Showing posts sorted by date for query Pentagon. Sort by relevance Show all posts
Showing posts sorted by date for query Pentagon. Sort by relevance Show all posts

President Obama & Congress Will Issue Long Awaited Executive Cyber Security Order

Posted by Avik Sarkar On 2/12/2013 07:05:00 pm

President ObamaCongress Will Issue Long Awaited Executive Cyber Security Order 

Last week we reported that Pentagon has declared that they are moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. Just one week after this declaration another crucial movement came from the U.S. government.  A secret legal review on the use of America’s growing arsenal of cyber weapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad. According to sources President Barack Obama will issue a long-awaited cyber security executive order this week. Two former White House officials told the publication that the order is expected to be released after Tuesday night's State of the Union address. 
Given his status as commander-in-chief, Obama seems to be the clear choice, but since cyber warfare is such a new and unknown thing, the government hasn't actually figured out the rules of engagement yet. In the past couple of decades, the power to use America's cyber weapons has been shared between the Pentagon and the various intelligence agencies. With the exception of a series of strikes on the computer systems that run Iran's nuclear enrichment facilities an attack that Obama ordered himself the U.S. hasn't launched any major cyber attacks in recent memory, however. This probably won't be the case in the future. So the government is working on new rules of engagement, as it realizes that the capabilities of cyber weapons are evolving at a startling rate. The rules will be not unlike the set that governs how drone attacks are ordered and who orders them. Cyber warfare certainly stands to affect the average American more, though.  On Capitol Hill this week, Rep. Dutch Ruppersberger (D-Md.) and Rep. Mike Rodgers (R-Mich.) are set to reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA) during a speech at the Center for Strategic and International Studies.
According to an exclusive report the bill would allow the government to share classified cyber threats with the private sector so that those companies can then protect their systems from cyber attacks. The bill was killed last year due to privacy concerns. Civil-liberty groups argued that the bill allows companies to exchange too much personal information back and forth without regulation. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Posted by Avik Sarkar On 2/06/2013 07:12:00 pm

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Cyber security has become one of the most sophisticated area of National security and defense, and in order to implement that Pentagon has increased their estimated expense on cyber security. And this deceleration has been made while publishing the budget late in last year. Now that implementation is getting executed as the Pentagon is moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. This confirmation has came from defense officials. The expansion would increase the Defense Department’s Cyber Command by more than 4,000 people, up from the current 900, an American official said. Defense officials acknowledged that a formidable challenge in the growth of the command would be finding, training and holding onto such a large number of qualified people. The Pentagon “is constantly looking to recruit, train and retain world class cyberpersonnel,” a defense official said Sunday.
As part of the expansion, officials said the Pentagon was planning three different forces under Cyber Command: “national mission forces” to protect computer systems that support the nation’s power grid and critical infrastructure; “combat mission forces” to plan and execute attacks on adversaries; and “cyber protection forces” to secure the Pentagon’s computer systems. Cyber Command’s connections to the NSA are also leading some officials to ask how much of the expansion will be focused domestically, especially considering the opening of the NSA’s new, $2 billion Utah Data Center, scheduled to go live later this year. An unnamed "senior defense official" said that the agency’s efforts would remain focused outside US networks, unless it were asked to assist "another agency with domestic authority, such as the FBI." There is significant overlap between Cyber Command and the NSA — until recently, some employees of the former had nsa.gov email addresses, for instance — and there is some doubt that the nascent offshoot of US Strategic Command will be able to achieve true independence under NSA Director Alexander.



-Source (NY Times, Washington Post)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

‘Pervasive Vulnerability’ Found in The Robotic Aircraft of Drone Fleet

Posted by Avik Sarkar On 1/01/2013 03:47:00 pm

 ‘Pervasive Vulnerability’ Found in  The Robotic Aircraft of Drone Fleet

Unmanned aerial vehicle (UAV), widely known as a drone has always been gone through with several controversies in case of both defense and cyber security. Yet again several question arises regarding the security system and the control algorithms of drone. According to the Pentagon’s premier science and technology division a a “pervasive vulnerability” have been found in the robotic aircraft of drone. The control algorithms for these crucial machines are written in a fundamentally insecure manner, says Dr. Kathleen Fisher, a Tufts University computer scientist and a program manager at the Defense Advanced Research Projects Agency. There’s simply no systematic way for programmers to check for vulnerabilities as they put together the software that runs our drones, our trucks or our pacemakers.
In our homes and our offices, this weakness is only a medium-sized deal: developers can release a patched version of Safari or Microsoft Word whenever they find a hole; anti-virus and intrusion-detection systems can handle many other threats. But updating the control software on a drone means practically re-certifying the entire aircraft. And those security programs often introduce all sorts of new vulnerabilities. “The traditional approaches to security won’t work,” Fisher tells Danger Room.
Fisher is spearheading a far-flung, $60 million, four-year effort to try to develop a new, secure way of coding and then run that software on a series of drones and ground robots. It’s called High-Assurance Cyber Military Systems, or HACMS. For detailed information about this story click Here

