Experts warn that the global shipping industry is vulnerable to cyber-attack

Experts warn that the global shipping industry is vulnerable to cyber-attack

Security experts warn that the sector transporting 90 per cent of world trade is highly vulnerable

Offloading, or lightering, grain from an oil t...

PUBLISHED : Thursday, 24 April, 2014, 10:03pm

The next hacker target appears likely to be the open seas and the oil tankers and container vessels that ship 90 per cent of the goods moved around the planet.

Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make the rig seaworthy again.

Somali pirates help choose their targets by viewing navigational data online, prompting ships to turn off navigational devices or fake the data so it looks like they are somewhere else. Also, hackers attacked the Belgian port of Antwerp, located containers, made off with their smuggled drugs and deleted the records. Continue reading “Experts warn that the global shipping industry is vulnerable to cyber-attack”

Ukraine (cyber) war in full swing

2014-03-17 07:29

computer art
computer art (Photo credit: visual velocity pc)

Kiev – With cyber attacks already launched against Crimean separatists, the Kremlin and Nato, the ground war may not have started in Ukraine but computer warfare is already raging.

In recent days – and with increasing intensity on Sunday – a virtual war has commenced in the countries at the centre of the worst East-West diplomatic crisis since the end of the Cold War.

The “soldiers” of this war don’t wear uniforms and don’t necessarily swear allegiance to one particular country. Their chosen weapon is the “Denial of Service” attack designed to overwhelm web servers and make their websites unusable.

The attacks accelerated as soon as voting booths opened on Sunday for the referendum in Crimea on whether the region will join Russia.

The site created by separatist groups to monitor the vote was blocked for an hour on Sunday, with the pro-Russian government accusing hackers from an American university, Urbana-Champaign in Illinois, of being behind the attack. Continue reading “Ukraine (cyber) war in full swing”

Armed forces are vulnerable to cyber attack, warn MPs ” entire combat units, such as aircraft and warships, could be rendered completely dysfunctional by a cyber attack “

Commons Defence Committee said threat to UK security had ability to evolve at ‘almost unimaginable speed’

Gavin Cordon

Wednesday, 9 January 2013

The armed forces are now so dependent on information technology that their ability to operate could be “fatally compromised” by a sustained cyber attack, MPs warned today.

The Commons Defence Committee said the cyber threat to UK security had the ability to evolve at “almost unimaginable speed” and questioned whether the Government had the capacity to deal with it.

It called on ministers to take a more hands-on approach to ensure proper contingency plans were in place.

The committee heard evidence that entire combat units, such as aircraft and warships, could be rendered completely dysfunctional by a cyber attack.

Experts warned an enemy could seek to target radar or satellites to create a “deceptive picture” in the military command structure while the increased use of unmanned drones and battlefield robots potentially added to the vulnerability.

“The evidence we received leaves us concerned that with the armed forces now so dependent on information and communications technology, should such systems suffer a sustainedcyber attack, their ability to operate could be fatally compromised,” the committee said.

“Given the inevitable inadequacy of the measures available to protect against a constantly changing and evolving threat … it is not enough for the armed forces to do their best to prevent an effective attack.

“In its response to this report the Government should set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so – and urgently create some.”

The committee accused ministers of “complacency” over the failure to develop rules of engagement covering the military response to a cyber attack on the UK.

“Events in cyberspace happen at great speed. There will not be time, in the midst of a major international incident, to develop doctrine, rules of engagement or internationally-accepted norms of behaviour,” it said.

“There is clearly still much work to be done on determining what type or extent of cyber attack would warrant a military response.”

Committee chairman James Arbuthnot said it was now essential that ministers took the lead in ensuring effective plans were in place to cope with the threat.

“It is our view that cyber security is a sufficiently urgent, significant and complex activity to warrant increased ministerial attention,” he said.

“The Government needs to put in place – as it has not yet done – mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities which cyberspace presents.”

Defence Minister Andrew Murrison rejected accusations of complacency, saying the Government was investing £650 million over four years in the national cyber security strategy programme.

“The UK Armed Forces and the equipment and assets they use are amongst the world’s most modern and advanced, so of course information technology plays a vital role in their operation,” he said.

“Far from being complacent, the MoD takes the protection of our systems extremely seriously and has a range of contingency plans in place to defend against increasingly sophisticated attacks although, for reasons of national security, we would not discuss these in detail.

