Cyber security incidents and their risk continue to rise, says a new report from the U.S. Government Accountability Office.
Read full entry »The House is sending a message to the White House and Senate Democrats this week by passing a batch of cyber-security bills aimed at preventing the digital version of a Pearl Harbor, reports Politico. The idea is to spur Democrats to move — giving them the choice to either bring their own stalled bill to a vote or risk standing on the wrong political side of a national security issue.
The bills — including the controversial Cyber Intelligence Sharing and Protection Act — are expected to pass the House without a problem by Friday, giving Republicans a partisan talking point and providing them cover should cyber-enemies execute attacks against American agencies or utilities. It’s a tough spot for Senate Majority Leader Harry Reid and for President Barack Obama, whose aides lean toward the Senate’s comprehensive cyber-security approach but have been unwilling to box themselves in by criticizing the House bill directly.
Read full entry »Cyber attacks are the most serious economic and national security threat the United States faces, but the country has a shortage of skilled experts who could head off that threat, reports CNN. Homeland Security Secretary Janet Napolitano says there is job market for cyber warriors who can protect the nation's computer networks from an attack, but many of those jobs are going unfilled, Napolitano said, due to "a lack of expertise."
Homeland Security says it responded to more than 106,000 cyber attacks in 2011. Napolitano says without more experts in repelling those incursions, the U.S. economy could be the biggest casualty. A successful attack could mean another country stealing American intellectual property, like technology, research or trade secrets. Industry insiders estimate the economic loss could be in the billions of dollars.
Read full entry »Writing in the New York Times, Microsoft researchers Dinei Florêncio and Cormac Herley say estimates of cybercrime losses are mostly mythology. They write, "We have examined cybercrime from an economics standpoint and found a story at odds with the conventional wisdom. A few criminals do well, but cybercrime is a relentless, low-profit struggle for the majority." They say that estimated annual direct consumer losses from cybercrime--$114 billion worldwide in one recent example--"are generated using absurdly bad statistical methods, making them wholly unreliable."
The estimates typically are based on narrow surveys of consumers and businesses which are then extrapolated for the broader population, even though big losses by one or two respondents account for the majority of losses. They write, "It is the rule, rather than the exception. Among dozens of surveys, from security vendors, industry analysts and government agencies, we have not found one that appears free of this upward bias. As a result, we have very little idea of the size of cybercrime losses." They conclude, "Surveys that perpetuate the myth that cybercrime makes for easy money are harmful because they encourage hopeful, if misinformed, new entrants, who generate more harm for users than profit for themselves."
Read full entry »The European Union will open a new cybercrime center in the Netherlands next year to combat online fraudsters who are skimming millions of euros a day from a growing number of its half billion citizens, reports the International Herald Tribune. In addition, an EU committee proposed mandatory jail time across all 27 member states for some online offenses. The EU Commission said cybercrime was a global and cross-border phenomenon that now brought more profits for organized crime — $388 billion a year worldwide — than the global trade in marijuana, cocaine and heroin combined.
In Europe, detection and prosecution of cybercrime has been hampered by inadequate information sharing between national jurisdictions. The new center, set to open early next year, will focus on organized crime gangs engaged in online fraud, online predators who sexually exploit children, and hackers who attack critical infrastructure and IT systems. It will be located at the headquarters of Europol, the European criminal intelligence agency in The Hague. The Commission estimated that more than a third of EU citizens now bank online and the incidence of fraud is growing.
Read full entry »The New York Times profiles Sabu, a hacker viewed as the mastermind of brash computer attacks intended to cripple the governments of Algeria and Zimbabwe, to shame some of the biggest brand-name companies in the world. His real identity--Hector Xavier Monsegur, 28--was revealed this week when the federal government announced that he had informed on his former colleagues in the hacking group Anonymous. The Times said he did his work from a housing project apartment on Avenue D on the Lower East Side of Manhattan.
Neighbors often complained about his pounding music and barking pit bull. A large man known as Booby, he was raising the two young children of his imprisoned aunt. He paid bills with stolen credit cards and dabbled in drug sales. In one neighborly gesture, he offered to use his hacking skills to sweeten other tenants’ credit ratings. On Twitter, he was prone to grand declarations: “Give us liberty or give us death — and there’s billions of us around the world. You can’t stop us. Because without us you won’t exist.” His father, also named Hector Monsegur, was arrested in 1997 along with his sister, Iris, for selling heroin. Both went to prison for seven years. He attended Washington Irving High School, but left in 2001 without finishing ninth grade. Court documents say he went to college, though it is unclear if he actually did.
Read full entry »FBI Director Robert Mueller told Congress Wednesday that terrorists may seek to train their own recruits or hire outsiders with an eye toward pursuing cyber attacks on the United States. “Terrorists have not used the Internet to launch a full-scale cyber attack, but we cannot underestimate their intent,” Mueller said in prepared testimony to a House appropriations subcommittee.