While talking about drone and its security we would like to give you reminder that in 2011 we came to know that a stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took responsibility of that cyber attack. Also in 2012 drone was in controversy where researcher have figured out that drone fleets are vulnerable to GPS spoofing and it can be hijacked by any malicious attacker or terrorist. 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

Posted by Avik Sarkar On 12/15/2012 04:14:00 pm

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

After the devastating "Project Blackstar" now the hacktivist group calling them selves "Team GhostShell" announced another big hack, where the hackers have targeted several big organizations. This round of cyber attack was going under the banner of #ProjectWhiteFox, in which GhostShell has posted log-in details of 1.6 million accounts they claim are taken from a series of attacks on organizations including NASA, FBI, European Space Agency and Pentagon, as well as many companies that partner with these organizations. The Anonymous subsidiary group has posted the details on Pastebin, while describing the aim of the hack; as part of their #ProjectWhiteFox campaign to promote hacktivism and freedom of information on the internet. The hacker group claimed that the leaked information contained log-in names, passwords, email addresses, CV & several other sensitive information. In their release GhostShell said - "For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more."
GhostShell members also said that they have messaged security bosses about the insecurity a number of organizations they targeted during attacks throughout 2012, describing it as "an early Christmas present." 
In a Pastebin file, GhostShell features a list of 37 organizations and companies, including The European Space Agency, NASA’s Engineers: Center for Advanced Engineering, and a Defense Contractor for the Pentagon. GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 456 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.
The uploaded files contain what appears to be user data that looks to have been obtained from the servers of the various firms (likely via SQL injection). The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even home addresses. Email accounts include the big three (Gmail, Hotmail, and Yahoo), as well as many .gov accounts. There are also various documents and material related to partnerships between companies and government bodies, as well as sensitive information for the aforementioned industries. 
Furthermore, the group says it has sent an email to the ICS-CERT Security Operations Center, Homeland Security Information Network (HSIN), Lessons Learned and Information Sharing (LLIS), the FBI’s Washington Division and Seattle location, Flashpoint Intel Partners, Raytheon, and NASA. In it, they say to have detailed “another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc.”
-Source (TNW)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Iran Accused For Engaging Cyber Attacks Against Persian Gulf Oil & Gas Companies in U.S. (Full Story)

Posted by Avik Sarkar On 10/16/2012 07:35:00 pm

Iran Accused For Engaging Cyber Attacks Against Persian Gulf Oil & Gas Companies in U.S. (Full Story)

The conflict and tussle between Iran and United States continues, as U.S. authorities believe that Iranian-based hackers were responsible for cyberattacks that devastated Persian Gulf oil and gas companiesJust hours later the attack was discovered, Defense Secretary Leon Panetta said the cyberthreat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.
The former government official, who is familiar with the investigation, said U.S. authorities believe the cyberattacks were likely supported by the Tehran government and came in retaliation for the latest round of American sanctions against Iran. Before Panetta's remarks on Thursday, U.S. officials had said nothing publicly about the Gulf attacks or the investigation. But Panetta described them in a speech to business leaders in New York City, saying they were probably the most destructive cyber assault the private sector has seen to date. A current U.S. official acknowledged Thursday that the Obama administration knows who launched the cyberattacks against the Gulf companies and that it was a state actor. U.S. agencies have been assisting in the Gulf investigation and concluded that the level of resources needed to conduct the attack showed there was some degree of involvement by a nation state, said the former official. The officials spoke on condition of anonymity because the investigation is classified as secret. While Panetta chose his words carefully, one cybersecurity expert said the Pentagon chief's message to Iran in the speech was evident.  
It was all about what U.S. Authorities are claiming or in other word blaming, but like earlier; this time also Iran completely denies the whole matter, besides they blamed Israel & America for engaging cyber attacks on Iran's Nuclear SystemIranian officials denied any role in recent cyberattacks against oil and gas companies in the Persian Gulf and said they welcomed a probe of the case.  Mahdi Akhavan Bahabadi, secretary of the National Center of Cyberspace, denounced as "politically motivated" American allegations of an Iranian link to the Shamoon virus that hit Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas, according to remarks carried by ISNA. "We interpret the issue politically and in light of U.S. domestic issues as well as the (U.S. presidential) election," he said. The Iranian official said Tehran has already offered help to boost the companies' cybersecurity, asIran has itself recently been the victim of cyberattacks on its offshore oil platforms. Iran periodically reports the discovery of viruses and other malicious programs in government, nuclear, oil and industrial networks. On Monday, Tehran said it had successfully blocked a cyberattack on the computer network of its offshore drilling platforms. It briefly shut down part of its oil facilities because of a cyberattack in May. Iran blames Israel and the United States for the attacks. Israel has done little to deflect suspicion it uses viruses against Iran.
While talking about the cyber attacks on  Persian Gulf oil and other gas companies, we like to remind you that couple of weeks ago U.S. Authorities also blamed Iran for engaging cyber attacks on U.S. leading banking and financial sector. There also Iran official denies the attack and said "We officially announce that we haven't had any attacks,". So far its not clear whether these two attacks are linked or not. Whatever, for all the latest update on stories like this & also other updates on cyber domain stay tuned with VOGH

