recentpopularlog in

jerryking : cyber_security   188

« earlier  
Spy tactics can spot consumer trends
MARCH 22, 2016 | Financial Times | John Reed.
Israel’s military spies are skilled at sifting through large amounts of information — emails, phone calls, location data — to find the proverbial needle in a haystack: a suspicious event or anomalous pattern that could be the warning of a security threat.....So it is no surprise that many companies ask Israeli start-ups for help in data analysis. The start-ups, often founded by former military intelligence officers, are using the methods of crunching data deployed in spycraft to help commercial clients. These might range from businesses tracking customer behaviour to financial institutions trying to root out online fraud......Mamram is the Israel Defense Forces’ elite computing unit.
analytics  consumer_behavior  cyber_security  data  e-mail  haystacks  hedge_funds  IDF  insights  intelligence_analysts  Israel  Israeli  Mamram  maritime  massive_data_sets  security_&_intelligence  shipping  spycraft  start_ups  tracking  traffic_analysis  trends 
7 weeks ago by jerryking
Nortel hacking went on for years
FEBRUARY 14, 2012 | FT Alphaville | By Joseph Cotterill.
Chinese hackers had undetected access to sensitive Nortel data for almost a decade from 2000, the WSJ reports. The extent to which Nortel, the once-mighty telecoms giant, was compromised shows the lack of corporate defences against hacking. Nortel didn’t disclose its hacking problem to buyers of its assets. Spy software was so deeply embedded in Nortel computers that investigators failed to spot its existence for years. The SEC last year began pushing companies to classify serious cyber attacks on their infrastructure as “material risks” that may require financial disclosure.
China  Chinese  cyberattacks  cyber_security  cyberintrusions  disclosure  hackers  Nortel  regulators  risks  SEC 
11 weeks ago by jerryking
Japan gears up for mega hack of its own citizens
February 5, 2019 | Financial Times | by Leo Lewis.

Yoshitaka Sakurada, Japan’s 68-year-old minister for cyber security, stands ready to press the button next week on an unprecedented hack of 200m internet enabled devices across Japan — a genuinely imaginative, epically-scaled and highly controversial government cyber attack on homes and businesses designed as an empirical test of the nation’s vulnerability. A new law, fraught with public contention over constitutionally-guaranteed privacy, was passed last May and has just come into effect to give the government the right to perform the hack and make this experiment possible. The scope for government over-reach, say critics, cannot be overstated. Webcams, routers and other devices will be targeted in the attacks, which will primarily establish what proportion have no password protection at all, or one that can be easily guessed. At best, say cyber security experts at FireEye, the experiment could rip through corporate Japan’s complacency and elevate security planning from the IT department to the C-suite.

The experiment, which will run for five years and is being administered through the Ministry of Internal Affairs and Communications, is intended to focus on devices that fall into the broadly-defined category of “internet of things” (IoT) — anything from a yoga mat that informs a smartphone of your contortions, to remotely controlled factory robots. And while cyber experts say IoT security may not be the very top priority in the fight against cyber crime and cyber warfare, they see good reasons why Japan has chosen to make its stand here.....warnings that the rise of IoT will create a vast new front of vulnerability unless the security of, for example, a web-enabled yoga mat is taken as seriously by both manufacturers and users as the security of a banking website. The big cyber security consultancies, along with various governments, have historically relied on a range of gauges to calculate the scale of the problem. The Japanese government’s own National Institute of Information and Communications Technology (NICT) uses scans of the dark web to estimate that, of the cyber attacks it detected in 2017, 54 per cent targeted IoT devices.
C-suite  cyberattacks  cyber_security  cyber_warfare  dark_web  experimentation  hacks  Industrial_Internet  Japan  overreach  preparation  privacy  readiness  testing  vulnerabilities  white_hat 
february 2019 by jerryking
Canada-China relations have entered new territory. So, where do we go from here?
JANUARY 18, 2019 | The Globe and Mail | BARRIE MCKENNA ECONOMICS REPORTER
OTTAWA.

“Kill the chicken to scare the monkey.”

Canada is the luckless chicken in this unfortunate scenario. In effect, China is making an example of us – a weaker middle power – to threaten others who stand in its way, including the United States.

So far, it has meant the arbitrary detention of innocent Canadians in China, a death sentence for a convicted Canadian drug smuggler, an official warning about travel to Canada and a barrage of verbal threats from top Chinese officials......This all could not have come at a worse time. Canada’s ties to the United States are already frayed from the bruising renegotiation of North American free-trade agreement, and we desperately need new markets, including China, to drive our export-led economy.......Canada is also facing pressure from the United States and other allies to ban Huawei from supplying technology for next-generation 5G mobile networks because of cyberespionage concerns....“Canada is in a really tough situation,” acknowledged economist Gordon Betcherman, a professor in the University of Ottawa’s School of International Development and Global Studies. And lashing out at the Chinese is counterproductive...... here a few understated, Canadian-style tactics Ottawa should consider.
* (1) rag the puck as long as possible on any final decision on banning Huawei products, even if that puts Canadian telecom companies in a bind.
* (2) Ottawa should do what it can to expedite the extradition of Ms. Meng, including demanding the United States produce compelling evidence of wrongdoing, or release her when the process runs its course.
* (3) work with our allies on numerous fronts. Canada needs to get other countries to publicly shame China for abusing the rule of law.
* (4) continue to talk to the Chinese in an effort to rebuild confidence. Canadian business and tourist travellers are already cancelling trips to China.

Counterintuitive perhaps, but Canada should encourage Washington to take a hard line with China in trade talks. Reports Friday that China has offered to buy up to US$1-trillion in more U.S. goods to eliminate the trade deficit is an empty promise that won’t change its behaviour. On the other hand, getting China to fundamentally reform how it interacts economically with the world would benefit everyone.

“The biggest non-tariff barrier in China is how China runs, as a country,” Mr. MacIntosh explained. “It’s an outlier in the world.”
5G  Barrie_McKenna  beyondtheU.S.  bullying  Canada  Canada-China_relations  China  cyber_security  cyberespionage  Huawei  international_trade  Meng_Wanzhou  NAFTA  non-tariff_barriers  middle-powers  arbitrariness  understated 
january 2019 by jerryking
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg
October 4, 2018, 5:00 AM EDTILLUSTRATOR: SCOTT GELBER FOR BLOOMBERG BUSINESSWEEK
By and October 4, 2018, 5:00 AM EDT

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA......investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.......Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest. “You end up with a classic Satan’s bargain,” one former U.S. official says. “You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”
China  cyber_security  cyber_warfare  hacks  semiconductors  security_&_intelligence  supply_chains  infiltration 
january 2019 by jerryking
CSIS director warns of state-sponsored espionage threat to 5G networks - The Globe and Mail
ROBERT FIFE OTTAWA BUREAU CHIEF
STEVEN CHASE
COLIN FREEZE
OTTAWA AND TORONTO
PUBLISHED DECEMBER 4, 2018

Canada’s top spy used his first public speech to warn of increasing state-sponsored espionage through technology such as next-generation 5G mobile networks.

Canadian Security Intelligence Service director David Vigneault’s comments come as three of the country’s Five Eyes intelligence-sharing allies have barred wireless carriers from installing equipment made by China’s Huawei Technologies Co. Ltd. in the 5G infrastructure they are building to provide an even-more-connected network for smartphone users.

