Israel among top 3 countries most immune to cyber attacks

[toomuchtime_]

Despite the recent spate of cyber attacks on Israeli websites, Israel was named as one of the three most cyber secure countries in the world in a recent study, according to a report by the Financial Times on Monday.

According to the study, published by the Brussels-based Security and Defense Agenda think tank, Israel, Finland and Sweden had the best internet defenses around their public and private websites.

Israeli websites are attacked 1,000 times a minute on the internet, the study said, noting that national strategies for web defenses have been drawn up and implemented.

Israel among top 3 countries most immune to ... JPost - Headlines

 

[Baruch Menachem]

Darwin in action. You get attacked that badly on that regular a basis, you learn a few lessons here and there. I was just reading an article that the guys in charge of information security here in the US had their web page hacked and all the data stolen because they had such lame SQL security. and easily cracked passwords. which they used on all systems. srsly.

 

[waltky]

Givin' `em a taste of their own medicine...

Peek at rules of engagement in cyber battle
March 28th, 2012 - General Keith Alexander, who serves as both Director of the National Security Agency as well as Commander of Cyber Command had some interesting things to say before the Senate Armed Services Committee on Tuesday. One of which offered insight into how the rules of engagement might look in the high-tech, but legislatively murky, cyber battlespace:

"If you are to go after a computer in foreign space or some other thing, that might be a response option that would now take, I think, the president and the secretary to step in and start making decisions, versus us taking that on." – General Keith Alexander

Because of advances in technology and the growing sophistication of cyberattacks believed to be launched by both state and non-state actors, the administration along with the Department of Defense and the Department of Homeland Security are working out just how to better position the resources of the NSA to help protect private businesses against attack. Some of those businesses maintain and operate critical infrastructure like nuclear facilities and water treatment facilities that experts argue need a more robust cyber defense strategy.

Hammering out just how to prevent and respond to attacks as a strategy is still very much a work in progress, but adding presidential authority to the mix makes it slightly more clear how the U.S. might clear a path to respond to a cyberattack.

Source

 

[Truthseeker420]

yeah and y2k is going to end the world. Once someone can lauch a nuclear warhead by hacking a computer then I might be worried. so far it only has caused slight problems with interruption of service and information.

 

[JStone]

yeah and y2k is going to end the world. Once someone can lauch a nuclear warhead by hacking a computer then I might be worried. so far it only has caused slight problems with interruption of service and information.

Bullshit Seeker420


[ame=http://www.youtube.com/watch?v=x4Vp642ERhM&feature=related]Sound-Effects - Crowd Laughing - YouTube[/ame]

 

[waltky]

Thanks to the internet, it's now easier to steal secrets than pay for yer own R&D...

How China Steals Our Secrets
April 2, 2012 - FOR the last two months, senior government officials and private-sector experts have paraded before Congress and described in alarming terms a silent threat: cyberattacks carried out by foreign governments. Robert S. Mueller III, the director of the F.B.I., said cyberattacks would soon replace terrorism as the agency’s No. 1 concern as foreign hackers, particularly from China, penetrate American firms’ computers and steal huge amounts of valuable data and intellectual property.

It’s not hard to imagine what happens when an American company pays for research and a Chinese firm gets the results free; it destroys our competitive edge. Shawn Henry, who retired last Friday as the executive assistant director of the F.B.I. (and its lead agent on cybercrime), told Congress last week of an American company that had all of its data from a 10-year, $1 billion research program copied by hackers in one night. Gen. Keith B. Alexander, head of the military’s Cyber Command, called the continuing, rampant cybertheft “the greatest transfer of wealth in history.” Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage. The bill, which would establish noncompulsory industry cybersecurity standards, is bogged down in ideological disputes. Senator John McCain, who dismissed it as a form of unnecessary regulation, has proposed an alternative bill that fails to address the inadequate cyberdefenses of companies running the nation’s critical infrastructure. Since Congress appears unable and unwilling to address the threat, the executive branch must do something to stop it.