-Source (MPR News & Yahoo) 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

WikiLeaks Launches Vote WikiLeaks 2012 Donation Campaign (Presidential Election Intervention)

Posted by Avik Sarkar On 10/07/2012 07:41:00 pm

WikiLeaks Launches Vote WikiLeaks 2012 Donation Campaign (Presidential Election Intervention)

While Barack Obama and Mitt Romney are both rising their chances for the 2012 election as their respective party’s candidates who stood  in the coming US president election. In the mean time  WikiLeaks has launched "Vote WikiLeaks: 2012 Donation Campaign". Through this campaign WikiLeaks has threatened the pentagon once again.  According to the press release of WikiLekas on last Friday - Pentagon spokesman George Little demanded WikiLeaks destroy its publications, including the Iraq War logs which revealed the killings of more than 100,000 civilians. Little said: “continued possession by WikiLeaks of classified information belonging to the United States government represents a continuing violation of law”. The Pentagon also again “warned Mr Assange and WikiLeaks” against “soliciting” material from U.S. military whistleblowers. In response, WikiLeaks has decided to intervene in the U.S. election campaign.
The United States government claims Mr Assange and the WikiLeaks organization are within its jurisdiction. In reply, we place the Obama administration within our jurisdiction. All American school children are taught that being subject to laws without representation is an injustice. This is the backbone of the American Revolution. We claim our representation and now initiate a campaign to transform Democratic and Republican votes into economic and political support for WikiLeaks and its First Amendment values. This election day, do not vote for the Republican or Democratic parties. Instead, cast the only vote that matters. Vote with your wallet – vote for WikiLeaks.
The Democratic Party promised to open government. But instead it is building a state within a state, placing nearly five million Americans under the national security clearance system. It has classified more documents than any previous administration, classifying even the process used to decide who will live and who will be killed. The U.S. administration hurtles towards dystopia: secret laws, secret processes, secret budgets, secret bailouts, secret killings, secret mass spying, secret drones and secret detention without charge. The collapse of the Soviet Union could have led to the withdrawal of the U.S. security state, but without moral competition from another system it has grown unchecked to influence almost every American policy. Four more years in the same direction cannot be tolerated.

Watch WikiLeaks’s Campaign Video below:-


You can donate to WikiLeaks using a variety of easy methods, including workarounds for Visa, MasterCard and PayPal. These donations go to fund WikiLeaks’ publishing and infrastructure costs and our legal costs to fight the financial blockade. For Detailed information about the campaign click Here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Two Romanian Hackers Pleaded Guilty on Credit Card Hack & Faced 7 Years Imprisonment

Posted by Avik Sarkar On 9/20/2012 03:43:00 pm

Two Romanian Hackers Pleaded Guilty on Credit Card Hack & Faced 7 Years Imprisonment  

According to the U.S. Department of Justice two Romanian hacker- Iulian Dolan & Cezar Butu have pleaded guilty to participating in a US$10 million scheme to hack into the computers of hundreds of Subway restaurants in the U.S. and steal payment card data. Iulian Dolan, 28, of Craiova, Romania, pleaded guilty Monday to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud, and Cezar Butu, 27, of Ploiesti, Romania, pleaded guilty to one count of conspiracy to commit access device fraud, the DOJ confirmed. Dolan and Butu were two of four Romanians charged in December in U.S. District Court for the District of New Hampshire with hacking Subway point-of-sale computers. In his plea agreement, Dolan has agreed to be sentenced to seven years, and Butu has agreed to be sentenced to 21 months in prison. The two men, in their guilty pleas, acknowledged participating in a Romanian-based conspiracy, lasting from 2009 to 2011, to hack into hundreds of U.S. point-of-sale (POS) computers. Co-conspirator Adrian-Tiberiu Oprea is in U.S. custody and awaiting trial in New Hampshire. The group used stolen payment card data to make unauthorized charges or to transfer funds from the cardholders' accounts, the scheme involved more than 146,000 compromised payment cards and more than $10 million in losses.  
During the conspiracy, Dolan remotely scanned the Internet to identify vulnerable POS systems in the U.S. with certain remote desktop software applications (RDAs) installed on them. Using these RDAs, Dolan logged onto the targeted POS systems over the Internet. The systems were often password-protected and Dolan attempted to crack the passwords to gain administrative access. 
He then installed keystroke logging software onto the POS systems and recorded all of the data that was keyed into or swiped through the POS systems, including customers' payment card data. Thus Dolan managed to steal payment card data belonging to approximately 6,000 cardholders. Dolan received $5,000 to $7,500 in cash and personal property from Oprea for his efforts.
In his plea agreement, Butu said he repeatedly asked Oprea to provide him with stolen payment card data and that Oprea provided him with instructions for how to access the website where Oprea had stored a portion of the stolen payment card data. Butu later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts. He also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators. Butu acquired stolen payment card data from Oprea belonging to approximately 140 cardholders
While talking about Romanian Hackers then one name definitely comes in mind and that is Razvan Manole Cernaianu aka "TinKode" who get busted earlier in this year, on charges of hacking into Pentagon and NASA servers, stealing confidential data. Also last year another 26 year aged Romanian hacker faced imprisonment for hacking into NASA servers. 