The United States, Australia and New Zealand have taken steps to block the use of Huawei equipment in 5G networks. Neither Canada nor Britain has done so.

On Monday, the head of Britain’s Secret Intelligence Service, known as MI6, publicly raised security concerns about Huawei telecommunications being involved in his country’s communications infrastructure.......hostile states are targeting large companies and universities to obtain new technologies.....“Many of these advanced technologies are dual-use in nature in that they could advance a country’s economic, security and military interests,”......there are five potential growth areas in Canada that are being specifically threatened, including 5G mobile technology where Huawei has been making inroads...“CSIS has seen a trend of state-sponsored espionage in fields that are crucial to Canada’s ability to build and sustain a prosperous, knowledge-based economy,”...“I’m talking about areas such as AI [artificial intelligence], quantum technology, 5G, biopharma and clean tech. In other words, the foundation of Canada’s future growth.”.....Canadian universities are largely unaware how they are vulnerable to economic espionage and the threat of infiltration by unnamed state actors who would use their expertise to gain an edge in military technologies. Huawei has developed research and development partnerships with many of Canada’s leading academic institutions.....MI6′s Alex Younger said Britain has to make a decision about Huawei after the United States, Australia and New Zealand acted against Huawei..... 5G technology – which offers faster download speeds – poses a greater national security threat than conventional mobile technology......A ban would come as a blow to Canada’s biggest telecom companies, including BCE Inc. and Telus, which have given Huawei an important role in their planned 5G networks.....Scott Jones, the new head of the Canadian Centre for Cyber Security, which is part of the Communications Security Establishment, rejected the idea of blocking Huawei, telling MPs that the country’s safeguards are adequate to mitigate against any risk.
5G  artificial_intelligence  China  CSIS  CSE  cyber_security  dual-use  espionage  Five_Eyes  Huawei  MI6  mobile  quantum_computing  spymasters  wireless  Colleges_&_Universities  infiltration 
december 2018 by jerryking
After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology - The New York Times
By David E. Sanger and Steven Lee Myers
Nov. 29, 2018

Three years ago, President Barack Obama struck a deal with China that few thought was possible: President Xi Jinping agreed to end his nation’s yearslong practice of breaking into the computer systems of American companies, military contractors and government agencies to obtain designs, technology and corporate secrets, usually on behalf of China’s state-owned firms.

The pact was celebrated by the Obama administration as one of the first arms-control agreements for cyberspace — and for 18 months or so, the number of Chinese attacks plummeted. But the victory was fleeting.

Soon after President Trump took office, China’s cyberespionage picked up again and, according to intelligence officials and analysts, accelerated in the last year as trade conflicts and other tensions began to poison relations between the world’s two largest economies.

The nature of China’s espionage has also changed. The hackers of the People’s Liberation Army — whose famed Unit 61398 tore through American companies until its operations from a base in Shanghai were exposed in 2013 — were forced to stand down, some of them indicted by the United States. But now, the officials and analysts say, they have begun to be replaced by stealthier operatives in the country’s intelligence agencies. The new operatives have intensified their focus on America’s commercial and industrial prowess, and on technologies that the Chinese believe can give them a military advantage.
China  cyberattacks  cyber_security  espionage  intellectual_property  international_trade  U.S.  David_Sanger  industrial_espionage  security_&_intelligence  intelligence_analysts 
november 2018 by jerryking
Computer vision: how Israel’s secret soldiers drive its tech success
November 20, 2018 | Financial Times | Mehul Srivastava in Tel Aviv.
.... those experiences that have helped such a tiny country become a leader in one of the most promising frontiers in the technology world: computer vision. Despite the unwieldy name it is an area that has come of age in the past few years, covering applications across dozens of industries that have one thing in common: the need for computers to figure out what their cameras are seeing, and for those computers to tell them what to do next.........Computer vision has become the connecting thread between some of Israel’s most valuable and promising tech companies. And unlike Israel’s traditional strengths— cyber security and mapping — computer vision slides into a broad range of different civilian industries, spawning companies in agriculture, medicine, sports, self-driving cars, the diamond industry and even shopping. 

In Israel, this lucrative field has benefited from a large pool of engineers and entrepreneurs trained for that very task in an elite, little-known group in the military — Unit 9900 — where they fine-tuned computer algorithms to digest millions of surveillance photos and sift out actionable intelligence. .........The full name for Unit 9900 — the Terrain Analysis, Accurate Mapping, Visual Collection and Interpretation Agency — hints at how it has created a critical mass of engineers indispensable for the future of this industry. The secretive unit has only recently allowed limited discussion of its work. But with an estimated 25,000 graduates, it has created a deep pool of talent that the tech sector has snapped up. 

Soldiers in Unit 9900 are assigned to strip out nuggets of intelligence from the images provided by Israel’s drones and satellites — from surveilling the crowded, chaotic streets of the Gaza Strip to the unending swaths of desert in Syria and the Sinai. 

With so much data to pour over, Unit 9900 came up with solutions, including recruiting Israelis on the autistic spectrum for their analytical and visual skills. In recent years, says Shir Agassi, who served in Unit 9900 for more than seven years, it learned to automate much of the process, teaching algorithms to spot nuances, slight variations in landscapes and how their targets moved and behaved.....“We had to take all these photos, all this film, all this geospatial evidence and break it down: how do you know what you’re seeing, what’s behind it, how will it impact your intelligence decisions?” .....“You’re asking yourself — if you were the enemy, where would you hide? Where are the tall buildings, where’s the element of surprise? Can you drive there, what will be the impact of weather on all this analysis?”

Computer vision was essential to this task....Teaching computers to look for variations allowed the unit to quickly scan thousands of kilometres of background to find actionable intelligence. “You have to find ways not just to make yourself more efficient, but also to find things that the regular eye can’t,” she says. “You need computer vision to answer these questions.”.....The development of massive databases — from close-ups of farm insects to medical scans to traffic data — has given Israeli companies a valuable headstart over rivals. And in an industry where every new image teaches the algorithm something useful, that has made catching up difficult.......“Computer vision is absolutely the thread that ties us to other Israeli companies,” he says. “I need people with the same unique DNA — smart PhDs in mathematics, neural network analysis — to tell a player in the NBA how to improve his jump shot.”
Israel  cyber_security  hackers  cyber_warfare  dual-use  Israeli  security_&_intelligence  IDF  computer_vision  machine_learning  Unit_9900  start_ups  gene_pool  imagery  algorithms  actionable_information  geospatial  mapping  internal_systems  PhDs  drones  satellites  surveillance  autism 
november 2018 by jerryking
Learning to Attack the Cyberattackers Can’t Happen Fast Enough - The New York Times
By Alina Tugend
Nov. 14, 2018

CyLab Security and Privacy Institute at Carnegie Mellon University. The center was created by Professor Savvides, who is a widely recognized expert in biometrics — the science of measuring and identifying people using facial and iris recognition systems. On any given day, the high-tech space is crowded with computers, robots, and other machines and populated with doctoral students working with him.

CyLab, which includes the center, was founded in 2003 to expand the boundaries of technology and protect people when that technology — or the people using it — poses a threat.

