Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - US and Canada Launch Joint Cybersecurity Plan (

wiredmikey writes: Canada and the United States announced Friday they were launching a joint cybsersecurity plan that aims to better protect critical digital infrastructure and improve the response to cyber incidents.

Under the action plan, the US Department of Homeland Security and Public Safety Canada will cooperate to protect vital cyber systems and respond to and recover from any cyber disruptions, by improving collaboration on managing cyber incidents between their respective cyber security operation centers, enhancing information sharing and engagement with the private sector and pursuing US-Canadian collaboration to promote cyber security awareness to the public.

The news came after earlier in the week Canadian Auditor General Michael Ferguson warned that Canada has made only "limited progress" over the past decade to safeguard electrical grids, telecommunications infrastructure, banking systems, manufacturing and transportation, as well as its own computers. Earlier this month, U.S. Defense Secretary Leon Panetta said that the U.S. has drafted new rules for the military that would enable it to move aggressively against digital attacks. The amended rules of engagement underline the need to defend Defense Department computer networks, "but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace," he said. Panetta also called on Congress this week to adopt proposed cyber security legislation and demanded Congress take action after November elections to ensure stable funding for the US military.


Submission + - Europe's Cyber Warriors Play War Games ( 1

wiredmikey writes: The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, today kicked off a cyber security exercise across Europe designed to help Nations be prepared to deal with cyber attacks.

During the exercise, dubbed "Cyber Europe 2012", more than 300 cyber security professionals in 25 countries across Europe will test their skills and ability to work together, in order to defend against a massive simulated cyber-attack.

Cyber Europe 2012 will include several “technically realistic threats” into a single escalating Distributed Denial of Service (DDoS) attack on online services in all participating countries simultaneously. “This kind of scenario would disrupt services for millions of citizens across Europe,” ENISA said. When the exercise is completed, the participants will have managed more than 1000 simulated cyber incidents.

During the 2010 Cyber Europe exercise, ENISA said there were a few minor technical and communication problems. For example, some injects were delayed or slowed, along with some minor difficulties with the use of government emails in combination with VPNs.

It will be interesting to see the results of the 2012 exercise, and (hopefully) progress that has been made both in terms of technical ability to combat cyber attacks, and communications and cooperation between the Nations.


Submission + - Microsoft Certificate Was Used to Sign "Flame" Malware ( 1

wiredmikey writes: Microsoft disclosed on Sunday that "unauthorized digital certificates derived from a Microsoft Certificate Authority" were used to sign components of the recently discovered "Flame" malware.

“We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft,” Microsoft Security Response Center’s Jonathan Ness wrote in a blog post.

Microsoft is also warning that the same techniques could be leveraged by less sophisticated attackers to conduct more widespread attacks.

In response to the discovery, Microsoft released a security advisory detailing steps that organizations should take in order block software signed by the unauthorized certificates, and also released an update to automatically protect customers. Also as part of its response effort, Microsoft said its Terminal Server Licensing Service no longer issues certificates that allow code to be signed.


Submission + - DHS Asked Pipeline Firms to Let Attackers Lurk Inside Networks ( 1

wiredmikey writes: According to reports, which were confirmed Friday by ICS-CERT, there has been an active cyber attack campaign targeting the natural gas industry. However, it’s the advice that the DHS is giving that should raise some red flags.

“There are several intriguing and unusual aspects of the attacks and the US response to them not described in Friday's public notice,” CSM Staff Writer, Mark Clayton, noted. “One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.”

According to the source, the companies were “specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.” “In essence they were saying: 'Do not put in any mitigation or blocks against these active intruders,’" the CSM’s source said. "But if you're telling an investor owned utility not to do anything, that's pretty unheard of. Step one is always block these guys and get them off the system. It's pretty unusual in the commercial world to just let them collect data. Heaven forbid that the intruders gain control..."

While the main motive behind the request is likely to gain information on the attackers, letting them in close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them. Because they’re specialized, traditional security tools don’t always fit, and because they’re largely purpose built using embedded run time operating systems, man of those tools simply can’t accommodate them.

The DHS will not comment on "For Official Use Only" and other sensitive memos, so their reasoning for allowing the attackers to look around will remain in speculation.


Submission + - U.S. Report Shows China's Cyber-Capabilities (

wiredmikey writes: “It's getting harder and harder for China's leaders to claim ignorance and innocence as to the massive electronic reconnaissance and cyber intrusions activities directed by Chinese interests at the U.S. government and our private sector.” Those were the words of Michael Wessel, Commissioner of the U.S.-China Economic and Security Review Commission in a report released on Thursday.

The 136-page report details how China is advancing its cyber attack and exploitation capabilities, and examines the risks to U.S. national security and economic interests., including the electronics supply chain.

But experts say there is no need to fear a massive strike anytime soon — at an RSA Conference panel last week in San Francisco, experts said that countries with the most capability don’t necessarily have the most interest in launching massive cyber attacks against the United States.

The report is timely as the United States Congress is currently considering cybersecurity legislation, and the Commission hopes that this work will be useful to the Congress as it deliberates on how to best protect our networks.


