These Types Of Hackers Are Driving Cyber Attacks Now – by Rajiv Gupta MARCH 21, 2016, 1:00 AM EDT

The stakes are getting higher.

Screens go blank at a Ukrainian power provider. A hospital is reduced to pen and paper record keeping. These aren’t scenarios from the latest video game, but headlines representing the state of cybersecurity. Last year set a high bar for the size and scope of data breaches, led by the theft of over 20 million government background checks. Barely two months into 2016, we’ve already witnessed cybersecurity incidents of unprecedented audacity. Sadly, The latest attacks exhibit a level of malice and danger that may force a much-needed new approach to cybersecurity.

Two types of hackers have been driving increasingly coordinated and dangerous cyber attacks: nation-sponsored groups and organized cybercriminals. The former execute attacks on behalf of geo-political objectives, and the latter simply chase financial gain. Actors in both categories elevated their efforts to unseen levels of recklessness so far in 2016.

Attacks against essential utilities have long represented the nightmare scenario of cyber incidents – dangerous, possible, but far-fetched. Federal officials have attempted to ring the preventive alarm with a mock attack that would “be like returning to the Dark Ages.” These fears have been realized with the first known attack to effectively cause a power outage announced in January. Hundreds of thousands of Ukrainian homes lost electricity in an attack John Hultquist, head of the cyber espionage intelligence at iSight, called the “major scenario we’ve all been concerned about for so long.” Recent revelations point to an unprecedented “operation specific malicious firmware update.” In other words, hackers covertly updated infrastructure with malicious software that rendered them inoperable, forcing employees to rely on manual backups to this day, two months later.

The US may have to go after the ‘Great Firewall’ to stop China’s cyber-attacks – South China Morning Post Sun Aug 30 2015


obama china cyberAssociated PressUS President Barack Obama is expected to take a firm line on the issue of hacking during Chinese President Xi Jinping’s visit.

As the world recalls how two atomic bombs were dropped on Japan to end the second world war in Asia 70 years ago, a digital deterrent of a similar magnitude could be Washington’s only way to stop cyber attacks from the latest Asian aggressor, China, experts say.

United States president Barack Obama is due to entertain his Chinese counterpart Xi Jinping in Washington next month on a state visit and the issue of cyber espionage will “no doubt” be addressed, Obama said recently.

The issue rose to the fore in the wake of a major attack this summer on the US Office of Personnel Management, which saw hackers make off with the personal information of over four million current and former federal workers.

Officials have pointed the finger at hackers linked to China’s People’s Liberation Army, saying the data poses a security risk as it contains military records and other sensitive information, potentially including state secrets.

“We absolutely have to do something,” said Dennis Poindexter, author of The New Cyberwar: Technology and the Redefinition of Warfare.

As such hacks become more audacious the US needs the cyber equivalent of a nuclear deterrent, added Poindexter, a former faculty member at the Defence Security Institute under the US department of defence.

He pointed to this year’s OPM hack as an example of Chinese hackers inadvertently crossing the line of “acceptable” state espionage.

Former head of the National Security Agency and Central Intelligence Agency Michael Hayden told the Washington Post after the attack that “if I could have done it [as head of the NSA], I would have done it in a heartbeat”.

“You have to kind of salute the Chinese for what they did,” said US director of national intelligence James Clapper in June, referring to the sophistication of the hack.

Article continues:













GOP chairman: Cyberattacks are biggest threat to privacy – By Mario Trujillo February 21, 2015, 06:00 am

Congress must pass a cybersecurity bill this year to avoid “lasting harm” to the United States, said Senate Homeland Security Committee Chairman Ron Johnson (Wis.).

Johnson, in the GOP’s weekly address on Saturday, argued that the danger from cyberattacks are the real threat to Americans’ privacy and pushed for robust legislation.

“Reducing this threat would benefit every American,” he said. “Ignoring it will guarantee that future attacks will produce headlines describing lasting harm to America.”

