|
With their head in the clouds
by David Moss
October 2010
updated November 2010
updated December 2010
updated January 2011
updated April 2011
updated May 2011
updated June 2011
updated July 2011
updated October 2011
updated November 2011
updated December 2011
updated January 2012
updated February 2012
Around about the Harvest Festival here in the UK there was a sudden crop
of articles in the media about breaches of website security:
• Stuxnet Worm computer virus 'aims to sabotage Iran's nuclear
plant', said the Times:
"A computer virus that has infected more than 60,000 machines in
Iran may be a sophisticated cyber-warfare attack on Iran’s clandestine
nuclear arms programme".
• E-crime detectives as vital as bobbies on beat, said the
Telegraph:
"Online fraud generated £52 billion worldwide in 2007 – a staggering
sum. We believe there is major under-reporting of all types of cyber crime".
• In the light of the ACS:Law leak, how safe is our data?,
asked the Guardian:
Late on 24 September an archive containing thousands
of emails from solicitors ACS:Law appeared on the internet ... This year
the Information Commissioner's Office (ICO) was granted powers to levy
fines of up to £500,000 for serious breaches of data protection 'principles'.
This contrasts with the powers of the Financial Services Authority, who
this summer levied a £2.27m fine on insurance firm Zurich for its failure
to adequately protect customer data.
Nothing new, it's been going on for years.
Back in 2003, the BBC
reported that a "computer hacker has gained access to more than 5
million Visa and Mastercard credit card accounts in the US".
You need a certain amount of expertise to carry out these crimes and
luckily, if that's the word, the inventiveness of the free market being
what it is, training
is available: "the websites shared tips on how to commit fraud
and provided a forum by which people could buy the information and tools
they needed to commit such crime".
Which could account for the increase
in the magnitude of cyber crime that we are seeing now: "Albert
Gonzalez ... is currently awaiting sentencing on charges that he and others
hacked into TJX, Office Max, Heartland Payment Systems and numerous other
companies to steal data on more than 100 million credit and debit card
accounts".
It's not just banks and insurance companies and retailers and solicitors
and Iranian power plants that are affected. So are UK
government websites. Back in 2006, we read that:
Forty organised tax credit frauds involving the theft
of thousands of identities and worth at least £5 million are being investigated
by Revenue and Customs inspectors, it was disclosed yesterday ... This
is the latest problem to hamper Gordon Brown's beleaguered tax credit
scheme, which was criticised this week by an influential committee of
MPs after it overpaid £4 billion to claimants in two years ... Richard
Bacon, the Tory MP whose inquiries uncovered the illegal activities, said
he understood that manufacturers and large retailers were targeted. People's
identities were being stolen on 'an industrial scale' ...
What with the increase in supply, the
price of stolen identities has collapsed.
In 2005, a chap could get $60 a pop:
Cummings, who worked for Teledata Communications - a
New York-based software company which helps lenders access major credit
databases - had access to clients' codes and passwords. He would steal
people's credit reports and pass them on to an accomplice, who would sell
them on and share the profits with Cummings. The stolen identities, bought
by intermediaries for about $60 per name, were then used to access the
victims' bank accounts and use their credit cards.
A year later, the Sunday
Times told us that "the stolen identities of Britons –
including their credit card details, home addresses and security passwords
– are being sold on Russian websites for as little as £1 each".
You have to buy in bulk, of course, to get prices that low but, apparently,
you can sometimes get your money back if you're not satisfied – this
is a
professional and mature business with standards to maintain, international
brands to build, customer satisfaction to consider, loyalty and amour
propre.
The police do have their successes. In 2005, they "smashed"
a £25 million cheque fraud and they "foiled"
a £220 million bank theft. Which is good but it's an uphill struggle
when you consider the
geo-political scale of the threat:
American officials have been holding secret
talks with Russia and the United Nations in an attempt to strengthen internet
security and rein in the growing threat of cyberwarfare ... The potential
for online warfare has become a hot topic in recent years, after a string
of major incidents. Large-scale cyberattacks took place during last year's
conflict between Russia and Georgia
while the Estonian
government came grinding to a halt after an internet assault in 2007.
Wherever you see that a new application has been found for the
web, you need to be sceptical.
One last example. Washington
DC, for the most democratic of reasons, are trying to ensure that
temporarily absent residents do not lose their vote. The proposed web-based
voting system was "hijacked" by well-meaning (white hat) computer
scientists who demonstrated how easily black hat hackers could take over
and ensure the election result of their choice. The system has been scrapped.
As a spokesman for the Washington DC Board of Elections and Ethics says:
"This is an abundance-of-caution sort of thing".
Naturally the more punctilious website operators all proceed with an
abundance of caution. They all conform to an alphabet spaghetti of security
standards. But it doesn't seem to help – the general impression remains
that if the hackers want to invade your website, they will, whoever you
are.
Organisations which put their business applications and data on the web
take part in what is known as "cloud computing". It follows
from the evidence adduced above that anyone who can avoid putting their
head in the clouds should avoid it, it is a dangerous thing to do, imprudent
and inadvisable. Contra-indicated. Deprecated ...
Cloud computing sounds modern and exciting and is often promoted as efficient
and green and it sounds Luddite to attack it but just how modern, excited,
efficient and green will you feel when your bank account details are sold
for £1 and all your money disappears?
And with that question, finally, we get to the point, which is that the
UK government is currently considering civil service proposals –
the G-Digital
Programme – to rain down public services on us from a G-Cloud.
There are 10
million people in the UK who, God bless them, have never used the
web. That's 10 million people who would be excluded by the G-Digital Programme.
It is dangerous to put public services on the web. And, arguably, pointless
– they won't reach the people who need them most.
It is to be hoped that Rt Hon Francis Maude MP, Cabinet Office Minister,
will keep the G-Cheque book securely locked in his G-Plan desk.
Whatever else you may say about Mr Maude, he is not Tony Blair.
The Cabinet Office promised the credulous Mr Blair four years ago that
they would transform
government if only he gave them all the Christmas presents they asked
for. Which he did and yet there is nothing to show for their promises
today, there is no reason to give them a second chance, we know they can't
deliver, they've proved it.
And that's just as well, as we would all promptly be defrauded if they
ever did deliver, and the country would be brought to a halt by any of
our enemies who could be bothered.
29
September 2008: Cloud computing is a trap, warns GNU founder Richard Stallman:
"It's stupidity. It's worse than stupidity:
it's a marketing hype campaign" ... The 55-year-old New Yorker said that
computer users should be keen to keep their information in their own hands,
rather than hand it over to a third party.
His comments echo those made last week by Larry Ellison,
the founder of Oracle, who criticised the rash of cloud computing announcements
as "fashion-driven" and "complete gibberish".
"The interesting thing about cloud computing is
that we've redefined cloud computing to include everything that we already
do," he said. "The computer industry is the only industry
that is more fashion-driven than women's fashion. Maybe I'm an idiot,
but I have no idea what anyone is talking about. What is it? It's complete
gibberish. It's insane. When is this idiocy going to stop?"
29
March 2009: Spy chiefs fear Chinese cyber attack:
INTELLIGENCE chiefs have warned that China may
have gained the capability to shut down Britain by crippling its telecoms
and utilities.
They have told ministers of their fears that equipment
installed by Huawei, the Chinese telecoms giant, in BT’s new communications
network could be used to halt critical services such as power, food
and water supplies.
The warnings coincide with growing cyberwarfare attacks
on Britain by foreign governments, particularly Russia and China ...
Ministers expressed concern that replacing the
Chinese components with British parts would clash with government policy
on competition.
8
March 2010: Cyberwar declared as China hunts for the West’s intelligence
secrets:
Urgent warnings have been circulated throughout
Nato and the European Union for secret intelligence material to be protected
from a recent surge in cyberwar attacks originating in China.
The attacks have also hit government and military institutions
in the United States, where analysts said that the West had no effective
response and that EU systems were especially vulnerable because most
cyber security efforts were left to member states.