Based in the university’s 25,000-square-foot Collaborative Innovation Center, CyLab works in partnership with roughly 20 corporations — like Boeing, Microsoft and Facebook — and government agencies to do research and education in internet privacy and security.
biometrics  cyberattacks  cyber_security  Carnegie_Mellon  Colleges_&_Universities  offensive_tactics 
november 2018 by jerryking
How a Former Canadian Spy Helps Wall Street Mavens Think Smarter
Nov. 11, 2018 | The New York Times | By Landon Thomas Jr.

* “Atomic Habits: An Easy and Proven Way to Build Good Habits and Break Bad Ones,” by James Clear. “
* “The Laws of Human Nature,” an examination of human behavior that draws on examples of historical figures by Robert Greene.
* “Thinking in Bets: Making Smarter Bets When you Don’t Have All the Cards” by Annie Duke,
* “On Grand Strategy,” an assessment of the decisions of notable historical leaders by the Pulitzer Prize-winning biographer John Lewis Gaddis

Shane Parrish has become an unlikely guru for Wall Street. His self-improvement strategies appeal to his overachieving audience in elite finance, Silicon Valley and professional sports.....Shane Parrish is a former cybersecurity expert at Canada’s top intelligence agency and an occasional blogger when he noticed something curious about his modest readership six years ago: 80 percent of his followers worked on Wall Street......The blog was meant to be a method of self-improvement, however, his lonely riffs — on how learning deeply, thinking widely and reading books strategically could improve decision-making skills — had found an eager audience among hedge fund titans and mutual fund executives, many of whom were still licking their wounds after the financial crisis.

His website, Farnam Street, urges visitors to “Upgrade Yourself.” In saying as much, Mr. Parrish is promoting strategies of rigorous self-betterment as opposed to classic self-help fare — which appeals to his overachieving audience in elite finance, Silicon Valley and professional sports. ....Today, Mr. Parrish’s community of striving financiers is clamoring for more of him. That means calling on him to present his thoughts and book ideas to employees and clients; attending his regular reading and think weeks in Hawaii, Paris and the Bahamas; and in some cases hiring him to be their personal decision-making coach......“We are trying to get people to ask themselves better questions and reflect. If you can do that, you will be better able to handle the speed and variety of changing environments.”....Parrish advises investors, to disconnect from the noise and to read deeply......Few Wall Street obsessions surpass the pursuit of an investment edge. In an earlier era, before computers and the internet, this advantage was largely brain power. Today, information is just another commodity. And the edge belongs to algorithms, data sets and funds that track indexes and countless other investment themes.......“It is all about habits,” “Setting goals is easy — but without good habits you are not getting there.”......“Every world-class investor is questioning right now how they can improve,” he said. “So, in a machine-driven age where everything is driven by speed, perhaps the edge is judgment, time and perspective.”
books  Charlie_Munger  coaching  commoditization_of_information  CSE  cyber_security  decision_making  deep_learning  disconnecting  financiers  gurus  habits  investors  life_long_learning  overachievers  personal_coaching  questions  reading  reflections  self-betterment  self-improvement  slight_edge  smart_people  Wall_Street  Warren_Buffett 
november 2018 by jerryking
Globe editorial: Does Ottawa have a plan to keep our elections safe from meddling? - The Globe and Mail
There is scant evidence that narrow-cast propaganda delivered via Facebook has a decisive effect at the ballot box. But that’s not the same as saying it can’t condition electoral, political and social environments. And that’s a real problem.

There is no easy way for users to sort through and identify millions of micro-targeted ads, messages and “news” items on Facebook. To rely on Silicon Valley’s public-spiritedness is to be in a very bad place. Plus, technology makes it simple for would-be propagandists to set up shop under a new, anonymous guise. Pick your metaphor for trying to stop them: Sisyphus’s stone or Whack-a-Mole.

And social networks create hothouse conditions for the spread of pernicious disinformation. The now-shuttered political consultancy Cambridge Analytica needed only 270,000 Facebook users to gain access to 50-million profiles......Here at home, the intelligence community has issued repeated warnings over the past year that malign foreign actors could attempt to influence our elections. Elections Canada has announced it is shoring up cybersecurity and preparing a public awareness campaign.

But given the latest Facebook revelations, Ottawa needs a more comprehensive plan to safeguard the 2019 federal vote. Now would be a good time to tell Canadians about it.
cyber_security  disinformation  elections  Elections_Canada  Facebook  narrow-framing  political_influence  propaganda  rogue_actors 
august 2018 by jerryking
Facebook’s Security Chief to Depart for Stanford University
Aug. 1, 2018 | The New York Times| By Sheera Frenkel and Kate Conger.

Alex Stamos, Facebook's Security Chief, will exit this month to join Stanford University in September as an adjunct professor and become part of a faculty working group called Information Warfare where he will examine the role of security and technology in society.....In an internal Facebook post from January Stamos wrote that the company’s security team was being reorganized and would no longer operate as a stand-alone entity. Instead, he wrote, Facebook’s security workers would be more closely aligned with the product and engineering teams and focus either on protecting the company’s corporate infrastructure or its users......Stamos had been working with the Stanford cyberpolicy program for several years and had piloted a “hack lab” class this past spring.....At Stanford, he plans to study the upcoming midterms and the role of technology, as well as election security more broadly and the topic of disinformation. He said he would also look at subjects as basic as passwords and try to reimagine how they could be made more secure.........Mr. Stamos also said Information Warfare was a new working group at Stanford with about 14 faculty members across academic disciplines. The group, which will begin meeting this fall, plans to research information warfare tactics and to develop countermeasures. Mr. Stamos said he planned to teach a class for law and policy students on how hackers attack, with the goal of familiarizing future policymakers with common hacking techniques......Stamos wants to address issues including online child safety and the naming of a country or group responsible for a cyberattack.
cyberattacks  cyber_security  Colleges_&_Universities  disinformation  Facebook  information_warfare  security_&_intelligence  Sheryl_Sandberg  Stanford  political_influence  C-suite  countermeasures  hackers 
august 2018 by jerryking
Reporter’s Phablet: Is It Time To Panic About Quantum Computing’s Dark Side? - CIO Journal. - WSJ
By Sara Castellanos
Sep 15, 2017

At the three-day Quantum Safe Workshop that wrapped up here Wednesday, the general consensus among cryptography experts is that cybersecurity as we know it will be completely upended when a powerful quantum computer comes to market. That is, unless enterprise executives and researchers start preparing now.

“CIOs need to be planning their requirements for quantum safety today,” said Mark Pecen, founder and chairman of a working group for quantum-safe cryptography at the European Telecommunications Standards Institute, one of organizations that hosted the workshop.

Preeminent cryptographers and mathematicians who attended the conference said that when a scalable, fault-tolerant quantum computer is built, it will be able to solve the algorithms that much of today’s encryption relies on. The popular RSA algorithm, which is used to secure e-mail, online banking, e-commerce and devices connected to the internet, is particularly at risk because it’s based on integer factorization. Quantum computers are capable of solving factorization problems perhaps trillions of times faster than a classical computer.

If a powerful quantum computer is built before new algorithms and encryption methods are deployed, “the cyberspace we’re living in right now (will be) chaos,”
CIOs  quantum_computing  dark_side  cyber_security  cryptography 
june 2018 by jerryking
Quantum Computing Will Reshape Digital Battlefield, Says Former NSA Director Hayden - CIO Journal. - WSJ
Jun 27, 2018 | WSJ | By Jennifer Strong.