Cyber legislation has been held up by concerns over the sharing of information between the private sector and the government.

Johnson expressed confidence for legislation, noting that Presidnet Obama is also pushing for a bill to increase cyber sharing.

Obama has put a key focus on cybersecurity this year and signed an executive order last week in an attempt to allay some privacy worries over industry sharing sensitive data with the government.

“Hopefully, now that the president has acknowledged cybersecurity as a priority, all interested parties will realize that the greater threat to Americans’ privacy and liberty really are the cyberattacks themselves,” Johnson said.

The Intelligence Committee is slated to introduce a bill next week, expected to mirror last year’s controversial Cybersecurity Information Sharing Act (CISA), with some stronger privacy protections.

The bill is meant to encourage companies to share information by guarding them from the threat of lawsuits.

Johnson blasted “special interests” for derailing a proposal last year.

In the address, Johnson said he is working with other committees on the issue. He has previously suggested he would wait to see the Intelligence Committee bill before deciding how his committee will act.

“Enhancing America’s cybersecurity is a priority of my committee, and was the subject of my first hearing as chairman,” he said. “It is the focus of other committees in Congress, and we are working with them to craft a legislative solution that takes important first steps in mitigating the threat.”

Cyber attacks cost the country billions of dollars a year, he said, ticking off recent high-profile hacks on Sony Pictures and Anthem Healthcare, among others.

Johnson said an attack on U.S. infrastructure, like the electrical grid, could put “American lives, and our very way of life at risk.”

David Cameron to visit Barack Obama in Washington DC 11 January 2015 Last updated at 02:13 ET

Prime Minister David Cameron is to pay a two-day visit to United States President Barack Obama in Washington DC, the White House has said.

Barack Obama and David Cameron

The two leaders will have a working dinner at the White House on Thursday and meet in the Oval Office on Friday.

They are expected to discuss collaboration against internet-based cyber-attacks among other topics.

A report by GCHQ out this week is expected to highlight the threat to UK firms from such attacks.

Downing Street said the two leaders would discuss a range of global issues.

It added: “The prime minister is looking forward to the visit which will be an opportunity to discuss the global economic outlook, how we boost growth and increase free trade, and a number of national security issues such as Isil [Islamic State], counter-terrorism and Russia’s actions in Ukraine”.

Cyber attacks

White House press secretary Josh Earnest said in a statement: “Prime Minister Cameron’s visit highlights the breadth, depth and strength of our relationship with the United Kingdom, as well as the strong bonds of friendship between the American and British people.

“The United Kingdom is a uniquely close friend and steadfast ally, and the president looks forward to beginning the new year by working with Prime Minister Cameron on these issues and reaffirming the enduring special relationship between the United States and the United Kingdom.”

During his visit, Mr Cameron is expected to propose greater collaboration between the UK and US against cyber-attacks.

The report by GCHQ, the government’s communications security agency, this week, is entitled Common Cyber Attacks: Reducing the Impact. It is expected to warn that computer networks belonging to UK companies are coming under daily attacks by hackers, criminal gangs, commercial rivals and foreign intelligence services.

It estimates that incidents typically cost £600,000 to £1.5m to resolve.

The report also suggests more than 80% of large UK companies experienced some form of security breach in 2014.

The intelligence service’s director Robert Hannigan wrote in a foreword: “In GCHQ, we continue to see real threats to the UK on a daily basis, and I’m afraid the scale and rate of these attacks shows little sign of abating.”

‘Stand with France’

The two leaders last met during the G20 summit in November.

The summit focused on promoting economic growth but world leaders also discussed West Africa’s Ebola crisis, climate change and the conflict in Ukraine.

David Cameron and Barack Obama at the G20

The UK and US leaders were this week united in their condemnation of the attacks on Paris that have left 17 people dead.

