Defend Our Freedoms from the Absense of Privacy
Defend Our Freedoms From the Absense of Privacy

All at sea: global shipping fleet exposed to hacking threat





http://www.reuters.com/article/2014/04/24/us-cybersecurity-shipping-idUSBREA3M20820140424
All at sea: global shipping fleet exposed to hacking threat

Excerpt:

Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices, or fake the data so it looks like they're somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs and deleted the records.

(snip)

Qualifications for President and the “Natural Born” Citizenship Eligibility Requirement

Qualifications for President and the “Natural Born” Citizenship Eligibility Requirement

Two Alleged Members of Anonymous Cambodia Arrested



http://news.softpedia.com/news/Two-Alleged-Members-of-Anonymous-Cambodia-Arrested-438945.shtml

Two Alleged Members of Anonymous Cambodia Arrested



A couple of 21-year-old students believed to be members of Anonymous Cambodia have been arrested. Local authorities collaborated with the FBI on the investigation. 

According to The Phnom Penh Post, the suspects are students at a private university, the SETEC Institute in Phnom Penh. They’ve been charged with computer hacking and they face up to two years in prison.

Bun King Mongkolpanha, aka “Black Cyber” or “Machine,” and Chu Songheng, aka “Zoro,” were arrested on April 7. They’re currently in prison awaiting trial. Authorities have been targeting them for eight months before obtaining a warrant for their arrest.

(snip)

Read full coverage by @EduardKovacs

About OpCambodia:

http://news.softpedia.com/newsTag/OpCambodia

Biden to Ukraine: 'You will not walk this road alone'



http://www.cnn.com/2014/04/22/world/europe/ukraine-crisis/
Biden to Ukraine: 'You will not walk this road alone'



As the crisis in Ukraine shows no signs of easing, U.S. Vice President Joe Biden promised support for Ukraine and stressed that the United States won't recognize Russia's annexation of Crimea.

"Ukraine is and must remain one country," he said in Kiev on Tuesday at a news conference with Prime Minister Arseniy Yatsenyuk. Biden also met with acting President Oleksandr Turchynov and lawmakers during his trip to Ukraine.

"No nation has the right to simply grab land from another nation," Biden said. "We will never recognize Russia's illegal occupation of Crimea."

Biden called on Russia to "stop supporting men hiding behind masks and unmarked uniforms sowing unrest in eastern Ukraine." He warned of additional sanctions if such "provocative behavior" does not end.

(snip)

Read Full coverage on CNN.com




I want to see a  Combined Ticket: Joe Biden for President, Chris Christie for Vice President.

In 1864, in the interest of fostering national unity, Abraham Lincoln from the Republican Party and Andrew Johnson from the Democratic Party, were co-endorsed and ran together for President and Vice-President as candidates of the National Union Party. 

Show the parties how to work together from the top down! 

NullCrew Hackers Target UVa, the State of Indiana, National Credit Union and Others


http://news.softpedia.com/news/NullCrew-Hackers-Target-UVa-the-State-of-Indiana-National-Credit-Union-and-Others-438584.shtml
NullCrew Hackers Target UVa, the State of Indiana, National Credit Union and Others


Excerpt:

On Easter Sunday, hackers of the
NullCrew collective announced breaching the systems of nine organizations. The list of targets is comprised of the University of Virginia, Spokeo, Telco Systems, National Credit Union, the Science and Technology Center of Ukraine (STCU), the International Civil Aviation Organization, the State of Indiana and ArmA2.

Earlier this month, the hackers also attacked Klas Telecom, a government contractor which admitted that its
legacy helpdesk system was breached and that NullCrew gained access to some old customer data.

(snip)

Read 
full coverage by @EduardKovacs

Under The Net



Ever wonder what the underNet looks like and where it is?  The underNet connects through peer connections rather than commercial servers.  Most items on the underNet are on people's personal computers that are mark to share.

