Showing posts sorted by date for query Homeland Security. Sort by relevance Show all posts
Showing posts sorted by date for query Homeland Security. Sort by relevance Show all posts

Twitter Hacked, More Than 250,000 User Data Compromised

Posted by Avik Sarkar On 2/03/2013 01:55:00 am

Twitter Hacked, More Than 250,000 User Data Compromised

The social networking giant and the world famous micro blogging site Twitter again fallen victim of cyber attack. Last year we have seen that the tight security system if twitter have been compromised many times. Yet again in this year the San Francisco based social media giant who have more than 500 million registered users failed to protect them selves from hackers. On last Friday Twitter acknowledged that it had become the latest victim in a number of cyber-attacks against media companies, saying hackers may have gained access to information on 250,000 of its more than 200 million active users. The micro blogging giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected. According to reports usernames, email addresses, session tokens and encrypted/salted passwords for 250,000 users might have been accessed in what it described as a “sophisticated attack” 

"This attack was not the work of amateurs, and we do not believe it was an isolated incident,” said Bob Lord, Twitter’s director of information security. “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked” Bob added. 

Jim Prosser, a Twitter spokesman, would not say how hackers infiltrated Twitter’s systems, but Twitter’s blog post said hackers had broken in through a well-publicized vulnerability in Oracle’s Java software. Last month, after a security researcher exposed a serious vulnerability in the software, though Oracle patched the security hole, but Homeland Security said the fix was not sufficient. The DHS issued a rare alert that warned users to disable Java on their computers. Prosser said Twitter was working with government and federal law enforcement to track down the source of the attacks. For now, he said the company had reset passwords for, and notified, every compromised user. The company encouraged users to practice good password hygiene, which typically means coming up with different passwords for different sites, and using long passwords that cannot be found in the dictionary.
Twitter said it “hashed” passwords — which involves mashing up users’ passwords with a mathematical algorithm — and “salted” those, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack. Once cracked, passwords can be valuable on auction-like black market sites where a single password can fetch $20.

While talking about Twitter and cyber issues, I would like to remind you that in last year twitter faced several cyber attacks where more than 55,000 twitter account details was leaked, after this issue in the middle of last year the social networking giant faced massive denial of service which interrupted its services. Later a huge number of Twitter users across the globe received  emails warning that their account have been compromised and their passwords had been reset, and it was another security breach which affected twitter. Such big organization are not at all careless about security, so as twitter and it has been proved when they hired renowned white hat hacker Charlie Miller to boost up their security, but after this current massacre, it seems that twitter need to think more and emphasize a lot to make sure that their system is good enough to prevent cyber attacks. For all the hot cyber updates and reviews stay tuned with VOGH.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

Posted by Avik Sarkar On 12/15/2012 04:14:00 pm

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

After the devastating "Project Blackstar" now the hacktivist group calling them selves "Team GhostShell" announced another big hack, where the hackers have targeted several big organizations. This round of cyber attack was going under the banner of #ProjectWhiteFox, in which GhostShell has posted log-in details of 1.6 million accounts they claim are taken from a series of attacks on organizations including NASA, FBI, European Space Agency and Pentagon, as well as many companies that partner with these organizations. The Anonymous subsidiary group has posted the details on Pastebin, while describing the aim of the hack; as part of their #ProjectWhiteFox campaign to promote hacktivism and freedom of information on the internet. The hacker group claimed that the leaked information contained log-in names, passwords, email addresses, CV & several other sensitive information. In their release GhostShell said - "For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more."
GhostShell members also said that they have messaged security bosses about the insecurity a number of organizations they targeted during attacks throughout 2012, describing it as "an early Christmas present." 
In a Pastebin file, GhostShell features a list of 37 organizations and companies, including The European Space Agency, NASA’s Engineers: Center for Advanced Engineering, and a Defense Contractor for the Pentagon. GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 456 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.
The uploaded files contain what appears to be user data that looks to have been obtained from the servers of the various firms (likely via SQL injection). The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even home addresses. Email accounts include the big three (Gmail, Hotmail, and Yahoo), as well as many .gov accounts. There are also various documents and material related to partnerships between companies and government bodies, as well as sensitive information for the aforementioned industries. 
Furthermore, the group says it has sent an email to the ICS-CERT Security Operations Center, Homeland Security Information Network (HSIN), Lessons Learned and Information Sharing (LLIS), the FBI’s Washington Division and Seattle location, Flashpoint Intel Partners, Raytheon, and NASA. In it, they say to have detailed “another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc.”
-Source (TNW)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