In the past, F.B.I. agents parked outside banks they thought were likely to be robbed and then grabbed the robbers and the loot as they left. Catching the robbers in cyberspace is not as easy, but snatching the loot is possible. General Alexander testified last week that his organization saw an inbound attack that aimed to steal sensitive files from an American arms manufacturer. The Pentagon warned the company, which had to act on its own. The government did not directly intervene to stop the attack because no federal agency believes it currently has the authority or mission to do so. If given the proper authorization, the United States government could stop files in the process of being stolen from getting to the Chinese hackers. If government agencies were authorized to create a major program to grab stolen data leaving the country, they could drastically reduce today’s wholesale theft of American corporate secrets.

Many companies do not even know when they have been hacked. According to Congressional testimony last week, 94 percent of companies served by the computer-security firm Mandiant were unaware that they had been victimized. And although the Securities and Exchange Commission has urged companies to reveal when they have been victims of cyberespionage, most do not. Some, including Sony, Citibank, Lockheed, Booz Allen, Google, EMC and the Nasdaq have admitted to being victims. The government-owned National Laboratories and federally funded research centers have also been penetrated.

Because it is fearful that government monitoring would be seen as a cover for illegal snooping and a violation of citizens’ privacy, the Obama administration has not even attempted to develop a proposal for spotting and stopping vast industrial espionage. It fears a negative reaction from privacy-rights and Internet-freedom advocates who do not want the government scanning Internet traffic. Others in the administration fear further damaging relations with China. Some officials also fear that standing up to China might trigger disruptive attacks on America’s vulnerable computer-controlled infrastructure. But by failing to act, Washington is effectively fulfilling China’s research requirements while helping to put Americans out of work. Mr. Obama must confront the cyberthreat, and he does not even need any new authority from Congress to do so.

MORE

 

[waltky]

Hackers goin' after our corporate and military secrets...

Several nations trying to penetrate U.S. cyber-networks, says ex-FBI official
Wednesday, April 18, At least half a dozen countries with offensive cyber-capabilities are probing U.S. corporate and military computer systems, looking for data and a toehold should they one day want to disrupt or destroy the networks, according to the FBI’s former top cyber-sleuth.

Shawn Henry, who retired from his post last month, declined to identify the countries, but other cyber-experts have said that China, Russia and Iran are among them. Henry said U.S. adversaries have shown that they are capable not only of stealing sensitive information, but of manipulating and destroying it. In some cases, he said, hackers have penetrated corporate networks so thoroughly that companies have had to jettison hardware and software before recovering. “Once they’re in,” Henry said of the hackers, “they’re in.”

Despite an entreaty by FBI Director Robert S. Mueller III to remain at the bureau, Henry this month joined a cybersecurity start-up called CrowdStrike, where, he said, he hopes to help clients take the fight to sophisticated foreign adversaries. “I know a lot of companies have suffered, and they are going to want to see somebody come in and assist them,” said Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch. “It won’t be the U.S. government . . . so it’s going to have to be the private sector.” Henry’s remarks come as more current and former officials are speaking out about the need for action to contain a threat that Mueller recently said is likely to eclipse terrorism as the top menace to the country.

Last week, Rear Adm. Samuel Cox, director of intelligence at U.S. Cyber Command, said that “a global cyber arms race” is underway. James E. Cartwright Jr., who retired in August as vice chairman of the Joint Chiefs of Staff, said at a separate event that even a limited cyberattack on the nation’s power grid or financial system could spark tremendous public fear. “If you can take out one area of electric power or one bank, the question that puts in people’s minds about the security of others is what you’re really worried about,” Cartwright said last week at a conference hosted by the Center for Strategic and International Studies.

Despite such concerns, experts have said the government is legally constrained in its ability to help companies protect their networks, in part because of privacy issues surrounding the sharing of information between the government and the private sector. Congress is set to take up proposals aimed at fostering information-sharing as well as security standards for some companies to better protect commercial networks. In the meantime, the costs of cyber-espionage are proving to be enormous.

MORE

 

[Lipush]

Despite the recent spate of cyber attacks on Israeli websites, Israel was named as one of the three most cyber secure countries in the world in a recent study, according to a report by the Financial Times on Monday.

According to the study, published by the Brussels-based Security and Defense Agenda think tank, Israel, Finland and Sweden had the best internet defenses around their public and private websites.

Israeli websites are attacked 1,000 times a minute on the internet, the study said, noting that national strategies for web defenses have been drawn up and implemented.