“Government funding to tackle this threat underlines the important we attach to these issues.”

Shadow defence secretary Jim Murphy said: “This report is worrying. The Government stand accused of complacency and lacking contingency planning.

“Policy progress is falling behind the pace of the threat our armed forces face.

“Developing professional expertise, advanced research, bringing public and private sectors together, using procurement to promote best practice and working with international partners are all essential elements of a comprehensive cyber-security strategy for our forces.

“Vulnerabilities must be tackled urgently and ministers must respond in detail to the demands in this report. Cyber demands new strategies and capabilities as part of a necessarily diverse modern defence posture.”

PAhttp://www.independent.co.uk/news/uk/home-news/armed-forces-are-vulnerable-to-cyber-attack-warn-mps-8443693.html#

Israeli Hackers Leak Credit Card Data from Palestine ISP

!!EEV: Again, always proceed with caution when clicking unknown links!!

Along war with airstrikes between Israel and Palestine, Cyber war between hackers from both country on fire.
.
First Hackers from all over world who supporting Palestine start attacking Israeli sites, now a hacker going by name “yourikan” has leaked a complete database from an ISP called PALNET (http://www.palnet.ps).
.
palnet
In a statement, hacker told ‘The Hacker News’, “this is in react of the latest terror from Palestine in the missiles against Israel and the cyber war against us say no to Palestine! say no to terror!
.
Leaked database has been posted on pastebin and downloadable file on anonfiles and including credit card details and full personal address, numbers, names of various Israeli users and admin password and snmp secrets files.
.

About Author:

Photo-Mohit+(Mobile)Mohit Kumar aka ‘Unix Root’  is Founder and Editor-in-chief  of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. His editorials always get people thinking and participating in the new and exciting world of cyber security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. His all efforts are to make internet more Secure.

 

http://thehackernews.com/2012/11/israeli-hackers-leak-credit-card-data.html

Attorneys: Obama’s ‘secret’ cyber security law may allow ‘military deployment within the U.S.’

By Stephen C. Webster Thursday, November 15, 2012 11:54 EST

Military cyber security. Photo: Shutterstock.com, all rights reserved.

The White House on Wednesday receieved a Freedom of Information Act (FOIA) request (PDF link) from two attorneys with the Electronic Privacy Information Center (EPIC), demanding that President Barack Obama release the text of what they called a “secret” new cyber security law that appears to enable “military deployment within the United States.”

The FOIA was filed in response to an article that appeared in The Washington Post this week, claiming that Obama issued a secret directive shortly before the elections that empowers the military to “vet any operations outside government and defense networks” for cyber security purposes.

However, because the exact text of the directive remains a secret, nobody can really say exactly what it does. That was somewhat disconcerting to American Civil Liberties Union legislative counsel Michelle Richardson, who told Raw Story on Wednesday that without the text, “it’s hard to see what they mean.”

In their FOIA, EPIC attorneys Amie Stepanovich and Ginger McCall go even further, arguing that the directive is tantamount to the president issuing a “secret law” that may enable “military deployment within the United States” in order to vet network security at companies like AT&T, Facebook, Google and others. And indeed, the Post‘s article seems to substantiate that concern, explaining that the order will help “finalize new rules of engagement that would guide commanders when and how the military can go outside government networks to prevent a cyberattack that could cause significant destruction or casualties.”

But that’s literally all anyone outside of the chain of command knows about this order, McCall told Raw Story Thursday afternoon. “We don’t know what’s in this policy directive and we feel the American public has the right to know.”

“The NSA’s cyber security operations have been kept very, very secret, and because of that it has been impossible for the public to react to them,” Stepanovich added. “[That makes it] very difficult, we believe, for Congress to legislate in this area. It’s in the public’s best interest, from a knowledge perspective and from a legislative perspective, to be made aware of what authority the NSA is being given.”

Such an order, reportedly issued last month, may have actually overridden Congress concerns amid a debate on cyber security. Senate Democrats failed on Wednesday to pass a cyber security bill that would have put the civilian-run Department of Homeland Security in charge of the nation’s cyber defenses instead of the military-run National Security Agency. Republicans succeeded in blocking the bill even though it had the support of 51 senators, in a move The New York Times described as “setting the stage” for executive action to safeguard the nation’s network infrastructure.

