Schmidt Resigns from White House Cyber Post. Howard Schmidt, who coordinated the Obama Administration's push for cybersecurity policy and legislation, is stepping down after two-and-a-half years on the job, the Washington Post reports. Michael Daniel, who heads the intelligence branch of the White House budget office, will take over the post when Schmidt departs at the end of May. The move comes as the administration is at loggerheads with Congress over cybersecurity and the fate of the Cyber Intelligence Sharing and Protection Act (CISPA). In a policy statement released April 25, the Obama administration hammered at CISPA, arguing the measure would not protect critical infrastructure, on the grounds that it would not protect infrastructure while compromising personal liberties and ceding a domestic law enforcement task to the intelligence community.
Schmidt was also behind a plan to verify individual identities online called the National Strategy for Trusted Identities in Cyberspace (NSTIC). New Jersey mayor, son, arrested on charges they nuked recall website. The mayor of a small New Jersey hamlet has been arrested, along with his son, on federal charges that they shut down a website advocating the mayor's recall after breaking into the online accounts of political foes. According to federal officials, Felix Roque, the 55-year-old mayor of West New York, New Jersey, and his son, Joseph Roque, 22, were arrested early Thursday morning by FBI agents. In February, the pair planned and executed the silencing of www.recallroque.com by gaining unauthorized access to the GoDaddy account used to control the domain name.
An FBI special agent filed documents with these allegations in a New Jersey federal court. The father-and-son team also obtained e-mails and messages sent among opponents after gaining unauthorized access to e-mail and Facebook accounts. According to the account of FBI Special Agent Ignace Ertilus, Felix and Joseph Roque took a keen interest in the recall site as early as February. The complaint was unsealed Thursday morning. How to Create a Strong Password (and Remember It) You can create strong passwords that don’t make you memorize a cryptic string of letters, numbers, and punctuation symbols.
Here are three techniques: Use a sentence. It’s easy to remember the first letters of the words in a sentence. For example, children have used this sentence to remember the names of the nine planets: My Very Excellent Mother Just Served Us Nine Pickles. You could use the first letters of those words to generate this strong 9-character password: m*Emjsu9p, where Venus (the morning or evening star) is represented by *, the letter for Earth is capitalized, and nine is a numeral. In practice, it’s best not to use such well-known sayings to generate acronyms. Security expert Steve Gibson’s tips make passwords easier to retain. Use a pass phrase. Growing the haystack. To foil that part of the process, Gibson suggests starting with a phrase that’s short but not a common word.
A caveat: Don’t use any of the above examples as actual passwords. Steve GibsonGibson Research. White House Unveils Initiative to Fight Computer Viruses. Internet-service providers and financial-services companies would share data about networks of infected computers known as botnets under a pilot program announced today by the Obama administration. The White House also unveiled a voluntary set of principles developed by an industry group to prevent and detect botnets and a consumer-education campaign about the computer viruses. Botnets are networks of infected computers that can be used for malicious purposes, such as stealing information, generating spam or flooding corporate or government systems with unwanted traffic that can cripple websites.
To build a botnet, hackers send out programs, often disguised as links or hidden in e-mail attachments, that infect a computer when opened. “The issue of botnets is larger than any one industry or country,” Howard Schmidt, the White House cybersecurity coordinator, said in an e-mailed statement. “This is why partnership is so important.” Voluntary Principles Cybersecurity Legislation.
U.S. Launched Its Biggest Cyberattack From a Thumb Drive. The U.S. and Israel were responsible for creating the Stuxnet computer worm that wreaked havoc with Iranian nuclear facilities, later spreading to the Internet in 2010. That's according to a report from The New York Times, since confirmed by other news organizations. And the first salvos in the massive cyberattack were launched via an unassuming piece of technology: a thumb drive.
The report, excerpted from the upcoming book Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, details how the U.S. conceived, created, tested and deployed Stuxnet, in partnership with Israel. After the program, code-named Olympic Games, successfully tested the worm, the big challenge was physically getting it into Iran's Natanz nuclear plant. The answer turned out to be simpler than U.S. officials thought, since some plant personnel weren't very careful with the thumb drives they were carrying. SEE ALSO: Hackers Will Replace Terrorists as Top Threat, Says FBI. U.S. and China Team Up to Stop Cyberattacks. In an unexpected announcement, the U.S. and China have announced they will be working together on matters of cybersecurity, despite many cybersecurity experts' assessments that China is the main source of digital attacks against the U.S.
