TweakTown NewsRefine News by Category:
The large volume of cyberattacks aimed at U.S. infrastructure, including banks and private sector companies, has finally led the U.S. Justice Department to begin showing interest in prosecuting cyberattack crimes. Assistant Attorney General John Carlin is spearheading the project, with a more realistic emphasis on cyber security efforts.
"We need to develop the capability and bandwidth to deal with what we can see as an evolving threat," Carlin recently noted. He is building a team around him able to understand the seriousness of state-sponsored cyberattacks, especially by the Chinese and Russian governments.
Instead of worrying about rogue hackers, the government wants to work to dismantle organized hacker groups that victimize US companies - and consumers, with millions of victims racked up. This is an important step by the federal government, which tried to bury its head in the sand, though that not surprisingly hasn't worked.
Michigan Congressman Mike Rogers is the latest to speak out against former NSA contractor Edward Snowden, saying the American - currently living in Russia - should be charged with murder. Rogers currently is the chairman of the House of Representatives intelligence committee, and also described Snowden as a traitor to the United States.
"The [US] government has pressed charges on Mr. Snowden," Rogers recently said. "We are treating him, as I would argue, the traitor that he is. And by the way, and this is important, I would charge him for murder."
Although Snowden isn't popular among US lawmakers, Rogers took it a step further by saying Snowden's actions will end up causing American or British casualties on the battlefield. Other politicians already said enemies are changing their strategies to avoid being noticed by US and British intelligence agencies.
Apple has issued a warning to iCloud users about organized cyberattacks, after previously noting that its servers were not breached. The Chinese government is being blamed for the attacks, but Apple was careful not to finger any attacks based in China.
"We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously," Apple recently noted. "If users get an invalid certificate warning in their browser while visiting http://www.icloud.com, they should pay attention to the warning and not proceed."
This is another wave of bad news for Apple, occurring shortly after multiple celebrities had personal images stolen from their iCloud accounts.
The U.S. Department of Homeland Security (DHS) is now concerned of cybersecurity flaws discovered in medical devices, with two dozen reported incidents, according to officials. A Hospira infusion pump and St. Jude Medical Inc and Medtronic implantable heart devices are now being reviewed by the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). There is no evidence that these products have been successfully compromised by hackers, but the DHS wants to try to prevent it from happening in the future.
"The conventional wisdom in the past was that products only had to be protected from unintentional threats," said William Maisel, FDA Center for Devices and Radiological Health chief scientist noted. "Now they also have to be protected from intentional threats too."
As medical technology advances, the "smart" devices are susceptible to hacker interference, cybersecurity experts warn, though it appears compromising these medical products would still be rather difficult.
Office retailer Staples was the latest high-profile company hit by a data breach, with customers in the Northeastern United States affected. The US Secret Service is now investigating the incident, which involved debit and credit card data of an unknown number of customers. It appears retail locations in Pennsylvania, New Jersey and New York were hit, but it's possible stores in other states were also targeted.
"We take the protection of customers information very seriously, and are working to resolve the situation," Staples said in a statement. "If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis."
Retailers are struggling to keep data secure, as similar attacks have victimized Target, Home Depot, Kmart, Sears, with millions of customers across the country affected by these breaches.
The Securities Industry and Financial Markets Association (SIFMA), the top Wall Street trade group, wants increased inter-agency efforts to create cybersecurity guidelines for the financial industry. Instead of a "one size fits all" approach to cyberattacks, regulators would be able to ensure cybersecurity rules force companies to conduct "risk-based" and "value-added" audits.
"You could have a patchwork... for a big global bank, of five or six regulators all looking at this from a slightly different perspective, with slightly different guidance or principles of what they think is effective," said Karl Schimmeck, SIFMA managing director of financial services operations, in a statement to Reuters.
Banks and financial companies already use stronger cybersecurity than other private sector companies, but JPMorgan Chase's recent breach indicated they clearly aren't immune from high-profile cyberattacks. The U.S. federal government is battling how to force companies to disclose breaches, along with helping them defend against future attacks.
Well, that didn't take long: China is denying any responsibility in reported Apple iCloud attacks aimed at compromising Chinese users. The "man in the middle" (MITM) attack mimicked other similar cyberattacks the Chinese government has used in the past, and could have been carried out by state-sponsored groups.
Chinese government officials said Beijing is "resolutely opposed" to the cyberattacks, with China Telecom - a state-owned Internet service provider - saying the iCloud attack was "untrue and unfounded."
Meanwhile, Apple denies that its iCloud servers were breached by the Chinese government - or anyone else - with the attacks expected to continue. The iPhone 6 and iPhone 6 Plus were recently launched in China, which is why the cyberattacks took place so quickly.
Chinese iCloud users are under attack, likely by Chinese government state-sponsored hackers, in an effort to compromise Apple iPhone 6 and iPhone 6 Plus users. Users are hijacked by data that is routed through a malicious third party, utilizing a self-signed certificate that makes victims believe they are accessing iCloud through the SSL-protected service.
It wouldn't be surprising to hear the Chinese government wants to compromise users - especially with security researchers noting potential gaps in iCloud security - as the "great firewall" of China undergoing change. Despite the Chinese government trying to clamp down on what Internet users have access to, there are a number of ways to bypass security.
"This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud, such as iMessages, photos, and contacts," according to the Great Fire Chinese Internet freedom group. "If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities."
Cybercriminals targeting free and open source software continue to rattle developers and consumers, with high-profile attacks hitting security flaws that should have been resolved. Specifically, the Heartbleed and Shellshock exploits have led to an increased demand from private companies and the U.S. government to step up programming assistance, but that hasn't been well received among many open source developers. However, it has provided a much-needed wakeup call that open source software should be monitored more closely to prevent such high-profile breaches.
"It's going to be a wake-up call for a lot of people to understand why we aren't auditing this software better," said Greg Martin, Threat Stream Inc founder and chief technology officer. "Everybody's been scratching their heads and saying, 'How could we miss this?'"
Hackers are increasingly organized - and well-funded - and that has made it difficult to defend against attacks, especially open source software. In theory, open source software provides a much larger pool of developers to help fix flaws, but others say proprietary software is more secure since the code is closed off from the public.
Even with FBI Director James Comey speaking out against Google and Apple providing encryption security on smartphone devices, Apple shipped its Yosemite OS with FileVault by default. The FBI - and other government agencies - are worried that encryption will prevent law enforcement from cracking down on criminals... or so they say.
"With Apple's new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default," Comey recently said. "Shortly after Apple's announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won't be able to unlock phones, laptops, and tablets to reveal photos, documents, email, and recordings stored within."
It's impressive to see Google, Apple and other tech companies trying to put customers first - as many users become more concerned about security - and not listening to the FBI's rather questionable concerns.