Sunday, October 18, 2015

Cybersecurity News and Education for the Week of October 18, 2015






New York Times: Bits Special Section on Security & Privacy, October 14, 2015

Online Attacks on Infrastructure Are Increasing at a Worrying Pace: Over the last four years, foreign hackers have stolen source code and blueprints to the oil and water pipelines and power grid of the United States and have infiltrated the Department of Energy’s networks 150 times. … So what’s stopping them from shutting us down?
Hacking for Security, and Getting Paid for It: It should come as no surprise that the Internet is riddled with holes. …For as long as people have been writing code, they have been making mistakes. And just about as long as they have been making mistakes, criminals, governments, so-called hacktivists and people who wreck things for kicks have been taking advantage.
Q.&A.: Guarding Personal Data From Abuse by Insiders: An interview with Courtney Bowman, a member of the privacy and civil liberties group at Palantir Technologies. Palantir, a privately held tech company in Palo Alto, Calif., first became known through its work for many military, police and intelligence services in the United States and overseas.
Hackers Prove They Can ‘Pwn’ the Lives of Those Not Hyperconnected: It took the hackers less than two hours to take over Patsy Walsh’s life. … On a recent Friday, Mrs. Walsh, a grandmother of six, volunteered to allow two hackers to take a crack at hacking her home. How bad could it be?
G.E. Navigates, Carefully, the Industrial Internet of Things: Bringing the digital magic of the Internet economy to the machines that run the world is the heady vision of the industrial Internet, or the industrial Internet of Things. … Industrial gear like jet engines, power turbines and rail locomotives will sense and predict when they need a tuneup, before any breakdowns, and automatically adjust to changes in the weather and market demand. Factories, cities and even national economies will become more efficient, more productive and cleaner, the thinking goes.
Q&A: While in China, Protect Your Devices and Data: China is one of the world’s most dangerous Internet environments, with risks including government-sponsored on­line attacks, piracy and malware. Thomas Parenty, a former National Security Agency official who runs a security consulting firm, offered his views on how to ensure that devices and personal information stay safe in China. Here are excerpts.
Preparing for Disaster: When Your Phone Is Gone: Smartphones increasingly hold our lives — our contacts, messages, credit card data, health care information and the controls to our smart homes — within their sleek metallic finishes. So when we lose the devices, it’s a problem.
Encryption Is More Important, and Easier, Than Ever: SAN FRANCISCO — Twenty years after Netscape introduced encryption to web browsers to safeguard the private data of Internet users, roughly two-thirds of web traffic still moves on unprotected channels, according to research by Sandvine, a network equipment provider.
Deadline to Disclose Data Breaches Raises Concerns in Europe: Europe is getting close to testing a question increasingly central to data security: Will requiring companies to quickly inform regulators of a breach help protect people’s information?
Hotspot Shield Creator Is on a Mission to Outflank the Censors: Growing up in Moscow, David Gorodyansky listened to his grandfather tell stories about fighting the Nazis during World War II. His grandfather was an aerial photographer who flew sorties to take pictures of enemy targets, then returned to bomb them. To Mr. Gorodyansky, he was a hero.
Firms Pit Artificial Intelligence Against Hacking Threats: Sometimes the best way to stop a bad machine is with a lot of good machines.

Cyber Crime

An “Average” Cyber Crime Costs a U.S. Company $15.4 Million: A new study shows a cyber crime incident in the United States costs a company an average of $15.4 million, an increase of 19%. Forbes, October 17, 2015
FBI Probing Dow Jones Hacking by Russians: U.S. authorities are reported to be investigating whether Russian hackers have infiltrated the Dow Jones financial news company to steal market-moving information prior to publication. VoiceOfAmerica, October 17, 2015
Credit Card Breach at America’s Thrift Stores: Another charity store chain has been hacked: America’s Thrift Stores, an organization that operates donations-based thrift stores throughout the southeast United States, said this week that it recently learned it was the victim of a malware-driven security breach that targeted software used by a third-party service provider. KrebsOnSecurity, October 12, 2015

Cyber Privacy

How the NSA is cracking encryption: The National Security Agency is bypassing encrypted Internet connections because the encryption data is all the same, researchers posited this week. It has long been believed the NSA had a way to bypass common types of encryption, but its methods haven’t been known. Washington Examiner, October 17, 2015
How Mattel’s Hello Barbie could become a target for hackers: At a New York City toy fair in February, Barbie and an equally blonde and long-locked adult handler chatted in front of a captivated audience. Sidney Morning Herald, October 12, 2015

Identity Theft

The Way We Use Social Security Numbers Is Absurd: On Oct. 2, the nation’s second-largest wireless provider emailed subscribers a notice that said a great deal about the problems big business is having keeping personal data private. FiveThirtyEight, October 15, 2015