USA Accused For Planting "Flame" Malware to Hack France President's Network

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

USA Accused For Planting "Flame" Malware to Hack France President's Network

A well known French newspaper named "L'Express" has accused that United States is using dangerous cyber weapon "Flame" to break into the computer networks inside France’s presidential palace also known as the Elysee. In his report L'Express has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data. According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now. The newspaper alleges that the attackers reportedly found their targets on Facebook, identifying people working inside the presidential palace and connecting with them on the social network. The social engineering laid the groundwork for the next phase of the attack; the victims were then sent links to a fake Elysee intranet page where their login credentials were stolen. Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen. It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office. The United States Embassy in Paris has denied any involvement in hacking its ally. “We categorically refute allegations of unidentified sources,” Mitchell Moss, Embassy spokesman, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.” Though the secretary  of Department of Homeland Security Janet Napolitano did not deny the U.S. was involved. She told l’Express: “We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”

While talking about Flame, we would like to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 


-Source (NS & threatpost)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI's Cybercrime Unit Taken New Initiative to Nab Hackers & Intruders

Posted by Avik Sarkar On 10/31/2012 06:09:00 am

FBI's Cybercrime Unit Taken New Initiative to Nab Hackers & Intruders 

The month of October has been declared by FBI as the National Cyber Security Awareness Month of 2012 , and in the last week of this month the cyber crime division of FBI has started a new program which will specially emphasis on hackers and intrusion. The main aim of this program is to focusing on hackers and to prevent cyber crime. Last month  Federal Bureau of Investigation (FBI) has issued a report based on information from law enforcement and complaints submitted to the Internet Crime Complaint Center (IC3) detailing recentcyber crime trends and new twists to previously-existing cyber scams. Now the recent movement of FBI will surely inject fear into the heart & mind of hackers. According to FBI's official release - Early last year, hackers were discovered embedding malicious software in two million computers, opening a virtual door for criminals to rifle through users’ valuable personal and financial information. Last fall, an overseas crime ring was shut down after infecting four million computers, including half a million in the U.S. In recent months, some of the biggest companies and organizations in the U.S. have been working overtime to fend off continuous intrusion attacks aimed at their networks. The scope and enormity of the threat—not just to private industry but also to the country’s heavily networked critical infrastructure—was spelled out last month in Director Robert S. Mueller’s testimony to a Senate homeland security panel: “Computer intrusions and network attacks are the greatest cyber threat to our national security.”
To that end, the FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Agents are cultivating cyber-oriented relationships with the technical leads at financial, business, transportation, and other critical infrastructures on their beats. 

Today, investigators in the field can send their findings to specialists in the FBI Cyber Division’s Cyber Watch command at Headquarters, who can look for patterns or similarities in cases. The 24/7 post also shares the information with partner intelligence and law enforcement agencies—like the Departments of Defense and Homeland Security and the National Security Agencyon the FBI-led National Cyber Investigative Joint Task Force.
A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define “the attribution piece” of a cyber attack to help determine an appropriate response, said Richard McFeely, executive assistant director of the Bureau’s Criminal, Cyber, Response, and Services Branch. “The attribution piece is: who is conducting the attack or the exploitation and what is their motive,” McFeely explained. “In order to get to that, we’ve got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions.”
The Cyber Division’s main focus now is on cyber intrusions, working closely with the Bureau’s Counterterrorism and Counterintelligence Divisions.  “We are obviously concerned with terrorists using the Internet to conduct these types of attacks,” McFeely said. “As the lead domestic intelligence agency within the United States, it’s our job to make sure that businesses’ and the nation’s secrets don’t fall into the hands of adversaries.”
In the Coreflood case in early 2011, hackers enlisted a botnet—a network of infected computers—to do their dirty work. McFeely urged everyone connected to the Internet to be vigilant against computer viruses and malicious code, lest they become victims or unwitting pawns in a hacker or web-savvy terrorist’s malevolent scheme.
“It’s important that everybody understands that if you have a computer that is outward-facing—that it’s connected to the web—that your computer is at some point going to be under attack,” he said. “You need to be aware of the threat and you need to take it seriously.” 