Submission + - RSA Conference: On the Subject of Cyberwar (

wiredmikey writes: Talk of an impending ‘Cyber Pearl Harbor’ is not an uncommon image evoked during discussions of cyber threats to the critical infrastructure of the United States. But the countries with the most capability do not necessarily have the most interest in launching the types of attacks against the United States that make for movie plots, a panel of experts said at the RSA Conference Wednesday.

“There are nation-states that absolutely have the capability (to launch a major attack), but they don’t have the intent – mostly because it wouldn’t be in their own interest, and the spillover effects would be very damaging to the world economy and a lot of other things,” said Eric Rosenbach, deputy assistant secretary of Defense for Cyber Policy in the Department of Defense. “The other reason is, that type of attack, contrary maybe to what the conventional wisdom is, I think would be very difficult to disguise.”

Rosenbach was joined on the panel by Martin Libicki, senior scientist with the RAND Corporation, a global policy think tank; Adam Segal, senior fellow for counterterrorism and national security studies for the Council on Foreign Relations; Jim Lewis, senior fellow and program director for the Center for Strategic and International Studies; and Dmitri Alperovitch, co-founder of newly-created CrowdStrike.

Though the panel did not downplay the threat posed by nation-states, they did look to offer some perspective on the topic of cyber-war, discussions of which sometimes slip into hype. According to Rosenbach, countries like Iran that may have the strongest desire to launch crippling attacks against the U.S. government or the country’s critical infrastructure lack the capability.

Lewis noted it is important not to underestimate the capabilities of other countries, and he noted that the public and private sector should work to share more information – a sentiment also expressed in a keynote Tuesday by U.S. Deputy Secretary of Defense Dr. Ashton Carter.


Submission + - Confirmed: Hackers Accessed Symantec Source Code (

wiredmikey writes: Earlier tonight I posted on news that hackers claimed to have accessed the source code to an unspecified version of Symantec’s Norton Antivirus product.

It turns out that the hacker’s claims are off a bit. Norton is a consumer-focused product, and Symantec has confirmed, that from what they have seen thus far, the code that has been accessed by the attackers was from their Enterprise product line.

In this case Symantec confirmed with SecurityWeek early Friday morning that the products in question are Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, so this incident did NOT involve its consumer products which are “Norton” branded.

Unlike the RSA breach when hackers penetrated company networks to steal confidential data and intellectual property, Symantec confirmed that its systems had not been breached. “Symantec’s own network was not breached, but rather that of a third party entity,” the company said in a statement.

"“We are still gathering information on the details and are not in a position to provide specifics on the third party involved,” the company said. “Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."


Submission + - Same Platform Made Stuxnet & Duqu: Others Lurk (

wiredmikey writes: New research from Kaspersky Labs has revealed that the platform dubbed "tilded" (~d), which was used to develop Stuxnet and Duqu, has been around for years. The researchers say that same platform has been used to create similar Trojans which have yet to be discovered.

Alexander Gostev and Igor Sumenkov have put together some interesting research. The key point being the person(s) behind what the world knows as Stuxnet and Duqu, have actually been using the same development platform for several years.

"The drivers from the still unknown malicious programs cannot be attributed to activity of the Stuxnet and Duqu Trojans," explained Alexander Gostev, Chief Security Expert at Kaspersky Lab. "The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they can’t be attributed either to the more targeted Duqu Trojan due to the compilation date." “We consider that these drivers were used either in an earlier version of Duqu, or for [an] infection with completely different malicious programs, which moreover have the same platform and, it is likely, a single creator-team,” Gostev explained.

"The platform continues to develop, which can only mean one thing – we’re likely to see more modifications in the future," the research concluded.


Submission + - Where are the Cyber Warriors? (

wiredmikey writes: "Oliver Rochford writes an interesting piece on how in the western world, there is an entire commercial class of security professionals, an underground of Black Hat hackers working for financial gain, but few Hackers serving as cyber warriors.

China has publicly announced the formation of a specialized cadre of cyberwar experts, although it was clear they already possessed such forces. At the same time, Iran, Pakistan, and Russia all seem to have developed cyberwar strategies as well, and are actively engaging in executing these.

Rochford argues there is a disjoint here. Why is a nation like China, that is seen as oppressive and controlling in the west, able to motivate, cultivate and harness their hacker types, whilst ours primarily seem occupied in hacking ourselves or for the highest bidder?

When a western government has to resort to a cheap media gimmick to attempt to find cybersecurity talent, and delivers a badly thought-out and executed fiasco, only to offer an even cheaper financial reward at the end of the farce, you sort of get a feeling that we’re in trouble.

So, Rochford asks, where are our cyberwarriors? Where will they be when we really need them? With us, or against us?"


Submission + - Behind the Government's Rules of Cyber War (

wiredmikey writes: The evolution of cyber-attacks has challenged the way military and intelligence professionals define the rules of war. Deciding when malware becomes a weapon of war that warrants a response in the physical world – for example, a missile – has become a necessary part of the discussion of military doctrine.

The Pentagon recently outlined its working definition of what constitutes cyber-war and when subsequent military strikes against physical targets may be justified as result.

