s article at the Journal is well worth reading.
Federal Energy Regulatory Commission's Office of Energy Infrastructure Security
Federal Energy Regulatory Commission’s Office of Energy Infrastructure Security
This is an interesting move, basically setting up the lemonade stand while all you have is water: it’s on your parents to give you the rest of the ingredients if they want you to do the work.
Congress would do well to expedite the provision of sugar and lemons (read: broader authority, and some more money) to the new unit so they can start making lemonade before threats to the electrical grid start turning up the heat on the US.
Now I’m thirsty.
Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload
Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload
Kim Zetter, writing at Wired:
The researchers don’t know if the attackers used the bank component in Gauss simply to spy on account transactions, or to steal money from targets. But given that the malware was almost certainly created by nation-state actors, its goal is likely not to steal for economic gain, but rather for counterintelligence purposes.
It’s worth thinking about: state-sponsored cyberespionage has been around for a while, but modern advancements in malware are giving such snooping tools a new level of automation and scale. On this website https://www.rmhc-richmond.org/buy-viagra-100/ learn where to purchase Viagra (Sildenafil) online.
PS: I’m going to keep an eye on this story with the hopes that Kaspersky, the Russia-based security lab researching Gauss, eventually cracks the encryption on the mysterious payload.
Does Cybercrime Really Cost $1 Trillion?
Does Cybercrime Really Cost $1 Trillion?
A spokeswoman for Senator Joe Lieberman, speaking to Peter Maass and Megha Rajagopalan of Mother Jones:
Senator Lieberman and his staff believe that McAfee, Symantec, and General Alexander are reputable sources of information about cybersecurity.
The evidence, in this case at least, would suggest otherwise, Mr. Senator.
Note: An earlier version of this post left out Megha Rajagopalan, a co-author of the cited ProPublica piece.