Frustrated by their inability to stop sophisticated hacking attacks or use the law to punish their assailants, an increasing number of U.S. companies are taking retaliatory action.
Known in the cyber security industry as "active defense" or "strike-back" technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant's own systems.
Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and Internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage.
PatPending writes: Summary: Adobe just released a critical Flash Player security update. Good news: it includes a new automatic updater for Windows. Bad news: Adobe’s download page pushes a misleading “system optimizer” designed to scare users into paying for unneeded repairs.
A video of the entire process (approximately 10 minutes) is here.
This year alone, three Flash Player security updates have been issued by Adobe: one on February 15, one on March 5, and one on March 28.
PatPending writes: This year at the CanSecWest security conference, Google will once again sponsor rewards for Google Chrome exploits. This complements and extends their Chromium Security Rewards program by recognizing that developing a fully functional exploit is significantly more work than finding and reporting a potential security bug.
Hackers have repeatedly penetrated the computer network of the company that runs the Nasdaq Stock Market during the past year, and federal investigators are trying to identify the perpetrators and their purpose, according to people familiar with the matter.
The exchange's trading platform—the part of the system that executes trades—wasn't compromised, these people said. However, it couldn't be determined which other parts of Nasdaq's computer network were accessed.
Investigators are considering a range of possible motives, including unlawful financial gain, theft of trade secrets and a national-security threat designed to damage the exchange.
Defendant's Criminal Activities Extended to the National Security Sector
A four-count indictment was returned by a federal grand jury in Brooklyn today charging Lin Mun Poo, a resident and citizen of Malaysia, with hacking into a computer network of the Federal Reserve Bank and possessing more than 400,000 stolen credit and debit card numbers.1 The defendant was arrested on a criminal complaint shortly after his arrival in the United States on October 21, 2010, and has been held in custody since then. The case has been assigned to United States District Judge Dora L. Irizarry.