Nato diplomatic sources told The Times: "Everyone
has been made aware that the Chinese have become very active with cyber-attacks
and we’re now getting regular warnings from the office for internal
security." The sources said that the number of attacks had increased
significantly over the past 12 months, with China among the most active
players.
In the US, an official report released on Friday said
the number of attacks on Congress and other government agencies had
risen exponentially in the past year to an estimated 1.6 billion every
month.
10
October 2010: Worm cripples Iran nuclear plant:
For decades the possibility of a cyberwar has
fascinated experts. After land, sea and air engagements, battles in cyberspace
could require the rewriting of military doctrines for an era in which
a country could be brought to its knees by a few strokes of a laptop.
That moment appears to have arrived.
According to security experts, a computer worm that
has infested Iran’s Bushehr nuclear plant was launched by another
state. It has disrupted the production of nuclear material, proving
that a cybermissile can have as much impact as an airstrike.
13 October
2010: UK infrastructure faces cyber threat, says GCHQ chief:
The UK's critical infrastructure - such as
power grids and emergency services - faces a "real and credible"
threat of cyber attack, the head of GCHQ says.
The intelligence agency's director Iain Lobban said
the country's future economic prosperity rested on ensuring a defence
against such assaults.
4
November 2010: Europe attacks itself in cyber-warfare test – As OECD
admits major security fail:
... it emerged today that the Organisation for
Economic Co-operation and Development (OECD), said it had been under sustained
cyber attack for the last few months and is still battling to get its
computers cleaned up.
OECD spokesman Stephen Di Biasio told EUobserver that
the organisation had a team trying to close entry points, but wasn't able
to definitely say that hackers were not still accessing its systems.
He said: "What we know is it's quite a sophisticated
attack. We've got quite high levels of security protocols at the OECD
and this has been able to bypass those security measures ..." 8
November 2010: Royal Navy website infiltrated by computer hacker:
The navy's website was shut down this morning
after a self-confessed security enthusiast claimed to have hacked into
the site and its databases.
In a new post on his blog the hacker, a Romanian
national known only as TinKode, claims to have penetrated the security
of the navy's site late on Friday night.
The shocking breach comes just weeks after the
coalition Government announced plans to make countering cyber-terrorism
a major defence priority.
18
November 2010: China 'hijacks' 15 per cent of world's internet traffic:
China "hijacked" 15 per cent of the world's
internet traffic for 18 minutes earlier this year, including highly sensitive
email exchanges between senior US government and military figures, a report
to the US Congress said.
20
November 2010: Government services to be online-only:
Britons will be forced to apply
online for government services such as student loans, driving licences,
passports and benefits under cost-cutting plans to be unveiled this week.
Officials say getting rid of all paper applications
could save billions of pounds. They insist that vulnerable groups will
be able to fill in forms digitally at their local post offices.
29
November 2010: US embassy cables: The background:
The latest batch of documents to be released
by Wikileaks is made up of diplomatic messages sent from US embassies
around the world.
The whistle-blowing website says it has obtained more
than 250,000 cables passed between the US State Department and hundreds
of American diplomatic outposts - but it has so far only published a
small sample of those messages.
9
December 2010: Hackers hit Mastercard and Visa over Wikileaks row:
Hackers have attacked the websites of credit
card giants Mastercard and Visa.
The attacks came after the Anonymous group of hackers
pledged to pursue firms that have withdrawn services from Wikileaks.
Mastercard payments were disrupted but the firm said
there was "no impact" on people's ability to use their cards.
Visa's website also experienced problems. The attacks
came after both companies stopped processing payments to the whistle-blowing
site.
13
December 2010: Gawker falls victim to hackers:
Quarter of a million passwords published
and Twitter feed used to taunt 'arrogant' management in audacious security
breach.
The 24-hour attack penetrated deep into Gawker's computer
systems, shattering its security shield and catching its executives
off guard.
13
December 2010: WikiLeaks: government websites could be hacked in revenge
attacks:
Websites holding the personal data of British
taxpayers could be targeted by the computer hackers who are attacking
organisations seen as enemies of WikiLeaks, the national security adviser
has warned.
