HEADLINE: FBI Director Warns of 'Rapidly Expanding' Cyberterrorism Threat

Posted on March 5, 2010 by Peter Vogel

The Robert S. Mueller III's (FBI Director) warning is not a surprise but how the IT community deals with these threats impact us all. Homeland Security Secretary Janet Napolitano “admitted there is an urgent need to step up efforts to protect Americans from cyber attacks.” Also Ms. Napolitano’s predecessor Michael Chertoff, former DHS secretary, under President George W Bush, agreed. "We are seeing in the intervening time the adversaries, whether they be criminals or nation states or terrorists, are not taking time off. So with each passing year, the need to move faster becomes greater." So far new the Cyber Czar as been low profile, but based on these presentations at the recent RSA Conference that low profile cannot continue.

Cyber Crime: A Clear and Present Danger

Deloitte’s recent white paper is the result of the 2010 CSO (Chief Security Officer) CyberSecurity Watch Survey in conjunction with the CSO Magazine, the US Secret Service, and the CERT Coordination Center at Carnegie Mellon. The white paper concludes that:

Data is more valuable than money. Once spent, money is gone, but data can be used and reused to produce more money. The ability to reuse data to access on-line banking applications, authorize and activate credit cards, or access organization networks has enable cyber criminals to create an extensive archive of data for ongoing illicit activities.

There is a clear message about how vulnerable businesses are and how every business must be vigilant or risk great damages.

Tweet this: Social Network Security is Risky Business

With the recent report of 50 million tweets a day it’s no wonder that a panel at the RSA Conference devoted a great deal of discussion to how vulnerable social networks are. Cybercrime is so easy because users of Facebook, Twitter, and MySpace are easy marks since the feel at ease communicating with their “friends.” However cybercriminals can more easily Web 2.0 commit cyber crime because most “…users are willing to click if they think, 'It's my friend. I'm OK, because I'm inside my network and that's Fred. Only it's not Fred, it's Fred's hijacked account." So all in all, things are becoming more dangerous and apparently businesses and web 2.0 social networkers are still not getting the scope of their risk!
 

Tags: , , , , , ,

Not Very Cyber Secure Headline - "More than 75,000 computer systems hacked"

Posted on February 23, 2010 by Peter Vogel

After the news reports about the cyber attacks in China it’s no wonder that that more than “75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date.” Unfortunately those computer systems hacked included the US government, “educational institutions, energy firms, financial companies, and Internet service providers. “ Included were access to “e-mail systems, online banking accounts, Facebook, Yahoo, Hotmail and other social network credentials, along with more than 2,000 digital security certificates and a significant cache of personal identity information.” Doesn’t sound much security given these facts, and this is pretty scary since we now have a Cyber Czar to protect us.

Kneber bot

Amit Yoran, NetWitness's chief executive reported how the Kneber bot was launched in this attack on the +75,000 computer systems:

The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or "bots," enabled the attackers to commandeer users' computers, scrape them for log-in credentials and passwords -- including to online banking and social networking sites -- and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially.

Clearly educating employees is critical to avoid such attacks in the future, but what’s the likelihood of avoiding these kind of disasters? Not good!

Privacy at Home? - School Official Defended in Webcam Spy Case

The Lower Merion School District (in suburban Philadelphia) acknowledged that the District remotely activated webcams inside students’ homes, but the District claimed it was only to find missing, lost or stolen laptops. However a student and his parents filed a federal civil rights suit alleging violation of wiretap laws and violation of privacy. Among other problems created was that allegedly the District thought a piece of candy was a pill and that the student was selling drugs. This reminds me of Big Brother from George Orwell’s 1984. he just missed the year!

Tags: , , , ,

Cyber Czar Finally

Posted on December 22, 2009 by Peter Vogel

Months after declaring the importance of CyberSecurity as a national priority President Obama will name Howard Schmidt as Cyber Czar today. “Schmidt served as special adviser for cyberspace security from 2001 to 2003 and shepherded the National Strategy to Secure Cyberspace, a plan that then was largely ignored. He left that job also frustrated, colleagues said.”

Not the Rock Star that the President Was Looking For

Schmidt appears to have the right credentials. Before he joined the Bush administration he work as Chief Security Officer at Microsoft and later VP and Chief Information Security Officer at eBay.  Before the appointment Schmidt was head of the Information Security Forum (ISF) a cybersecurity research consortium. “In addition to his role leading the ISF, He's the chief executive of R&H Security Consulting and serves on the board of several security companies including PGP, Fortify, and BigFix. He's served as vice chair of the President's Critical Infrastructure Protection Board and as chief security strategist for the US CERT Partners Program under the Department of Homeland Security.”

Cyber Czar Not Part of Cabinet

Based on the May 2009 Cyberspace Policy Review Schmidt will report to both the National Security Council and National Economic Council, but will not part of the President’s Cabinet. There were many reports that no one wanted the Cyber Czar job and that’s probably because there are so many federal agencies in the mix including NSA, CIA, Justice, and DOD. It will be interesting to see how well the new Cyber Czar will succeed. Time will tell and everyone will be watching!
Tags: , , , , , ,

60 Minutes Report about Cyber War, but Still No Cyber Czar

Posted on November 13, 2009 by Peter Vogel
Probably everyone who watched the recent 60 Minutes story entitled “Cyber War: Sabotaging the System” was not surprised by any aspect of the story. The report is old news, but unsettling particularly following President Obama’s presentation of his “Cyber Policy Review.” The White House vowed to take the lead in protecting the US. However apparently no one will take the new job of Cyber Czar. Senator Susan Collins recommends that the Cyber Czar be at the Department of Homeland Security rather than the White House where she speculates that the Cyber Czar would be ineffective.