Israel among top 3 countries most immune to ... JPost - Headlines

Probably the Saudis will have a different opinion about that one

 

[Douger]

Despite the recent spate of cyber attacks on Israeli websites, Israel was named as one of the three most cyber secure countries in the world in a recent study, according to a report by the Financial Times on Monday.

According to the study, published by the Brussels-based Security and Defense Agenda think tank, Israel, Finland and Sweden had the best internet defenses around their public and private websites.

Israeli websites are attacked 1,000 times a minute on the internet, the study said, noting that national strategies for web defenses have been drawn up and implemented.

Israel among top 3 countries most immune to ... JPost - Headlines

Probably the Saudis will have a different opinion about that one

There's a shit stain on the ass end of you avatar.

 

[JStone]

Israel among top 3 countries most immune to ... JPost - Headlines

Probably the Saudis will have a different opinion about that one

There's a shit stain on the ass end of you avatar.

Cuba is a shithole When the world flushes, it goes to Cuba

 

[waltky]

The need for cyber security...

The West "will lose" the cyber war
April 20th, 2012 - On April 27, 2007, the tiny Baltic nation of Estonia - one of the most wired countries in the world - was hit with a massive cyberattack. Websites for banks, government ministries, newspapers, Parliament and media outlets were paralyzed, swamped by a distributed denial of service attack.

"We were frankly shocked when this happened," said Estonian President Toomas Hendrik Ilves. "Botnets attacked all aspects of society." He contends it was "political act" in which Russia, angered over Estonia's decision to move a Soviet-era statue dedicated to a World War II Russian soldier in Tallinn, tried to shut down the country. Russia has always denied the charge. But as bad as the attack on Estonia was, the next generation of cyberattacks could be much worse, Ilves said in a speech this month on "E-Governance and Cyber-Security" at Washington's Center for Strategic and International Studies. Distributed denial of service attacks are so "yesterday," he said. "... We can get around them." Today, he warns, a new and more dangerous world of virus attacks threatens developed Western countries. "It's beginning to look ugly, and very ugly," he said.

These new viruses target the very DNA of modern life: SCADA (supervisory control and data acquisition) computer systems that monitor and control industrial processes, infrastructure like water purification, oil and gas pipelines, electrical power transmission, even supermarkets and cars. "Our focus is too much on the military side of this," Ilves warns, "but, as someone once said, 'It's the economy, stupid.'" Cyberattacks like these can be launched by countries as a form of warfare, with hired criminal gangs playing the role of armies carrying out the attack. "It's not just students in dormitories in Beijing," Ilves said. "You can rent them and target someone." The Estonian president says it's the intellectual property of Western countries that is being targeted, "the stuff that makes advanced Western societies function."

But the "bad guys" have an advantage over governments. In some countries there is no distinction between public and private. In others, the government utilizes what Ilves refers to as "public/private partnerships:" enlisting criminal cyber gangs in the service of the state. In most Western countries there is a bright line separating public and private. "That Western model doesn't work anymore," Ilves stated, "and if it continues we're going to lose." He believes it crucial for Western countries to "rethink" how they defend against that threat while, at the same time, maintaining that firewall. But most countries can't afford to hire all the people needed to do that. "All the geniuses in Silicon Valley" he said, "earn millions." So, in addition to its own military and government information technology defenses, Estonia has created a "cyber National Guard" - approximately 100 volunteer "white-hatted hackers" he said - from start-ups and established IT businesses in the country who spend a certain amount of time, for free, protecting the country from cyberattacks. "Making a lot of money becomes boring after a while," he laughed.

Cyberattacks are no laughing matter for NATO, which Estonia joined in 2004. NATO has a cyberdefense research center in Tallinn. Ilves said NATO needs to get moving on the threat. "It's flagging," he said. "Too many in NATO are in the 'so-what?' phase." Cuts in defense spending are hurting, too, he says, and so is the "intelligence" model of dealing with threats. "Cyberattacks will come from outside your borders and you need to cooperate with your allies," he said. Too often, however, NATO's members, as well as member nations of the European Union, he said, "don't talk with each other." There's no time to lose, Ilves warned. "Cyberattacks will change dramatically our thinking about war and warfare."

The West "will lose" the cyber war – CNN Security Clearance - CNN.com Blogs

See also:

Cadets and Midshipmen square off on the virtual battlefield
April 20th, 2012 - The intense rivalry among the nation's military service academies extends well beyond the playing fields. It's deep down in the internet.