In the ongoing battle between law enforcement and Apple Inc. over whether the company should assist the government in cracking into iPhones, Mr. Hayden says it “surprised a lot of folks that people like me generally side with Apple” and its CEO Tim Cook.

Do you believe there’s a deterrence failure when it comes to cyber threats?

Yes, and it’s been really interesting watching this debate take shape. I’m hearing folks who think we should be more aggressive using our offensive cyber power for defensive purposes. Now that’s not been national policy. We have not tried to dissuade other countries from attacking us digitally by attacking them digitally.

What are your current thoughts on quantum encryption or quantum codebreaking?

When machine guns arrived it clearly favored the defense. When tanks arrived? That favored the offense. One of the tragedies of military history is that you’ve got people making decisions who have not realized that the geometry of the battlefield has changed because of new weapons. And so you have the horrendous casualties in World War I and then you’ve got the French prepared to fight World War I again and German armor skirts the Maginot Line. Now I don’t know whether quantum computing will inherently favor the offense or inherently favor the defense, when it comes to encryption, security, espionage and so on, but I do know it’s going to affect something.

What other emerging technologies are you watching?

Henry Kissinger wrote an article about this recently in which he warned against our infatuation with data and artificial intelligence. We can’t let data crowd out wisdom. And so when I talk to people in the intelligence community who are going all out for big data and AI and algorithms I say, “you really do need somebody in there somewhere who understands Lebanese history, or the history of Islam.”
Michael_Hayden  codebreaking  security_&_intelligence  quantum_computing  NSA  Apple  cyber_security  encryption  cyber_warfare  Henry_Kissinger  wisdom  national_strategies  offensive_tactics  defensive_tactics 
june 2018 by jerryking
Trudeau urged to probe Chinese telecom giant Huawei’s role in Canada - The Globe and Mail
ROBERT FIFE , SEAN SILCOFF AND STEVEN CHASE
OTTAWA
PUBLISHED MAY 27, 2018

Andy Ellis, now chief executive of ICEN Group, said the Prime Minister should assemble a team of deputy ministers and top security officials to examine what − if any − threat that Huawei poses in its drive to scoop up and patent 5G technology that draws heavily on the work of Canadian academics.

“If I was Mr. Trudeau, I would say I want all of you in the intelligence community to tell me the length and breadth of what is going on here and to recommend to me some actions that mitigate it … [and] if we are at risk,” he said in an interview Sunday.
5G  Canada  Canadian  security_&_intelligence  telecommunications  China  Chinese  cyber_security  Justin_Trudeau  Huawei  intellectual_property  threats  patents  Colleges_&_Universities 
may 2018 by jerryking
Are you mentally prepared for a cyber attack?
JULY 5, 2017 | FT | by Madhumita Murgia.

“Cyber attacks are not benign. Even when no one suffers physical harm, the opportunity to cause anxiety and stress, instil fear and disrupt everyday life is immense,”.......journalists write about how companies and governments struggle to cope with the fallout from a cyber attack, but the longer-lasting impact on the human psyche has remained largely unexplored. Clearly, the anxiety prompted by cyber attacks is different from that associated with “traditional” acts of terrorism that cause deaths and injury to civilians. .... “Our analysis suggests that the psychological harm of cyber war can affect wellbeing nonetheless.” Identity theft, online threats of personal harm and the disclosure of confidential data such as medical records can cause significant distress........
........Samir Kapuria, a senior executive at Symantec, a global cyber-security company, is at the frontline of damage control, often helping clients after a cyber crime. He admitted that the corporate world was “in a state of urgency” when it came to dealing with the scale and virality of cyber attacks.

“The early 2000s was an era of mass cyber crime, when viruses like Stuxnet were released to disrupt with criminal intent. Today, with attacks like WannaCry and Petya, we are entering the era of intelligence,” says Kapuria, “moving from locks to surveillance to early detection.”
cyber_security  hackers  cyberthreats  malware  cyberattacks  psychology  panic  viruses  security_&_intelligence  Symantec  identity_theft  left_of_the_boom  surveillance  human_psyche  stressful  disaster_preparedness 
may 2018 by jerryking
Listening In: cyber security in an insecure age, by Susan Landau
April 8, 2018 | Financial Times | Kadhim Shubber 10 HOURS AG

Review of [Listening In: cyber security in an insecure age, by Susan Landau, Yale University Press, $25]

....so Landau’s latest work leaves the reader wishing for a deeper reckoning with these complex issues.

Landau is a respected expert in cryptography and computer security, with a long career both studying and working in the field. She was an engineer at Sun Microsystems for over a decade and is currently a professor in cyber security at Tufts University. Her clean, knowledgeable writing reflects the depth of her expertise — with just a trace of jargon at times — as she traces the tug of war that has played out between law enforcement and cryptographers in recent decades.....Landau persuasively argues that the increasingly digital and interconnected society and economy we inhabit creates vulnerabilities that we ignore at our peril.......Landau is an advocate for strong computer security, and uses this book to reject calls for “back doors” that would allow law enforcement access to encrypted hardware, like iPhones, or messaging apps, such as WhatsApp. But she also encourages governments to become better at proactive “front door” hacking. In the process, she warns, they should not rush to disclose security weaknesses they discover, which inevitably leaves them open for others to exploit......Yet we have seen that the government’s toolbox can also fall into the wrong hands. In 2016 and 2017, a powerful set of hacking tools built by the NSA were leaked by hackers.
Apple  back_doors  books  book_reviews  cryptography  cyber_security  FBI  hacking  nonfiction  Stuxnet  Tim_Cook  vulnerabilities 
april 2018 by jerryking
Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says
MARCH 15, 2018 | The New York Times | By NICOLE PERLROTH and DAVID E. SANGER.

The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.....Russian hacks had taken an aggressive turn. The attacks were no longer aimed at intelligence gathering, but at potentially sabotaging or shutting down plant operations.....Though a major step toward deterrence, publicly naming countries accused of cyberattacks still is unlikely to shame them into stopping. The United States is struggling to come up with proportionate responses to the wide variety of cyberespionage, vandalism and outright attacks.
Russia  security_&_intelligence  cyberattacks  vandalism  cyber_security  power_grid  infrastructure  NSA  vulnerabilities  hackers  U.S._Cyber_Command  David_Sanger  cyberphysical  physical_world 
march 2018 by jerryking
America’s intelligence agencies find creative ways to compete for talent - Spooks for hire
March 1, 2018 | Economist |

AMERICA’S intelligence agencies are struggling to attract and retain talent. Leon Panetta, a former Pentagon and CIA boss, says this is “a developing crisis”......The squeeze is tightest in cyber-security, programming, engineering and data science.....Until the agencies solve this problem, he says, they will fall short in their mission or end up paying more for expertise from contractors. By one estimate, contractors provide a third of the intelligence community’s workforce.....Part of the problem is the demand in the private sector for skills that used to be needed almost exclusively by government agencies, says Robert Cardillo, head of the National Geospatial-Intelligence Agency (NGA). To hire people for geospatial data analysis, he must now compete with firms like Fitbit, a maker of activity-measurement gadgets. .....The NGA now encourages certain staff to work temporarily for private firms while continuing to draw a government salary. After six months or a year, they return, bringing “invaluable” skills to the NGA, Mr Cardillo says. Firms return the favour by quietly lending the NGA experts in app development and database security. .....
war_for_talent  talent  data_scientists  CIA  security_&_intelligence  cyber_security  Leon_Panetta  SecDef  Pentagon  geospatial 
march 2018 by jerryking
Marty Chavez Muses on Rocky Times and the Road Ahead
NOV. 14, 2017 | - The New York Times | By WILLIAM D. COHAN.