Sir Peter Ricketts told senior civil servants that
Whitehall should be prepared to come under fire from "hacktivists" angry
at British authorities over the arrest of Julian Assange, the anti-secrecy
site's editor ...
He said there was particular concern about sites belonging
to the Department for Work and Pensions, which holds information on
benefits claimants, and HMRC, which has data on all taxpayers.
20
December 2010: Hackers leak e-mail account details of government and defence
staff:
The e-mail account details of government officials,
civil servants and defence company staff have been leaked online after
computer hackers attacked a prominent group of gossip and news websites,
a Times investigation shows.
The work e-mail addresses and passwords of senior staff
at the Crown Prosecution Service, officials at the Charity Commission
and employees of BAE Systems are among those in a file of more than
one million user names that is circulating online, putting highly sensitive
correspondence at risk.
The leaked details belong to people who used their
work e-mail to access websites run by the Gawker Media group, founded
by Nick Denton.
20
December 2010: English Defence League donor details 'stolen' after database
hacked:
Supporters of the English Defence League (EDL)
are facing potential embarrassment after a database containing their personal
details was hacked into.
Police are believed to be investigating the security
breach, which also included the far-Right groups’s payment system
being illegally accessed.
Amid fears of violence toward members, the EDL said
it will support vulnerable people. They also urged members to change
their online shopping details after concerns were raised that they would
be published on the internet.
29
December 2010: Gawker was hacked six months ago, say sources close to
Gnosis:
Hackers had access to the gossip site Gawker's
content management system (CMS) and password files for around six months,
rather than the few days suggested by the company, the Guardian has learnt
from sources connected to the break-in ...
The hacking of Gawker and its associated sites led
to the usernames, email addresses and passwords of 1.3 million registered
users of the sites being made available – among them, those for Gawker
staff including its chief Nick Denton ...
The Guardian's sources insist that the Gnosis attack
was not a short-term thing. "They didn't just crack it in a day, they
spent a fair bit of time working on it and they had full access for
at least a month. Mind you, when the database leak rumour was going
around, Gawker publicly announced that they weren't compromised. Either
they were lying to the public and trying to fix the hole, or they didn't
even notice Gnosis in there – given the proper tools it's very easy
to hide yourself on a Linux system."
9
January 2011: Army adds cyberattack to arsenal:
“In the future I don’t think state-to-state
warfare will start in the way it did even 10 years ago,” he said.
“It will be cyber or banking attacks — that’s how I’d
conduct a war if I was running a belligerent state or a rebel movement.
It’s semi-anonymous, cheap and doesn’t risk people.”
The first known incidence of state-to-state cyberattacks
came in Estonia in 2007 when Russia caused chaos in the tiny Baltic
state by disabling the websites of government ministries, political
parties, newspapers, banks and companies in retaliation for the removal
of a Soviet war memorial in Tallinn, the capital. Estonia has mobilised
a cyberdefence league to protect itself.
Moscow used the same tactic the following year during
the Russian invasion of Georgia. It disabled government and commercial
computer systems.
More damaging still was the Stuxnet computer worm that
was used to attack the Iranian nuclear programme in 2009. It disabled
hundreds of centrifuges used to enrich uranium for possible use in weapons.
14
January 2011: Reducing Systemic Cybersecurity Risk (pp.8-9):
Three current trends in the delivery of ICT
services give particular concern: World Wide Web portals are being increasingly
used to provide critical Government-to-citizen and Government-to-business
facilities. Although these potentially offer cost savings and increased
efficiency, over-dependence can result in repetition of the problems faced
by Estonia in 2007. A number of OECD governments have outsourced critical
computing services to the private sector; this route offers economies
and efficiencies but the contractual service level agreements may not
be able to cope with the unusual quantities of traffic that occur in an
emergency. Cloud computing also potentially offers savings and resilience;
but it also creates security problems in the form of loss of confidentiality
if authentication is not robust and loss of service if internet connectivity
is unavailable or the supplier is in financial difficulties
17
January 2011: Security & Resilience in Governmental Clouds:
7. ... The cloud computing business model, on the one
hand, has the potential to offer public administrations substantial
benefits and improvements over current IT provisioning ...