This week, the U.S. Military Academy at West Point, the Naval Academy in Maryland, the Air Force Academy in Colorado and the Coast Guard Academy in Connecticut squared off in the annual competition to determine who wins the coveted trophy as chief geeks. The arena was the super secret National Security Agency's Cyber Defense Exercise. For four days, around the clock, the cadets and midshipmen tried to match wits with the nation's top cyber experts.

The NSA 'red teams' bombarded the students with malware of all types as each academy tried to defend its own network and score the most points. The overall goal: to give them a nearly real life experience of using the tools they have learned as computer science and information technology majors to identify and defend against cyber attacks. As the nation's future military leaders, the ability to master information technology and protect critical information systems is key to fighting and preventing modern day wars.

It was quite a challenge for both the students and the NSA cyber masters. Security Clearance paid a visit to the Naval Academy in Annapolis to see first hand how the midshipmen were coping and then stopped by to witness the NSA sleuths as they launched their attacks during the virtual competition.

Final Results: Sorry Navy... Air Force won the trophy followed by West Point, Navy and sitting in last place, the Coast Guard

Source

 

[waltky]

Sometimes Uncle Ferd has to remind Granny to always keep her web-cam covered when she takes a bath...

Feds need more computer defense experts, Napolitano says
April 21st, 2012 - The federal government says a potential cyberattack is the most serious economic and national security threat the United States faces, but it faces a shortage of skilled experts who could head off that threat, Homeland Security Secretary Janet Napolitano warns.

There's a huge job market for cyberwarriors who can protect the nation's computer networks from an attack, but many of those jobs are going unfilled, Napolitano said. "There is a lack of expertise and there are a lot of people clamoring for people who know the internet well," said Napolitano, who called electronic security her No. 1 concern. "Millions of people use the internet every day, and we want that - that's a good thing. But there is this dark side, and that's what we need to be protecting against." Homeland Security says it responded to more than 106,000 cyberattacks in 2011. Napolitano says without more experts in repelling those incursions, the U.S. economy could be the biggest casualty.

A successful attack could mean another country stealing American intellectual property, like technology, research or trade secrets. Experts say over time, all the advantages the United States has because of its innovation would dwindle, leaving the country unable to compete with other economies that have stolen American intellectual property. Industry insiders estimate the economic loss could be in the billions of dollars. Homeland Security says thousands of such experts already work in the federal government, but there's a desperate need for more. "We need analysts. We need people who are engineers. We need people who are experienced in intelligence as it relates to the cyber-universe," Napolitano said.

George Washington University is on a short list of institutions answering the need. The university will launch a masters' program in cybersecurity in the fall, and George Washington University Professor Lance Hoffman says the school often gets calls from companies and government agencies who want to hire students with computer expertise and training. Hoffman told CNN that students graduating from George Washington with a cybersecurity degree have the know-how to build secure systems that are not easily penetrated. Rather than reacting to cyberattacks, he said, graduates will know how to predict vulnerabilities and build a system to prevent attacks. Logic and a solid math, technology and science background are pluses.

Kevin Mandia's security firm responds to corporate breaches, determining how the system was compromised and how to fix it. But with only 220 people on staff, Mandiant's response is mostly reactive. The security firm says it can't match the current demand from corporations who have been hacked. "There's definitely a shortage of cybersecurity experts, and there's a lot of reasons for that," Mandia said. "It takes a long time to learn how to be a cybersecurity expert."

Mandia said the six- to eight-year grooming process in a challenging field may be keeping people away. But industry insiders say stopping attacks before they happen is impossible without more qualified people in place, and both private and federal experts say the consequences of not filling these positions could be great. To bridge the gap, Napolitano has been traveling to universities to promote the opportunities available within her agency. Homeland Security is also helping universities shape their courses to match the needs of the department.

Source

 

[waltky]

Iran an China puttin' together hacker groups to go after us...