He said terrorists have shown interest in developing hacking skills, and that the evolving nature of the problem makes the FBI’s counterterrorism mission more difficult. Mueller said there are FBI cyber squads in each of the bureau’s 56 field offices. The FBI has more than 1,000 specially trained agents, analysts, and digital forensic examiners who run complex undercover operations and examine digital evidence. The hacking group Anonymous embarrassed the F.B.I. in February when it posted a 16-minute recording of a conference between the bureau and law enforcement officials in Europe about their joint investigation into the hackers.
Read full entry »Police departments around the country reap huge PR benefits from social media networking on Facebook and Twitter. But sometimes the public crosses the line.
Read full entry »Teen sexting of nude photos online or via cellphone may be far less common than people think, says new research reported by the Associated Press. Only 1 percent of kids 10 to 17 have shared images of themselves or others that involve explicit nudity, a nationally representative study found. Abouty the same number said they'd shared suggestive but less graphic photos; while 7 percent said they'd received either type of picture.
Previous reports said as many as one in five young people have participated in sexting. A separate study on how police deal with teen sexting of photos found that contrary to some reports, few kids are being prosecuted or forced to register as sex offenders for sexting. It estimates that nearly 4,000 teen sexting cases were reported to police nationwide in 2008 and 2009. About one-third of those cases resulted in arrests. The studies were released today in the journal Pediatrics. The results suggest that police generally aren't overreacting to teen sexting, said researcher Janis Wolak.
Read full entry »When the online group Anonymous hacked its way into 70 law enforcement computer systems last summer, the ease with which it broke into the websites...
Read full entry »Federal authorities have seized 150 domain names for Web sites that featured alleged knock-offs of authentic jerseys, handbags, sports equipment, and other items, reports the Blog of Legal Times. The results of the undercover operation "In Our Sites" top a crackdown last year, when investigators shut down 82 web sites. In most cases, the person or people operating the commercial sites do not challenge the domain name seizure in court, said Lanny Breuer, who heads the Justice Department's criminal division.
John Morton, who heads the U.S. Immigration and Customs Enforcement agency, said, “We want to promote a lawful online environment as much as we can and that means going after the small but significant number of Web sites that are engaged in frauds on consumers.” In most cases the goods were shipped to the U.S. from another country. China was a main source for much of the goods. Since 2010, federal authorities have shut down 350 domain names through “Operation In Our Sites.” Of the 350, 116 sites are now the property of the government.
Read full entry »By Cara Tabachnick
As school administrations and local authorities struggle for responses to Internet victimization, some U.S. teens are taking matters into their own hands.
Read full entry »It is time to standardize the reporting of cyber crime to give a more realistic estimation of its breadth and costs, said Franz-Stefan Gady in the Huffington Post. According to Norton's recent annual report, 431 million adults worldwide were victims of cyber crime last year at a cost of $114 billion. Yet Gady says, "We actually lack comprehensive data in assessing the true scale and scope of cyber crime. This is because we primarily rely on businesses to voluntarily self-report incidences of attacks and intrusions without any means to verify their statements. To turn the tide in the fight against cyber crime, we first need to know its true impact on the world economy."
There are dozens of public and private cyber security data distribution forums in existence already, but the number, scope and diversity make for a complex environment where sharing information is very difficult. What is needed is the equivalent to the U.S. Centers for Disease Contro, an umbrella organization coordinating the different activities of forums that could conduct broad analysis. In the United States, the National Security Telecommunication Advisory Committee provides a good model, Gady writes.
Read full entry »New research finds that cyber crime attacks on American companies have increased 44 percent since last year.
Read full entry »The Missouri Sheriff's Association is one of about 75 law enforcement groups drawn unwittingly into a widespread cyberattack when a group of hackers claimed to have stolen personal data relating to thousands of police officers, the St. Louis Post-Dispatch reports. AntiSec, which has targeted large government agencies worldwide, claims to have accessed Social Security numbers, addresses, phone numbers, usernames, passwords and email addresses for thousands of law enforcement officers across the country.
The group claims the 10 gigabytes of stolen data includes hundreds of police academy training files, the names of "snitches" who provided anonymous crime tips to police, jail inmate databases and lists of active warrants. An internet posting by someone claiming to be associated with AntiSec said the attacks were retaliation after recent FBI arrests of members of another activist online group called Anonymous. AntiSec demanded charges be dismissed against them. "To law enforcement: your bogus trumped-up charges against the Anonymous paypal LOIC attacks will not stick, nor will your intimidation tactics stop us from exposing your corruption," AntiSec's posting says. "While many of the recent 'Anonymous' arrestees are completely innocent, there is no such thing as an innocent cop, and we will act accordingly."