Cyber Warning

Another security flaw affects all versions of Adobe Flash: The vulnerability is being exploited by a cyberespionage group targeting governments, NATO and the media, researchers warn. CNET, October 16, 2015
Malware Explodes on Mac OS X: Success breeds contempt, and if you need proof, look no further than the recent proliferation of malware on Mac OS X. In 2015, there has been five times as much malware discovered for Apple’s desktop operating system as there was between 2010 and 2014 combined — and this year’s not even over yet. Tom’s Guide, October 16, 2015

Cyber Security Management

Getting your Information Security team right: Companies are investing in cybersecurity more than ever and it is a critical and yet a difficult task to bring a team that effectively monitors threats and manages security incidents. Despite the increased trend in spending in cybersecurity by industries and organizations, studies predict a major dearth of skilled security labor in the next decade. CSO, October 14, 2015
Chief Information Security Officer salary and job description: What’s the role of the CISO, who should the CISO report to and how much does a CISO get paid?: What’s the role of the CISO, who should the CISO report to and how much does a CISO get paid? CIO, October 14, 2015
Chief Information Security Officer interview questions: Tough questions for CISOs and CSOs: The tough questions to ask a Chief Security Officer or Chief Information Security in an interview. CIO, October 14, 2015

Cyber Security Management – Cyber Defense

Microsoft Enables Transparent Encryption on Azure SQL Cloud Databases: The company’s Transparent Data Encryption option, borrowed from SQL Server, is now generally available as part of numerous upgrades to its cloud database platform. eWeek, October 16, 2015

Cyber Security Management – Cyber Update

Adobe, Microsoft Push Critical Security Fixes: Adobe and Microsoft on Tuesday each released security updates to remedy critical vulnerabilities in their software. Adobe pushed patches to plug at least 56 security holes present in Adobe Reader and Acrobat, as well as a fix for Flash Player that corrects 13 flaws. Separately, Microsoft issued six update bundles to address at least 33 security problems in various versions of Windows, Microsoft Office and other software. KrebsOnSecurity, October 14, 2015

National Cyber Security

Information security is back on the global agenda: In recent years, information and cyber security issues have become an important and integral part of the national security of many states. With the information revolution and global spread of the Internet, issues of information and cyber security are attracting more and more attention. Moreover, as the events of the Arab Spring demonstrated, cyberspace should not be underestimated as a tool in forming and manipulating public opinion. Russia Direct, October 16, 2015
Arrest of Chinese Hackers Not a First for U.S.: The Washington Post reported last week that the Chinese government has quietly arrested a handful of hackers at the urging of the U.S. government, a move described as “an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions.” While this a welcome and encouraging development, it is not the first time Beijing has arrested Chinese hackers in response to pressure from the U.S. government. KrebsOnSecurity, October 13, 2015

Cyber Underworld

Cybercrime Is The Modern-Day Mafia: Organized crime is nothing new. Mob gangsters and mafia families have been romanticized as the stuff of legend since the days of Prohibition. Just as the Internet has transformed the way we access information, shop, interact with each other, and conduct business, it has also completely altered the world of organized crime. Forbes, October 16, 2015
Cybercrime bazaars: What’s for sale in the online underworld?: Intel Security has published a study that aims to shed light on the business deals, negotiations and pricing involved in the hidden underworld of the cybercrime economy. The Register, October 15, 2015


Steptoe Cyberlaw Podcast, Episode #84: An interview with Jack Goldsmith: In episode 84 our guest is Jack Goldsmith, Professor at Harvard Law School, a Senior Fellow at the Hoover Institution at Stanford University, and co-founder of the Lawfare blog. Moderator: Stewart Baker. Lawfare, October 14, 2015 

Cyber Insurance

As Cybercrime Proliferates, So Does Demand For Insurance Against It: Cybercrime is costing the global economy nearly half a trillion dollars a year, according to the insurer Allianz. It’s a major threat to businesses, which are looking for ways to protect themselves. One option is cybercrime insurance. NPR, October 12, 2015

Cyber Misc

The Business of Cybersecurity: 2015 Market Size, Cyber Crime, Employment, and Industry Statistics: Here’s a sneak peek at the cybersecurity year in review for 2015, which we’ll bring to you in mid-December. Forbes, October 16, 2015
Hacker Who Sent Me Heroin Faces Charges in U.S.: A Ukrainian hacker who once hatched a plot to have heroin sent to my Virginia home and then alert police when the drugs arrived had his first appearance in a U.S. court today, after being extradited to the United States to face multiple cybercrime charges. KrebsOnSecurity, October 13, 2015's Security Recruiter Blog