Mr. Chavez is about as far from the stereotypical Wall Street senior executive as you can imagine, and that is one reason his musings about the future direction of Wall Street are listened to carefully.

He grew up in Albuquerque, one of five children, who all went to Harvard. He got a doctorate in medical information sciences from Stanford University. (At that time, he was known by his full name Ramon Martin Chavez.)

In 1990, Mr. Chavez came out, the day after he defended his doctoral dissertation. – “Architectures and Approximation Algorithms for Probabilistic Expert Systems.” He is one of the few openly gay executives on Wall Street. ......In his current role as Goldman's CFO, Marty views his job as a simple one that is hard to get right: “I’m not paid or evaluated on the accuracy of my crystal-ball predictions,” he said. “I’m paid to enumerate every possible outcome and do something about every possible outcome well in advance, when it’s still possible to do something, because once it’s happened it’s too late.”....Unlike many of his peers on Wall Street, Mr. Chavez does not complain about the extent of the regulation that hit the financial industry as a result of Dodd-Frank. Generally speaking, he says, the regulations have helped banks “confront their problems and capitalize and bolster their liquidity,” making them “stronger as a result,” and the financial system safer and more profitable.....Instead of complaining about the extra expense and manpower required to comply with the mountain of new regulations, Mr. Chavez chooses instead to think about it differently. “If you approach the regulations as ‘Oh, we’ve got to comply,’ you’ll get one result,” he said. He prefers thinking about the regulations as, “This makes us and the system and our clients safer and sounder, and yes it’s a lot of work, but what can we learn from this work and how can we use this work in other ways to make a better result for our shareholders and our clients? Everywhere we look we’re finding these opportunities and they’re very much in keeping with the spirit of the times.”

Like any good senior Goldman executive, he does worry. (Lloyd Blankfein, the Goldman chief executive, once told me he spent 98 percent of his time worrying about things with a 2 percent probability.)

His biggest concern at the moment is the risk of “single points of failure” in the vast world of cybersecurity. He worries about any individual “repository of information” that does not have a backup and that can “be hacked.”

He does not even trust Goldman’s own computer system; he treats it as a potential enemy.

.....What also makes Goldman different from its peers is the firm’s love affair with engineers. At the moment, he said, engineers comprise around 30 percent of Goldman’s work force of about 35,000. It’s what drew him to Goldman in the first place — to work on Goldman’s in-house software, “SecDB,” short for “Securities Database,” an internal, proprietary computer system that tracks all the trades that Goldman makes and their prices, and regularly monitors the risk that the firm faces as a result.

He said the system generates some million and a half points of data that were used to calculate, for the first time, the firm’s “liquidity coverage ratio” — now 128 percent — and that were shared with regulators every day. He’s been busy trying to figure out how the newly generated data can be used to help him understand what the firm’s liquidity will be a year from now.

That way, he said, in his principal role as Goldman’s chief financial officer, he can perceive a problem in plenty of time to do something about it. “We’re able to get much better actionable insights that make the firm a less risky business because we’re able to go much further out into the future,” he said......
Goldman_Sachs  Martin_Chavez  Wall_Street  SPOF  CFOs  actionable_information  engineering  financial_system  databases  information_sources  SecDB  proprietary  Dodd-Frank  regulation  cyber_security  improbables  think_differently  jujutsu  William_Cohan 
november 2017 by jerryking
Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core
NOV. 12, 2017 | The New York Times | By SCOTT SHANE, NICOLE PERLROTH and DAVID E. SANGER.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”
data_breaches  hacking  vulnerabilities  CIA  counterintelligence  counterespionage  moles  malware  ransomware  Fedex  Mondelez  Edward_Snowden  security_&_intelligence  Russia  Leon_Panetta  NSA  cyber_security  cyber_warfare  cyberweapons  tools  David_Sanger  SecDef 
november 2017 by jerryking
Pentagon Turns to High-Speed Traders to Fortify Markets Against Cyberattack
Oct. 15, 2017 7| WSJ | By Alexander Osipovich.

"What it would be like if a malicious actor wanted to cause havoc on U.S. financial markets?".....Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense’s research arm, DARPA, over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort, the Financial Markets Vulnerabilities Project, as an early-stage pilot project aimed at identifying market vulnerabilities.

Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash......Among potential targets that could appeal to hackers given their broad reach are credit-card companies, payment processors and payroll companies such as ADP, which handles the paychecks for one in six U.S. workers, participants said.....The goal of Darpa’s project is to develop a simulation of U.S. markets, which could be used to test scenarios, Such software would need to model complex, interrelated markets—not just stocks but also markets such as futures—as well as the behavior of automated trading systems operating within them....Many quantitative trading firms already do something similar.......
In 2009, military experts took part in a two-day war game exploring a “global financial war” involving China and Russia, according to “Currency Wars: The Making of the Next Global Crisis,” a 2011 book by James Rickards. ....“Our charge at Darpa is to think far out,” he said. “It’s not ‘What is the attack today?’ but ‘What are the vectors of attack 20 years from now?’”
Pentagon  financial_markets  financial_system  vulnerabilities  DARPA  traders  hedge_funds  Wall_Street  hackers  books  rogue_actors  scenario-planning  cyber_security  cyber_warfare  cyberattacks  high-frequency_trading  pilot_programs  contagions 
october 2017 by jerryking
SEC Chief Wants Investors to Better Understand Cyberrisk - WSJ
Sept. 5, 2017 | WSJ | By Dave Michaels.

The chairman of the Securities and Exchange Commission said Tuesday that regulators and Wall Street need to do more to educate investors about the serious risks that companies and the financial system face from cyberintrusions.

Jay Clayton, speaking at an event sponsored by New York University’s School of Law, said investors still don’t fully appreciate the threat posed by hackers. “I am not comfortable that the American investing public understands the substantial risk that we face systemically from cyber issues and I would like to see better disclosure around that,” Mr. Clayton said.
SEC  cyber_security  cyberthreats  cyberrisks  risks  hackers  cyberintrusions  regulators  Wall_Street  data_breaches  disclosure  under_appreciated  financial_system 
september 2017 by jerryking
Maersk CEO Soren Skou on how to survive a cyber attack (reader responses)
The article doesn't tell anything of value. It's a shortcoming regarding the standard of the FT. This CEO doesn't say anything despite that he took part in confcalls. Wow. 