To Listen the Podcast of FBI's "“The intrusions are occurring 24/7, 365 days a year.” Click Here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS & Public Safety Canada Started Joint Cybersecurity Action Plan

Posted by Avik Sarkar On 10/31/2012 06:08:00 am

DHS Public Safety Canada Started Joint Cybersecurity Action Plan

A joint venture Cyber Security plan has been announced by US Department of Homeland Security and Canada. According to the official website of Public Safety Canada - PS Canada along with the Department of Homeland Security (DHS) are pursuing a coordinated approach to enhance the resiliency of our cyber infrastructure. The Cybersecurity Action Plan (the Action Plan) between PS and DHS seeks to enhance the cybersecurity of our nations through increased integration of PS' and DHS' respective national cybersecurity activities and improved collaboration with the private sector. This Action Plan represents just one of many important efforts between Canada and the United States to deepen our already strong bilateral cybersecurity cooperation.
As the Internet knows no borders, all countries have a responsibility to prevent, respond to, and recover from cyber disruptions and to make cyberspace safer for all citizens across the globe. Due to a shared physical border, Canada and the United States have an additional mutual interest in partnering to protect our shared infrastructure. This Action Plan aims to articulate a shared approach to fulfill PS' and DHS' vision of working together to defend and protect our use of cyberspace and to strengthen the resiliency of our nations. These efforts, combined, advance the objectives articulated by President Obama and Prime Minister Harper in the February 2011 declaration, Beyond the Border: A Vision for Perimeter Security and Economic Competitiveness.
This Action Plan outlines three goals for improved engagement, collaboration, and information sharing at the operational and strategic levels, with the private sector, and in public awareness activities, for activities conducted by PS and DHS. The Action Plan establishes lines of communication and areas for collaborative work critical to enhancing the cybersecurity preparedness of both nations. The Action Plan's goals and objectives are to be conducted in accordance with the June 2012 Statement of Privacy Principles by the United States and Canada. This Action Plan is intended to remain a living document to be reviewed on a regular basis and updated as needed to support new requirements that align to the Plan's key goals and objectives. It intends to support and inform current and future efforts to advance the goals of Beyond the Border, which ultimately seeks to enhance broad bilateral cooperation on cybersecurity efforts across both governments.

Goals and Objectives:-

1. Enhanced Cyber Incident Management Collaboration between National Cybersecurity Operations Centers

PS' Canadian Cyber Incident Response Centre intends to work jointly with DHS' United States Computer Emergency Readiness Team and Industrial Control Systems Cyber Emergency Response Team towards the following objectives:
  • 1.1 Increase real-time collaboration between analysts by improving existing channels for remote communication and arranging in-person visits;
  • 1.2 Enhance information sharing at all classification levels and collaborate on training opportunities, while promoting inter-agency coordination, as appropriate, as well as the proper protections for information, as outlined in the Statement of Privacy Principles;
  • 1.3 Coordinate on cybersecurity incident response management, relating to defense, mitigation, and remediation activities and products, including with other public and private entities consistent with each country's laws and policies;
  • 1.4 Align and standardize cyber incident management processes and escalation procedures; and
  • 1.5 Enhance technical and operational information sharing in the area of industrial control systems security.

2. Joint Engagement and Information Sharing with the Private Sector on Cybersecurity

Due to the shared nature of critical infrastructure between Canada and the United States, PS and DHS intend to collaborate on cybersecurity-focused private-sector engagement for cybersecurity activities for which they are responsible through the following objectives:
  • 2.1 Share engagement approaches for private sector;
  • 2.2 Exchange and collaborate on the development of briefing materials for the private sector;
  • 2.3 Jointly conduct private sector briefings;
  • 2.4 Review approaches and align processes for private sector engagement through requests for technical assistance and non-disclosure agreements; and
  • 2.5 Standardize protocols for sharing information.

3. Continued Cooperation on Ongoing Cybersecurity Public Awareness Efforts

Cybersecurity is a shared responsibility and everyone, including our citizens, has a role to play. With increased media attention devoted to cybersecurity incidents and with the continuing growth of electronic commerce and social media, it is imperative that citizens receive clear and trustworthy information on how to manage cyber threats to themselves and their families. Ensuring that government's cybersecurity awareness messages are consistent across our border helps to deliver that information effectively and consistently. PS Communications, the DHS Office of Public Affairs, and the National Protection and Program Directorate's Office of Cybersecurity and Communications (CS&C) intend to continue to work together as they:
  • 3.1 Collaborate on public awareness campaigns (websites, social media activities, education material, etc.);
  • 3.2 Collaborate on Cybersecurity Awareness Month (October); and
  • 3.3 Share and coordinate messaging on issues of common interest.

Governance of the Joint Action Plan:-

Senior officials within PS and CS&C intend to review and provide additional guidance in order to update this Action Plan on a quarterly basis. This Action Plan is intended to be a part of broader inter-governmental coordination across government agencies in both the United States and Canada.