-Source (CSO)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LulzSec Hacker Ryan Cleary & Jake Davis Plead Guilty at London Court For Hacking CIA & Pentagon

Posted by Avik Sarkar On 6/25/2012 10:26:00 pm

LulzSec Hacker Ryan Cleary & Jake Davis Plead Guilty at London Court For Hacking CIA & Pentagon

Two British LulzSec hacker Ryan Cleary, 20, and Jake Davis, 19 today admitted hacking into the websites of the CIA and the Pentagon as well as the Serious Organised Crime Squad in the UK. Accoridng to an exclusive report of The Guardian both Jake Davies, also known as "Topiary" and Ryan Cleary, known under the names "Anakin," "hershcel.mcdooenstein", "George hampsterman" and "ni"  have confessed attacks on the Serious Organised Crime Agency (SOCA), National Health Service, News International, Sony, Nintendo, Arizona State police, and other sites in distributed denial-of-service (DDoS) attacks designed to cause the sites to cash. Cleary also confessed to four separate charges including hacking into US Air Force Agency computers at the Pentagon.
Cleary and Davis plotted to carry out the attacks with other unknown members of internet groups Anonymous, Internet Feds, and LulzSec. Other websites targeted by the pair were Westboro Baptist Church, Bethesda, Eve Online, HBGary, HBGary Federal, PBS Inc, and Infragard. Cleary also confessed today to four separate charges, including hacking into US Air Force Agency computers, based at the Pentagon.
Both men appeared in the dock at Southwark Crown Court to enter guilty pleas to a series of charges brought against them.
But both Cleary and Davis denied allegations they posted 'unlawfully obtained confidential computer data' to public websites including LulzSec.com, Pirate Bay, and PasteBin, in order to encourage offences contrary to the Serious Crime Act.
Alleged co-hackers Ryan Ackroyd, 25, and a 17-year-old A-level student, from south-London, deny their involvement in the DDoS attacks and will stand trial on April 8, 2013.








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Four LulzSec Hackers Appeared In Court Together For The First Time

Posted by Avik Sarkar On 5/14/2012 03:48:00 pm


Four LulzSec Hackers Appeared In Court Together For The First Time

For the first time the four men, Ryan Ackroyd, 25, Ryan Cleary, 20, Jake Davis, 19 and a 17-year-old male who could not be named appeared in Court together. They are charged with taking part in cyber attacks under hacking group LulzSec, an offshoot of Anonymous, appeared in court Friday afternoon, appearing side-by-side for first time before a judge.  British prosecutors allege that the quartet last engaged with one another under the guises of online pseudonyms to wreak havoc on the web. These LulzSec key members are accused of accessing computers operated by News Corp. (NWSA) (NWSA)’s Twentieth Century Fox, Sony Corp. (6758), the U.K.’s National Health Service, the Arizona State Police, and technology-security company HBGary Inc.
Four of the eight counts listed in the updated British indictment today, were levelled solely on 20-year-old Cleary. He is accused of supplying a botnet — or a network of thousands of infected computers that can be used to paralyze websites — to others, and operating one himself to attack the website of DreamHost, a web hosting company. He is also accused of “installing and/or altering computer programs” on computers at the Pentagon controlled by the U.S. Air Force, between May 1 and June 22, 2011.
Cleary was the only one of the four defendants who was still in police custody. He was arrested on March 6 of this year — the same day Hector “Sabu” Monsegur was unveiled as an informant — for breaching his bail conditions. 
According to the new indictment, the four men also targeted denial of service attacks against: Westboro Baptist Church, which has staged anti-homosexual demonstrations at military funerals; the online role-playing game Eve Online; the U.S. Central Intelligence Agency; and Britain’s Serious Organised Crime Agency.