On the other hand, it still shows weaknesses and exposures
to significant threats that could undermine the full exploitation of
all the benefits that such a model could offer. Weaknesses and threats
are mainly linked to the lack of governance and control over IT operations
and the potential lack of compliance with laws and regulations ...
The public cloud option is already able to provide
a very resilient service with an associated satisfactory level of data
assurance and is the most cost effective. Moreover public cloud offers
potentially the highest level of service availability, but due to the
current regulatory complexity of intra-EU and extra-EU trans-border
data transfer, its adoption should be limited to non-sensitive or non
critical applications and in the context of a defined strategy for cloud
adoption which should include a clear exit strategy.
20
January 2011: Carbon trade cyber-theft hits €30m:
Cyber-thieves have stolen as much as €30m in carbon
allowances from the European Union’s emissions trading system,
authorities said, as exchanges across Europe halted trading on Thursday.
Exchanges including ICE Futures Europe, Nasdaq OMX
Commodities Europe and London-based LCH.Clearnet stopped trading of
emissions contracts, which are central to the bloc’s fight against
global warming.
21
January 2011: Lush hackers cash in on stolen cards:
Cyber thieves are cashing in after stealing credit
cards in a hack attack on the website of cosmetics firm Lush.
The online shop was shut down on 21 January and its
home page replaced with a message revealing the attack.
Lush said anyone who placed an online order between
4 October and 20 January should contact their bank in case their card
details had been compromised.
26
January 2011: Facebook's Mark Zuckerberg 'attacked by hackers':
Last night Zuckerberg’s fan page on the website was
attacked by hackers, who took over his page and posted the following
message, pretending to be him...
The hacker attack comes just days after French President
Nicolas Sarkozy’s Facebook account was also breached.
31
January 2011: British and US stock exchanges fend off cyber raids:
Stock exchanges in Britain and the US have turned to
the security services for help after discovering they were the victims
of terrorist plots and attempted cyber attacks that aimed to spread
panic in leading global financial markets.
4
April 2011: Epsilon email hack: millions of customers' details stolen:
Computer hackers have stolen the names and email addresses
of millions of people in one of the largest internet security breaches
in US history.
26
April 2011: PlayStation Network hackers access data of 77 million users:
Sony has warned that the names, addresses and other
personal data of about 77 million people with accounts on its PlayStation
Network (PSN) have been stolen.
3
May 2011: Sony says 25m more users hit in second cyber attack:
Sony said hackers have stolen the personal information
from a further 25m users in a second massive breach of its online games
system ... The theft comes on top of the 77 million PlayStation accounts
taken in a cyberattack revealed last week.
26
May 2011: China admits training cyberwarfare elite unit:
China today admitted for the first time the existence
of a super-elite unit of cyberwarriors – a team supposedly trained to
protect the People’s Liberation Army from outside assault on its networks.
The revelation of the 30-strong crack unit, known as
the “Blue Army" ...
29
May 2011: Lockheed Martin computers under 'significant attack':
In what appeared to be one of the most audacious acts
of cyber-warfare conducted so far, the breach came against a backdrop
of repeated attempts by rivals of the US, chiefly China and Russia,
to infiltrate information networks and glean details of major weapons
systems.
31
May 2011: Cyber weapons 'now integral part of Britain's armoury':
A "toolbox" of offensive cyber weapons is being assembled
to fight hackers targeting military facilities, secret databases, critical
emergency services and Whitehall departments.
1
June 2011: Google phishing: Chinese Gmail attack raises cyberwar tensions:
Tensions between the US, UK and China over the issue
of cyber-attacks were set to escalate after it emerged that Chinese
hackers have stolen the login details of hundreds of senior US and South
Korean government officials as well as Chinese political activists.
1
June 2011: US could respond to cyber-attack with conventional weapons:
In an effort to lay down military guidelines for the
age of internet warfare, President Barack Obama's administration has
been formalising rules on cyberspace amid growing concern about the
reach of hackers.