To Download The Full Cybersecurity Action Plan Between Public Safety Canada and the Department of Homeland Security Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Started National Cyber Security Awareness Month 2012

Posted by Avik Sarkar On 10/03/2012 04:37:00 am

FBI Started National Cyber Security Awareness Month 2012

Last week the  Federal Bureau of Investigation (FBI) has issued a report based on information from law enforcement and complaints submitted to the Internet Crime Complaint Center (IC3) detailing recent cyber crime trends and new twists to previously-existing cyber scams. As you all know that the Month of October is celebrated as National Cyber Security Awareness Month for last nine years. This year also FBI declared the October as National Cyber Security Awareness Month 2012. According to the official blog of FBI - the threat has continued to grow even more complex and sophisticated. Just 12 days ago, in fact, FBI Director Robert Mueller said that “cyber security may well become our highest priority in the years to come.” 

For its part, the FBI is strengthening its cyber operations to sharpen its focus on the greatest cyber threats to national security: computer intrusions and network attacks. We are enhancing the technological capabilities of all investigative personnel and hiring additional computer scientists to provide expert technical support to critical investigations. We are creating two distinct task forces in each field office: Cyber Task Forces, focused on intrusions and network attacks that will draw on our existing cyber squads; and Child Exploitation Task Forces, focused on crimes against children. We are also increasing the size and scope of the National Cyber Investigative Joint Task Force—the FBI-led multi-agency focal point for coordinating and sharing cyber threat information to stop current and future attacks.

The FBI also runs several other cyber-related programs, including the Innocent Images National Initiative—which combats online child predators—and the Internet Crime Complaint Center—a partnership between the Bureau and the National White Collar Crime Center that serves as a clearinghouse for triaging cyber complaints and provides an easy-to-use online tool for reporting these complaints.

Because of the interconnectedness of online systems, every American who uses digital technologies at home or in the office can—and must—play a part in cyber security. For example, if you open a virus-laden e-mail attachment at work, you could infect your entire company’s computer network. Don’t be the weakest link: get educated on cyber safety.

Here are a few basic steps you can take to be more secure:

  • Set strong passwords, and don’t share them with anyone.
  • Keep a clean machine—your operating system, browser, and other critical software are optimized by installing regular updates.
  • Maintain an open dialogue with your family, friends, and community about Internet safety.
  • Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.
  • Be cautious about what you receive or read online—if it sounds too good to be true, it probably is.


Visit the links below for more tips on protecting your computers and other electronic devices, information on cyber threats, and details on how to report cyber crimes or scams:



For more information:






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Security Summit Hosted By Department of Homeland Security (DHS)

Posted by Avik Sarkar On 9/26/2012 01:36:00 am

Cyber Security Summit Hosted By Department of Homeland Security (DHS) 

As part of the national Stop.Think.Connect campaign against cyber threats to computers in the private and public sector, the city of Mesa and the Department of Homeland Security are hosting a cyber security summit at the Mesa Arts Center on Wednesday, Sept. 26. The mayor of Mesa said on Wednesday that interest in the summit is growing, and that there also will be numerous representatives of government from throughout the state and a member of the Secret Service attending the event.  Kelvin Coleman, U.S. Department of Homeland Security director of state, local, tribal and territorial cyber engagement, will be the keynote speaker. Mesa Mayor Scott Smith and District 3 councilman and Mesa Public Safety Committee chair Dennis Kavanaugh also will offer comments and help to facilitate questions during the event. “We use computers every day,” Smith said. “We don’t know how important computers are until they’re breached.”


Date: September 26, 2012

1 E. Main Street
Mesa, AZ  85201 
7:30 a.m. Registration & Continental Breakfast sponsored by Siemens

8:30 a.m. Welcome and Opening Remarks

  • Mayor Scott Smith
  • Councilmember Dennis Kavanaugh

9:00 a.m. Keynote Address

  • Mr. Kelvin Coleman, Director, State, Local, Tribal and Territorial Cybersecurity Engagement Program DHS National Cyber Security Division

9:30 a.m. Convenience vs. Security Expert Panel
Current Threats in an increasingly Networked World Panelist Bios
John Meza (Moderator), Assistant Chief, Mesa Police Department
James Choplin, Special Agent, Electronic Crimes Task Force, U.S. Secret Service
Dr. Dee H. Andrews, Ph.D. Senior Research Psychologist, Army Research Institute for the Behavioral and Social Sciences
Kristy Westphal, Director of Security Operation, T-Systems North America
Lonnie Benavides, Red Team Lead, The Boeing Company
Ilene Klein, City of Phoenix Office of Information Security and Privacy
Bill Kalaf, Executive Director - Intelligence-Led Policing, Mesa Police Department
 
During this session, the panel will outline and discuss many of the current threats affecting businesses, local government, users, such as social engineering, security of mobile devices and many of the trending applications on smart phones and PCs.
   