As an outsider it would...
letters_to_the_editor  Maersk  cyber_security  cyberattacks  FT  interpretative 
august 2017 by jerryking
Three ways your business can leverage artificial intelligence - The Globe and Mail
CHRIS CATLIFF
Special to The Globe and Mail
Published Tuesday, Aug. 15, 2017

There are a multitude of ways most businesses can leverage AI but here are three:

1. Customizing the client experience

Recommendation engines (think Netflix) can personalize the customer experience, especially for front-line employees interacting with clients. Using data about our preferences, algorithms suggest and then employees filter with their emotional intelligence to offer highly customized recommendations. Recommendation engines boost revenue and will continue to play a pivotal role. For employees, AI simplifies decisions and eases work flow – a case of automation complementing the human element.

2. Accuracy in detecting fraud

AI-based systems, compared with traditional software systems used for detecting fraud, are more accurate in detecting fraudulent patterns. By using machine learning algorithms, companies can spot emerging anomalies in the data. Financial institutions are particularly vulnerable to cybercrime, where global losses from card fraud are expected to reach $31-billion in three years, and cyberattacks are becoming increasingly sophisticated. Security goals and customer experience goals need to be in sync for fraud prevention technologies to be effective.

3. Increasing client engagement

While "chat bots" are AI-based automated chat systems that can simulate human chat without human intervention, they are being extensively applied to revolutionize customer interactions. By identifying context and emotions in a text chat by the human end-user, chat bots respond with the most appropriate reply. In addition, chat bots, over time, collect data on the behaviour and habits of that individual and can learn their preferred behaviour, adapting even more to their needs and moods. By improving customized communication, customers are more likely to be far more engaged with your company.
artificial_intelligence  bots  chatbots  howto  fraud  fraud_detection  recommendation_engines  cyber_security  cyberattacks 
august 2017 by jerryking
Global shipping boss charts course through troubled waters
August 14, 2017 | Financial Times | by Richard Milne.

When AP Moller-Maersk came under cyber attack this year, chief executive Soren Skou was presented with a very basic problem: how to contact anyone. The June attack was so devastating that the Danish conglomerate shut down all its IT systems. The attack hit Maersk hard. Its container ships stood still at sea and its 76 port terminals around the world ground to a halt. ...Skou had no intuitive idea on how to move forward....Skou was “at a loss”, but he decided to do three things quickly.
(1) “I got deep in.” He participated in all crisis calls and meetings. “To begin with, I was just trying to find out what was happening. It was important to be visible, and take some decisions,” he says. Maersk is a conglomerate, so IT workers needed to know whether to get a system working for its oil business or container shipping line first.
(2) He focused on internal and external communication. Maersk sent out daily updates detailing which ports were open and closed; which booking systems were running and more. It also constructed a makeshift booking service from scratch.
(3)Skou says he made sure frontline staff in the 130 countries it operates in were able to “do what you think is right to serve the customer — don’t wait for the HQ, we’ll accept the cost”.

He says that he has learnt there is no way to prevent an attack. But in future, the company must “isolate an attack quicker and restore systems quicker”. He adds that Maersk will now approach its annual risk management exercises in a different spirit. “Until you have experienced something like this — people call them ‘black swan’ events — you don’t realize just what can happen, just how serious it can be.”

Danish conglomerate AP Moller-Maersk is planning to expand into transport and logistics ...

....Mr Skou’s plan for Maersk is about shrinking the company to grow — a “counterintuitive” approach, he concedes. Maersk’s revenues have stagnated since the global financial crisis and the solution has been to jettison what has often been its main provider of profits, the oil business.

In its place, Mr Skou has already placed his bet on consolidation in the shipping industry.....His real push is in bringing together the container shipping, port terminals, and freight forwarding businesses so as to make it “as simple to send a container from one end of the world to the other as it is to send a parcel with FedEx or UPS”. That requires quite a cultural shift in a group where independence was previously prized.....Another priority is to digitalise the group. “It is pretty messy,” Mr Skou says cheerfully. Unlike most businesses selling to consumers who offer few possibilities to change much, almost everything is up for negotiation between Maersk and its business customers — from delivery time, destination, cost, speed, and so on. “It’s easy to talk about digitalising things; it’s quite difficult to do in a B2B environment. It’s hard to digitalise that complexity,”
crisis  crisis_management  malware  cyber_security  cyberattacks  conglomerates  black_swan  improbables  CEOs  Denmark  Danish  IT  information_systems  think_threes  post-deal_integration  internal_communications  counterintuitive  digitalization  shipping  ports  containers  Maersk 
august 2017 by jerryking
Businesses must quickly count the cost of cyber crime
8 July /9 July 2017 | Financial Times | Brooke Masters.

Transparency without the full facts can be dangerous....Cyber attacks are frightening and hard for investors to evaluate. Quantify, to the extent possible, the impact as quickly as you can.
malware  Mondelez  cyber_security  WPP  transparency  cyberattacks  brands 
august 2017 by jerryking
U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS - The New York Times
By DAVID E. SANGER and ERIC SCHMITT JUNE 12, 2017.

In 2016, U.S. cyberwarriors began training their arsenal of cyberweapons on a more elusive target, internet use by the Islamic State. Thus far, the results have been a consistent disappointment......The effectiveness of the nation’s arsenal of cyberweapons hit its limits against an enemy that exploits the internet largely to recruit, spread propaganda and use encrypted communications, all of which can be quickly reconstituted after American “mission teams” freeze their computers or manipulate their data..... the U.S. is rethinking how cyberwarfare techniques, first designed for fixed targets like nuclear facilities, must be refashioned to fight terrorist groups that are becoming more adept at turning the web into a weapon......one of the rare successes against the Islamic State belongs at least in part to Israel, which was America’s partner in the attacks against Iran’s nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers......ISIS' agenda and tactics make it a particularly tough foe for cyberwarfare. The jihadists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks.

Such activity is not tied to a single place, as Iran’s centrifuges were, and the militants can take advantage of remarkably advanced, low-cost encryption technologies. The Islamic State, officials said, has made tremendous use of Telegram, an encrypted messaging system developed largely in Germany......disruptions often require fighters to move to less secure communications, making them more vulnerable. Yet because the Islamic State fighters are so mobile, and their equipment relatively commonplace, reconstituting communications and putting material up on new servers are not difficult.
ISIS  NSA  security_&_intelligence  disappointment  Israel  encryption  disruption  London  London_Bridge  tools  cyber_security  cyberweapons  vulnerabilities  terrorism  Pentagon  U.S._Cyber_Command  campaigns  David_Sanger 
june 2017 by jerryking
The Evolution of a Cybersecurity Firm - WSJ
By Cat Zakrzewski
May 16, 2017

......Certainly when someone is working with us today, they’re looking for us to deliver an outcome. They’re not necessarily looking for us to just provide them with a product and move on. That’s a big evolution in our model. We’re helping them manage cybersecurity risk.....It’s a big shift to go from a company that sold several products that each performed a separate security function to one that delivers an architecture designed to help customers drive more-holistic outcomes. In many cases, our customers are now asking us to help them manage and run our products for them so that they can get more value versus doing it themselves.......The problem we see in security is that often companies take the lack of attack on their company as meaning they have a good defense, and as a result do not place enough emphasis on the urgency of patching their systems to prevent future attacks.....[Cybersecurity has] gone from a back-office function to a boardroom-level issue. Now everyone in the C-suite of an organization has at least got some basic understanding of cybersecurity issues.