The main issue is attribution of cyber attacks. The Department of Defense is working to develop new ways to trace the physical source of an attack and the capability to identify an attacker using behavior-based algorithms. “..if a country is going to fire a missile at someone, it better be sure it has the right target,” said one expert.

A widely held misconception in the U.S. government is our offensive capabilities provide defensive advantage by identifying attacker toolkits and methods in foreign networks prior to them hitting our networks.

So when do malware and cyber attacks become a weapon or act of war that warrant a real-world military response?


Submission + - Companies Unprepared for Onslaught of APTs (

wiredmikey writes: This summer, Dmitri Alperovitch from McAfee revealed discoveries of a series of targeted intrusions into 70+ global organizations. Along with revealing the attacks dubbed “Operation Shady RAT”, Alperovitch commented, “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised.”

Some criticized the specifics of Shady RAT and Alperovitch’s comments, dismissing them as marketing FUD, but it appears many folks could be agreement with Alperovitch, at least in terms of the wide array of companies that could have experienced a breach.

This week, a report from The Enterprise Strategy Group revealed that a majority of mid-to-large U.S.-based corporations believe they have been the targets of cyber attacks looking to steal sensitive data.

Nearly one-third of the large organizations surveyed believe that they are vulnerable to future APTs, indicating that many organizations are ill prepared to protect against future attacks.

Additionally, 46% of large organizations that ESG categorized as “most prepared for APTs” (based upon their existing security policies, procedures, and technical safeguards) say they are vulnerable to future sophisticated attacks.

According to the report, 93% of security professionals working at enterprise organizations are either “extremely concerned” or “concerned” about APTs and the impact that APT attacks could have on vital U.S. interests such as national security and the economy.

“Virtually everyone is falling prey to these intrusions, regardless of whether they are the United Nations, a multinational Fortune 100 company, a small non-profit think-tank, a national Olympic team, or even an unfortunate computer security firm,” Alperovitch noted during his revealing of Shady RAT. “I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know,” Alperovitch concluded.

ESG's report suggests that the companies that have already taken proper steps to secure their assets still believe they are vulnerable to APTs. If those organizations with strong cybersecurity policies are vulnerable to APT attacks, it’s safe to conclude that nearly all organizations are vulnerable.

While it's not anything new to point out that organizations are vulnerable, it's interesting to see that they are finally admitting it and acknowledging their fears.


Submission + - Coordinated Cyber Attacks Hit Chemical & Defen (

wiredmikey writes: Attackers have been targeting chemical and defense companies around the world in a cyber-campaign designed to steal information.

According to researchers, the campaign began in late April, and was initially focused on human rights organizations and later the motor industry. In late July, the attackers moved on to the chemical industry and began targeting 29 companies.

At least 48 companies are believed to have been targeted across various verticals, including the defense industry, Symantec found. Among the victims are multiple Fortune 100 companies involved in research and development of chemical compounds as well as companies that develop materials for military vehicles.

The attacks infected computers with the well-known PoisonIvy Trojan and have been dubbed ‘Nitro’ by Symantec, which released a whitepaper on the situation earlier today.


Submission + - New Details on Precursor to the Next Stuxnet (

wiredmikey writes: Today, Symantec researchers shared details on what they say could be the precursor to a future Stuxnet-like attack. Symantec said they were tipped off about the threat on October 13th by a research lab “with strong international connections.”

According to Symantec, samples of the malware were received by systems in Europe, with other variants showing up, one revealing a compilation date of October 17, 2011 that Symantec is currently analyzing. Initial findings compared Duqu to Stuxnet, with parts of it nearly identical to Stuxnet—but it appears to serve a different purpose and does NOT contain code that would target industrial control systems.

While the analysis shows many similarities in code and design to Stuxnet, the attack targets and usage could be more along the lines of what McAfee Identified as "Operation Shady RAT" earlier this year. This is in the early stages and much more should be learned over time, assuming more samples are collected.


Submission + - Air Force Comments on Drone Malware ( 4

wiredmikey writes: Air Force officials have revealed more details about a malware infection that impacted systems used to manage a feet of drones or UAVs at the Creech Air Force Base in Nevada as reported last week.

According to the Air Force, the 24th Air Force (24th AF) first detected the malware – which they characterized as a “credential stealer” as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems.

The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force, which explained the infected computers were part of the ground control system that supports drone flight operations. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts.


Submission + - Japan's Largest Defense Contractor Hacked (

wiredmikey writes: Mitsubishi Heavy Industries Ltd, Japan's largest defense contractor, has been a victim of a cyber attack, according to a report from the company. The company said attackers had gained access to company computer systems, with some reports saying the attacks targeted its submarine, missile and nuclear power plant component businesses.

According to The Yomiuri newspaper, approximately 80 systems had been infected with malware at the company's headquarters in Tokyo, as well as manufacturing and research and development sites, including Kobe Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works and Nagoya Guidance & Propulsion System Works.

"We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies have been kept safe," a Mitsubishi Heavy spokesman told Reuters. "We've found out that some system information such as IP addresses have been leaked and that's creepy enough," the spokesman added.

"What people have been reduced to are mere 3-D representations of their own data." -- Arthur Miller