10:30 a.m. Networking Break
   
10:45 a.m. Closing Remarks

  • Mayor Scott Smith

11:15 a.m. Adjournment
   
11:30 a.m. Post CyberSecurity Summit Break Out Session:  Methods for training supervisors to detect behavioral indicators of insider threat

Dr. Dee H. Andrews 
Senior Research Psychologist , U.S. Army Research Institute for the Behavioral and Social Sciences 
During this session, participants will get an overview of methods in training supervisors to spot and mitigate the cyber insider threat.  Statistics reveal that approximately 40% of the cyber incidents are caused by insiders.  

If you want to register for the U.S. Department of Homeland Security Cyber Security Summit then click Here. For additional information about Stop.Think.Connect. click Here


-Source (mesaaz.gov)









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS Issues Malware Warning Impersonating FBI & US Cyber Command

Posted by Avik Sarkar On 8/31/2012 06:05:00 pm


DHS Issues Malware Warning Impersonating FBI & US Cyber Command

If you think that only innocent computer users are just the only target of cyber criminals, then you are absolutely wrong. Recently United States Computer Emergency Readiness Team, widely known as US-CERT; which is a part of Depertment of Homeland Security's (DHS) National Cyber Security Division has issued an emergency alert wile announcing a new effort by cyber criminals to spread Malware that impersonates Federal law enforcement (FBI) and other government agencies. The malware is a malicious software that installs itself on a users computer without a users permission or knowledge, “displays a screen claiming that a Federal Government agency has identified the user’s computer as being associated with one of more crimes,” reports the US-CERT alert. Explaining further, the malware then instructs the victim “to pay a fine to regain the use of the computer, usually through prepaid money card services.” The appearance of the message displayed on a users screen is intended to seem like a legitimate and official looking warning from the FBI or US Cyber Command. In turn, the impersonation effort by the cyber criminals seeks to leverage this to scare victims into paying the so-called fine immediately.
“Affected users should not follow the payment instructions,” US-CERT recommends, adding, “Users may also choose to file a complaint with the FBI’s Internet Crime Complaint Center.” 


In their release US-CERT states:-
“US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the Federal Bureau of Investigation (FBI). Once installed on a system, the malware displays a screen claiming that a Federal Government agency has identified the user's computer as being associated with one or more crimes. The user is told to pay a fine to regain the use of the computer, usually through prepaid money card services.”








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Researcher Security Hole Found in US Power Plants, DHS is Investigating

Posted by Avik Sarkar On 8/23/2012 02:54:00 pm

Researcher Security Hole Found in US Power Plants, DHS is Investigating  

Security researcher figure out seirous flaws in software for specialized networking equipment from Siemens could enable hackers to attack US power plants and other critical systems. A security expert said that he had found a backdoor in hardware from a Siemens subsidiary. The alleged flaw was made public by security researcher Justin W Clarke at a conference in Los Angeles. The equipment is widely used by power companies mainly based on US. Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems. "If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke said.
The Department of Homeland Security said it was in contact with the firm to assess the claim. After this issue came in-front, the US Govt immeditely taken stpes & investigating the whole scenario. RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate. This is the second bug that Clarke, a high school graduate who never attended college, has discovered in products from RuggedCom, which are widely used by power companies that rely on its equipment to support communications to remote power stations.
In May, RuggedCom released an update to its Rugged Operating System software after Clarke discovered that it had a previously undisclosed "back door" account that could give hackers remote access to the equipment with an easily obtained password. The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, which is known as ICS-CERT, said in its advisory on Tuesday that government analysts were working with RuggedCom and Clarke to figure out how to best mitigate any risks from the newly identified vulnerability. "According to this report, the vulnerability can be used to decrypt SSL traffic between an end-user and a RuggedCom network device," Read the full advisory. 

This is not the first time, earlier in 2011 - researcher found vulnerability in the security system of US Power Grid, form which NSA suspected that hacktivist Anonymous may even shutdown the entire US Power Grid. later The White House introduced an Electric Sector Cybersecurity Risk Maturity ModelFor these kind of cyber security updates & news, just stay tuned with VOGH


-Source (Reuters & BBC)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Calls Defcon The "World's Best Cybersecurity Community" & Asks for Their Help

Posted by Avik Sarkar On 8/01/2012 02:10:00 am

NSA Calls Defcon The "World's Best Cybersecurity Community" & Asks for Their Help

