BioHacker

Sign in to your account.

Status Brief
History/Origins:

Developmental Milestones/Developments to Date:

Current Assessment/State of the Field:

Problems/Challenges:

Proposals:

See Brian J. Gorman, “Patent Office as Biosecurity Gatekeeper: Fostering Responsible Science and Building Public Trust in DIY Science, 10 J. Marshall Rev. Intell. Prop. L. 423 (2011) http://www.jmripl.com.php5-10.dfw1-2.websitetestlink.com/issues/article/240

2004

Benjamin D. Kern, “*101 Whacking, Joyriding and War-Driving: Roaming use of Wi-Fi and the Law” November, 2004, Santa Clara Computer and High Technology Law Journal Last Checked January 7, 2012. http://www.mcguirewoods.com/news-resources/publications/technology_business/Whacking_Joyriding_and_War_Driving.pdf

  1. “’Whackers’ …will be defined as users who intentionally access a Wi-Fi network for destructive, malicious, theft or espionage purposes.”
  2. “Roaming Wi-Fi users include “joyriders” that use an open Wi-Fi connection to access the Internet,…”
  3. “’War-drivers,’ who scan, locate, and map Wi-Fi access points, and accidental users, who unintentionally connect to a Wi-Fi network.”
  4. “The term “hacker” is popularly used in the media to refer to a malicious computer or network user, although use of the term in technology circles is considerably more nuanced.”
  5. “A “whacker” is a hacker that uses wireless technology.”
  6. “Laws applicable to roaming Wi-Fi use will facilitate and encourage roaming, while deterring destructive behavior and providing remedies to any network operator injured by a malicious or destructive user.”
  7. “Several men pled guilty to violations of the CFAA and other statutes after accessing credit card information stored in the computer systems of Lowe’s hardware store by accessing a store’s open Wi-Fi network from the parking lot of the store.”
  8. “Internet-related legislation has clarified that those who provide access to the Internet to third-parties are not liable for the acts of these third-parties.”
  9. “The Digital Millennium Copyright Act (“DMCA”) and Communications Decency Act (“CDA”) both include safe harbors that clarify that Internet service providers are not liable for content transmitted through their services, potentially including all of the types…”
  10. “Pre-DMCA case law makes clear that network operators that do not have knowledge of the content passing through their networks have little danger of being liable for copyright infringement.”
  11. “The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”) clarifies that liability for spam sent by a user of an open Wi-Fi network would rest with the user, not the network operator.”
  12. “Whether or not the CDA, DMCA, and CAN-SPAM Acts expressly apply to all materials that may be transmitted through an open Wi-Fi network, courts have recognized that Congressional intent to absolve service providers has been very broad.”
  13. “The Computer Fraud and Abuse Act of 1986 (“CFAA”) prohibits unauthorized access to a computer or network in a number of specific situations.”
  14. “To violate the most widely applicable provisions of the CFAA, a user must intentionally access a network without authorization, and must either obtain information or cause damage and a loss exceeding a threshold amount.”
  15. “Many state statutes, as well as the CFAA, prohibit intentional unauthorized access, but do not clarify what level of mens rea applies to the unauthorized nature of the user’s access.”
  16. “Most states have statutes that prohibit intentional, unauthorized access to, or use of, computer networks.”
  17. “Current federal and state laws may apply to the use of Wi-Fi networks for whacking activities, and to roaming use of open Wi-Fi networks for purposes of accessing the Internet, and, at least in California, to war-driving.”
  18. “A lack of clarity and consistency among existing laws threatens to have a chilling effect on this important direction of future growth for the Internet.”