Mr Obama offered assistance to “bring these terrorists to justice”, while Mr Cameron said the UK stood with the French people in the fight against terror.

A Cyber-Whodunit – Winning will require nerds and sleuths, not warriors. By NEAL POLLARD January 02, 2015

A ticket for

From the past few years, it seems we can add cyber-attacks to the list of holiday headaches that includes congested travel, overeating, binge spending and in-laws. In December 2010, web publisher Gawker was hacked, with hackers posting source code, employee conversations, and the email addresses and passwords of hundreds of thousands of users. In late 2012, hackers probably affiliated with Iran, attacked U.S. banks, knocking their consumer-facing web services offline—this attack occurring not long after other hackers, probably affiliated with Iran, attacked oil producers in the Middle East. The 2013 holiday season saw millions of consumers’ personal and payment card details lost to a breach of retailers’ point-of-sale systems.

And this holiday season, Seth Rogen and James Franco made a movie, The Interview, that has challenged fundamental assumptions of geopolitics, foreign policy and modern international conflict, through the lens of a cyber-attack. What began as an antic film plot suddenly became a lot more real on January 2, when the Obama administration—responding to an actual cyber-attack possibly provoked by a fake movie scenario—escalated matters considerably by imposing new financial sanctions on 10 North Korean officials and three government agencies.

Yet the apparent tit-for-tat between Washington and Pyongyang has clarified very little. As “cyber-warfare” and cyber-attacks become more evolved, the more confused we seem to get about what they truly mean, and how to respond—or even who did it. Some of the more famous cyber-attacks described above have simultaneously been termed by government officials and experts alike as crime, terrorism, vandalism, acts of war and nuisances. They can’t be all five at the same time. The silver lining from these trends of cyber-attacks is greater awareness among the public on what is truly at risk, and an opportunity for government, industry and the media to cooperate to define a more consistent, less ad hoc framework on responding to cyber-attacks, identifying and punishing the true beneficiaries of cyber-crime and elevating cybersecurity out of the IT department and into boardrooms and the corporate suite.

Article continues:

No rules of cyber war – By Michael Crowley and Josh Gerstein 12/23/14 6:16 PM EST Updated 12/23/14 9:03 PM EST

Students at the Mangyongdae Revolutionary School, in Pyongyang, North Korea work on computers. | AP Photo

A day after a nine-hour Internet outage in North Korea, experts are still debating whether the U.S. government pulled the plug, or perhaps a rogue group of hackers.

But whether or not the U.S. was behind the downing, President Barack Obama’s promise of an American response to the apparent hacking of Sony databases by North Korea has Washington squarely confronting a new national security reality that has been the subject of mostly abstract debate for more than a decade.

And many experts say the U.S. wasn’t ready for theory to become reality.

(Also on POLITICO: Obama welcomes Sony release of The Interview)

“Unlike plans for possible conventional military attacks in hotspots, the U.S. doesn’t have off-the-shelf response plans for cyber-attacks of this sort,” said Matthew Waxman, a former senior State and Defense Department official now at Columbia University Law School.

“The legal authorities, bureaucratic responsibilities and other things are still being worked out inside the U.S. government,” Waxman said — adding that the problem is compounded by the variety and uncertainty of the cyber threat.

With limited experience to draw from — the Sony attack has no clear precedent — administration officials have struggled to define different kinds of cyber attacks and how to respond to them. International law and the laws of war only offer partial guidance, experts say. And strategic thinking about how to punish a hacker without inviting an even more damaging response is still evolving.

“We don’t have the norms, the rules of engagement, the rules of the road for how we and other countries should operate in this space,” said Gen. Keith Alexander, former director of the National Security Agency and head of U.S. Cyber Command.

(Also on POLITICO: Were hackers behind North Korea outage)

Top U.S. officials have warned for years that the nation is unready for a major cyber attack. Then-Defense Secretary Leon Panetta said in late 2012 that the U.S. faced the possibility of a “cyber Pearl Harbor” at the hands of foreign attackers.