Iran recruiting a hacker army to target the U.S. power grid, other vital infrastructure
Wednesday, April 25, 2012 - Security specialists will warn Congress on Thursday

Iran is recruiting a hacker army to target the U.S. power grid, water systems and other vital infrastructure for a cyberattack in a future confrontation with the United States, security specialists will warn Congress on Thursday. “Elements of the [Iranian Revolutionary Guard Corps] have openly sought to pull hackers into the fold” of a religiously motivated cyberarmy, according to Frank J. Cilluffo, director of the Homeland Security Policy Institute at George Washington University. Lawmakers from two House Homeland Security subcommittees will hold a joint hearing Thursday about the cyberthreat posed by Iran — as tensions over Tehran’s nuclear program continue at a high level and as a possible Israeli strike against it looms. The Washington Times obtained advance copies of witnesses’ prepared testimony.

In his remarks, Mr. Cilluffo says that, in addition to the recruiting by the Revolutionary Guards, another extremist militia, the Basij, “are paid to do cyberwork on behalf of the regime, [and] provide much of the manpower for Iran’s cyber-operations.” Both militias are thought to be under the control of Iran’s clerical leadership, headed by supreme leader Ayatollah Ali Khamenei. Two Revolutionary Guard leaders have been indicted by U.S. prosecutors in connection with a suspected plot to assassinate Saudi Arabia’s ambassador to the United States by bombing a prominent Washington restaurant. “Over the past three years, the Iranian regime has invested heavily in both defensive and offensive capabilities in cyberspace,” states testimony from Ilan Berman, vice president of the hawkish American Foreign Policy Council, in his remarks for Thursday’s hearing.

Estimates of the skill level of Iran’s hacker army vary, but Mr. Cilluffo points out that a veritable “arms bazaar of cyberweapons” is accessible through the Internet hacker underworld. “Adversaries do not need capabilities, just intent and cash,” he states. Mr. Cilluffo was recruited by President Bush on Sept. 12, 2001, the day after the terrorist attacks on the World Trade Center and the Pentagon. He helped set up the Office of Homeland Security in the White House and left for George Washington University in 2003.

MORE

See also:

Chinese Hackers Stole Plans for America's New Joint Strike Fighter Plane, Says Investigations Subcommittee Chair
April 25, 2012 – Intruders from China hacked into computers and stole the blueprints for America’s new joint strike fighter planes, the F-35 and F-22, according to the chairman of the House Homeland Security Subcommittee on Oversight, Investigations and Management.

Rep. Michael McCaul (R-Texas) made the statement during a Tuesday hearing on cyber security. “I've been dealing with this issue for a long time,” McCaul said. “But I think it's important that the American people, who most of them don't understand this issue, have a better idea of what--what is at risk. You know when I look at the theft of intellectual property to the tune of $1 trillion, that's a serious economic issue for the United States. "When I look at countries like China, who have stolen our Joint Strike Fighters, F-35 and F-22's, stolen those blueprints so they can manufacture those planes and then guard against those planes,” he said.

China has created citizen hacker groups engaged in cyber espionage, established cyber war military units and laced the U.S. infrastructure with logic bombs, he said. It is not the only government to do so, he added. “(M)ake no mistake, America' is under attack by digital bombs,” McCaul said. “There are several things the American public should understand about these attacks. They are real, stealth and persistent and can devastate our nation. “They occur at the speed of light. They are global and could come from anywhere on the earth. They penetrate traditional defenses,” he continued. “So who is conducting these attacks and why? An October of 2011 report to Congress on foreign economic collection and industrial espionage states it is part of China and Russia's national policy to identify and steal sensitive technology, which they need for their development,” McCaul said.

McCaul said Russia has been almost as active as China in trying to steal U.S. defense secrets. “When you look at China and Russia who have hacked into every federal agency in the federal government including the Pentagon,” McCaul said. “You know we talk about the analogy agents of a foreign power call it paper files walking out with classified or non-classified information, it would be all over the papers. But yet in the virtual world, that's happening. And no one seems to know or really pay attention to it. And then the final piece, you know there's the espionage, the stealing of military secrets, satellite technology, rocket technology out of NASA, it's prevalent. It's everywhere.” The Texas Republican, a former federal prosecutor, re-iterated his comments Wednesday on C-SPAN’s “Washington Journal” program.

MORE

 

[waltky]

Iran gettin' a taste of its own medicine...

Iran's Oil Ministry under cyberattack
April 26,`12 (UPI) -- Iran's Oil Ministry, already battling stringent economic sanctions aimed at throttling the country's oil exports, is now having to fight on another front: cyber attacks.