Cybersecurity, Law, Hacker, Law Enforcement

 

USA Today, “Lowe’s hardware hacker gets nine years” 15 December, 2004, usatoday.com Last Checked 29 December, 2011. http://www.usatoday.com/tech/news/computersecurity/hacking/2004-12-15-lowes-hack_x.htm

  1. “One of three Michigan men who hacked into the national computer system of Lowe’s hardware stores and tried to steal customers’ credit card information was sentenced Wednesday to nine years in federal prison.”
  2. “The government said it is the longest prison term ever handed down in a U.S. computer crime case.”
  3. “Brian Salcedo, 21, of Whitmore Lake, Mich., pleaded guilty in August to conspiracy and other hacking charges.”
  4. “Salcedo’s sentence… exceeds that given to the hacker Kevin Mitnick, who spent more than 5½ years behind bars, according to a Justice Department Web site that tracks cyber-crime prosecutions.”
  5. “Adam Timmins, became one of the first people convicted of “wardriving,” in which hackers go around with an antenna, searching for vulnerable wireless Internet connections.”
  6. “Prosecutors said the three men tapped into the wireless network of a Lowe’s store in Southfield, Mich., used that connection to enter the chain’s central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information.”
  7. “The case was prosecuted in Charlotte because it is home to an FBI cyber-crime task force.”
  8. “Mitnick led the FBI on a three-year manhunt that ended in 1995 and is said to have cost companies millions of dollars by stealing their software and altering computer information.”
  9. “Victims included Motorola, Novell, Nokia and Sun Microsystems.”
  10. “I think the massive amount of potential loss that these defendants could have imposed was astounding, so that’s what caused us to seek a substantial sentence against Mr. Salcedo, …”

Cybersecurity, Hacker, Law Enforcement

2010

Markoff, John, “Google Asks Spy Agency for Help With Inquiry Into Cyberattacks” February 5, 2010, New York Times, http://www.nytimes.com/2010/02/05/science/05google.html. last checked 12/10/11

  1. ”Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday.”
  2. ”By turning to the N.S.A., which has no statutory authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.”
  3. ”Systems designated as critical infrastructure are increasingly being held to tighter regulatory standards.”
  4. ”On Jan. 12, Google announced a ‘new approach to China,’ stating that the attacks were ‘highly sophisticated’ and came from China.”
  5. ”At the time, it gave few details about the attacks other than to say that a theft of its intellectual property had occurred and that a primary goal of the attackers had been to gain access to the Gmail accounts of Chinese human rights activists.”
  6. ”A number of computer security consultants who worked with other companies that experienced attacks similar to those of Google have stated that the surveillance system was controlled from a series of compromised server computers based in Taiwan.”
  7. ”An N.S.A. spokeswoman said, ‘N.S.A. is not able to comment on specific relationships we may or may not have with U.S. companies,’ but added, the agency worked with “a broad range of commercial partners’ to ensure security of information systems.’
  8. ”’This is the other side of N.S.A. — this is the security service that does defensive measures,’ said the specialist, James A. Lewis, a director at the Center for Strategic and International Studies. ‘It’s not unusual for people to go to N.S.A. and say ‘please take a look at my code.’ ‘ ”
  9. ”On Thursday, the organization [Electronic Privacy Information Center] filed a lawsuit against the N.S.A., calling for the release of information about the agency’s role as it was set out in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 , a classified 2008 order issued by President George W. Bush dealing with cybersecurity and surveillance.”
  10. ”The relationship that the N.S.A. has struck with Google is known as a cooperative research and development agreement, …. These were created as part of the Federal Technology Transfer Act of 1986 and are essentially a written agreement between a private company and a government agency to work together on a specific project.”
  11. ”In addition to the N.S.A., Google has been working with the F.B.I. on the attack inquiry,…”

Cybersecurity, BioHacker, Law Enforcement, China, Taiwan, Classified, Law, Homeland Security

2011

Drew, Christopher, John Markoff,“Lockheed Strengthens Network Security After Hacker Attack”, 29 May, 2011, nytimes.com. http://www.nytimes.com/2011/05/30/business/30hack.html?_r=2&ref=lockheedmartincorporation