Anticipating the day when a response might be necessary, the Obama administration has moved swiftly to increase its cyber capabilities. The Pentagon is increasing its staffing in the area by a factor of five, to 5,000 employees. As the military’s overall budget has been reduced, funding for cyber operations has grown, to more than $5 billion per year.

In October 2012, Obama signed a new presidential directive ordering U.S. intelligence officials to draw up a target list for cyber attacks. The 18-page document, officially known as Presidential Policy Directive 20, said that cyber attacks can advance U.S. security objectives “with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.”

Article continues:

Read more:

US probing cyberattacks on banks – August 28, 2014 1:50AM ET

Security experts say the attack appears ‘far beyond the capability of ordinary criminal hackers,’ according to reportsScreen Shot 2014-08-28 at Aug 28, 2014 3.56

The FBI it is working with the Secret Service to determine the scope of recently reported cyberattacks against several U.S. financial institutions.

“We are working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions,” FBI spokesman Joshua Campbell said in a statement late on Wednesday.

He did not name any firms or give further details. A Secret Service spokesman could not be reached for comment.

The New York Times, citing people familiar with the matter, said JPMorgan Chase and at least four other firms were hit this month by coordinated attacks that siphoned off huge amounts of data, including checking and savings account information.

JPMorgan Chase & Co was the victim of a recent cyber attack, according to two people familiar with the incident who asked not to be identified because they were not authorized to speak publicly about the matter. They declined to elaborate on the severity of the incident, saying JPMorgan was still conducting an investigation to determine what happened. JPMorgan is the largest U.S. bank by assets.

JPMorgan spokesman Brian Marchiony declined comment when asked about the attack.

“Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple, layers of defense to counteract any threats and constantly monitor fraud levels,” he said in a statement.

Bloomberg first reported the cyberattacks, saying on Wednesday that the FBI is investigating an incident in which Russian hackers attacked the U.S financial system this month in possible retaliation against U.S. government-sponsored sanctions aimed at Russia.

The attack, Bloomberg said, led to the loss of sensitive data. Bloomberg cited security experts saying that the attack appeared “far beyond the capability of ordinary criminal hackers.”

According to people familiar with the probe who were cited by Bloomberg, investigators have determined that the attacks were routed through computers in Latin America and other regions via servers used by Russian hackers

The attackers stole large quantities of data, including checking and savings account information, though their motivation is not yet clear, according to the Times report, which said several private security firms have been hired to conduct forensic reviews of infected networks.

Wire services

“This was a failure to defend our own networks,” Mr. Carter said of the Snowden case. “It was not an outsider hacking in, but an insider.” The lesson, he said, was that even systems administrators, who have wide-ranging access, must not be able to operate “all by themselves.”

First among the new procedures is a “two-man rule,” based on the model of how nuclear weapons are handled, which requires two computer systems administrators to be working simultaneously when they are inside systems that contain highly classified material. No individual, he said, would be able to download the material without the other one signing off, much as two technicians must sign off on work on warheads.

Military to Deploy Units Devoted to Cyber Operations

ASPEN, Colo. — The Defense Department’s second-ranking official said on Thursday that the military is about to deploy roughly 4,000 people in the Pentagon’s first units devoted to conducting cyberoffense and defense operations, a new mission that formalizes America’s use of a class of weapons that the Obama administration has rarely discussed in public.

“I wanted to start this fast,” the official, Ashton B. Carter, the deputy secretary of defense, said at the opening of the Aspen Security Forum, an annual meeting on domestic security. Even at a time of budget cutbacks, he said, “We’re spending everything we think we can spend wisely” on developing the skills to conduct and defend against cyberattacks from abroad.

The New York Times is a media sponsor of the forum.