That’s bringing a whole level of visibility to it that we haven’t had in the past. Boards are worried about brand implications, they’re worried about intellectual property, they’re worried about business operations being interrupted, they’re worried about losing value. .....: I think the biggest mistake technical people can make is leading with the technology in both their explanation as well as in their remedies, leading with a one-size-fits-all problem. I think that’s when people get confused about what we’re trying to do. Then they think, well I can just go buy a widget and technical widgets should solve my technical cybersecurity problem. Cybersecurity is a systemic challenge. There are people issues......One key area is making sure that your partners and vendors are part of your extended, coordinated response, and that comes through clearly understanding what potential scenarios you face and then practicing what to do when an incident occurs.......Cybersecurity has a similar set of challenges, where you constantly are operating and have risks. People can be compromised, you have complex systems. You might make an acquisition where that firm had a breach and you’ve brought that into your organization. Cybersecurity is something you need to think about in a risk-based context and think about it holistically.
CEOs  McAfee  boards_&_directors_&_governance  cyber_security  cyberthreats  outcomes  risk-management  data_breaches  network_risk  threat_intelligence  one-size-fits-all  thinking_holistically  Michael_McDerment  C-suite 
may 2017 by jerryking
Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool
MAY 12, 2017 | - The New York Times | By NICOLE PERLROTH and DAVID E. SANGER.

Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.....The attacks appeared to be the largest ransomware assault on record, but the scope of the damage was hard to measure. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computers, or even if those who did pay would regain access to their data.

Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. And finally they encrypted the computer systems of the victims, locking them out of critical data, including patient records in Britain.
tools  cyber_security  cyberweapons  cyberattacks  vulnerabilities  malware  Microsoft  ransomware  hackers  NSA  exploits  blackmail  David_Sanger 
may 2017 by jerryking
Cyber Heroes | Ivey Alumni | Ivey Business School
Craig believes that businesses and individuals, even countries, must accept that we live in an “era of compromise.” “You have to understand that somebody already has your sensitive data, likely a former employee,” he says. “Have you rehearsed roles for when that becomes public? Does the CEO know what she needs to say? Does the IT team know what they need to do? Being prepared with an appropriate response to data loss is a leading practice that helps maintain, or even build, an organization’s reputation.”
Ivey  alumni  cyber_security  vulnerabilities  insurance  data_breaches  risks  business-continuity 
march 2017 by jerryking
Law firms will pay price for failure to hold off hackers | Evernote Web
31 December/1 January 2017 | Financial Times | Brooke Masters.

"This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: You are and will be targets of cyber hacking, because you have information available to would-be criminals," Bharara said in a statement....Other professional services firms should take note. This is not the first time the industry has been hit by hackers who specialise in what is becoming known as "outsider trading"....Accounting firms that provide tax advice on mergers, boutique advisory forms, and consultants who weigh in on synergies and downsizing plans are almost certainly on the criminals' hit list....Professional service firms will not be so lucky. Banks and companies pay extremely high prices for outside advice. They expect professionalism and confidentiality in return. Getting hacked by a bunch of Chinese traders is hardly a strong recommendation of either.
Big_Law  Chinese  confidentiality  cyber_security  cyberattacks  hackers  hacking  law_firms  M&A  malware  mergers_&_acquisitions  Preet_Bharara  professional_service_firms  SEC  security_consciousness  securities_fraud  traders 
january 2017 by jerryking
Putin Is Waging Information Warfare. Here’s How to Fight Back. - The New York Times
By MARK GALEOTTIDEC. 14, 2016

the United States and its allies should pursue a strategy of deterrence by denial. Mr. Putin shouldn’t fear retaliation for his information warfare — he should fear that he will fail.

There are several ways to go about this. First, United States institutions need better cybersecurity defenses. Political parties and major newspapers are now targets just as much as the power grid and the Pentagon are. The government has to help provide security when it can — but people have a duty to be more vigilant and recognize that their cybersecurity is about protecting the country, not just their own email accounts. ....Finally, Mr. Putin’s own vanity could be turned into a weapon against him. Every time he overreaches, the American government should point it out. Every time he fails, we need to say so loudly and clearly. We should tell jokes about him. He can rewrite the record in Russia, but the West does not have to contribute to his mythmaking — and we should stop building him up by portraying him as a virtual supervillain.
cyberattacks  Vladimir_Putin  cyber_security  cyber_warfare  retaliation  security_&_intelligence  punitive  phishing  deterrence  economic_warfare  blacklists  retribution  disinformation  campaigns  destabilization  Russia  information_warfare  delegitimization  deception  overreach  power_grid 
december 2016 by jerryking
Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say - The New York Times
By MATT APUZZO and MICHAEL S. SCHMIDTNOV. 15, 2016
Continue reading the main storyShare This Page
Share
Tweet
Email
More
Save
cyber_security  China  mobile_phones 
november 2016 by jerryking
Why Putin would be behind the DNC computer hacking - The Globe and Mail
PATRICK MARTIN
The Globe and Mail
Published Saturday, Jul. 30, 2016

U.S. security experts have concluded with near certainty that it was two groups of hackers known in the cyberworld as Fancy Bear and Cozy Bear that penetrated the computer network of the Democratic National Committee several months ago and copied thousands of e-mails and other documents. These hackers, they say, can be traced to two of Russia’s security services: the GRU, run by Russia’s military, and the FSB, the main successor to the notorious KGB.

These operations would not have been conducted without the knowledge of Russian President Vladimir Putin, the one-time head of the FSB.

Such espionage is not totally unexpected, says David Kramer of Washington’s McCain Institute, a security-oriented “do tank” (as opposed to think tank). However, “weaponizing” the operation by releasing many of the documents through the whistle-blower website WikiLeaks, is “unprecedented,” he said.
Russia  U.S.  Donald_Trump  Hillary_Clinton  information_warfare  Vladimir_Putin  Campaign_2016  Patrick_Martin  hacking  data_breaches  cyber_security  hackers  WikiLeaks  security_&_intelligence  FSB  GRU  DNC  espionage 
july 2016 by jerryking
Why Russian hackers would meddle in U.S. politics - The Globe and Mail
DEREK BURNEY AND FEN OSLER HAMPSON
Special to The Globe and Mail
Published Wednesday, Jul. 27, 2016

But this is not just simply a titillating scandal in America’s electoral silly season. It sadly points to a fundamental weakness in the United States’ own cyberstrategy and its inability to deal effectively with autocrats who have outsized, imperial ambitions and terrorists who want to wreak havoc. Cyberattacks are increasingly the cornerstone of Russia’s regional and global military and political security strategy. They offset Moscow’s economic weakness.
Russia  hackers  cyber_security  data_breaches  cyberattacks  DNC  Campaign_2016  security_&_intelligence  autocrats 
july 2016 by jerryking
Why China Hacks - WSJ
By L. GORDON CROVITZ
Updated July 17, 2016

This case suggests a shift in China’s hacking strategy. Beijing has gone from amassing huge amounts of communications to deploying the information for its own ends. Most notably, Mr. Dahlin’s case shows that Beijing has decided it is sometimes even worth disclosing sources and methods. By showing it has access to U.S. documents, Beijing sends the message to other reformers in China that they too can be called in any time and accused of “endangering national security.”
China  hackers  security_&_intelligence  espionage  motivations  cyber_security  data_breaches  endangered 
july 2016 by jerryking
U.S. Cyber Command Chief on What Threats to Fear the Most - WSJ
June 19, 2016 | WSJ |

But the types of threats that we worry most about today that are new are adversaries taking full control of our networks, losing control of our networks, having a hacker appear to be a trusted user......MS. BLUMENSTEIN: Extraordinary investments are required now for cybersecurity. But looked at another way, there’s an extraordinary cost to getting it wrong.