  1. “Lockheed Martin said on Sunday that it had stepped up its investigation into a sophisticated hacking attack on its computer networks and bolstered security measures for gaining remote access to its systems.”
  2. “They were still trying to determine whether the attack had relied on any data that hackers had stolen from RSA in March or if it had exploited another weakness.”
  3. “Lockheed and RSA Security, which supplies coded access tokens to millions of corporate users and government officials…”
  4. “Lockheed, which is based in Bethesda, Md., said on Saturday night that the attack, which occurred on May 21, was “significant and tenacious.”
  5. “They had stopped the attack shortly after hackers got into a system, adding that no customer or company data was compromised.”
  6. “Lockheed Martin, the nation’s largest military contractor, and other military companies face frequent attacks from hackers seeking national security data.”
  7. “Lockheed also had accelerated a plan to increase network security.”
  8. “Lockheed also switched to eight-digit access codes from four-digit codes, which are randomly generated by the tokens.”

Cybersecurity, Hacker

 

Editors, “Swedish man caught trying to split atoms at home,” Associated Press,  August 3, 2011. http://www.msnbc.msn.com/id/44003250/ns/world_news-weird_news/?gt1=43001, last checked 8/17/11.

  1. “A Swedish man who was arrested after trying to split atoms in his kitchen said Wednesday he was only doing it as a hobby.
    Richard Handl told The Associated Press that he had the radioactive elements radium, americium and uranium in his apartment in southern Sweden when police showed up and arrested him on charges of unauthorized possession of nuclear material.”
  2. “The 31-year-old Handl said he had tried for months to set up a nuclear reactor at home and kept a blog about his experiments, describing how he created a small meltdown on his stove.”
  3. “Only later did he realize it might not be legal and sent a question to Sweden’s Radiation Authority, which answered by sending the police.”
  4. “”I have always been interested in physics and chemistry,’ Handl said, adding he just wanted to ‘see if it’s possible to split atoms at home.’ The police raid took place in late July, but police have refused to comment. If convicted, Handl could face fines or up to two years in prison.
  5. “Although he says police didn’t detect dangerous levels of radiation in his apartment, he now acknowledges the project wasn’t such a good idea.  ‘From now on, I will stick to the theory,’ he said.”

Nuclear, BioHacker, Open Science, Law Enforcement
Emery, Daniel, “Governments, IOC and UN hit by massive cyber attack” 3 August, 2011, BBC. http://www.bbc.co.uk/news/technology-14387559

  1. “IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks.”
  2. “It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms.”
  3. “McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks.”
  4. “Beijing has always denied any state involvement in cyber-attacks, calling such accusations “groundless.””
  5. “’This is a whole different level to the Night Dragon attacks that occurred earlier this year. Those were attacks on a specific sector. This one is very, very broad.’”
  6. “Dubbed Operation Shady RAT – after the remote access tool that security experts and hackers use to remotely access computer networks…”
  7. “In many cases we found evidence that intellectual property (IP) had been stolen.”
  8. “The United Nations, the Indian government, the International Olympic Committee, the steel industry, defence firms, even computer security companies were hit…”
  9. “McAfee said it did not know what was happening to the stolen data, but it could be used to improve existing products or help beat a competitor, representing a major economic threat.”
  10. “This was what we call a spear-phish attack, as opposed to a trawl, where they were targeting specific individuals within an organisation,…”
  11. “’An email would be sent to an individual with the right level of access within the system; attached to the message was a piece of malware which would then execute and open a channel to a remote website giving them access.’”
  12. “’Once they had access to an organisation, they either did what we would call a ‘smash-and-grab’ operation, where they would try and grab as much information before they got caught,…’”
  13. “’Or they sometimes embedded themselves in the network and [tried to] spread across different systems within an organisation.’”
  14. “’very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.’”
  15. “’We cannot prove it’s China. That doesn’t mean we should be naive. Every country in the world is probably using the internet to spy.’”
  16. “’Sometimes it’s not about stealing your money or publicly leaking your data. It’s about quietly stealing your information, which can have a very high political, military or financial value.’”