-Source (Forbes) 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Threatened to Target British Surveillance Agency GCHQ

Posted by Avik Sarkar On 4/21/2012 11:16:00 pm

Anonymous Threatened to Target  British Surveillance agency GCHQ
Few weeks ago Anonymous performed massive denial of service attack to bring down British Prime Minister’s Office, Home Office & Ministry of Justice. In that attack they have declared that such scenario will be repeated on every Saturday. Here again hacker collective Anonymous threatened to continue cyber attacks on government websites again this weekend, this time they are specially focusing in on British surveillance agency GCHQ. A member of the group made a statement via Twitter (@Anon_central). The planned assault come after a recent spate of DoS attacks on UK government websites over the past few weekends. The attacks are part of the group’s “Operation Trial At Home”, which is protesting against the UK government’s extradition treaties with the US, which it sees as unfair.
“#Anonymous #OpTrialAtHome Plan #DDoS on GCHQ on Saturday 21st April at 8pm BST & 3pm EDT,” Anonymous said in a tweet. “@AnonAteam is asking all Anons to fire lazers at http://ghcq.gov.uk.” It said it supports three British citizens involved in extradition to the US: Gary McKinnon, wanted for seven counts of hacking NASA and Pentagon computers; Richard O’Dwyer, alleged to have infringed copyright in the US and Christopher Tappin, wanted in the US for alleged arm dealing. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Worse Than SOPA- CISPA Will Allow Monitoring Any Online Communication (#Censorship)

Posted by Avik Sarkar On 4/10/2012 02:13:00 pm

Worse Than SOPA- CISPA Will Allow Monitoring Any Online Communication #Censorship
In the wake of SOPA and PIPA, there is yet another terrifying bill on the table. The Cyber Intelligence Sharing and Protection Act (or CISPA for short) which is currently being discussed by Congress. The title of this controversial act is H.R. 3523 and it has been dubbed the Cyber Intelligence Sharing and Protection Act. It is feared that CISPA is far worse than SOPA and PIPA in its possible effects on the Internet.
While this paper has been created under the guise of being a necessary weapon in the U.S. war against cyberattacks, the wording of the paper is vague and broad. It is thought that the act could allow Congress to circumvent existing exemptions to online privacy laws and would allow the monitoring and censorship of any user and also stop online communications which they deem disruptive to the government or to private parties. CISPA is described as a “cybersecurity” bill. It proposes to amend the National Security Act of 1947 to allow for greater sharing of “cyber threat intelligence” between the U.S. government and the private sector, or between private companies. The bill defines “cyber threat intelligence” as any information pertaining to vulnerabilities of, or threats to, networks or systems owned and operated by the U.S. government, or U.S. companies; or efforts to “degrade, disrupt, or destroy” such systems or networks; or the theft or “misappropriation” of any private or government information, including intellectual property. CISPA has also been condemned by the Electronic Frontier Foundation, an online advocacy group. The Electronic Frontier Foundation (EFF) adds that CISPA’s definition of “cybersecurity” is so broad that “it leaves the door open to censor any speech that a company believes would ‘degrade the network.’” Moreover, the inclusion of “intellectual property” means that companies and the government would have “new powers to monitor and censor communications for copyright infringement.” According to both CDT and EFF, this means some of the largest corporations in the country, including online service providers like Google, Twitter, Facebook or AT&T could, if pressured, copy confidential information from a user and send this information to the Pentagon, as long as the government believes there is a reason to suspect wrongdoing.
Critics warn that CISPA gives private companies the ability to collect and share information about their customers or users with immunity — meaning we cannot sue them for doing so, and they cannot be charged with any crimes.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Increased Their Expense On Cyber Security (Issued in Budget 2013)

Posted by Avik Sarkar On 2/16/2012 05:02:00 pm

Pentagon Increased Their Expense On Cyber Security (Issued in Budget 2013)

Cyber security has become one of the most sophisticated area of National security and defense. So as expected  the Pentagon is taking this issue very seriously. In 2013 budget issued in Monday Pentagon confirms that they will increase their spending in this very topic. Although the full figure will not be released until later in the day, a preview offered by Defense Secretary Leon M. Panetta last month suggested that “cyber is one of the few areas in which we actually increased our investments.” The increased spending will include both defensive and offensive measures. A four-year review of U.S. defense policy directed “more investment” in “long-range strike, and space and cyber-space [capabilities] in order to project power, deter aggression, and come to the aid of allies and partners.”
Total federal spending on cybersecurity is set to grow at almost 9 percent a year over the next five years, increasing from just more than $9 billion in 2011 to about $14 billion in 2016, according to Herndon, Va.-based Deltek market research consultants. This compares to a 2 percent annual growth rate for federal spending on information technology in general, Deltek said in recently published research.