Defence company Lockheed Martin, the biggest supplier
to the Pentagon, admitted over the weekend that its computer networks
had been subjected to a sustained attack, though it said security had
not been seriously compromised.
The White House's strategy statement on cybersecurity
said the United States "will respond to hostile acts in cyberspace
as we would to any other threat to our country".
12
June 2011: IMF hit by cyber attack from unknown nation state:
The International Monetary Fund has been the target
of a significant and sustained cyber attack by hackers working on behalf
of a nation state aiming to establish a “digital insider presence” on
its network.
16
June 2011: LulzSec hackers claim breach of CIA website:
The CIA has become the latest target of self-styled
"pirate ninja" hackers LulzSec.
The Central Intelligence Agency website was unavailable
for a few minutes on Wednesday evening as the group announced the attack
via Twitter: "Tango down – cia.gov – for the lulz".
"We are looking into these reports," a CIA
spokeswoman said.
The hackers, who describe themselves as "the world's
leaders in high-quality entertainment at your expense", have gained
international notoriety this month with a series of security breaches.
Over the weekend LulzSec broke into a public website
of the US Senate and released data stolen from the legislative body's
computer servers.
Last week they hacked the website of an unnamed NHS
organisation – one of England's primary care trusts. The Department
of Health said no patient's medical records were accessed during the
incident, which it described it as "a local issue" and "quite
a low-level" lapse in IT security.
Earlier this month LulzSec broke into the website of
Sony Pictures Entertainment and exposed information from 37,000 users,
including names, passwords, birthdates and email addresses. It also
hacked into a webserver belonging to Nintendo in the US.
The name of the group is derived from "LOL"
(laugh out loud) and "security".
In Malaysia, at least 51 state-linked websites have
been hit by cyber-attacks in recent days, the country's telecommunications
regulator has confirmed.
The sites are believed to have been targeted by the
Anonymous group of hackers, who had threatened to disrupt Malaysian
sites in protest at a crackdown on entertainment piracy.
5
July 2011: Government backs international cybercrime agency:
The International Cybercrime Security Protection Alliance
(ICSPA) will be a coalition of businesses, the Government and international
police forces such as Europol. Chaired by David Blunkett, the former
Home Secretary, the new body aims to stem the exponential growth of
cybercrime, which it is estimated will cost the UK £27 billion this
year.
12
July 2011: Hackers steal 90,000 email addresses in cyber attack on US
military contractor Booz Allen Hamilton:
An arm of the online collective Anonymous said it had
broken into the computer systems of Booz Allen Hamilton and then posted
the details on the internet ...
The hackers also wiped out four gigabytes of Booz
Allen source code in an attack they called “Military Meltdown Monday.”
The group said: “We infiltrated a server on their
network that basically had no security measures in place.”
Booz Allen provides technological services including
cyber-security consulting to the military and other US government agencies
...
14
July 2011: Pentagon Tries to Lean Forward in Cyberdefense:
Aviation Week also reported that [Deputy Defense Secretary
William Lynn] said one U.S. weapon system under development may have
to undergo redesign following a cyber breach in March. He did not identify
the system. More than 24,000 files containing an unspecified but large
amount of data were copied from a defense contractor’s internal databases,
according to Lynn. Whether and how much redesign will be necessary is
still being studied.
15
July 2011: US forced to redesign secret weapon after cyber breach:
The United States may be forced to redesign an unnamed
new weapon system now under development – because tech specs and plans
were stolen from a defence contractor's databases.
15
July 2011: Pentagon reveals 24,000 files stolen in cyber-attack:
The Pentagon has disclosed that it suffered one of
its largest ever losses of sensitive data in March when 24,000 files
were stolen in a cyber-attack by a foreign government.
25
July 2011: Anonymous hacks Italy's critical-national-IT protection:
Hacktivists have posted "secret documents"
stolen from an Italian cybercrime unit.