The partnership was announced after a Monday meeting between U.S. Defense Secretary Leon Panetta and Chinese Minister for National Defense Liang Guanglie in Washington, D.C, according to the BBC. It's "extremely important" for the two nations to be working together to "avoid a crisis in this area," said Panetta. "Because the United States and China have developed the technological capabilities in this arena, it's extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to a crisis in this area," he said. Panetta also refuted those claims. Estimates of economic loss due to all cybercrime that hits U.S. businesses vary from $6 billion to $400 billion.
Lost Your Phone? The Government Wants to Find it For You. If you're one of the many cellphone owners who've ever left their mobile device behind at a crowded restaurant, packed bar or city-crossing taxi, you know the heart-sinking shock felt when you reach for your phone only to find it missing — all because some quick-fingered swindler grabbed it while you were distracted. You're also not alone. In Washington, D.C., New York and other major cities, 40% of robberies involve cellphones. In the capital region, the number of cellphone robberies is up 57%.
How can we reduce the number of mobile devices thefts out there? The Federal Communications Commission thinks it has the answer. First, the FCC will be setting up a massive universal database which will allow carriers to automatically disable any mobile devices — including both cellphones and wireless-enabled tablets — reported stolen. SEE ALSO: Lose Your Phone?
Mobile phone designers Apple, Motorola, Qualcomm, HTC, Microsoft, Nokia and RIM are all on-board for the FCC's plan. Hackers Will Replace Terrorists as Top Threat, Says FBI. Could Anonymous be the next al-Qaeda? FBI Director Robert Mueller warned a group of cybersecurity experts on Thursday that online attacks will replace terrorism as the most serious threat facing the U.S., according to The Associated Press. Mueller pressed private businesses and Internet security firms to secure American digital infrastructure from rogue hackers and attacks sponsored by foreign governments. "We are losing data, we are losing money, we are losing ideas and we are losing innovation," Mueller said at the RSA Digital Security Conference in San Francisco. "Together we must find a way to stop the bleeding. " Counterterrorism is still the FBI's top priority, but the agency is working to better equip itself against online attacks.
SEE ALSO: Anonymous: We Were Infiltrated by Police | Republican Senators: Keep Government Out of Cybersecurity Mueller isn't the only government official making such warnings. Do you think cyberattacks are more dangerous than traditional terrorism? Official: Anonymous May Be Able to Disable Power Grids by Next Year. Anonymous, the loosely affiliated group of "hacktivists," have had a wide array of targets: The Boston and Oakland Police Departments, the FBI, Scotland Yard and the Greek government, just to name a few. Targets are selected because of a perceived injustice: police brutality, Internet censorship or the rich oppressing the poor.
Once perceived as a minor nuisance, Anonymous is getting some serious attention: According to the Wall Street Journal, the Director of the National Security Agency, or NSA, has cautioned that Anonymous could have the capability to knock out power in the U.S. through cyberattacks within the next one to two years. NSA director Gen. Keith Alexander issued his warning in private government meetings, and Anonymous hasn't yet been added to any public "threat list.
" However Alexander, and other government officials, have expressed growing concern about America's vulnerability to cyberattack. SEE ALSO: Anonymous Hacks Syrian President’s Email. What is Anonymous? Computer spyware is newest weapon in Syrian conflict. Syrians demonstrate against the regime after Friday prayers in the north Syrian city of Idlib on February 17. Activists working against the regime now have to worry about malware that can expose their activities. U.S. antivirus experts say a virus is sending information to a server in SyriaActivists: Regime supporters are stealing oppositionists' online identities'Imposters use stolen identities to pass the viruses to activists, opposition claimsAntivirus software may not yet optimally protect against the new viruses (CNN) -- In Syria's cyberwar, the regime's supporters have deployed a new weapon against opposition activists -- computer viruses that spy on them, according to an IT specialist from a Syrian opposition group and a former international aid worker whose computer was infected.