 -Source (Washington times)
 
VOGH Review About Indian Cyber Security:- 
Still countries like India where Govt is very careless about this burning issue. The rise of cyber crime is almost kissing the sky. And the status of Indian cyber security is in the disaster. The very out put is in front of us. Since the last week every day BD hackers penetrating Indian cyber fence very badly which is indeed causing lots of damage for the country not only reputation but also the country has caused lost of economical damage.If such things continues then in very coming future India have to face a massive disaster of National security including defense, army, secrete research areas and in many other sensitive sectors.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Another Romanian Hacker Get Busted on Pentagon & NASA Server Hacking Charges

Posted by Avik Sarkar On 2/02/2012 01:14:00 am

Another Romanian Hacker Get Busted on Pentagon & NASA Server Hacking Charges
Yet another Romanian hacker get busted on charges of hacking into Pentagon and NASA servers, stealing confidential data. The hacker have posted all the stolen information on his personal blog. Razvan Manole Cernaianu, an information technology student who allegedly used the online alias "TinKode," offered a software program for sale on his blog and also showed a video that demonstrated how he compromised the servers, officials said. Romanian officials said they were working with the FBI and NASA representatives on the case. An FBI spokesman in Washington, D.C., did not immediately have comment this afternoon. The U.S. Embassy in Bucharest said Cernaianu "used sophisticated hacking tools to gain unauthorized access to government and commercial systems." The case demonstrates that "countries and agencies around the globe" could cooperate "to counter these types of threats," it said.
This is not the first time earlier another 26 year aged Romanian Guy face imprisonment for hacking into NASA servers. Also If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world. Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA and so on.


-Source (Diicot)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"Operation Schmooze Hackers" DARPA, NSA, DoD Asking For Hackers Help

Posted by Avik Sarkar On 11/09/2011 10:28:00 pm


The Pentagon can't defend its own defense networks, what with them being "as porous as a colander," according to Richard Clarke. Clarke is the former White House counterterrorism chief who's turned into what Wired calls a cybersecurity Cassandra. Wired quoted Clarke as he addressed a packed ballroom at the first-ever DARPA Cyber Colloquium on Monday. At the conference, officials of the Defense Advanced Research Projects Agency pleaded with hackers to help them out and said that the agency plans to boost spending as it battles unnamed adversaries in cyberspace.
Regina Dugan, DARPA director, addressed an audience that comprised what the agency called "visionary hackers," academics and othersIn its unending effort to find more technologically innovative ways to accomplish things most of the government agencies that are its clients can't do at all, DARPA called a conference this week to ask for help security military and government networks against hackers. To solve a cyber-security problem the General Accountability Office reported had been so low on the Dept. of Defense's agenda during the past 21 years that the DoD had no coherent central policy, procedures or even identified leaders in the process of stopping the leak of information from its servers and those of its defense contractors. Did DARPA get the fresh ideas and offers of help it was hoping for when it put the colloquium together? Will the $208 million it is asking that Congress give it for cybersecurity research next year do any good?
Probably. You can't wave that much cheese around – while promising it will continue to grow – without getting a few rodents sniffing after it.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

White House Orderd to Issue New Cyber Security Policies

Posted by Avik Sarkar On 10/11/2011 06:22:00 pm


The White House will issue Friday an executive order on computer security to prevent breaches of the sort that occurred with the release last year of hundreds of thousands of classified documents to the Web site WikiLeaks.
The order, coinciding with National Cybersecurity Month, replaces an outdated policy predating the Obama administration and caps a seven-month review of procedures for handling classified information.
The order directs agencies to designate a senior official to oversee classified information sharing and safeguarding for the agency and enshrines a number of measures the Pentagon and other agencies have announced, including the Pentagon’s disabling the “write” capability on most computers in the military’s secret-level classified network to prevent downloading classified data onto removable drives.
“Our nation’s security requires classified information to be shared immediately with authorized users around the world, but also requires sophisticated and vigilant means to ensure it is shared securely,” Obama’s order said.
The order, first reported by the New York Times on Thursday night, also creates an interagency task force headed by the attorney general and the director of national intelligence to detect and prevent leaks from government employees  what is known as the “insider threat.”
It also calls for a Senior Information Sharing and Safeguarding Steering Committee with responsibility for coordinating interagency efforts and ensuring that agencies are held accountable for carrying out the policies and standards.

The White House notes that agencies have made “significant progress” in shoring up security. The Pentagon, for instance, has begun to issue smart cards with special identity credentials required to log onto the secret-level classified network. The cards allow holders access to only those portions of the network that contain information relevant to their jobs.
The Pentagon is also piloting insider-threat technology developed by the National Security Agency and is developing an information-technology audit to identify suspicious behavior on all Department of Defense systems.

-News Source (Washington Post)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Is Expanding Cyber-Security Program

Posted by Avik Sarkar On 8/22/2011 01:07:00 pm


The Pentagon is exploring whether to expand a pilot program that protects the networks of defense contractors to include other companies, and even those in industries that serve mainly civilians. But some private sector officials are not sure that the Defense Department should lead the effort.
Speaking at a conference in Baltimore this week, Deputy Defense Secretary William J. Lynn III said that the Defense Industrial Base (DIB) Cyber Pilot, which currently involves 20 large defense companies, is already showing signs of success. It relies on classified threat “signatures” or data that can help detect malicious code before it penetrates a network.
The signatures and other data that help detect threats are provided by the National Security Agency, which collects electronic data on foreign adversaries and operates under the auspices of the Pentagon. The signatures are loaded into devices run by the Internet service providers, including AT&T and Verizon, which provide Internet services to the companies.
The voluntary 90-day pilot, which the Pentagon said should be completed by early fall, has already shown that “it stops hundreds of signatures that we wouldn’t previously have seen,” Lynn said. “It appears to be cost-effective.”