Cybersecurity, China, BioHacker

 

Editors, “The vulnerability of sensitive Biometric data storage systems” 20 September, 2011, Security Park. http://www.securitypark.co.uk/security_article266669.html

  1. “The latest cyberattacks prove “One Time Password” (SecurID) has failed to protect faked “legitimate” access.”
  2. “Significant federal sites with RSA protection were recently breached.”
  3. “Biometric storage methods define conditions for individual identification by storing indefeasible characteristics in national, government and private databases.”
  4. “Storing biometric data gives hackers the obvious potential to hack, copy, clone or manipulate sensitive/irreplaceable information in minutes.”
  5. “Whether it is Firewalls, Intrusion Detection Systems, Intrusion Prevention System, Private Key Infrastructure, Application Security, Secure Socket Layers, SecurID’s, or Load Balancers, facts show that none of these security measures can prevent hacking,…”
  6. “The best bet is to attack vulnerable endpoints, or computers that are connecting remotely and are not likely under the direct control of the organization’s security policies…”
  7. “Currently there is no single technology that can mitigate the weakest link in the security chain; End-User Authentication, a legal access made by a set of composite Phishing or Crawling acts, triggering global cyber attacks.”
  8. “There are no pragmatic, arithmetical, or automatic means to compare a legitimate individual’s unequivocal identity record with computers…”
  9. “In this electronically interconnected world, weak real remote authentication of the end-user is the gap that allows hackers to use counterfeited legitimate entry with simple, front door credentials, hiding themselves behind undiscoverable secure tunnels.”
  10. “High tech savvy hackers use system security measures themselves to gain access.”
  11. “Any electronic data storage method, such as RFID chips or smart storage cards, which contain irreplaceable personal data that can be read by third parties, gives it the obvious potential to be hacked, copied, cloned and manipulated in minutes.”
  12. “Storing easily penetrable Biometric information on contactless smart cards is doomed for long-term failure.”
  13. “As of now, the only logical way to authenticate humans without putting any personal information at risk is via the use of a completely anonymous traceless authentication system.”
  14. “The question we are faced with is how can we truly use biometric information without risking or collecting it or even without separating it from its owner’s physical body?”
  15. “The reason biometric collection is dangerous is not because it is not a good idea; it is because it is extremely inefficient and fenceless.”

Cybersecurity, BioHacker

 

Tabuchi, Hiroko, “U.S. Expresses Concern About New Cyberattacks in Japan” 22, September 2011, nytimes http://www.nytimes.com/2011/09/22/world/asia/us-expresses-concern-over-cyberattacks-in-japan.html?_r=1&scp=3&sq=cyber%20security&st=cse

  1. “The United States gave a stern warning on Wednesday over recent cyberattacks on Japan’s biggest defense contractors, the latest in a series of security breaches that have fueled concern about Tokyo’s ability to handle delicate information.”
  2. “An online assault on defense contractors including Mitsubishi Heavy Industries, which builds F-15 fighter jets and other American-designed weapons for Japan’s Self-Defense Forces,…”
  3. “The breach came less than two weeks after a Japanese air traffic controller was questioned for posting secret American flight information on his blog.”
  4. “The breaches threaten to undermine any progress made by Japan, an important American ally, in bolstering cybersecurity in recent years.”
  5. “The Japanese government had promised to revamp its security procedures after a Japanese Navy officer was arrested in 2007 over the leak of classified data on the United States Navy’s advanced Aegis combat radar system,…”
  6. “For every country, these kinds of intrusions have the potential for long-term negative impact and must be taken seriously,…”
  7. “This is why cybersecurity must be a public sector priority in close collaboration with the private sector.”
  8. “Mitsubishi Heavy Industries said Monday that its computer systems had been hacked and that some network information may have been compromised.”
  9. “According to the company, 83 computers and servers at 11 locations, including its Tokyo headquarters, factories, and a research and development center were accessed in the attack.”
  10. “But an investigation by a security company has revealed that connections were made to 14 overseas sites, including at least 20 servers in China, Hong Kong, the United States and India,…”
  11. “It has previously experienced breaches in security, including the loss of data on nuclear reactor tests in 2006 and on its fighter jets in 2003.”
  12. “This year, Lockheed Martin was the victim of a sophisticated hacking attack.”

