Archive

Archive for the ‘Europe’ Category

The European Network and Information Security Agency (ENISA) recommends that honeypots be used to detect threats at an early stage

The European Network and Information Security Agency (ENISA) recommends that honeypots be used to detect threats at an early stage; the agency tested 30 current systems and came up with concrete recommendations.

Honeypots are digital traps used to analyse cyber attacks and their strategies and tools. In the study, ENISA tested honeypots for effectiveness and practicality, with a focus on open-source honeypots. The results are intended to help companies find the best digital traps for their particular situations and to promote further development in the area.

The evaluation system developed for the ENISA study places particular emphasis on user-friendliness. ENISA employees used the honeypot evaluation procedurePDF developed in 2006 by Christian Seifert, Ian Welch and Peter Komisarczuk as a basis for the system and added more “practical” categories. They also differentiated more between various types of honeypots; types tested include server-side honeypots, client-side honeypots, low-interaction honeypots, high-interaction honeypots, hybrid honeypots and sandboxes. Open source online honeypots for monitoring suspicious URLs were also evaluated.

As part of the study findings, ENISA recommends a number of digital traps, noting that dionaea, Glastopf, kippo and Honeyd are particularly easy to use. Among the client honeypots, Thug and Capture-HPC NG also received special mentions.

Read more here: http://www.h-online.com/open/news/item/ENISA-promotes-digital-hacker-traps-1759415.html

The head of Interpol: ‘Terrorists plan on email. And we can’t track them’

Ronald Noble: ‘Terrorists plan on email. And we can’t track them’

Source: (Independent.co.uk):

As a former head of the US Secret Service, Ronald Noble knows only too well how terrorism, drug-smuggling and people-trafficking cross borders which individual police forces cannot. He is now Secretary General of Interpol, and a specialist team from the organisation he has spent 11 years rebuilding will next summer help the Metropolitan Police combat those crimes and others, during the huge security operation protecting the 2012 Olympic Games.

Meeting The Independent before visiting Scotland Yard to discuss arrangements for the Games, Mr Noble said he recognised that some people are scared the event could bring an increased threat of violence to the UK.

“In terms of terrorist activity, there is talk, there is chatter, that follows any major event,” he says, but adds Interpol has “not seen or heard terrorists saying we’re going to target this event”.

“We try to think like terrorists would think,” he continues. “A smart terrorist would know that if the world’s attention is focused on something and they commit a terrorist act it will help them create the kind of fear that would make people want to leave London.

[…]

“My concern is that the people planning that attack – that nuclear attack, that bio-terrorist attack, that attack that should concern us all as a world – would be able to plan it more effectively because we don’t have a network in place for tracing the source of email messages on the internet,” he says.

“One of the things I want to do … is to create a cyber-fusion centre, where police around the world can go to one place quickly and find out the source of any kind of message or communication that’s come across the internet.”

That in itself may alarm some. But Mr Noble emphasises the centre will only target specific, suspicious emails, saying it simply could not track all the messages from billions of innocent people even if Interpol wanted it to.

Nevertheless, some civil liberties groups have questioned Interpol’s accountability and transparency.

Anonymous and LulzSec attack FBI and PayPal

In a joint statement from Anonymous and LulzSec released today, the hacktivist collectives lashed out at both the FBI and PayPal, saying that they are “terrorists” enacting injustices on America.

“In recent weeks, we’ve found ourselves outraged at the FBI’s willingness to arrest and threaten those who are involved in ethical, modern cyber operations,” begins the statement. The message goes on to call law enforcement “ridiculous” for going after suspects believed to be linked to Anonymous and says that the denial of service attacks waged on websites to shut them down does not warrant 15 years behind bars of hefty fees. “What the FBI needs to learn is that there is a vast difference between adding one’s voice to a chorus and digital sit-in with Low Orbit Ion Cannon, and controlling a large botnet of infected computers. And yet both of these are punishable with exactly the same fine and sentence,” they write.

The hacktivists add that they are outraged that PayPal continues to withhold funds belonging to WikiLeaks, and calls them out for assisting law enforcement in hunting down alleged donators.

“Quite simply, we, the people, are disgusted with these injustices. We will not sit down and let ourselves be trampled upon by any corporation or government. We are not scared of you, and that is something for you to be scared of. We are not the terrorists here: you are.”

Together, Anonymous and LulzSec urge their audience to close their PayPal accounts. “The first step to being truly free is not putting one’s trust into a company that freezes accounts when it feels like, or when it is pressured by the U.S. government. PayPal’s willingness to fold to legislation should be proof enough that they don’t deserve the customers they get. They do not deserve your business, and they do not deserve your respect,” they write.

Within hours of calling on their followers to shut down their PayPal accounts, Anonymous relayed via Twitter that a source working for the online payment site has confirmed that over 24,000 accounts had been closed.

The hacktivists are asking people to tweet photographs of their closed accounts and spread the word. “Anonymous has become a powerful channel of information, and unlike the governments of the world, we are here to fight for you,” they write.

Last year, Anonymous waged DDos attacks on PayPal, Mastercard and Visa in response to the corporations’ stance against WikiLeaks. Earlier this month, a loophole allowed the whistleblower site to momentarily receive funds sent through Visa, bringing in upwards of six-figures for WikiLeaks.

Spy agency lost track of 35 laptops

LONDON (Reuters, Thu Mar 11, 2010 11:19pm GMT) – Britain’s main signals intelligence agency lost track of 35 laptop computers in an unacceptable lapse that showed a “cavalier” attitude to tracking equipment, a parliamentary committee reported on Thursday.

An 2008 audit of laptops at the Government Communications Headquarters (GCHQ) showed 35 were unaccounted for, including three certified to hold Top Secret information; the intelligence and security committee said in an annual report on intelligence services. The rest of the laptops were unclassified.

GCHQ, a big eavesdropping operation similar to the National Security Agency in the United States, reports to the foreign minister, intercepts communications and translates them.

The committee said it appeared logging the allocation and subsequent location of laptops at GCHQ had been “haphazard.”

“The Committee considers that this formerly cavalier attitude towards valuable and sensitive assets was unacceptable. GCHQ must ensure that it controls, tracks and monitors its equipment effectively. Now that proper processes have been introduced, we trust that this problem will not arise again.”

In response, a government statement said it accepted the committee’s criticism and conceded that GCHQ had been unable to account fully for all of its laptops at that time.

“However, GCHQ has no evidence of any loss of laptops or classified information,” it said. “The most likely explanation in most cases is that the laptops were destroyed but without the destruction being fully recorded. GCHQ has now tightened up its controls.”

The government has been repeatedly embarrassed by lapses over missing laptops and storage devices involving losses of information, such as when tax authorities lost data on 25 million people exposing them to the risk of identity theft and fraud.

GCHQ’s predecessor, the Government Code and Cipher School, was responsible for Britain’s greatest intelligence triumph, deciphering the codes of the Nazis’ Enigma machine during World War Two.

(Reporting by William Maclean, Editing by Jon Hemming)