A week ago DEFCON confirmed the presence of National Security Agency Director General Keith B. Alexander at DEFCON 20 in Las Vegas.  “I’ve spent 20 years trying to get someone from the NSA” to speak at Defcon, said Defcon founder Jeff Moss, who serves on the U.S. Homeland Security Advisory Council and is chief security officer for ICANN. Moss added “On the NSA’s 60th anniversary and our 20th anniversary this has all come together.” Here comes a double boom, Mr. Alexander not only attended the world's largest annual party but also greets Defcon the "world's best cybersecurity community" and asks for their help to secure cyberspace. Hackers can and must be part, together with the government and the private industry, of a collaborative approach to secure cyberspace, he said. Hackers can help educate other people who don't understand cybersecurity as well as they do, the NSA chief said. "You know that we can protect networks and have civil liberties and privacy; and you can help us get there."
Gen. Alexander congratulated the organizers of Defcon Kids, an event dedicated to teaching kids how to be white-hat hackers, and described the initiative as superb. He called 11-year-old Defcon Kids co-founder CyFi to the stage and said that training young people like her in cybersecurity is what the U.S. needs.
He encouraged hackers to get involved in the process. "We can sit on the sidelines and let others who don't understand this space tell us what they're going to do, or we can help by educating and informing them" of the best ways to go forward. "That's the real reason why I came here. To solicit your support," he said. "You have the talent. You have the expertise." The hacker community has built many of the tools that are needed to protect cyberspace and should continue to build even better ones, he said during his keynote at Defcon. He gave the example of Metasploit and other penetration testing tools. 
VOGH Reaction:-
On behalf of VOGH team I personally thanks Mr. Keith B. Alexander for his presence at DEFCON. I do believe that such approach will encourage young hackers, and will surely give them extra enthusiasm, by which in coming future we will get a better and much secured cyber space. 


-Source (PCW)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS Outlines $202 Million To Continuously Monitor Their Computers & Networks For Security Threats

Posted by Avik Sarkar On 7/05/2012 05:19:00 pm

DHS Outlines $202 Million To Continuously Monitor Their Computers & Networks For Security Threats

People like you, me or us those who are directly involved or associated in this security domain knows very well that cyber crime is in a saturated situation. Since last 3-4 years hackers have broken almost 99%, It's already became an International issue. Every day the said security system is getting compromised. To fight against this burning issue the Department of Homeland Security has outlined another program costs more than $202 million to arm federal agencies with new tools to continuously monitor their computer networks for security threats. Contracts for monitoring services will be awarded as early as next year. The tools will enable agencies to monitor their systems every 24 to 72 hours, and to diagnose and prioritize the biggest security weaknesses. Such programs are already in operation at two agencies, the State and Justice departments.
When it comes to continuous monitoring capabilities, “we are a little bit uneven across [the] dot-gov” domain, said John Streufert, director of DHS’ National Cybersecurity Division.
The tools will help agencies be aware of all hardware and software that has access to their networks and ensure they meet security standards. They also will continuously scan their networks for vulnerabilities so they can be quickly addressed when they appear. The tools will include dashboards that present to IT officials snapshots of their networks’ security status to enable quick response in the event a vulnerability. Agencies will have the option of providing their own monitoring using DHS-provided tools; purchasing a monitoring service from another agency or contractor; or obtaining a monitoring service for cloud-based systems from their cloud service providers.








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Drone Fleets Are Vulnerable to GPS Spoofing & Can Be Hijacked By Terrorist

Posted by Avik Sarkar On 6/30/2012 03:26:00 pm

Drone Fleets Are Vulnerable to GPS Spoofing & Can Be Hijacked By Terrorist

Spying drones have always gone through with several controversies along with a lots of technical & security issues. Yet again a team at the University of Texas has managed to find a vulnerability in drones that allows an attacker to gain control of the unmanned vehicle and change its course. Professor Todd Humphreys and the team spoof GPS receivers in order to take control of the drones
According to an exclusive report of Fox News - A small surveillance drone flies over an Austin stadium, diligently following a series of GPS waypoints that have been programmed into its flight computer. By all appearances, the mission is routine. Suddenly, the drone veers dramatically off course, careering eastward from its intended flight path. A few moments later, it is clear something is seriously wrong as the drone makes a hard right turn, streaking toward the south. Then, as if some phantom has given the drone a self-destruct order, it hurtles toward the ground. Just a few feet from certain catastrophe, a safety pilot with a radio control saves the drone from crashing into the field.

Last year we came to know that a stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took responsibility of that cyber attack. But spoofers are a new problem for GPS-guided drones, allowing hackers to trick navigation systems with false information. Humphreys and the team have designed a device costing less than $1,000 that sends out a GPS signal stronger than the ones coming down from orbiting satellites. At first, the rogue signal mimics the official one in order to trick the drone, and once it’s accepted new commands can be sent to the UAV. US government says its aware of the potential dangers of spoofing, and officials from the FAA and Department of Homeland Security have seen Humphreys’ demonstration first hand. The Department of Homeland Security reportedly has a program in place to try and solve the problem of GPS interference, but it’s aimed at trying to deal with jammed signals, not spoofed ones.