A U.S. Supporters of dictator Bashar al-Assad first steal the identities of opposition activists, then impersonate them in online chats, said software engineer Dlshad Othman. Syrian town held by opposition. Senator Joseph Lieberman (CT) - LIEBERMAN, COLLINS, ROCKEFELLER, FEINSTEIN OFFER BIPARTISAN, COMPREHENSIVE BILL TO SECURE FED AND CRITICAL PRIVATE SECTOR CYBER SYSTEMS. – To guard against the nation’s increasing vulnerability to cyber attack, a group of Senate Committee leaders introduced bipartisan legislation Tuesday to secure the cyber systems of the essential services that keep our nation running. The Senators were Homeland Security and Governmental Affairs Committee Chairman , ID-Conn., Ranking Member Susan Collins, R-Maine, Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca., The Cybersecurity Act of 2012, S. 2105, and the product of three years worth of hearings, consultations, and negotiations, envisions a public-private partnership to secure those systems which if commandeered or destroyed by a cyber attack could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to the economy or national security.
Rockefeller said: “I can’t think of a more urgent issue facing this country. The Cybersecurity Act of 2012 would require: Senate's Cybersecurity Bill Doesn't Have 'Internet Kill Switch' The U.S. Senate released a comprehensive cybersecurity bill Tuesday after months of closed-to-the-public negotiations. If passed, the bill would require tighter protection of federal agencies' networks, encourage government-business cooperation and regulate private companies whose networks are vital to the American public. It does not, as some feared it might, feature a "kill switch" that would allow the president to turn off the Internet during a national crisis.
It also does not build a dedicated cybersecurity office in the White House, which earlier versions of the bill included. "This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation’s enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles," said Sen. Joseph Lieberman (ID-Conn.), who chairs the Senate Homeland Security Committee and previously championed the "kill switch" idea.
Researchers Find Flaw in an Online Encryption Method. The flaw — which involves a small but measurable number of cases — has to do with the way the system generates random numbers, which are used to make it practically impossible for an attacker to unscramble digital messages. While it can affect the transactions of individual Internet users, there is nothing an individual can do about it. The operators of large Web sites will need to make changes to ensure the security of their systems, the researchers said. The potential danger of the flaw is that even though the number of users affected by the flaw may be small, confidence in the security of Web transactions is reduced, the authors said. The system requires that a user first create and publish the product of two large prime numbers, in addition to another number, to generate a public “key.” The original numbers are kept secret. To encrypt a message, a second person employs a formula that contains the public number.
OpenDNS Adds Encrypted Security Today. OpenDNS announced a technology preview today for Macs running their DNS services called DNSCrypt. Think of this as doing for the DNS protocol what HTTPS does for the Web protocols. Like its mainline service, it is freely available, and Windows and Linux versions are promised for next year. You can download the code here for the Mac OS. They will eventually post all of their code on GitHub for public scrutiny. DNSCrypt solves one critical flaw in the DNS process: the ability to snoop as a "man in the middle" of a conversation between two computers, because it encrypts all DNS traffic between your computer and the Internet. This is a real concern, and there have been several exploits lately that took advantage of DNS requests, because the vast majority of them are issued in the clear. (Just like most emails.) The version of DNSCrypt that is available is a "preview" meaning that it could have problems in daily use.
Just in Time for "Anonymous" Attacks, U.S. NIST Drafts a New Readiness Plan. Two years ago, the U.S. Dept. of Homeland Security firmly decided (again) that a policy of responding to vulnerabilities in the nation's cybersecurity when they happen, is insufficient. The National Institute of Standards and Technology set about on a plan to model a 21st century perpetual vulnerability mitigation scheme - a continuous monitoring (CM) framework that attempts to model security procedures not in terms of crisis and response, but instead as a perpetual cycle of monitoring and engagement that stays basically the same whether or not there's a crisis. In other words, if you "keep doing this all the time," then whatever happens won't destroy the network. Late last week, NIST produced its first series of drafts for how government information services could look, perhaps later this decade.
It's so radically different from anything seen thus far, that NIST acknowledges that no one in the commercial sector has even come up with the language to describe it. Cybersecurity: Helping businesses defend against cyber threats. Big Data, Big Attraction for Organized Crime - ReadWriteCloud. Supercookies: What You Need to Know About the Web's Latest Tracking Device.
New Security Threat: Infected QR Codes.
Surveillance Company Says It Sent Fake iTunes, Flash Updates - Digits. The Surveillance Catalog - The Wall Street Journal. How To Tell If Your Boss Is Spying On You.