This is a look at the type of content seen via the new search engine :

(Also, notice SilkRoad is back)


 








Definitions:

Fullz:
Fullz is a slang term used by hackers meaning full packages of individuals' identifying information. "Fullz" usually contain an individual's name, Social Security number, birth date, account numbers and other data. Fullz are sold to identity thieves, who use them in credit fraud schemes.

Dox:
Doxing or Doxxing is the act of identifying a person from one small bit of information such as an email address. The "Doxer" uses this email address to find out phone numbers, address, real name etc of the target.

TOR:
Tor aka The Onion Router, is free software for enabling online anonymity and censorship resistance. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.

Happy Easter!

Brian Krebs on Cybersecurity, Crime, Identity Theft - Russia and Target Corp.

http://money.cnn.com/video/technology/2014/04/17/n-brian-krebs-cyber-security-crime-identity-theft-russia-target.cnnmoney/index.html

 

 

Heartbleed affects everyone on the Internet - Norton by Symantec



You’ve likely heard of Heartbleed over the past week. We wanted to share a bit about what it is, steps we have taken to protect our customers and steps you can take to protect yourself across the Web.

Some versions of Norton AntiVirus, Norton Internet Security and Norton 360 were impacted. On April 10th, we distributed updates to these impacted products to stop and block Heartbleed. Norton Accounts used to sign into Norton.com were not impacted. Please refer to our FAQ for more information on how we’re defending against this vulnerability.

Why Heartbleed affects everyone on the Internet

Heartbleed is a bug in some versions of OpenSSL, a set of software tools used widely across the Web for security. This bug may reveal your name, passwords and other private information.

If you visited a website that uses a vulnerable version of OpenSSL during the last two years, your personal information may be compromised. You can use this tool: http://safeweb.norton.com/heartbleed to check if a particular website is currently impacted.

How to protect yourself

Due of the complex nature of this vulnerability, changing your passwords before sites update their version of OpenSSL won’t fully protect you. Here are some simple steps you can take as a precaution:

Change your passwords on any website that contains sensitive information about you. You should first confirm that the site does not contain the Heartbleed vulnerability by using this tool.
If you’ve reused passwords on multiple sites, it’s especially important to change them. To change your Norton Account password, visit manage.norton.com and click Account Information.
Beware of phishing emails and type website addresses directly in your browser instead of clicking on a link through an email.
Monitor your bank and credit card accounts for unusual activity.

It may take an extended period of time for all the sites affected by Heartbleed to fix this vulnerability. To determine if a website is vulnerable to Heartbleed using this tool. We recommend you only exchange personal or sensitive information such as your credit card number if the site is not affected by Heartbleed.

You can learn more about Heartbleed and its impact to consumers by checking out our FAQ or by following the Norton Protection Blog.

Stay Safe Online

Norton

Subcommittee Field Hearing: Protecting Your Personal Data: How Law Enforcement Works With the Private Sector to Prevent Cybercrime




http://docs.house.gov/meetings/HM/HM08/20140416/102141/HHRG-113-HM08-Wstate-RhoadesM-20140416.pdf


 

Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies | Paul Peck Alumni Center, Drexel University, 3142 Market Street Philadelphia , Pennsylvania 19104 | Apr 16, 2014 10:00am

Chairman Meehan, Ranking Member Clarke, members of the Committee: thank you for inviting me to appear today to discuss how the public and private sectors can work together to increase cybersecurity. Currently, I serve as the Director of the Cyberspace and Security Program at the Truman National Security Project and Center for National Policy.

Chairman Meehan, Ranking Member Clarke, members of the Committee: thank you for inviting me to appear today to discuss how the public and private sectors can work together to increase cybersecurity.

Currently, I serve as the Director of the Cyberspace and Security Program at the Truman National Security Project and Center for National Policy. Together, these two organizations represent more than thirteen hundred members with an expertise in numerous security issues--including cybersecurity--and a dedication to forging strong, smart, and principled national security policy for America.