Cybersecurity, Japan, China, BioHacker

 

Karam, Zeina, “Syria wages cyber warfare as websites hacked” 27 September, 2011, Newsday. http://www.newsday.com/business/technology/syria-wages-cyber-warfare-as-websites-hacked-1.3205305

  1. “Pro- and anti-government activists in Syria are increasingly turning to the Internet, hacking and defacing websites in an attempt to win a public relations victory.”
  2. “Shadowy online activist groups have hacked into at least 12 Syrian government websites in recent days, replacing their content with interactive maps and statements detailing atrocities by security forces against protesters.”
  3. “The groups say their actions are in response to the regime’s tactics.”
  4. “Since early in the uprising, a group of pro-government hackers known as the Syrian Electronic Army has used the Internet to attack opposition activists and their perceived backers…”
  5. “On Monday, pro-Assad hackers briefly defaced Harvard University’s website, replacing the home page with an image of Assad together with a message accusing the U.S. of supporting the uprising against him and threatening retaliation.”
  6. “The other websites or Facebook pages reportedly targeted by the group include those of Oprah Winfrey, Newsweek magazine and Brad Pitt. Pitt’s partner, Angelina Jolie, is a U.N. goodwill ambassador who visited thousands of Syrian refugees in Turkey in June.”
  7. “The Syrian Electronic Army has been trying to root out prominent activists in Syria and recent evidence suggests it has begun waging cyber-war against entities from countries that oppose the regime,…”
  8. “’The Syrian Electronic Army claims on its Facebook page that it has no affiliation with the Assad regime and was founded by ordinary Syrians who want to defend the country against “fabrications and distortions of events in Syria.’”
  9. “But the impact of the online attacks has been limited since counterattacks were launched by the hacker group Anonymous as well as two other loose groupings of hackers made up mostly of Syrian activists, the so-called Free Hackers Union and RevoluSec.”
  10. “It is an electronic war. It’s legitimate. As long as it isn’t hurting anyone, we are ready to wage it until the end,…”
  11. “RevoluSec and Anonymous said Monday they were behind the latest attacks targeting the websites of several Syrian government ministries and some major Syrian cities.”
  12. “Monday’s hacking shows that the Syrian government has not erected sufficient defensive safeguards, despite reported training from its ally Iran on how to deal with the protest movement and mounting a sophisticated response.”
  13. “Anonymous said on its website that 12 government websites had been defaced by RevoluSec. Most have since been restored, but some were still down.”
  14. “’Our goal is to raise public awareness of the abhorrent actions of the brutal Assad regime and the bloody war that it wages on its own people,…’”

Cybersecurity, BioHacker

 

Birch, Douglas, “ US: Cuber Attacks on  utilities, industries risehstoday.us. 3 October, 2011,  http://www.hstoday.us/single-article/us-cyber-attacks-on-utilities-industries-rise/5364309400c3a4d24ebbc43440d66a84.htm