-Source (FOX News, Slashgear)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

Posted by Avik Sarkar On 6/12/2012 02:30:00 am

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

The number of organized cyber crime has already kisses the sky. Keeping this scenario in mind Janet Napolitano, Secretary of Homeland Security, said that "the greatest threats in actual activity we've seen aimed at the West and the United States has been in the cyber-arena", in addition to "al Qaeda and al Qaeda-related groups" The comments highlight the increasing trend of political sparring and espionage proliferating on the Web. The Flame virus, believed to be driven by a western government, continues to grab headlines, while he also claimed that Google has introduced a tool to warn users of state-sponsored attacks on their accounts. Though gmail completely denied this blame while saying that Govt hired State-Sponsored attackers who ware accessing millions of Gmail accounts illegally
Napolitano also said the government is taking steps to be "proactive instead of reactive" in combating the new threats, adding that the worldwide cost of tackling cyber-crime - an estimated $388 billion (£250 billion) - is "already outstripping [the cost of tackling] traditional narcotics". 
A White House plan code-named Olympic Games was launched to infect Iran's nuclear program at the beginning of the Obama administration, though Washington denies the Flame virus, also targeting Iran, was part of the project, after it was found to have existed for a number of years.


-Source (IT Portal)
.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber-Attack on US Natural Gas Pipeline Companies Network, Said DHS

Posted by Avik Sarkar On 5/10/2012 04:03:00 pm

Cyber-Attack on US Natural Gas Pipeline Companies Network, Said DHS

In a report Department of Homeland Security (DHS) said a major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies. DHS has issued at least three confidential warnings at the second highest alert level (Amber) to natural gas suppliers, giving a detailed warning of a wave of attacks. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing. That fact was reaffirmed late Friday in a public, albeit less detailed, "incident response" report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls, Idaho. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies. The attacks are said to have been carried out using spear-phishing techniques, in which criminals use specially crafted virus-infected emails to target specific company employees. 
Approximately 200,000 miles of these interstate natural gas transmission pipelines in the US supply 25 percent of the nation's energy. Pipeline safety has been a major issue in recent years, highlighted by the San Bruno, Calif. In Friday's public warning, ICS-CERT reaffirms that its "analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source." It goes on to broadly describe a sophisticated "spear-phishing" campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Homeland Security Approved Cyber security Bill "PRECISE" (H.R. 3674)

Posted by Avik Sarkar On 4/21/2012 11:15:00 pm

Homeland Security Approved Cyber security Bill "PRECISE" (H.R. 3674)

The House Homeland Security Committee approved H.R. 3674, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011 (the PRECISE Act) by voice vote, after a lengthy mark-up session that saw the bill’s scope scaled back. This Cybersecurity bill was approved on April 18 aimed at securing federal information systems and helping private sector critical infrastructure owners/operators, but key committee members complained that its watered-down provisions weren’t adequate. The bill, originally introduced by Rep. Dan Lungren (R-CA) in February had aimed to create a national information sharing organization to oversee the cyber protection of critical infrastructure, but will now only authorize the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security (DHS).
The committee’s ranking member, Rep. Bennie Thompson (D-MS), bitterly objected to the changes, saying they essentially gutted the bill. In a statement following the bill’s mark-up, he said it “bears little resemblance to the measure that the Cybersecurity Subcommittee approved in February.” He said key provisions that promoted information sharing between and among the private sector and government and privacy protections were removed behind closed doors by the committee’s leadership.


-Source (Govt. Security News)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Department of Homeland Security & U.S. Navy Hires Company To Hack Into Video Game Consoles

Posted by Avik Sarkar On 4/07/2012 10:01:00 pm

Department of Homeland Security & U.S. Navy Hires Company To Hack Into Video Game Consoles 