The rapid development of information networks over the past thirty years has allowed individuals and nations to grow and prosper. Today, our small businesses are global enterprises--reaching markets and customers on the other side of the world with the click of a mouse. The Internet invigorates economic progress and helps people rise out of a cycle of poverty in the developing world.

These tools also enable the expansion of America's mutually supportive ideals: human rights, freedom, and opportunity. Using the Internet, democracy activists in nations ruled by oppressive regimes can organize to petition for their fundamental rights; vulnerable populations in conflict-ravaged areas can show the world the brutality of their own governments; and individuals can seek out new ideas to challenge their own beliefs.

New technologies are providing hope to millions by creating the conditions for innovation and human prosperity to flourish. Unfortunately, they are also being exploited by a variety of actors to further nefarious national, criminal, and ideological objectives.

Hacktivists -- or online demonstrators -- use information networks to target opponents and draw attention to a political cause. Terrorists use information networks to spread their propaganda and recruit others to help commit acts of violence. Criminal organizations use the Internet to steal from individuals and organizations all over the world and turn another's loss into their financial gain. Finally, nation states leverage these capabilities to spy on, steal from, and potentially attack their adversaries.

Frequently, these groups -- hacktivists, terrorists, criminal organizations, and nation states--also overlap, working together towards complimentary interests while utilizing the inherent anonymity of cyberspace to make attribution even more difficult.

With each new day, the number of actors with access to these tools increases and, as a result, so does the number of potential victims. Roughly 90% of the world's data has been generated in the last two years. n1 As more information is generated, confidentiality and privacy grow more vulnerable. Governments are losing once closely-held state secrets; companies are finding their intellectual property suddenly in the hands of competitors on the other side of the world; and individuals are losing control over their private information.

According to Symantec's "Internet Security Threat Report 2014," the number of breaches increased by 62% in 2013 with a total of over 552 million identities compromised. n2 Additionally, targeted attacks grew by 91% and are increasingly aimed at small businesses.

And as we are all aware, the recent, highly-publicized breach at Target--the second largest retailer in the United States--compromised personal information on 70 million customers by using software that may have cost less than $2,500 at an online marketplace. n4 Today, cyber criminals can use relatively easy-to-find software to make outsized gains.

The Target example shows that even the largest companies with vast resources are vulnerable. Frequently, they are unaware that a breach has even occurred. One security provider recently announced that in 2013 the median number of days attackers were present in a network prior to discovery was 229 days. That is actually 14 days less than the 2012 median.

In short, today's technologies provide an unprecedented opportunity for humans to reach their full potential while simultaneously increasing individual and collective security risks.

These are facts that the members of this Committee know well, and they are broader than the scope of this hearing. But they are worth mentioning in this context because in cyberspace, the difference between espionage, crime, and attack can be as simple as intent, or just a few keystrokes.

Gaining and maintaining access to a network are the most difficult phases of a cyber incident. Adversaries spend a great amount of time, energy, and resources to seek out and secure vulnerabilities that provide access. But once they are in the network, whether they spy, steal, or destroy is a matter of choice.

Furthermore, criminals are developing new tools that are more sophisticated and more intuitive than previous generations, and then selling them in online marketplaces. This reality is lowering the barriers to network entry and giving more malicious actors the capability to threaten critical systems, in both the private and public sectors.

Cyber crime, therefore, is linked to national security and the protection of private information. All of the actors using cyberspace for illegitimate means need vulnerabilities to exploit, and no single entity--whether government or business--can secure a domain that extends beyond traditional geographic boundaries. In cyberspace, one weak link can compromise the security of the entire system. Cybersecurity is a shared responsibility.

To ensure our Nation is safe, the government must coordinate the protection of our country's most critical assets against sophisticated, destructive attacks while law enforcement agencies impose the criminal laws of the United States in the cyber domain. Through the development of new tools and the continued maturation of the National Cybersecurity and Communications Integration Center (NCCIC), the Department of Homeland Security (DHS) is addressing this responsibility.

But more can be done. For example, the effectiveness of the NCCIC is directly tied to the level of participation by other Federal Agencies. Yet, those agencies are not currently required to share information with DHS. If we are going to task DHS with the responsibility for leading the protection of federal civilian agencies, then we must give them the authorities required to be successful.

Governments must also find ways to cooperate with one another on investigations. Cyber crimes are often intentionally routed through multiple countries, particularly those who provide sanctuaries against international investigations. When an investigation leads to a new jurisdiction, the investigators are suddenly at the mercy of another government. More must be done in the international arena to build the capacity of nations that do not want to be criminal sanctuaries and to discourage others that are complicit in criminal activities originating in their territory.

Private companies must do their part as well. Most of this country's critical infrastructure is privately owned and operated, but market forces alone have yet to incentivize broad scale use of cyber risk management strategies. Many companies are working to protect their networks, but too many are not doing enough. And in sectors where there is no choice in the consumer market--where a public good is being provided by a private actor--the government should play a larger role in ensuring the security of critical networks.

Additionally, many companies are collecting, storing, and analyzing information on U.S. citizens. This information deciphers everything from our travel habits to our personal interests. Securing our most important networks and protecting our personal information requires the private sector to take better responsibility for their own security.

Finally, individuals have to take responsibility for our online behavior as well. Although there are sophisticated hackers at work, most compromises take advantage of existing vulnerabilities that have not been patched but could have been. The more hardened a target becomes, the more likely a hacker will look for a less secure, peripheral target as a means to get in. This is likely the reason that targeted attacks are increasingly focused on small businesses. We must contribute to a culture of security that is respectful of the rights of others, while contributing to the security of the whole system.

Universities across the country, including Drexel University here in Philadelphia, are developing educational programs to ensure the next generation is prepared to combat cybersecurity threats. These are important initiatives that warrant support. However, it will take a generation for them to fully bear fruit. More also needs to be done to make today's users aware of the risks associated with their online behavior.

Getting this model of collaborative security correct is dependent upon trust. Governments and private entities must work together to mitigate threats. Both, however, are collecting vast quantities of information on individuals. The more information they store in their databases, the more attractive those databases become to criminals. What they share and how they share has serious privacy and civil liberties consequences for individual consumers.

While information sharing programs do not offer a cybersecurity panacea, they can contribute to collective security by creating a fuller picture of the threat landscape. That said, there is a right way to share information and a wrong way to share information. All irrelevant personally identifiable information should be removed before the information is given to the federal government or another private actor. Information coming into the federal government should have previously defined acceptable uses and be given to a civilian agency. And those who participate in the program and exhibit negligent behavior should be held responsible. Getting this right matters: the way we build our domestic programs will have privacy and civil liberties consequences for Americans and for human rights activists and dissidents overseas.

The reality is that given enough time, resources, sophistication, and motivation, an attacker will gain access to a network. And as people become more dependent upon technology, the opportunities for crime, espionage, and physical disruption will only increase. But with collaboration built upon trust, I believe we can reduce our vulnerabilities. By implementing commonly held best practices, we can protect the great majority of our networks, secure our personal information, and allow our security agencies to focus on preventing sophisticated attacks against our most critical networks. And, in the end, we can more fully realize the potential of new technologies to expand freedom and opportunity at home and abroad.

Thank you for the opportunity to join you today, I look forward to answering any of your questions.

Any contributions welcomed and needed

Excellent Quote

Protecting a person’s privacy is also as critical to one’s safety, dignity and identity as is protecting a person’s property. With no privacy, one is de-humanized like an animal in a zoo and much more susceptible to the control of others. Scott Cleland, 01/24/2013

President Obama, Defender of Privacy!

Try the MP3 Cloud Player

Category Archives

Tag Cloud

Subscribe