“Our concern is buttressed by an earlier FOIA request that we submitted, when [NSA Director] General Keith Alexander had been asked a few questions [during his confirmation hearing] that he did not answer publicly,” Stepanovich said. “He submitted answers in a private, classified supplement, which we also do not have publicly available. There was a question about the monitoring of private communication networks. Whatever answer he gave is not public, but it may implicate now what the NSA is attempting to do.”

Raw Story (http://s.tt/1tB2Y)

Exclusive: SEC left computers vulnerable to cyber attacks – sources

By Sarah N. LynchPosted 2012/11/08 at 8:55 pm EST

WASHINGTON, Nov. 8, 2012 (Reuters) — Staffers at the U.S. Securities and Exchange Commission failed to encrypt some of their computers containing highly sensitive information from stock exchanges, leaving the data vulnerable to cyber attacks, according to people familiar with the matter.

While the computers were unprotected, there was no evidence that hacking or spying on the SEC’s computers took place, these people said.

The computers and other electronic devices in question belonged to a handful of employees in an office within the SEC’s Trading and Markets Division. That office is responsible for making sure exchanges follow certain guidelines to protect the markets from potential cyber threats and systems problems, one of those people said.

Some of the staffers even brought the unprotected devices to a Black Hat convention, a conference where computer hacking experts gather to discuss the latest trends. It is not clear why the staffers brought the devices to the event.

The security lapses in the Trading and Markets Division are laid out in a yet-to-be-released report that by the SEC’s Interim Inspector General Jon Rymer.

NO DATA BREACHED

The revelation comes as the SEC is encouraging companies to get more serious about cyber attacks. Last year, the agency issued guidance that public companies should follow in determining when to report breaches to investors.

Cyber security has become an even more pressing issue after high-profile companies from Lockheed Martin Corp to Bank of America Corp have fallen victim to hacking in recent years.

Nasdaq OMX Group, which runs the No. 2 U.S. equities exchange, in 2010 suffered a cyber attack on its collaboration software for corporate boards, but its trading systems were not breached.

One of the people familiar with the SEC’s security lapse said the agency was forced to spend at least $200,000 and hire a third-party firm to conduct a thorough analysis to make sure none of the data was compromised.

The watchdog’s report has already been circulated to the SEC’s five commissioners, as well as to key lawmakers on Capitol Hill, and is expected to be made public soon.

SEC spokesman John Nester declined to comment on the report’s findings.

SEC NOTIFIED EXCHANGES

Rich Adamonis, a spokesman for the New York Stock Exchange, said the exchange operator is “disappointed” with the SEC’s lapse.

“From the moment we were informed, we have been actively seeking clarity from the SEC to understand the full extent of the use of improperly secured devices and the information involved, as well as the actions taken by the SEC to ensure that there is proper remediation and a complete audit trail for the information,” he said.

A spokesman for Nasdaq OMX declined to comment on the security lapse at the SEC.

Since the internal investigation was concluded, the SEC initiated disciplinary actions against the people involved, one of the people familiar with the matter said.

The SEC also notified all of the exchanges about the incident.

The SEC’s Trading and Markets Division, which has several hundred staffers, is primarily responsible for overseeing the U.S. equity markets, ensuring compliance with rules and writing regulations for exchanges and brokerages.

Among the division’s tasks is to ensure exchanges are following a series of voluntary guidelines known as “Automation Review Policies,” or ARPs. These policies call for exchanges to establish programs concerning computer audits, security and capacity. They are, in essence, a road map of the capital markets’ infrastructure.

Although they are only voluntary guidelines, exchanges take them seriously.

Under the ARP, exchanges must provide highly secure information to the SEC such as architectural maps, systems recovery and business continuity planning details in the event of a disaster or other major event.

That is the same kind of data used by exchanges last week after Hurricane Sandy forced U.S. equities markets to shut down for two days.

Prior to re-opening, all of the U.S. stock market operators took part in coordinated testing for trading on NYSE’s backup system.

SEC Chairman Mary Schapiro recently said the SEC is working to convert the voluntary ARP guidelines into enforceable rules after a software error at Knight Capital Group nearly bankrupt the brokerage and led to a $440 million trading loss.

(Reporting by Sarah N. Lynch; Editing by Karey Wutkowski and Lisa Shumaker)

http://www.newsdaily.com/stories/bre8a804p-us-sec-cyber/

 

Millions affected after cyber attack on HSBC

HSBC’s websites across the world have been hit by one of the largest cyber attacks to strike a bank in an attack that left millions of customers without access to online services.