The U.S. government has hired a California-based company to hack into video game consoles, such as Xbox 360 and PlayStation 3, to watch criminals, especially child predators, and learn how to collect evidence against them. The $177,000 contract with Obscure Technologies of San Rafael, Calif., is being executed by the U.S. Navy on behalf of the Department of Homeland Security because of the Navy’s expertise in the field, officials said. Under the contract, Obscure Technologies will purchase used gaming systems from abroad that are believed to hold “sensitive information from previous users” and try to hack into them. Obscure’s experts will then report back on how they gained access to the systems, provide instructions to obtain users’ chat room activity, and even report back on the data gleaned, according to the contract and tasking documents. Obscure will also purchase new systems and construct a device that can capture data and activity, the documents state.
Over the past few decades, video game systems have grown in sophistication and capabilities by leaps and bounds. Consoles like the Nintendo Wii, Sony PlayStation 3, and Microsoft Xbox can be found in many U.S. households and are popular among servicemembers, with Internet access and hard drives that rival personal computers.
With these advances, Garfinkel said, the systems have become a playground of illegal activity for criminals. In 2008, law enforcement agencies contacted the DHS’s Science and Technology Directorate and requested help in analyzing gaming systems seized during court-authorized searches, Garfinkel said. While some tools exist to extract data from gaming consoles, the consoles are hard to crack as they are designed with copyright protection systems, he said. Navy and DHS officials declined to comment on whether the gaming consoles of Americans will ever be hacked and monitored. They also declined to comment as to whether the system manufacturers had been approached about this research.


-Source (Stars & Stripes)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The GIFiles By Wikileaks Publishing The Global Intelligence Files & Five Million E-mails From Stratfor

Posted by Avik Sarkar On 2/27/2012 07:40:00 pm

The GIFiles By Wikileaks Publishing The Global Intelligence Files & Five Million E-mails From Stratfor 

In the last month of 2011 U.S.-based security think tank Stratfor faced cyber attack from Hactvists. Anonymous claimed that they have stolen thousands of credit card numbers and other personal information belonging to clients of Stratfor’s confidential client list, which includes entities ranging from Apple Inc. to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses. But later in a press release Anonymous dines that attack so its quit difficult to figure out that who was really behind the hack.
But from this Monday Wikileaks has  planned to release over 5 Million emails from Stratfor Global Intelligence, whose website was hacked and emails and customer data stolen in December. 
According to official website Wikileaks:- 
"On Monday February 27th, 2012, WikiLeaks began publishing The Global Intelligence Files, over five million e-mails from the Texas headquartered "global intelligence" company Stratfor. The e-mails date between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defence Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment laundering techniques and psychological methods..."

 
Full Release Of Wikileaks Can Be Found Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The White House Introduced- Electric Sector Cybersecurity Risk Maturity Model

Posted by Avik Sarkar On 1/13/2012 03:28:00 pm



The White House has launched a new initiative designed to help companies in the electric power industry measure the maturity of their security programs against a new maturity model. The program is being run in tandem with the Department of Homeland Security and Department of Energy and is meant to help the utility companies find their weak spots and where they need to improve.
The Electric Sector Cybersecurity Risk Maturity Model Pilot is the first such program launched by the White House, which has been pointing to information security--and specifically the security of systems running utilities and critical infrastructure--as a priority since the beginning of the Obama administration. The administration has developed a number of strategies and policy documents in the last few years, but this is the first foray into the kind of maturity model that typically is seen in private industry.
The White House, DHS and Energy launched the initiative last week with a meeting of government officials and executives from electric companies to discuss the main problems facing the industry when it comes to information security.
In his blog Howard Schmidt, the White House cybersecurity coordinator, said -
"This initiative -- the Electric Sector Cybersecurity Risk Maturity Model Pilot -- is a new White House initiative led by the Department of Energy, in collaboration with the Department of Homeland Security, to develop a model to help us identify how secure the electric grid is from cyber threats and test that model with participating utilities. Gaining knowledge about strengths and remaining gaps across the grid will better inform investment planning and research and development, and enhance our public-private partnership efforts," 

More More Information Click Here


-Source (threatpost)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

EPIC Sues DHS Is Monitoring Suspicious Words on Social Networks

Posted by Avik Sarkar On 1/01/2012 04:35:00 pm



The Electronic Privacy Information Center (EPIC), has filed suit in US District Court against the Department of Homeland Security. The grounds for the suit is a refusal by DHS to reply to a Freedom of Information Act request filed by EPIC in April of this year.
According to EPIC’s Press Release the center of the issue is a plan by DHS to create fake accounts on social networking sites and use those accounts to monitor the networks for certain key words – such as “drill,” “infection,” “strain,” “virus,” “trojan,” and others. The complaint was filed in the District of Columbia, and asks the court to compel DHS to process EPIC’s FOIA request, as well as to order DHS to produce the records EPIC has requested, to acknowledge EPIC as news media, and to pay EPIC’s legal bills for the suit.
The impetus for EPIC’s request was an announcement by DHS that it planned to implement a Social Media Monitoring and Situation Awareness Initiative, whereby it would monitor social media sites in order to gain realtime information on events. The DHS announcement states that the goal of the initiative is not to collect personally identifiable information except in extreme cases – e.g., a person trapped in rubble with their mobile phone who is posting their status (as happened during the Japanese tsunami).







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search