Site Overlay

Mind the air-gap: Singapore’s web cut-off balances security, inconvenience | Reuters

A piece I co-wrote on Singapore’s decision to effectively air-gap most of its government computers — beyond security, military and intelligence. This is not something they’ve done lightly, but it does feel as if they might not have thought it all the way through. On the other hand, there were quite a few people I spoke to who said this might be the thin end of a larger wedge. And what does this mean for the cybersecurity industry?  Mind the air-gap: Singapore’s web cut-off balances security, inconvenience | Reuters: By Jeremy Wagstaff and Aradhana Aravindan | SINGAPORE Singapore is working on how to implement aContinue readingMind the air-gap: Singapore’s web cut-off balances security, inconvenience | Reuters

BBC – Cybercrime: One of the Biggest Ever

My contribution to the BBC World Service – Business Daily, Cybercrime: One of the Biggest Ever.  Transcript below. Original Reuters story here.  If you think that all this cybersecurity stuff doesn’t concern you, you’re probably right. If you don’t have any dealings with government, don’t work for an organisation or company, and you never use the Internet. Or an ATM. Or go to the doctor. Or have health insurance. Or a pension. You get the picture. These reports of so-called data breaches — essentially when some bad guy gets into a computer network and steals information — are becoming more commonplace. And that’s your data they’reContinue readingBBC – Cybercrime: One of the Biggest Ever

Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters

My piece on what Deep Panda looks like in action: Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters: Security researchers have many names for the hacking group that is one of the suspects for the cyberattack on the U.S. government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault — and eventually repulsed it. Myers’ account of a months-long battle with the group illustrates the challenges governments and companies face in defendingContinue readingHunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters

Spy in the Sky – are planes hacker-proof?

My take on aviation cybersecurity for Reuters: Plane safe? Hacker case points to deeper cyber issues: “Plane safe? Hacker case points to deeper cyber issues BY JEREMY WAGSTAFF Security researcher Chris Roberts made headlines last month when he was hauled off a plane in New York by the FBI and accused of hacking into flight controls via his underseat entertainment unit. Other security researchers say Roberts – who was quoted by the FBI as saying he once caused ‘a sideways movement of the plane during a flight’ – has helped draw attention to a wider issue: that the aviation industry has not kept pace with theContinue readingSpy in the Sky – are planes hacker-proof?

Chinese hackers target Southeast Asia, India, researchers say

Chinese hackers target Southeast Asia, India, researchers say | Reuters My piece on FireEye’s report about hackers. Other reports have appeared since.  Hackers, most likely from China, have been spying on governments and businesses in Southeast Asia and India uninterrupted for a decade, researchers at internet security company FireEye Inc said. In a report released on Monday, FireEye said the cyber espionage operations dated back to at least 2005 and ‘focused on targets – government and commercial – who hold key political, economic and military information about the region.’ ‘Such a sustained, planned development effort coupled with the (hacking) group’s regional targets and mission, leadContinue readingChinese hackers target Southeast Asia, India, researchers say

ASEAN Phishing Expeditions

Mila Parkour, the indefatigable phish researcher from DC, points to some recent spear-phishing attacks which to me help confirm that Southeast Asia, and ASEAN in particular, has become something of a focus for the chaps in China. They also highlight just how vulnerable diplomats in the region are because of poor security. One is a phish apparently coming from the Indonesian foreign ministry, in particular one Ardian Budhi Nugroho, whom the email correctly describes as from the Directorate of ASEAN Political Security Cooperation. The subject matter is topical and credible: Dear Sirs/Mesdames, Enclosed herewith letter from Director for ASEAN Political-Security Cooperation, informing the date ofContinue readingASEAN Phishing Expeditions

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.) Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up: Although our research didn’t reveal precisely which data was being targeted, we were able to determine that,Continue readingFormer Soviet Bloc, Allies, Under Lurid Attack

Real Phone Hacking

Interesting glimpse into the real world of phone hacking–not the amateurish stuff we’ve been absored by in the UK–by Sharmine Narwani: In Lebanon, The Plot Thickens « Mideast Shuffle. First off, there’s the indictment just released by the Special Tribunal for Lebanon which, in the words of Narwani, appears to be built on a simple premise: the “co-location” of cellular phones — traceable to the accused four — that coincide heavily with Hariri’s whereabouts and crucial parts of the murder plot in the six weeks prior to his death. Indeed, the case relies heavily on Call Data Record (CDR) analysis. Which sounds kind of sophisticated. OrContinue readingReal Phone Hacking

Southeast Asia’s Viral Infection

Southeast Asia is fast developing a reputation as the most dangerous place on the Internet. It’s not a reputation the region can afford to have. By one count Thailand has risen to be the country with the most number of malware infections, by one account, and by another to be the second, all in the past few months. PandaLabs’ report on the second quarter of 2011 [PDF] lists Thailand as having the second highest rate of malware infection (after China) with nearly 57% of computers scanned by their antivirus software as being infected. The global average is about 40%. Thailand was second in the previousContinue readingSoutheast Asia’s Viral Infection

The Battery DDOS: Tip of An Iceberg

An interesting story brewing about the FBI investigating a DDOS (Distributed Denial of Service) attack on websites selling batteries. But the reporting does not go far enough: In fact, a little research reveals this is part of a much bigger assault on a range of industries. As a starting point, look at Elinor Mills of the excellent Insecurity Complex at CNET: U.S. battery firms reportedly targeted in online attack | InSecurity Complex – CNET News: “The FBI is investigating denial-of-service attacks targeting several U.S. battery retail Web sites last year that were traced to computers at Russian domains in what looks like a corporate-sabotage campaign,Continue readingThe Battery DDOS: Tip of An Iceberg

Copyright © 2020 loose wire blog. All Rights Reserved. | Catch Sketch by Catch Themes