I was talking to one of the CFOs out there who said, “Can you ask, what is the estimated loss?” Is there a total number? Or do you just know specific incidences?

On the military side, you can imagine the difficulty that would cause a commander, if he didn’t trust his own network or his data.
cyber_security  cyber_warfare  threats  North_Korea  ISIS  network_risk  capabilities  Russia  China  Sony  data  Pentagon  U.S._Cyber_Command  cyberattacks 
june 2016 by jerryking
The Chinese Hackers in the Back Office - The New York Times
By NICOLE PERLROTHJUNE 11, 2016
a murky and much hyped emerging industry in selling intelligence about attack groups like the C0d0s0 group. Until recently, companies typically adopted a defensive strategy of trying to make their networks as impermeable as possible in hopes of repelling attacks. Today, so-called threat intelligence providers sell services that promise to go on the offensive. They track hackers, and for annual fees that can climb into the seven figures, they try to spot and thwart attacks before they happen.
China  hackers  cyber_security  data_breaches  pre-emption  security_&_intelligence  threats  offensive_tactics  threat_intelligence  back-office 
june 2016 by jerryking
A Computer Security Start-Up Turns the Tables on Hackers - The New York Times
By NICOLE PERLROTHJUNE 12, 2016
Continue reading the main storyShare This Page
Share
Tweet
Email
More
cyber_security  security_&_intelligence  data_breaches  hackers 
june 2016 by jerryking
Software as Weaponry in a Computer-Connected World - The New York Times
JUNE 7, 2016 | NYT | By NICOLE PERLROTH.

On average, there are 15 to 50 defects per 1,000 lines of code in delivered software, according to Steve McConnell, the author of “Code Complete.” Today, most of the applications we rely on — Google Chrome, Microsoft, Firefox and Android — contain millions of lines of code. And the complexity of technology is increasing, and with it the potential for defects.

The motivation to find exploitable defects in widely used code has never been higher. Governments big and small are stockpiling vulnerabilities and exploits in hardware, software, applications, algorithms and even security defenses like firewalls and antivirus software.

They are using these holes to monitor their perceived enemies, and many governments are storing them for a rainy day, when they might just have to drop a payload that disrupts or degrades an adversary’s transportation, energy or financial system.

They are willing to pay anyone who can find and exploit these weaknesses top dollar to hand them over, and never speak a word to the companies whose programmers inadvertently wrote them into software in the first place.
software  hackers  books  coding  vulnerabilities  exploits  financial_system  software_bugs  bounties  black_markets  arms_race  cyber_warfare  cyber_security  Stuxnet  espionage  Iran  security_&_intelligence  malware  cyberweapons  weaponry  stockpiles 
june 2016 by jerryking
F.B.I. Director Suggests Bill for iPhone Hacking Topped $1.3 Million - The New York Times
APRIL 21, 2016 | NYT | By ERIC LICHTBLAU and KATIE BENNER

The F.B.I. declined to confirm or deny Thursday whether the bureau had in fact paid at least $1.3 million for the hacking, and it declined to elaborate on Mr. Comey’s suggestive remarks.

But that price tag, if confirmed, appears in line with what other companies have offered for identifying iOS vulnerabilities.

Zerodium, a security firm in Washington that collects and then sells such bugs, said last fall that it would pay $1 million for weaknesses in Apple’s iOS 9 operating system. Hackers eventually claimed that bounty. The iPhone used by the San Bernardino gunman ran iOS 9.

“A number of factors go into pricing these bounties,” said Alex Rice, the co-founder of the security start-up HackerOne CTO, who also started Facebook’s bug bounty program. Mr. Rice said that the highest premiums were paid when the buyer didn’t intend to disclose the flaw to a party that could fix it.
bounties  FBI  hacking  encryption  James_Comey  iPhone  cyber_security  Apple  hackers  software_bugs  vulnerabilities  cryptography  exploits 
april 2016 by jerryking
Apple Policy on Bugs May Explain Why Hackers Would Help F.B.I. - The New York Times
MARCH 22, 2016 | NYT | By NICOLE PERLROTH and KATIE BENNER.

As Apple’s desktops and mobile phones have gained more market share, and as customers began to entrust more and more of their personal data to their iPhones, Apple products have become far more valuable marks for criminals and spies.....Exploits in Apple’s code have become increasingly coveted over time, especially as its mobile devices have become ubiquitous, with an underground ecosystem of brokers and contractors willing to pay top dollar for them (flaws in Apple’s mobile devices can typically fetch $1 million.)....Unlike firms like Google, Microsoft, Facebook, Twitter, Mozilla, Uber and other tech companies which all pay outside hackers, via bug bounty programs, to turn over bugs in their products and systems, Apple doesn't do this. So it's not surprising that a third party approached the F.B.I. with claims of being able to unlock an iPhone--and not Apple.
black_markets  exploits  arms_race  FBI  bounties  cyber_security  Apple  hackers  software_bugs  vulnerabilities  cryptography  encryption 
march 2016 by jerryking
Cyber stickups that retail chiefs should have learnt to fear
31 October/1 November 2015 | FT | Philip Delves Broughton

The risks in retail are now of an entirely different nature....
cyber_security  retailers  data_breaches  CEOs  Philip_Delves_Broughton  hackers  risks  Pentagon  lessons_learned 
november 2015 by jerryking
Intelligence Start-Up Goes Behind Enemy Lines to Get Ahead of Hackers - The New York Times
By NICOLE PERLROTH SEPT. 13, 2015

iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops....For the last eight years, iSight has been quietly assembling what may be the largest private team of experts in a nascent business called threat intelligence. Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though that statistic is impossible to verify given the secretive nature of these operations.

ISight analysts spend their days digging around the underground web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.

The company’s focus is what John P. Watters, iSight’s chief executive, calls “left of boom,” which is military jargon for the moment before an explosive device detonates.... iSight's services fill a critical gap in the battle to get ahead of threats. Most security companies, like FireEye, Symantec, Palo Alto Networks and Intel’s security unit, focus on blocking or detecting intrusions as they occur or responding to attacks after the fact.

ISight goes straight to the enemy. Its analysts — many of them fluent in Russian, Mandarin, Portuguese or 21 other languages — infiltrate the underground, where they watch criminals putting their schemes together and selling their tools.

The analysts’ reports help clients — including 280 government agencies, as well as banks and credit-card, health care, retail and oil and gas companies — prioritize the most imminent and possibly destructive threats.

Security experts say the need for such intelligence has never been greater....the last thing an executive in charge of network security needs is more alerts, he said: “They don’t have time. They need human, actionable threat intelligence.”
cyber_security  security_&_intelligence  dark_web  hackers  intelligence_analysts  iSight  Symantec  threats  humint  spycraft  pre-emption  actionable_information  noise  threat_intelligence  left_of_the_boom  infiltration 
september 2015 by jerryking
« earlier      
per page:    204080120160

Copy this bookmark:





to read