In what may be an effort by the United States and Israel to disrupt oil exports, the backbone of Iran's increasingly battered economy, the computer systems of the ministry and the Iran National Oil Co. were attacked Sunday by a virus the ISNA news agency identified without elaboration as "Viper." Key installations were knocked out for a time. Iranian media reported the ministry was forced to disconnect key oil facilities, including control systems at the terminal on Kharg Island in the northern Persian Gulf that handles 90 percent of Iran's oil exports. Terminals on the islands of Gheshm and Kish in the southern gulf were also hit by the virus. However, oil industry sources reported that oil was being loaded Monday at Kharg.

The semi-official Mehr news agency reported that oil production -- pegged by Tehran at around 2 million barrels per day -- wasn't affected by the virus that crippled the internal computer systems at the ministry and the state oil company. The ministry has called in a "cyber crisis committee" that includes 50 of Iran's leading computer experts who were mobilized in 2010 when the country's nuclear program was crippled by the Stuxnet virus. That was the first major cyberattack on the Islamic Republic to be reported but some Western specialists say the virus was first unleashed against Iran's nuclear infrastructure in 2009. Those attacks are widely believed to have been the work of Israel's intelligence services, perhaps aided by the Americans, who have been waging a covert campaign to sabotage Iran's nuclear program and assassinate key scientists.

No authoritative account of who invented and deployed Stuxnet or how it was inserted into the Iranian nuclear program to disable the centrifuge cascades at Natanz in central Iran has surfaced. The centrifuges are vital components of the uranium-enriching process that's at the heart of the nuclear weaponization program. Western cyber engineers say the Iranians have been able to neutralize Stuxnet and have purged the malware from the nuclear industry. Sunday's attack was apparently the most intense of a series of cyberstrikes that began early in April.

Who was responsible isn't known but the United States and Israel are widely seen as the likely instigators. "We're making progress in neutralizing this cyberattack," said Hamdollah Mohammadnejad, deputy oil minister in charge of civil defense. Iran's media has reported that Sunday's attack, the heaviest in the latest series, corrupted all the data stored in the Oil Ministry's computer system. But it said the core data on the oil industry was safe because it was stored on backup systems. It remains to be seen whether there will be more cyberattacks on the oil industry but the Americans clearly want to step up the pressure on Iran.

Read more: Iran's Oil Ministry under cyberattack - UPI.com

 

[ima]

Maybe there's just nothing worth stealing?

 

[JStone]

Maybe there's just nothing worth stealing?

Israel makes lots of Apples. Arabs and muslimes, not so much

"The Misery of Arabs/Apple R&D In Israel"

Apple will open a research and development center in Israel that will focus on semiconductors

The R&D center in Herzliya, Israel’s version of Silicon Valley, would be Apple’s first outside California

Earlier this week, Israeli media reported Apple was in advanced talks to buy Anobit, an Israeli maker of flash storage technology, for $400-$500 million

It is so sad and frustrating to see APPLE investing in Israel, while we as Arabs are not able to attract these investments to our countries! I don’t know what our leaders are doing to create proper environment for such investments!

I would prefer seeing APPLE as well as MICROSOFT having their R&D in Lebanon or any other Arab Country instead of being in ISRAEL!

WISH THE ARAB LEADERS WILL WAKE UP AND CARE FOR DEVELOPING THEIR COUNTRIES AND SOCIETIES INSTEAD OF APPLYING DICTATORSHIP AND KILL THEIR PEOPLE!
The Misery of Arabs ! Apple R&D in ISRAEL! | What do You Think ?

[ame=http://www.youtube.com/watch?v=yA4wnqRAuhI]Apple to set up Israel development center - YouTube[/ame]

[ame=http://www.youtube.com/watch?v=qH1mYikmYzo]Apple to Acquire Anobit? - YouTube[/ame]

Apple today confirmed earlier reports it has acquired Israel-based flash memory startup Anobit....which makes flash memory technology found in the iPhone, iPad, and MacBook Air.. The deal was reported to be worth $400 million to $500 million.
Apple confirms Anobit acquisition | Apple - CNET News

 

[waltky]

Complexity on the level of Stuxnet...

Flame: Massive cyber-attack discovered, researchers say
28 May 2012 : The malware is said to have infected over 600 specific targets

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said. Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010. The company said it believed the attack was state-sponsored, but could not be sure of its exact origins. They described Flame as "one of the most complex threats ever discovered".