  1. “U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods,…”
  2. “The world’s utilities and industries increasingly are becoming vulnerable as they wire their industrial machinery to the Internet.”
  3. “Disgruntled employees, hackers and perhaps foreign governments ‘are knocking on the doors of these systems, and there have been intrusions.’”
  4. “According to the DHS, Control System Security Program cyber experts based at the Idaho National Laboratory responded to 116 requests for assistance in 2010, and 342 so far this year.”
  5. “Under current law, the reporting of cyber attacks by private organizations is strictly voluntary.”
  6. “The Obama administration has proposed making reporting mandatory, but the White House could find the idea difficult to sell at a time when Republicans complain about increased regulation of business.”
  7. “Officials said they knew of only one recent criminal conviction for corrupting industrial control systems, that of a former security guard at a Dallas hospital whose hacking of hospital computers wound up shutting down the air conditioning system.”
  8. “The Homeland Security Department’s control system program includes the emergency response team, a Cyber Analysis Center where systems are tested for vulnerabilities, a malware laboratory for analyzing cyber threats…”
  9. “A classified “watch and warning center” where data about threats are assessed and shared with other cyber security and intelligence offices.”
  10. “Marty Edwards, chief of the control system security effort, said the malware lab analyzed the Stuxnet virus that attacked the Iranian uranium enrichment facility in Natanz last year.”
  11. “The Stuxnet worm exploited well-known design flaws common to many system controllers, vulnerabilities that in general can’t be patched.”
  12. “Many independent experts and former government officials suspect that Stuxnet was created by the United States, perhaps with the help of Israel, Britain and Germany.”
  13. “The U.S. and other nations believe Iran is building a nuclear weapons program, but Tehran insists it is interested only in the peaceful uses of nuclear technology.”
  14. “While U.S. officials talk frequently about the threat of cyber attacks to America, they seldom discuss the country’s offensive cyber weapons capability.”
  15. “The U.S. is thought to be the world’s leader in cyber warfare, both defensive and offensive.”
  16. “U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.”
  17. “Because of its advanced industrial base and large number of computer controlled machines connected to the Internet, the U.S. is thought to be highly vulnerable to a cyber attack on its infrastructure.”
  18. “In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.”
  19. “A video of the test, called Aurora, still posted on YouTube, shows parts flying off the generator as it shakes, shudders and finally halts in a cloud of smoke.”
  20. ““Before the test, he said, the notion of cyber warfare “was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon.””
  21. “Homeland Security officials said they have not conducted such a test on that scale since. But they demonstrated Thursday how a hacker could tunnel under firewalls in computer systems to take command of industrial processes.”
  22. “All systems deployed have vulnerabilities,…”

Cybersecurity, BioHacker, Iran, Germany, Israel

 

Editors, “Sony hit by hackers again, 93,000 accounts compromised” 14 October, 2011, Homeland Security Newswire http://www.homelandsecuritynewswire.com/sony-hit-hackers-again-93000-accounts-compromised

  1. “Once again Sony has been the victim of a major cyberattack.”
  2. “This time as many as 93,000 accounts have been compromised from Sony Entertainment Network, PlayStation Network, and Sony Online Entertainment.”
  3. “According to a post on the official PlayStation blog, hackers attempted to access accounts using a “massive” set of sign-in IDs and passwords.”
  4. “The majority of passwords did not work and that customers’ credit card information was not at risk.”
  5. “Only 0.1 percent of accounts were affected and as a precaution, the company has temporarily suspended 93,000 accounts.”
  6. “Reitinger maintained that the latest cyberattack originated from data stolen from third-parties and not Sony.”
  7. “These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources,…”
  8. “The latest attacks on Sony’s networks come after the company’s PlayStation Network service was taken down for several weeks in April following the revelation that the account information of nearly 70 million gamers was compromised.”
  9. “Just one month after the initial cyberattacks, the hacking group Lulzsec claimed that it had obtained sensitive information for more than 1 million users from Sony Pictures websites.”

Cybersecurity, BioHacker

 

Editors, “RSA blames nation-state for SecureID cyberattack” 18 October, 2011, Homeland Security Newswire http://www.homelandsecuritynewswire.com/dr20111018-rsa-blames-nationstate-for-securid-cyberattack