In a wide-ranging interview, Mr. Carter also said that after examining how Edward J. Snowden, a former contractor for the National Security Agency, downloaded top-secret material about American surveillance programs, the Defense Department had already ordered new protections against what he called “the insider threat.”

First among the new procedures is a “two-man rule,” based on the model of how nuclear weapons are handled, which requires two computer systems administrators to be working simultaneously when they are inside systems that contain highly classified material. No individual, he said, would be able to download the material without the other one signing off, much as two technicians must sign off on work on warheads.

“This was a failure to defend our own networks,” Mr. Carter said of the Snowden case. “It was not an outsider hacking in, but an insider.” The lesson, he said, was that even systems administrators, who have wide-ranging access, must not be able to operate “all by themselves.”

Mr. Carter, a physicist and former Harvard professor who has worked at the Pentagon since the beginning of the Obama administration, blamed the problem largely on decisions made after the investigations into the intelligence failures surrounding the Sept. 11, 2001, terrorist attacks. Those attacks were blamed in large part on the reluctance of intelligence agencies and the Federal Bureau of Investigation to share information. Now, he said, the sharing had gone too far, because the United States puts “enormous amounts of information” in one place, a practice that may be accelerated as agencies put more data into cloud systems.

That enabled Mr. Snowden, working largely from an N.S.A. outpost in Hawaii, to download everything from details of the PRISM surveillance system to the text of a secret order from the Foreign Intelligence Surveillance Court, whose rulings are supposed to remain classified.

The question of whether intelligence-sharing had gone too far — away from traditional compartmentalization — was debated in 2010 after the revelations by WikiLeaks, based on huge databases that were downloaded by Pfc. Bradley Manning. At the time, the Defense Department promised changes, including putting in alarm systems that would be activated when large amounts of data were downloaded by an individual.

Mr. Carter strongly suggested that those changes, which also included Pentagon videos and 250,000 State Department cables, were insufficient. But his call to recompartmentalize is bound to raise questions about whether the government is restoring a system that, ultimately, was blamed for many of the failures to “connect the dots” before the Sept. 11 attacks, when the FBI and the intelligence agencies were barely sharing critical information.

The description of the Pentagon’s new cyberteams — which will be under the command of Gen. Keith B. Alexander of the Army, who directs the N.S.A. as well as the United States Cyber Command — was the most detailed yet of one of the military’s most closely held projects.

The administration recently conceded that it was developing cyberweapons. The best-known example is the covert effort called “Olympic Games,” which the Bush administration used against Iran’s nuclear program. The Obama administration accelerated the program, but suffered a major setback when a computer worm, later named Stuxnet, escaped from the Natanz nuclear enrichment plant in Iran and replicated itself on the Web, where the Iranians and others could download the code that was developed by the N.S.A. and Israel’s Unit 8200, the equivalent of the N.S.A.

Future operations run by Cyber Command, Mr. Carter suggested, would be focused on the teams. “The teams are new, and they are in addition to the N.S.A. work force,” he said. While they may ultimately be modeled on Special Operations, which provide fighting expertise to supplement traditional forces, for now the cyberforce will be drawn from members of the military services.

The cyberforces are inexpensive, Mr. Carter argued. But their very existence, which General Alexander alluded to in Congressional testimony this year, is bound to be cited by other nations that are justifying the creation of their own cyberunits. The People’s Liberation Army in China has a major effort under way; its Unit 61398 has been accused of stealing corporate secrets and intellectual property from American companies, as well as planning for potential attacks on American infrastructure. Iran has created its own cybercorps, which has been blamed for attacks on Saudi Aramco, a major oil producer, and American banks.

Twenty-seven of the 40 new teams will focus on cyberdefenses, General Alexander has said. Thirteen will be directed toward the creation of new cyberweapons. Included among the documents that Mr. Snowden made public was a presidential directive, signed by Mr. Obama last fall, providing guidelines for conducting both defensive and offensive operations. It reserves to the president the decision about whether to conduct cyberattacks.