Research into the attack was carried out in conjunction with the UN's International Telecommunication Union. They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia. In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran. Others like Duqu have sought to infiltrate networks in order to steal data.

This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk. "Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said. More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.

Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country. The malware code itself is 20MB in size - making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.

Iran and Israel

 

[Jos]

A long read... How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History | Threat Level | Wired.com

Iran 'finds fix' for sophisticated Flame malware
BBC News - Iran 'finds fix' for sophisticated Flame malware

 

[waltky]

possum sittin' at the computer with a evil lil' grin on his face...

Official hints Israel capable of 'Flame'-type attack
May 29th, 2012 - Israel's Vice Prime Minister suggested Tuesday that his country has the capabilities to develop malware capable of attacking sophisticated computer systems, but would not confirm whether Israel has any role in the newly revealed “Flame” malware that has been infecting computers in the region, with Iran seeming to be a main target.

Speaking to Israeli Army radio, Minister of Strategic Affairs Moshe Yaalon said “Israel is blessed to be a nation possessing superior technology. In that respect our achievements open up all sorts of opportunities for us." “Whoever sees the Iranian threat as a serious threat, not just for Israel, but the entire western world led by the United States would be likely to make use all possible means, including these in order to hurt them," said Yaalon, a former Chief of Staff of the Israeli Defense Forces, when asked about Israel’s involvement in cyber warfare activity.

Professor Yitzhak Ben Yisrael, the head of Israel's National Council for Research and Development and a former Israeli military general involved in weapons development, told CNN he does not believe Israel was involved in creating the “Flame” malware. “The report has much to suggest that Israel is not related to the Flame infection,” Ben Yisrael commented. “The programming language and the algorithms are different from those of previous attacks on Iranian computers. Anyone interested in Middle East intelligence could be involved in this."

Ben Yisrael noted that Israel itself is victim to an incredible number of computer viruses, saying the numbers rank it second to Iran in terms of infections, but that does not mean the country is behind the virus. Flame "collects intelligence, not just files but also sound from microphones, Skype calls and keyboard typing. It saves the data and sends it to dozens of servers around the world. This type of cyber war has a problem of attribution, it impossible to track the source of the infection," he noted.

(Watch the video above for a good explanation of the Flame threat)

See also:

Internet Regulation Returns to the International Agenda
May 29, 2012 – A long running debate over regulating the Internet is set to intensify in the coming months, culminating in a December meeting of a United Nations agency that some governments think should control what has been the most open and effective communications tool in history.

Past attempts by countries like Russia, India and China to expand international authority – through the U.N. – over the Internet have been unsuccessful, but are expected to make a reappearance at the World Conference of International Telecommunications (WCIT) in Dubai. The conference is being organized by the International Telecommunication Union (ITU), a Geneva-based U.N. specialized agency that has been carrying out a review of international telecommunications regulations. Some of its 193 member states want to expand its authority to include an Internet regulatory role, and neither the U.S. nor any other country would have the power to veto a majority decision.

The House Energy and Commerce subcommittee on communications and technology has scheduled a hearing later this week, entitled “International Proposals to Regulate the Internet.” It will hear testimony from Federal Communications Commission commissioner Robert McDowell, former State Department coordinator on international communications and information policy David Gross, and Sally Shipman Wentworth, senior manager for public policy at the Internet Society. Opponents of U.N. regulation say the existing state of affairs – known as the “multistakeholder model” – has been highly successful.

A key element of this model is the Internet Corporation for Assigned Names and Numbers (ICANN), a California-based not-for-profit corporation contracted to the Department of Commerce, which assigns Internet protocol addresses (such as.com and .org) and oversees Web domains. “All of us should be concerned with a well-organized international effort to secure intergovernmental control of Internet governance,” McDowell warned during an FCC oversight hearing earlier this month.

Testifying before the Senate Committee on Commerce, Science and Transportation, he named China, Russia, India, Iran and Saudi Arabia as some of the countries behind the drive to reverse a consensus in place since the early 1990s – that governments should be kept out of “regulating core functions of the Internet’s ecosystem.”

MORE

 

[Ariux]

The country that invests the most into cyber maliciousness should know a thing about protecting itself from the same.