HSBC

An unknown group launched a so-called “denial of service” attack on Britain’s largest bank on Thursday evening, crashing web-based services for about seven hours. Photo: ALAMY

 

Harry Wilson

By , Banking correspondent

9:54PM BST 19 Oct 2012

An unknown group launched a so-called “denial of service” attack on Britain’s largest bank on Thursday evening, crashing web-based services for about seven hours.

At its peak, HSBC was deluged with internet traffic 500 times its normal level, five times higher than the amount of traffic that hit the bank in a similar attack earlier this year.

A spokesman for the bank said full internet services were restored by 3am yesterday and claimed that no customer data had been compromised as a result of the attack.

“We are co-operating with the relevant authorities and will co-operate with other organisations that have been similarly affected by such criminal acts,” HSBC said. “We apologise for any inconvenience caused to our customers throughout the world.”

US financial group Capital 1 is also understood to have been hit by a similar denial of service attack at the same time as HSBC.

Several parties have claimed responsibility for the attacks, which have been linked to Islamic groups protesting against controversial film The Innocence of Muslims, which they want removed from the internet.

Businesses increasingly see cyber attacks as one of their biggest threats given the migration of consumers online.

The Government issued advice to British business leaders last month on how to protect themselves from such threats.

U.S. Needs Offensive Weapons in Cyberwar: General

Oct. 4, 2012 – 08:06PM   |

By AGENCE FRANCE-PRESSE

WASHINGTON — The United States needs to develop offensive weapons in cyberspace as part of its effort to protect the nation from cyber attacks, a senior military official said Oct. 4.

“If your defense is only to try to block attacks you can never be successful,” Gen. Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, told a Washington symposium.

“At times, the government has to look at what you have to do to stop an attack — stop it before it happens. Part of our defense has to consider offensive measures.”

Alexander, who spoke at a cybersecurity summit sponsored by the U.S. Chamber of Commerce, said any offensive cyber action would need to follow rules of engagement similar to those in other military situations.

“We have to have a discussion on this,” he said.

Alexander’s comments come as the U.S. military has started studying various strategies in cyberspace, including offensive weapons.

The Defense Advanced Research Projects Agency has begun studying building a platform for offensive capabilities in cyberspace and has called for participation from academic and industry experts.

The U.S. government has stopped short of confirming involvement in cyber weapons such as the Flame and Stuxnet viruses that have targeted Iran, but many analysts say there is evidence of U.S. or Israeli involvement.

http://www.defensenews.com/article/20121004/DEFREG02/310040008/U-S-Needs-Offensive-Weapons-Cyberwar-General?odyssey=tab|topnews|text|FRONTPAGE

U.S. finance industry warned of cyber attacks

By Agence France-Presse Wednesday, September 19, 2012 20:22 EDT

Bank of America customers at a Bank of America machine.

NEW YORK — A US financial industry group warned banks and other institutions to beware of cyber attacks Wednesday, after some firms reported sporadic problems with their websites.

The Financial Services Information Sharing and Analysis Center said it raised its cyber threat level from “elevated” to “high.”

The group, which monitors cyber threats to the sector, cited “recent credible intelligence regarding the potential for DDoS and other cyber attacks against financial institutions.”

DDoS stands for “distributed denial of service”, attacks in which vast numbers of computers simultaneously attempt to contact the target networks, swamping their servers.

It also said a vulnerability reported in Microsoft’s Internet Explorer browser was a factor.

“Members should maintain a heightened level of awareness, apply all appropriate updates… and ensure constant diligence in monitoring and quick response to any malicious events,” the group said on its website.

On Tuesday, the Site Intelligence Group said a group of hackers calling themselves the “Cyber fighters of Izz ad-din Al Qassam” announced an attack on Bank of America and the New York Stock Exchange websites.

The group claimed they were in retaliation for the release of the controversial movie “Innocence of Muslims,” which has led to massive protests across the Muslim world.

The NYSE declined to comment, but a source familiar with the exchange said the site was not affected.

Bank of America spokesman Mark Pipitone said the financial giant’s website “is, and has been available throughout the day, although some customers may have experienced occasional slowness.”

Asked about the reported attack, the spokesman said: “I can assure you we continuously take proactive measures to secure our systems.”

JPMorgan Chase’s consumer bank unit also reported some slowness.

“Some customers are having trouble getting on Chase.com. We’re working on it and apologize for the frustration,” a spokesman said