  1. “Last week at a press conference in London, RSA executives revealed more details about the cyberattack that stole information regarding the company’s SecurID authentication tokens in March.”
  2. “’We know there were two groups because of the methodology in the attack,…’”
  3. “We have not attributed the attack to a particular nation state, although we are very confident, with the skill and the degree and the resource behind the attack, that it could only have been perpetrated by a nation state.”
  4. “Investigators were able to find evidence of the hackers, but not enough to trace it back to a particular nation state.”
  5. “Two hacker groups collaborated to steal RSA’s data.”
  6. “’There were two groups involved. Both groups were known to authorities, but they had never been known to work together before.’”
  7. “Using a series of phishing attacks on RSA employees, hackers sent emails from trusted sources like the company or a person the employee knew to deliver malware that enabled them to enter RSA’s networks.”
  8. “The hackers used sophisticated methods to avoid detection like modifying their host computers to match their internal Microsoft Active Directory — a Microsoft database that keeps track of usernames and passwords within an organization and enforces security policies.”
  9. “In March RSA revealed that its networks had been hit and that hackers had stolen information regarding its SecurID products,…”
  10. “Two factor authentication system used by major government agencies and private businesses around the world including the Department of Defense, Lockheed Martin, and Wells Fargo.”

Cybersecurity, BioHacker

 

Editors, “Stuxnet-clones easily created” 25 October, 2011,  Homeland Security Newswire http://www.homelandsecuritynewswire.com/stuxnet-clones-easily-created

  1. “With the release of the Stuxnet worm, the first piece of malicious code to cause physical damage, a whole new frontier of cyberattacks has been opened and imitators have been able to create Stuxnet-like clones with alarming ease.”
  2. “The worm specifically targeted specialized software called supervisory control and data acquisition systems (SCADA) that controlled core processes at Iran’s Bushehr nuclear facility and forced centrifuges there to spin out of control.”
  3. “Initial reports regarding Stuxnet suggested that the code was developed by elite computer experts with the help of state support and highly secretive military intelligence,…”
  4. “Security experts working in a laboratory setting have been able to recreate key elements of the worm in a short time frame with limited resources.”
  5. “For instance, in just two months and with $20,000 in equipment, Dillon Beresford, an independent cybersecurity researcher at NSS Labs, was able to find more than a dozen vulnerabilities in the same type of electronic controllers exploited by Stuxnet in Iran.”
  6. “With the vulnerabilities that he found, Beresford was able to remotely commandeer an industrial control system’s devices and reprogram them.”
  7. “’What all this is saying is you don’t have to be a nation-state to do this stuff. That’s very scary,…’”
  8. “Meanwhile, Ralph Langner, a German control system security consultant and an expert on Stuxnet, developed a Stuxnet copycat in just four lines of code.”
  9. Langner calls the code a “time bomb” and describes it as the most basic imitation attack that a malicious actor could create.
  10. “’As low-level as these results may be, they will spread through the hacker community and will attract others who continue digging,…’”
  11. “In another test, Mocana Corp., a cybersecurity firm was hired by a power utility in southern California to test the controllers used in its substations. “
  12. “In one day, Mocana was able to find multiple vulnerabilities that would allow hackers to control any piece of equipment connected to the controllers.”
  13. “These were big, major problems, and problems frankly that have been known about for at least a year and a half, but the utility had no clue.”
  14. “Fixing these security gaps could prove to be a significant challenge to industry as control systems are designed to be in place for decades, making replacing or updating them a difficult task.
  15. “In addition as more research is published, the more likely attacks become.”
  16. “To secure older units, critical infrastructure operators would likely be forced to install new equipment, a decision strongly avoided by companies as they would be forced to shut down their operations.”

Cybersecurity, BioHacker

 

Andrea Shalal-Esa and Jim Finkle, “Exclusive: National Security Agency helps banks battle hackers” 26 October, 2011, Reuters, http://www.reuters.com/article/2011/10/26/us-cybersecurity-banks-idUSTRE79P5E020111026