The Pentagon has declined to give details to back up Lynn’s assertions. In an email earlier this week, Pentagon spokeswoman April Cunningham said: “We do not yet have enough information regarding the pilot to make any decisions about the success or effectiveness of the pilot.” She added: “We are not yet in a position to discuss specific metrics.”
She declined to say whether the Pentagon tested NSA’s signatures and other data against other models for effectiveness. “It is the long-standing policy of the Department of Defense not to discuss matters of operational security.”
Speaking at a conference run by the Defense Information Systems Agency, Lynn expressed significant concern “that over the past decade we’ve lost terabytes of data to foreign intruders, foreign intelligence services, to attacks on corporate networks of defense companies.” A great deal of it, he said, “concerns our most sensitive systems-- aircraft avionics, surveillance technologies, satellite communication systems, and network security protocols.”
As a result, he said, the Pentagon is considering expanding the pilot to more defense companies, and discussing with other agencies whether to “apply this same concept to other sectors, whether it’s the power sector, nuclear energy, the transportation sector or the financial sector.’’
But some officials in other industries questioned whether the Pentagon is the right leader for the effort. One concern involves privacy. NSA participation — even if tangential-- raises fears that the spy agency may at some point gain access to private citizens’ data. Defense officials have addressed that worry for now by saying that the government will not directly filter the network traffic or receive any of the captured malicious code.
Then there is the issue of who leads the initiative. The Department of Homeland Security, which is involved in the Pentagon’s cyber pilot program, is also working with other critical sectors on cyber security.
A financial services industry official, who was not authorized to speak publicly, said his industry would prefer “one point” of collaboration. That point, he said, likely would be DHS. “Let’s not have 10, 20, 30 different bilateral arrangements with each government agency and each sector,” he said. “That would result in a web of confusion.”
A telecom industry official, who also was not authorized to speak publicly, agreed: “What we would like is one consolidated government effort that we can hitch our wagons to.” 

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Obama Hired a Team to protect Pentagon Networks From Cyberattack

Posted by Avik Sarkar On 7/21/2011 04:10:00 am

An elite team of computer technicians assembled by the Obama administration to protect Pentagon networks from cyberattack shockingly includes a former Clinton official who “lost” thousands of archived emails under subpoena and who more recently left the Department of Homeland Security under an ethical cloud related to her qualifications, WND has learned.
The administration in May quietly hired Laura Callahan for a sensitive post at the U.S. Cyber Command, a newly created agency set up to harden military networks as part of an effort to prevent a “cyberspace version of Pearl Harbor.”

The move raises doubts about the administration’s vetting process for sensitive security positions. In 2004, Callahan was forced to resign from Homeland Security after a congressional investigation revealed she committed résumé fraud and lied about her computer credentials.
Investigators found that Callahan paid a diploma mill thousands of dollars for her bachelors, masters and doctorate degrees in computer science. She back-dated the degrees, all obtained between 2000 and 2001, to appear as if she earned them in 1993, 1995 and 2000, respectively. She landed the job of deputy DHS chief information officer in 2003.

-News Source (Conservativebyte)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Full Disclosure Of Pentagon Data-breach

