Tag Archive | China

CISPA Bill Passed by Representatives Again – Trouble on the Horizon!

The Cyber Information Sharing and Protection Act, AKA CISPA, has once again passed in the US House of Representatives. Reminder that this bill gives government agencies and their other agencies access to personal, private user data to help monitor for the presence of hackers.

Now, when CISPA was first passed, Senate said NO! Also, President Barack Obama has said that he’d veto the bill if it came through his office. Because of the different privacy issues, many advocates against this bill will fight it to the end.

This bill has been backed by bigwig business for a long period of time, almost since the beginning of the talks of this bill. Maybe it could be the big government contract ($$$) for these big businesses that seem attractive or maybe could be the fact that these business truly believe to end hackers’ abilities.

Will it completely stop hacker initiatives? Probably not. However, it would provide the ability to try to limit some of the bigger initiatives.

Government sectors of China, Russia, etc. are a bit of a cyberthreat to the United States, information access is what the US will need if it wants ahead of the game. Do you agree?

Of course the president of the US doesn’t want it passed if it violates the rights of citizens. But, in the end, realize that if money among other things, like personally-identifiable-information were to be stolen every year — and people would realize this, then people should have no problem with their data being accessible to US authorities rather than hackers.

The bright side would be, is if government authorities have access to your private data, it isn’t going to spread around like wildfire, unlike what’d happen if a hacker got a hold of it.

It’s easy to do an Internet search for lists of email addresses, and pull up loads upon loads of private email addresses that hackers posted in public to humiliate those that haven’t been smart enough to keep it secret.

Spammers and phishers, all the time, access your private information on Facebook, if you accidentally click the wrong link or follow a malicious email link – which asks you to ‘enter your Facebook username and password to continue.’

Some people argue that the government doesn’t care for internet users but rather cares for the money they’d get. Well, actually, if you think about it, the government is paying these big businesses to participate in the information sharing process, so the American people’s pocketbooks/wallets can be protected, and their own privacy.

Who else has protested this? Anonymous:

Even the Reddit co-founder is urging the US Government to NOT pass it.

What should be our take? You decide. My vote is neutral. I see this bill as a good thing in spots (because of potentially ending hacker initiatives and malware/virus threats), however, it poses a major privacy threat. For most advocates of privacy, I agree with them.

Your opinion matters too! Contact your local senator and let your voice be heard. It’s usually best to write a letter, which provides good results. Providing written documentation of a fair but firm protest is the best way to go.

Mandiant is investigating hacks in efforts to better their research

Mandiant, the company behind the big research report we talked about on APT1, is now asking for people to talk about their hacking episodes they’ve been affected with. They’re trying to be the go-to investigators, it seems, for the Fortune 1000.

When trying for importance, first of all, let your work speak for yourself instead of trying so hard and stating your intents. Anyway, back on topic…When the New York Times was hacked back in late 2012, phone calls were made to Mandiant. When Mandiant investigated this issue, reports were shown that the hacks were coming from a hidden firm in the Chinese military, called APT1.

Chinese Defense Building

Sketch of the 12-Story Shanghai-based defense headquarters of unit 61398.

A 60-page report (PDF), which was created by Mandiant, detailed the issues behind cyber-espionage group APT1.  The New York Times detailed all about APT1 as well (which summarized some info in the 60-pg. report), and by rights done so out of anger/reply against the crime group.

One of the surprising aspects of the report, is that APT1 practiced spearphishing attacks on the NYT, but what were they targeting? A big organization with big media possibilities. That’s the point in spearphishing.

Mandiant’s data forensic capabilities are stepping it up, and now they want to know about your hacks that have been experienced. They’re looking to investigate more of the issues behind some of the hacks. They want to target the organizations, whomever they are, that are behind these small-to-large scale attacks.

Check out this video from Mandiant:

Some of Mandiant’s operations can be read on their annual report.

This proves that the investigations are continuing in trial for the cyberwars that are going on around the world. It’s still continuing, and even stepped up in some means.

Feel free to comment on this story below.

China Largest Cyber Threat Says US Panel

A draft of a recent congressional report highlighted by Bloomberg, says China as the largest cyber threat to the US and the world. Apparently, as the report shows, hackers in China are increasingly targeting the US military and defense contractor computers.

The Bloomberg article highlighted: “China’s persistence, combined with notable advancements in exploitation activities over the past year, poses growing challenges to information systems and their users,” the U.S.- China Economic and Security Review Commission said in the draft obtained by Bloomberg News. “Chinese penetrations of defense systems threaten the U.S. military’s readiness and ability to operate.”

It appears the volume of activity from China, even though their attacks are not of much substance, still makes them quite a threat in the cyberwar landscape. Some of the simple things, including hacking and exploitation, are no surprise to US security experts and military intelligence workers. Most of the time, the report states, intelligence or technology information was collected. An actual attack was not always, necessarily, the aim. With China’s cyberwarfare militia gaining, it’ll become quite an opponent in cyberwar.

The report is scheduled for November 14 of this year, and will provide an establishment for the United States to punish and penalize foreign countries or firms for cyber (industrial) espionage.

Kaspersky secure operating system in production

Kaspersky Lab is currently working on their own operating system from scratch, which includes the ability to help monitor business and government servers, further protecting them from government malware attacks. Government malware include Stuxnet, Flame, Duqu, Gauss, etc.

The whole point of the OS is to protect the various complex industrial systems we see today, especially in government facilities, corporations, and other industrial sectors.

Many government agencies are in fear that their systems/servers are still compromised, and without a good operating system, these systems/servers may still be at risk. Meanwhile, some companies/government facilities are overwhelmed with the idea of having to update their programs, keep patches up-to-date, etc., and also keeping the system continually running. Therefore, a secure operating system is a good plan to be in the works.

Kaspersky Lab held the operating system as a secret for quite a while, but now will be releasing information and updates: “Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on,” Eugene Kaspersky, CEO of Kaspersky Lab, said in a blog post.

Apparently, the protocols SCADA (Supervisory Control and Data Acquisition) and PLCs (Programmable Logic Controllers) don’t require authentication to access them, which present a huge security risk. With that in mind, the secure OS will work on making that more of a secure approach.

With these new ideas into a secure OS, it will pave the way for a greater security realm in the industrial, corporate, governmental sectors, etc.

 

%d bloggers like this: