Listen to the interview in Arabic.

The post Citizen Lab Senior Researcher Helmi Noman interviewed on France24 Arabic appeared first on The Citizen Lab.

The Portal shows statistics of the early warning system of Deutsche Telekom. The corresponding sensors are operated from Deutsche Telekom and Partners.

See here.

The post Second-by-second track of ongoing cyberattacks and their origins appeared first on The Citizen Lab.

America’s generals and spymasters have decided they can secure a better future in cyberspace through, what else, covert warfare, preemptive attacks, and clandestine intelligence. Our rivals are indeed seeking to harm U.S. interests and it is perfectly within the president’s purview to use these tools in response. Yet this is an unwise policy that will ultimately backfire. The undoubted, immediate national security advantages will be at the expense of America’s longer-term goals in cyberspace.

The latest headlines on covert and preemptive cyberplans highlight just the latest phase of a cyber “cult of offense” dating back to the 1990s. Unclassified details are scarce, but the Atlantic Council’s study of cyber history reveals covert plans, apparently never acted upon, to drain the bank accounts of Slobodan Milosevic and Saddam Hussein. More recent press accounts detail cyber assaults on terrorist networks (including one that backfired onto U.S. servers) and Stuxnet, which destroyed Iranian centrifuges. American spy chiefs say U.S. cyber capabilities are so prolific that this is the “golden age” of espionage, apparently including the Flame and Duqu malware against Iran and Gauss, which sought financial information (perhaps also about Iran) in Lebanese computers.

Offensive cyber capabilities do belong in the U.S. military arsenal. But the continuing obsession with covert, preemptive, and clandestine offensive cyber capabilities not only reduces resources dedicated for defense but overtakes other priorities as well.

For the full article, see here.

The post Obama’s cyberwarfare strategy will backfire appeared first on The Citizen Lab.

When the Pentagon launched its much-anticipated “Strategy for Operating in Cyberspace” in July 2011, it appeared the US military was interested only in protecting its own computer networks, not in attacking anyone else’s. “The thrust of the strategy is defensive,” declared Deputy Secretary of Defense William Lynn. The Pentagon would not favor the use of cyberspace “for hostile purposes.” Cyber war was a distant thought. “Establishing robust cyber defenses,” Lynn said, “no more militarizes cyberspace than having a navy militarizes the ocean.”

That was then. Much of the cyber talk around the Pentagon these days is about offensive operations. It is no longer enough for cyber troops to be deployed along network perimeters, desperately trying to block the constant attempts by adversaries to penetrate front lines. The US military’s geek warriors are now prepared to go on the attack, armed with potent cyberweapons that can break into enemy computers with pinpoint precision.

The new emphasis is evident in a program launched in October 2012 by the Defense Advanced Research Projects Agency (DARPA), the Pentagon’s experimental research arm. DARPA funding enabled the invention of the Internet, stealth aircraft, GPS, and voice-recognition software, and the new program, dubbed Plan X, is equally ambitious. DARPA managers said the Plan X goal was “to create revolutionary technologies for understanding, planning, and managing cyberwarfare.” The US Air Force was also signaling its readiness to go into cyber attack mode, announcing in August that it was looking for ideas on how “to destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage.”

For the full article, see here.

The post First strike: US cyber warriors seize the offensive appeared first on The Citizen Lab.

Major U.S. banks have turned to the National Security Agency for help protecting their computer systems after a barrage of assaults that have disrupted their Web sites, according to industry officials.

The attacks on the sites, which started about a year ago but intensified in September, have grown increasingly sophisticated, officials said. The NSA, the world’s largest electronic spying agency, has been asked to provide technical assistance to help banks further assess their systems and to better understand the attackers’ tactics.

For the full article, see here.

The post Banks seek NSA help amid attacks on their computer systems appeared first on The Citizen Lab.

The top threats in emerging technology areas include “drive-by exploits,” which is the injection of malicious code to exploit Web browser vulnerabilities, said the European Union’s cyber security agency in a report issued Tuesday.

The European Network and Information Security Agency’s ENISA Threat Landscape report summarizes 120 reports from 2011 and 2012 that were collected by the agency.

Other top threats described in the report include:

Worms and Trojans, which are malicious programs that can replicate and redistribute themselves by exploiting their target system’s vulnerabilities.

For the full article, see here.

The post E.U. cyber security agency lists top emerging technology threats appeared first on The Citizen Lab.

Even as anxiety about jihadi terrorist threats has eased, thanks to the efforts of intelligence agencies and drone attacks’ disruption of the militants’ sanctuaries, fears over Western societies’ vulnerability to cyber-assaults have grown. Political and military leaders miss no chance to declare that cyberwar is already upon us. America’s defence secretary, Leon Panetta, talks of a “cyber-Pearl Harbour”. A senior official says privately that a cyber-attack on America that “would make 9/11 look like a tea party” is only a matter of time.