Alarming Headline: Eight indicted for $9 million hack

No one is really surprised by this recent headline that 8 individuals (at least three of whom were in Estonia, Russia, and Moldova) were indicted in a $9 million hack within 12 hours after breaking into a computer network operated by credit-card processing vendor RBS WorldPlay. Allegedly counterfeit debit “cards were used to withdraw more than $9 million from more than 2,100 ATMs in about 280 cities worldwide, including cities in the U.S., Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.”

Daily Computer and Internet Threats

In the meantime headline after headline show how vulnerable our computer networks and the Internet are, but to add more complications the federal government also has budget restraints. Clearly we have to improve the protection our financial and defense systems. Without question the public deserves better than what’s going on now. Something has to change otherwise everyone is at risk. However just appointing a person as Cyber Czar is not enough, as it will take commitments from governments around the world. Computer and Internet crime is not new, but it's time to get control over it because it seems we are more vulnerable than ever!

 

 

 
Tags: , , , , ,

Intellipedia Uses Wikipedia Software to Help US Intelligence

Posted on September 4, 2009 by Peter Vogel

Wikipedia is without doubt the model for online collaboration, so it should be no surprise that the 16 US intelligence agencies would use Wikipedia’s software to connect dots to protect our country. Obviously the availability to Intellipedia is limited to users with proper government clearance and has grown since the 2006 launch to “and now averages more than 15,000 edits per day. It's home to 900,000 pages and 100,000 user accounts.”

Wikipedia Continues to Grow, or Not?

Recent reports are that Wikipedia which now has over 3 million English articles is one of the 10 most popular sites on the Internet, and roughly 60 million Americans visit Wikipedia every month. But at the same time at the recent Wikimania Conference in Buenos Aires reported that Wikipedia now has 330 million users and is in the top five websites. It doesn’t matter which statistics are more accurate as there is no question that Wikipedia is essential in today’s use of the Internet. But the Wikimania participants spent a lot of time bemoaning a major slow on Wikipedia’s growth.

Wikipedia Finished?

Much has been said about Wikipedia’s demise, but it continues to grow. So as the Internet morphs and changes, it’s also possible that more creative uses of Wikipedia software will be found, which is clearly what’s going on with Intellipedia. However since no one wants to be the US Cyber Czar one might wonder if we will ever have a Cyber Czar and whether the use of Wiki tools, and specifically Intellipedia really helps.

What do you think? 

Tags: , , , ,

Privacy Advocates Alarmed - White House Proposes Change to Allow Tracking of US Government Websites

Posted on August 20, 2009 by Peter Vogel
Since 2000 the US government websites generally prohibit tracking of visitors except if there is a compelling need, and the White House Office of Management and Budget is considering an end of this ban and make changes to promote social networking. In the future transparent government may mean that visitors to US government websites are being tracked. Two privacy groups Electronic Privacy Information Center  and Electronic Frontier Foundation  are alarmed at the change and sought information under the freedom of information act. They uncovered the fact that in January 2009 the General Services Administration negotiated an exception to the current ban that allowed Google to track those individuals who used the YouTube service on Whitehouse.gov. However with all the hubbub this tracking was apparently stopped.
 
Gov 2.0

Tim O’Reilly coined the term Web 2.0 in 2002 and in a recent report O'Reilly encourages more social networking for the government. Of course he’s not the Lone Ranger on Gov 2.0 as there are plenty of advocates including my good friend Ellis Pines who blogs about Gov 2.0 and encourages the use of GovLoop – a social network for Gov 2.0.

Are We Cybersecure?

Okay so great, Gov 2.0 encourages more social networking. But a recent report that the White House’s senior aide on cybersecurity resigned because she was “not empowered” is alarming since it is clear no one wants to be the Cyber Czar. In the meantime there are never ending reports of widespread Cyberattacks in the world, and hackers apparently have no problems breaching commercial websites.

Enlarging the use of social networking only compounds the problems of cybersecurity, so at this moment none of us should feel so safe. What do you think?

 

 
 
 
Tags: , , , , , ,

Cyber Security Is Critical - But No One Wants to be Cyber Czar!

Posted on July 22, 2009 by Peter Vogel

In May when President Obama released a 40 page “Cyberspace Policy Review” it seemed pretty clear that the appointment of a Cyber Czar was imminent, however recent reports are that no one wants the job! In spite of three-year study report from the National Academy of Sciences that stated that the US was not Cybersafe released a few weeks before the President released his “Review”, we still cannot find a Cyber Czar. Without question Cyber Czar is a great title, but the individuals who turned down the job had good reasons which include a lack of clarity about how much power the new job would really have and to whom the Cyber Czar would report.

Shortage of Cyber Experts

While Cyber attacks persist we just got a report from the US government that there is a shortage of Cyber experts which only makes things worse. Because many of the Cyber expert jobs in the US government are classified and what job titles these people vary, it is not clear how many individuals are employed in this arena. However the Pentagon claims to have more than 90,000 individuals involved with Cyber security, and there are estimates of up to 45,000 other non-defense Cyber security workers. But yet there is a shortage given of the scope of these cyber attacks.

Our Future’s At Stake

In May the President stated that “America economic prosperity in the 21st century will depend on cybersecurity,” but not much progress has been made. Clearly it’s time the President to give the new Cyber Czar clarity on the job’s power and reporting authority. The US needs a Cyber Czar to take a leadership role. The world has become dependent on the Internet and as a result it is essential that we have adequate Cyber security to protect the economy now and in the future.
 

 

 
 

 
Tags: , ,