Posted by Avik Sarkar On 7/19/2011 01:42:00 pm


We're all human, you know? That's roughly the trick that the hackers most likely relied on when, earlier this year, they managed to steal over 24,000 files from a defense contractor.
The Pentagon won't say what files went astray, or the level of secrecy associated with the contents of the stolen data. But we can assume that at least some of it was highly secret—secret enough that Deputy Defense Secretary William J. Lynn III felt compelled to admit to the attack during a speech about the future of cyber policy yesterday. Lynn said it concerned some of the U.S.'s "most sensitive systems, including aircraft avionics, surveillance technologies" and more, before hinting that foreign powers were behind the attack and using it to declare cyberspace the next battleground.
What went down? Fast Company spoke to Nick Percoco, digital security expert and SVP at Trustwave's SpiderLabs, and familiar with exactly this sort of cyberattack, to get some insight.
How The Hack May Have Begun: Email Scams
The fact that the 24,000 stolen files came from a defense contractor is significant, Percoco notes. It's likely easier to get this sort of data from a contractor than launching an all-out attack on Pentagon servers themselves, because companies are full of people—people who are used to doing business in our digitally connected world. And even though an employee of a defense contractor is probably way more switched on to digital security than you or I, it's still not impossible to cheat someone with access to secret files into placing malware on their work laptop.
All it would take for a dedicated hacker is some basic research. If you wanted to steal data like this, you could start by targeting a particular employee via email—"We've seen this happen to defense contractors," Percoco notes. "Using technology like Google, and LinkedIn and other social networks" hackers could find out who best to target. Say they pick a particular EVP, and work out their email address is "JohnSmith@defencecontractorX.com." Then they work out who their colleagues or bosses may be all the way up to CEO level.
Then it's as simple as going to a source of hacking code using your underworld contacts (or using some of your own) and getting access to a "zero day exploit"—a new loophole in a computer or software system's security that hasn't been publicly discovered yet, and hence is still open for hacking use.
This is where the hack escalates. "In this case, they'd been looking for a zero-day exploit in, say, the Adobe PDF reader. And then they'd take a nice creative pen out and draft up a document that looks like it should be something important," Percoco said. After this, the hacker would set up something like a disposable Gmail account and make the screen name the same as one of the target's peers or the CEO of the company. Then they'd "craft up an email that says 'Here's an important document, some new announcement we're working on. Please review it and be ready for a call at 10 a.m. today.'" The trick is to send this to the target at around 7:30 a.m. local time, because the "best time to send those types of things is right before someone's had their coffee."
Typically the sleep-addled victim would trust the email as it's supposedly from a colleague, then launch the embedded PDF (or other faked document). Usually it causes the newly launched program—Adobe Reader in this example—to crash. But as it crashed, it would actually be installing malicious code on the machine. The virus is injected.
How The Attack Began: Website Sting
A similar attack is possible using a faked-up website that looks like it's actually related to the target company—one of those odd-looking, badly maintained websites that kinda looks official that we've all surfed to at some point and been confused by.
Some of these are actually storage pens for targeted malicious code, carefully honed to appear high on Google searches with SEO tricks. And when, say, a marketing official from the target company Googles to find out how their brand is being referenced around the web, they may stumble across one of these fake sites and trigger the release of malware onto their machine.
What Happened Next: Access Is King
Once the malicious code has been installed on the machine, the "sky's the limit," particularly via the email exploit. A well-coded virus code can evade detection and hide on the computer, doing various wicked things.
Often the "sole purpose of the executable is to go and find files on the person's computer and archive those in a zip file or RAR file, and then attempt to extract them from the system," Percoco said, based on his experience. The code could try lots of different routes, using FTP or HTTP or other protocols to get those files off the system. It's something he's seen in "many environments" and, worryingly, they're often "highly successful in getting those files." The code is typically designed to work on Windows machines, with almost no such exploits targeted at Macs—but Percoco agrees that this is at least partly due to the assumption by a hacker that a business user will be using a PC, not a Mac.
The success would be based on the fact no one's seen this particular kind of attack before (a zero-day exploit payoff) and it would easily circumvent any protective anti-virus software installed on the machine—because the protection doesn't know to look out for this type of virus. The only real way to avoid this sort of attack for the target to "avoid clicking on documents," which is clearly unlikely in the case of a business computer user. 
A smarter hacker would select a network administrator at the target company, because they're human, too. Their machine likely has even more interesting files that have data on network security, what kind of code is let in and let out of company firewalls, and so on.
Getting access to this sort of data (via the same email hack as described above) could let a persistent hacker penetrate a company's network and install a backdoor onto it—totally circumventing security because then "the attacker doesn't have to come in from the outside, they have code running on that system that will basically open up a connection back to the attacker"—not something network security is expecting. Then you can gain access to passwords and credentials to worm your way in further, eventually finding whatever sensitive data you're looking for.
The result could be a grim violation of company security. "We've seen those for a number of years, in all sorts of companies including government-type companies as well," Percoco says. 
Who Did This?
It's easy to see how a hacker could gain access to a machine and even a company network, and how easy it can be to transfer stolen files from infected computers to the hacker. But whois the hacker? The Deputy Secretary of Defense was careful to link it to "foreign" attackers—and considering this year's hacking news, we're instantly imagining China is to blame.
Percoco says his company does hundreds of investigations every year on attacks like these, and it's "very, very difficult to trace an attack to a specific person and specific political motivation." That's unless it's a hacktivist attack, when a group like Anonymous posts the data online and admits it was to blame—and even then "you don't know where these people are actually located."
A hacker could take his laptop down to a coffee shop, buy a cup of joe and "get on their free Wi-Fi system. And now they go and start looking around the world to find a computer that has a security weakness." Once they find it, they can use the hacked computer for a targeting scenario like the one described above, where they send a tainted email. Anyone tracing the code back after the attack was detected may find it sourced on a corporate computer in, say, China. And then they're stuck—because no one's "going to let the U.S. government come in and do a forensic investigation on some business located in China." 
Furthermore, it's rare that even this first Net address is where the attack is coming from—"they're always jumping through one or many systems" Percoco says, which could be in numerous nations and thus completely confound any attempts to track them. Which means the attacker actually could be located anywhere.
The Cold Cyberwar?
Suddenly, there's a much more sinister angle to the Pentagon hack. Forget "The Chinese Way of Hacking." More like "Even More Malicious Hackers Looking Like They're Using The Chinese Way Of Hacking."

-News Source (Gizmodo)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search