The nightmares are of mouseclicks exploding fuel refineries, frying power grids or blinding air-traffic controllers. The reality is already of countless anonymous attacks on governments and businesses. These seek to disrupt out of malice, or to steal swathes of valuable commercial or security-related data. Some experts believe that such thefts have cost hundreds of billions of dollars in stolen R&D.

Many of these attacks are purely criminal. But the most sophisticated are more often the work of states, carried out either directly or by proxies. Attribution—detecting an enemy’s fingerprints on a cyber-attack—is still tricky, so officials are reluctant to point the finger of blame publicly. But China is by far the most active transgressor. It employs thousands of gifted software engineers who systematically target technically advanced Fortune 100 companies. The other biggest offenders are Russia and, recently, Iran (the suspected source of the Shamoon virus that crippled thousands of computers at Saudi Arabia’s Aramco and Qatar’s RasGas in August).

For the full article, see here.

The post Cyber-warfare: Hype and fear appeared first on The Citizen Lab.

The Organization for Security and Cooperation in Europe decided in 2011 to take on cyber security as one of its missions. The reality of threats in cyber space for the OSCE has become even more real now that their internal network has been breached in early November, 2012 by an unknown person or persons and the stolen files uploaded to Par-AnoIA.net. There has been no public acknowledgment from the OSCE that they have even had a breach. Frane Maroevic, Deputy Head of Press and Information for the OSCE told me in an email that “We condemn any illegal publication of confidential documents and will not comment on any such material.”

The documents that Anonymous have posted are clearly genuine although it isn’t known how they were obtained nor has anyone claimed responsibility for the attack. In addition to election monitoring reports and briefing books for Ukraine, Bosnia and the United States, there are internal RESTRICTED documents as well as emails and contact lists whose contents could be leveraged by bad actors to target members of OSCE and others with spear phishing or other types of targeted attacks.

Several of the documents referred to the “Informal Working Group Established Pursuant to PC Decision 1039″ along with a list of its members. The purpose of this group is to establish “a breakthrough on Confidence Building Measures (CBM) designed to enhance cyber security. Our goal must be to maintain the momentum so as to outline a set of Confidence Building Measures in time for adoption at the Ministerial Council in Dublin.” I asked Mr. Maroevic if he saw the value in demonstrating such CBMs right now in the face of their own breach. As of the time of this posting there’s been no response from Mr. Maroevic.

For the full article, see here.

The post OSCE breached; internal documents posted by Anonymous appeared first on The Citizen Lab.

FBI officials quietly approached executives at Coca-Cola Co. (KO) on March 15, 2009, with some startling news.

Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time.

Coca-Cola, the world’s largest soft-drink maker, has never publicly disclosed the loss of the Huiyuan information, despite its potential effect on the deal. It is just one in a global barrage of corporate computer attacks kept secret from shareholders, regulators, employees — and in some cases even from senior executives.

When hackers last year waged a large-scale attack on BG Group Plc (BG/), raiding troves of sensitive data, the British energy company never made it public. Luxembourg-based steel maker ArcelorMittal (MT) also kept mum when intruders targeted, among others, its executive overseeing China. As did Chesapeake Energy Corp. (CHK), after cyber attackers made off with files from its investment banking firm about natural gas leases that were up for sale.

For the full article, see here.

The post Coke gets hacked and doesn’t tell anyone appeared first on The Citizen Lab.

Delivering what Defense Department officials termed a major policy speech outlining an aggressive new agenda to prevent cyber attacks, Defense Secretary Leon Panetta described the U.S. as in a “pre-9/11 moment” in need of immediate action as he spoke to an audience of veterans and business executives here at the Intrepid Sea, Air and Space Museum.

The U.S. was sending a clear message to cyber attackers that it would not only find them, but respond with action as needed, Panetta said, outlining advances in cyber forensics and capabilities at an awards dinner hosted by Business Executives for National Security.

“Our cyber adversaries will be far less likely to hit us if they know that we will be able to link them to the attack,” he said.

Panetta described several recent attacks against energy companies in Qatar and Saudi Arabia, Ras Gas and Saudi Aramco, respectively. Both attacks were based on a variant of the “Shamoon” virus, and the attack on Saudi Aramco disabled 30,000 computers. Although the attacks have been reported in the media, the DoD had not formally acknowledged them. Senior defense officials said the agency has determined the source of the attacks but would not disclose the details.

“These attacks mark a significant escalation of the cyber threat, and they have renewed concerns about still more destructive scenarios that could unfold,” Panetta said. “For example, we know that foreign cyber actors are probing America’s critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation throughout this country.”

For the full article, see here.

The post Panetta lays out new cyber policy appeared first on The Citizen Lab.