  1. “The assistance from the agency that conducts electronic spying overseas is part of an effort by American banks and other financial firms to get help from the U.S. military and private defense contractors to fend off cyber attacks,…”
  2. “The Federal Bureau of Investigation has also warned banks of particular threats amid concerns that hackers could potentially exploit security vulnerabilities to wreak havoc across global markets and cause economic mayhem.”
  3. “While government and private sector security sources are reluctant to discuss specific lines of investigations,…”
  4. “They paint worst-case scenarios of hackers ensconcing themselves inside a bank’s network to disable trading systems for stocks, bonds and currencies, trigger flash crashes, initiate large transfers of funds or turn off all ATM machines.”
  5. “It is unclear if hackers have ever been close to producing anything as dire, but the FBI says it has already helped banks avert several major cyber attacks by helping identify network vulnerabilities.”
  6. “Alexander said industry and government were making progress in protecting computer networks, but “tremendous vulnerabilities” remained.”
  7. “The four-star Army general noted companies that have suffered damage from hackers, such as Google Inc, Lockheed Martin Corp and Nasdaq OMX Group, had among the best security systems in the world.”
  8. “NSA, which has long been charged with protecting classified government networks from attack, is already working with Nasdaq to beef up its defenses after hackers infiltrated its computer systems last year and installed malicious software that allowed them to spy on the directors of publicly held companies.”
  9. “Hackers have targeted Wall Street investment banks for more than a decade, but recent attacks have been more sophisticated, coordinated and deliberate.”
  10. “That makes security experts suspect the hackers were backed by countries such as China, and fueled concerns that cyber terrorists might someday use malware to wipe out crucial data and cripple networks across the financial sector.”
  11. “China has repeatedly said it does not condone hacking, but experts say the evidence continues to mount against Beijing.”
  12. “In June, Google blamed China for an attempt to steal the passwords of hundreds of email account holders, the second major breach the Internet giant has blamed on the Chinese.”
  13. “Earlier this year, security firm McAfee said hackers working in China broke into the computer systems of five global oil and gas companies to steal bidding plans and other critical proprietary information.”
  14. “Cyber attacks could prove particularly devastating for financial institutions given the critical importance of the data stored on their networks and the need to maintain investor confidence in their security.”
  15. “Greater cooperation with industry became possible after a deal reached a year ago between the Pentagon and the Department of Homeland Security, allowing NSA to provide cyber expertise to other government agencies and certain private companies.”
  16. “More than 100 countries already have some hacking capabilities, and such tools could soon be available to rogue groups.”
  17. “The NSA and big arms makers have a treasure trove of data on hacking, including intelligence on planned attacks and libraries of malicious software code used by foreign-government supported hackers that are not available elsewhere.”
  18. “About eight out of ten Wall Street firms have been infiltrated by foreign-government backed hackers, …”
  19. “The NSA first started to worry about security of financial institutions about two years ago, and has held meetings with the Federal Reserve Bank of New York and banks to address those concerns,…”

Cybersecurity, BioHacker, China

 

Editors, “Napolitano: hackers “came close” to shutting down critical infrastructure” 28 October, 2011, Homeland Security Newswire http://www.homelandsecuritynewswire.com/napolitano-hackers-came-close-shutting-down-critical-infrastructure

  1. “On Thursday DHS secretary Janet Napolitano revealed that hackers have “come close” to shutting down parts of the nation’s critical infrastructure.”
  2. “At a press conference Napolitano stated that hackers have attempted to infiltrate financial systems, transportation networks, and other key elements of U.S. critical infrastructure, making cyberattacks on these facilities one of her top concerns.”
  3. “With the growing need to defend critical computer networks, Napolitano stressed the importance of creating a strong national and international regime to effectively handle cyberattacks.”
  4. ““One of the problems we have is that the current international regime, international law, international rules of conflict … really have not been developed with cyber,…””
  5. “The Senate has yet to pass a comprehensive cybersecurity bill that would authorize DHS to take the lead in securing the government’s networks as well as assisting the private sector in building cyber defenses.”
  6. “Regardless of whether the Senate passes the bill or not, Napolitano said DHS would continue to informally take the lead on cybersecurity through its series of informal agreements”

Cybersecurity, BioHacker

 

 

 

Help support the information project and gain access to the newer half of each protected page by subscribing for 6 months at the rate of $5.00. 

6 Month All Access