The documents – 8GB of files – were extracted
from a system maintained by the Centro Nazionale Anticrimine Informatico
per la Protezione delle Infrastrutture Critiche (CNAIPIC), the organisation
charged with guarding the country's critical IT infrastructure.
25
July 2011: Head fed cyberspook resigns abruptly:
The head of a group that helps the federal government
ward off computer attacks abruptly resigned Friday, amid a spate of
high-profile assaults hitting government agencies and contractors.
The departure of US Computer Emergency Readiness Team
director Randy Vickers was first reported Monday by InformationWeek,
which cited an internal email sent to US-CERT staff. The email gave
no reason for the resignation, which is effective immediately.
Over the past six months, security breaches have hit a variety of government
contractors and partners, including Lockheed Martin, L3 Communications,
and affiliates of the FBI. Attacks have also successfully targeted the
CIA, the US Senate, and the Oak Ridge National Laboratory.
1
August 2011: LulzSec hacking: teenager ‘had cache of 750,000 passwords’:
Jake Davis, 18, used a network of 16 machines at his
home in the Shetland Islands, prosecutors said this morning. The information
held on the network included web log-in details of hundreds of thousands
of people, it is alleged ...
In June, Ryan Cleary, a 19-year-old from Wickford in
Essex, was also charged in relation to the attack on Soca's website.
A further arrest, of a 16-year-old boy from south London, followed in
July. He was released on police bail pending further inquiries.
1
October 2011: Flaw in software puts online savers at risk:
Millions of online banking customers are at risk of
fraud because of a "fundamental" flaw in key security software,
The Times has learnt.
Major British banks, including HSBC and Santander,
strongly advise customers to install specialist software called Trusteer
Rapport in order to protect themselves from fraudsters when logging
into banking websites ...
Times Money has seen evidence that the software's
keylogger protections — designed to prevent fraudsters recording users'
login and credit card details — can be hacked by computer security specialists
with "minimal effort" in less than a minute ...
Neil Kettle, a computer security researcher who discovered
the problem, says that it was "almost inevitable" that criminals
would start exploiting the weakness, particularly because the software
allows them to identify online banking customers.
19
October 2011: Stuxnet-based cyber espionage virus targets European firms:
... while Stuxnet was created to cause physical damage
to Iran’s uranium enrichment facilities by surreptitiously adjusting
machinery, Duqu is an intelligence-gathering tool.
The new virus’ precise targets have not been
disclosed, but they include European firms that make the software that
controls power stations and other industrial facilities. By infiltrating
their computer networks, it aims to steal confidential information and
potentially reveal vulnerabilities that could be exploited in later
attacks.
27
October 2011: Chinese hackers suspected of interfering with US satellites:
Chinese hackers are suspected of having interfered
with the operation of two US government satellites on four occasions
via a ground station, according to a report being prepared for the US
Congress.
31
October 2011: Strong protection is vital to keep a force for good:
The volume of e-crime and attacks on government and
industry systems continue to be disturbing. I can attest to attempts
to steal British ideas and designs — in the IT, technology, defence,
engineering and energy sectors, as well as other industries — to
gain commercial advantage or to profit from secret knowledge of contractual
arrangements. Such intellectual property theft doesn’t just cost
the companies concerned: it represents an attack on the UK’s continued
economic wellbeing.
We are also aware of similar techniques being employed
to try to acquire sensitive information from British government computer
systems, including one significant (but unsuccessful) attempt on the
Foreign Office and other government departments this summer.
Criminals are using cyberspace to extort money and
steal identities, as well as exploit the vulnerable. Increasingly sophisticated
techniques target individuals. We are witnessing the development of
a global criminal market place — a parallel black economy where
cyber dollars are traded in exchange for UK citizens’ credit card
details ...
Iain Lobban is the Director of GCHQ
20
November 2011: Cyber-attack claims at US water facility:
US homeland security and FBI officials are investigating
an apparent cyber-attack on a water utility near Springfield, Illinois.
The attack may have been the cause of a water pump
shutdown, and could be the first case of foreign hackers successfully
targeting a US industrial facility.
