Archive

Posts Tagged ‘cybersecurity’

Joint U.S.-China Report on Cybersecurity Released

The EastWest Institute and the Internet Society of China released the first joint China-United States report on cybersecurity, Fighting Spam to Build Trust.

Produced by Chinese and U.S. experts convened by EWI and the Internet Society of China, the report marks the first step in an ongoing bilateral process.

“When Presidents Obama and Hu Jintao met last January, they called for the U.S. and China to cooperate on cybersecurity,” says EWI’s Chief Technology Officer Karl Rauscher. “In anticipation of this need, over a year ago we brought U.S. and Chinese experts together on this major cyberspace challenge.”
The results are strong joint recommendations for fighting spam – an underrated problem in cyberspace according to Rauscher, who led the bilateral process with Yonglin Zhou, Director of the Internet Society of China’s Network and Information Security Committee. Spam, which comprises as much as 90% of all email messages carried in networks, irritates end-users, clogs networks and carries the malicious codes used by hackers for fraud and other crimes.
To fight spam, the experts made two key recommendations: first, the creation of an international forum to deal with spam; second, that network operators, Internet service providers and email providers follow 46 mutually-agreed upon best practices. Those best practices include the creation of international protocols to weed out spam from legitimate messages; consumer education about botnets; and that ISPs in both countries use feedback loops to discourage spam.
“People from all nations have to fight spam. With international collaboration, we can dramatically increase the effectiveness of our efforts to stop spam, botnets and other cyber threats,” says Zhou.
Fighting Spam to Build Trust will be one of the topics at EWI’s Second Cybersecurity Summit, to be held on June 1-2 in London. The summit has attracted more than 400 participants, including top government, industry and technical experts from 43 countries. At the summit, breakthrough groups, one of which will be chaired by Jerry Upton of the Messaging Anti-Abuse Working Group (MAAWG), will discuss how to set up the forum and implement the best practices.
EWI’s China-U.S. team will continue its collaboration, going on to address a series of more difficult and complex cybersecurity challenges in the coming months.
The team leaders see their work as more than a series of practical solutions to a pressing problem. According to Rauscher and Zhou, “In a time when most can only see a grim, downward spiral of recrimination when it comes to all things cyber, this report is the product of cooperation and offers some hope for an improved relationship between China and the U.S.”

Ethical vs Unethical: Hackers Reaping Monetary Rewards This Week

With the fifth annual Pwn2Own hacking contest underway this week at the 2011 CanSecWest conference in Vancouver, professional hackers took to reaping the monetary rewards of breaking into smartphones, web browsers and operating systems.

With $125,000 in total prize money up for grabs, Apple Safari 5 and Microsoft Internet Explorer 8 were the first browsers to shutter to the exploits of the researchers in the contest.

Meanwhile, Computerworld reports that the Pwn2Own hackers skipped out on Google’s $20,000 reward for cracking the web browser Chrome on day one of the challenge.
Remaining untouched in the contest, Computerworld reports that this will be Chrome’s third consecutive year of success at Pwn2Own.

But just as easily as the professional hackers assembled at CanSecWest this week to benefit tech giants and their consumers, the US Computer Emergency Response Team (US-CERT) is warning of another group of computer exploiters that may be planning to take advantage of a serious situation.

With the news continuing to trickle in on the devastating earthquake and tsunami in Japan, US-CERT this morning released a report to caution Internet users of the potential vulnerabilities on the web surrounding the event.

According to the report, “US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus or charitable organizations commonly appear after these types of natural disasters.”

Be advised, Cybersecurity News readers. And to all of my followers in Japan, I wish you safety and support during this difficult time.

U.S. Not Winning Cyber War

May 13, 2010 By Reuters

WASHINGTON (Reuters) – The United States is losing enough data in cyber attacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official said on Wednesday.

More than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations, said James Miller, principal deputy under secretary of defense for policy.

Terrorist groups also had cyber attack capabilities.

“Our systems are probed thousands of times a day and scanned millions of times a day,” Miller told a forum sponsored by Ogilvy Washington, a public relations company.

He said the evolving cyber threat had “outpaced our ability to defend against it.”

“We are experiencing damaging penetrations — damaging in the sense of loss of information. And we don’t fully understand our vulnerabilities,” Miller said.

His comments came as the Obama administration develops a national strategy to secure U.S. digital networks and the Pentagon stands up a new military command for cyber warfare capable of both offensive and defensive operations.

The Senate last week confirmed National Security Agency Director Keith Alexander to lead the new U.S. Cyber Command, which will be located at Ft. Meade, Maryland, the NSA’s headquarters.

Miller suggested the new organization, which is expected to be fully operational in October, had its work cut out for it.

Among its challenges are determining what within the spectrum of cyber attacks could constitute an act of war.

Miller said the U.S. government also needed to bolster ties with private industry, given potential vulnerabilities to critical U.S. infrastructure, like power grids and financial markets.

STAGGERING LOSS

Hackers have already penetrated the U.S. electrical grid and have stolen intellectual property, corporate secrets and money, according to the FBI’s cybercrime unit. In one incident, a bank lost $10 million in cash in a day.

“The scale of compromise, including the loss of sensitive and unclassified data, is staggering,” Miller said. “We’re talking about terabytes of data, equivalent to multiple libraries of Congress.”

The Library of Congress is the world’s largest library, archiving millions of books, photographs, maps and recordings.

U.S. officials have previously said many attempts to penetrate its networks appear to come from China.

Google announced in January that it, along with more than 20 other companies, had suffered hacking attacks that were traced to China. Google cited those attacks and censorship concerns in its decision to move its Chinese-language search service from mainland China to Hong Kong.

Miller took an example from the Cold War playbook to explain how the United States military would need to prepare for fallout from a cyber attack, which could leave cities in the dark or disrupt communications.

In the 1980s, the Pentagon concluded that the military needed to prepare to operate in an environment contaminated by the use of weapons of mass destruction.

“We have a similar situation in this case. We need to plan to operate in an environment in which our networks have been penetrated and there is some degradation,” he said.

One of the challenges Miller singled out was the development of enough U.S. computer programmers in the future.

“In the next 20 to 30 years, other countries including China and India will produce many more computer scientists than we will,” he said. “We need to figure out how to not only recognize these trends but take advantage of them.”

Copyright 2010 Reuters. Click for restrictions.