US press reported that the company's database was compromised
with hackers retrieving the supervisory control and data acquisition
(Scada) software. During the attack the Scada system was turned on and
off, burning out the water pump.
21
November 2011: Lockheed Martin set to open British cyber security division:
The world’s largest defence company is to establish
a cyber security division in Britain to counter the growing threat from
digital attacks.
Lockheed Martin will open its Security Intelligence
Centre at Farnborough in Hampshire next week and expects to employ up
to 300 people there by 2015.
The American company is hoping to challenge rivals
such as BAE Systems, EADS and Thales, which already provide cyber protection
in the UK.
Cyber attack has been identified as one of the four most serious threats
to national security as amateur hackers and criminal gangs, as well
as nations, look to exploit system weaknesses.
According to a recent report from the Cabinet Office,
cyber crime costs British business about £21 billion a year.
25 November 2011:
UK
cyber security strategy due to be unveiled
UK
cyber crime unit to launch attacks on ‘enemies’
GCHQ
to sell off spy expertise
GCHQ
to offer British firms expertise in cybercrime
24
December 2011: Hidden Dragon: The Chinese cyber menace:
Cybercrooks and patriotic state-backed hackers in China
are collaborating to create an even more potent security threat, according
to researchers ...
The Wall Street Journal reported
last Tuesday that US authorities have managed to trace several high-profile
hacking attacks, including assaults against RSA Security and defence
contractor Lockheed Martin, back to China. Information obtained during
an attack on systems behind RSA's SecurID tokens was later used in a
failed attack against Lockheed Martin.
25
December 2011: Hackers 'steal US data in Christmas-inspired assault':
Hackers with the loose-knit movement "Anonymous" have
claimed to have stolen a raft of emails and credit card data from US-based
security think tank Stratfor, promising it was just the start of a weeklong,
Christmas-inspired assault on a long list of targets ...
Hours after publishing what it claimed was Stratfor's
client list, Anonymous tweeted a link to encrypted files online. It
said the files contained 4,000 credit cards, passwords and home addresses
belonging to individuals on the think tank's private client list.
8
January 2012: Hackers expose defence and intelligence officials in US
and UK:
Thousands of British email addresses and encrypted
passwords, including those of defence, intelligence and police officials
as well as politicians and Nato advisers, have been revealed on the
internet following a security breach by hackers.
Among the huge database of private information exposed
by self-styled "hacktivists" are the details of 221 British
military officials and 242 Nato staff. Civil servants working at the
heart of the UK government – including several in the Cabinet Office
as well as advisers to the Joint Intelligence Organisation that acts
as the prime minister's eyes and ears on sensitive information –
have also been exposed.
The exposure of the database came after hackers –
who are believed to be part of the Anonymous group – gained unauthorised
access over Christmas to the account information of Stratfor ...
16
January 2012: Israel hit by cyber-attacks on stock exchange, airline and
banks:
Hackers disrupted online access to the Tel Aviv stock
exchange, El Al airlines and three banks on Monday, in what the government
described as a cyber-offensive against Israel.
The attacks came just days after an unidentified hacker,
proclaiming Palestinian sympathies, posted the details of thousands
of Israeli credit card holders and other personal information on the
internet in a mass theft.
Stock trading and El Al flights operated normally despite
the disruption, which occurred as Israeli media reported that pro-Palestinian
hackers had threatened at the weekend to shut down the Tase stock exchange
and airline websites.
While apparently confined to areas causing only limited
inconvenience, the attacks have caused particular alarm in a country
that depends on high-tech systems for much of its defence against hostile
neighbours. Officials insist, however, that they pose no immediate security
threat ...
3
February: Anonymous spies on FBI / UK Police hacking investigation conference
call:
A recording of a confidential conference call between
the FBI and UK law enforcement officers at the Metropolitan Police has
been released by Anonymous on the internet.
The inference has to be that hackers were able to secretly
access the call because they have compromised a police investigator's
email account.
David Moss has spent seven
years campaigning against the Home Office's ID card scheme.
- © 2010 Business
Consultancy Services Ltd
- on behalf of Dematerialised
ID Ltd
|