Entries in Cyber-Attack (6)


FBI Raises Concerns About Cyber Attacks from China and Russia

Hemera/Thinkstock(WASHINGTON) -- Threats from cyber-espionage, computer crime, and attacks on critical infrastructure will surpass terrorism as the number-one threat facing the United States, FBI Director Robert Mueller testified Tuesday.

Mueller and National Intelligence Director James Clapper, addressing the annual Worldwide Threat hearing before the Senate Select Committee on Intelligence, cited their concerns about cyber-security and noted that China and Russia run robust intrusion operations against key U.S. industries and the government.

“I do not think today it is necessarily [the] number-one threat, but it will be tomorrow,” Mueller said. “Counterterrorism — stopping terrorist attacks — with the FBI is the present number-one priority. But down the road, the cyberthreat, which cuts across all [FBI] programs, will be the number-one threat to the country.”

A report released in November by the National Counterintelligence Executive singled out Russia and China for their aggressive efforts to steal American intellectual property, trade secrets and national security information.

“The cyberthreat is one of the most challenging ones we face,” Clapper said. “Among state actors, we’re particularly concerned about entities within China and Russia conducting intrusions into U.S. computer networks and stealing U.S. data.  And the growing role that non-state actors are playing in cyberspace is a great example of the easy access to potentially disruptive and even lethal technology and know-how by such groups.”

“We foresee a cyber-environment in which emerging technologies are developed and implemented before security responses can be put in place,” Clapper said. U.S. officials estimate that there are 60,000 new malicious computer programs identified each day.

Last week the computer security firm Symantec released a report on a Trojan horse program dubbed “Sykipot,” which researchers say was traced to computer servers in China and was allegedly targeting firms in the defense industry.

“The Sykipot attackers have a long running history of attacks against multiple industries. Based on these insights, the attackers are familiar with the Chinese language and are using computer resources in China. They are clearly a group of attackers who are constantly modifying their creation to utilize new vulnerabilities and to evade security products and we expect that they will continue their attacks in the future,” Symantec noted in a blog posting.

In the next month, Congress is expected to take up debate about pending cyber-security legislation that could possibly give the Department of Homeland Security new authorities to protect critical computer networks. Senators on the Hill Tuesday questioned the panel about why they have not done more to move forward on the issue.

“I can tell you that we are exceptionally concerned about that threat,” Mueller said, citing the establishment of the National Cyber Investigative Joint Task Force that brings together the 18 intelligence agencies to work on various cyber threats.

“In the same way we changed to address terrorism, we have to change to address cybercrime.” Mueller said. “And so we have to build up the collective addressing of that threat in the same way that we did so and broke down the walls in the wake of September 11th .”

Copyright 2012 ABC News Radio


Son of Stuxnet? Researchers Warn of Impending Cyber Attack

Jupiterimages/Thinkstock(MOUNTAINVIEW, Calif.) -- A new computer virus using "nearly identical" parts of the cyber superweapon Stuxnet has been detected on computer systems in Europe and is believed to be a precursor to a new Stuxnet-like attack, a major U.S.-based cyber security company said Tuesday.

Stuxnet was a highly sophisticated computer worm that was discovered last year and was thought to have successfully targeted and disrupted systems at a nuclear enrichment plant in Iran. At the time, U.S. officials said the worm's unprecedented complexity and potential ability to physically sabotage industrial control systems -- which run everything from water plants to the power grid in the U.S. and in many countries around the world -- marked a new era in cyber warfare.

Though no group claimed responsibility for the Stuxnet worm, several cyber security experts have said it is likely a nation-state created it and that the U.S. and Israel were on a short list of possible culprits.

Whoever it was, the same group may be at it again, researchers said, as the authors of the new virus apparently had access to original Stuxnet code that was never made public.

The new threat, discovered by the Europe-based research lab dubbed "Duqu," is not designed to physically affect industrial systems like Stuxnet was, but apparently is only used to gather information on potential targets that could be helpful in a future cyber attack, cyber security giant Symantec said in a report Tuesday.

"Duqu shares a great deal of code with Stuxnet; however, the payload is completely different," Symantec said in a blog post.

Duqu is designed to record key strokes and gather other system information at companies in the industrial control system field and then send that information back to whomever planted the bug, Symantec said.

If successful, the information gleaned from those companies through Duqu could be used in a future attack on any industrial control system in the world where the companies' products are used -- from a power plant in Europe to an oil rig in the Gulf of Mexico.

"Right now it's in the reconnaissance stage, you could say," Symantec senior director for Security Technology and Response, Gerry Egan, told ABC News. "[But] there's a clear indication an attack is being planned."

Duqu is also not designed to spread on its own, so researchers believe its targets were the computer systems it had already infiltrated, Egan said.

The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team issued an alert Tuesday to "critical infrastructure owners and operators" on Duqu, urging them to take steps to secure their systems.

"The extent of the threat posed by [Duqu] is currently being evaluated," the alert says.

Another cyber security company, F-Secure Security Labs, also examined Duqu and said on its website that parts of its code were so similar to Stuxnet that its virus-detection system believed it was dealing with the same virus over again.

A representative for Symantec said they were made aware of the new threat after the unnamed European research lab forwarded them a sample of the code along with their analysis comparing it with Stuxnet, which Symantec then confirmed. McAfee Labs, another cyber security power player, said they too had been given a sample of the Duqu code for analysis.

"One thing for sure is the Stuxnet team is still active..." McAfee said on its website.

Copyright 2011 ABC News Radio


Iran to U.S., Israel: Bring On the Cyber War

Comstock/Thinkstock(TEHRAN) -- Iran is ready to take on the U.S. and Israel in any online skirmish using their "undeniable" cyber warfare capabilities, a member of the Iranian parliament's National Security and Foreign Policy Committee said Monday.

Avaz Heidarpour said that should American or Israeli cyber spies attempt to wage an online campaign against Iran, the country's state and intelligence agencies would combat any operations with their own "very strong" defense capabilities, according to Iran's state news agency.

Heidarpour's remarks came a day after Britain's The Sunday Times reported Israel has set up a military cyber command charged with developing attacks against Iran. The command operates under a military intelligence designation, reports directly to Israeli Prime Minister Benjamin Netanyahu and has already conducted "soft" espionage missions against Iranian social networking sites, the report says.

"Israel must turn into a global cyber superpower," Netanyahu told a meeting of cyber warfare experts, according to reports.

Israel's intelligence agency, Mossad, and the U.S.'s CIA have already been implicated in at least one major cyber operation against Iran: the Stuxnet worm that reportedly damaged an Iranian nuclear facility in 2010. Shortly after the worm's discovery, The New York Times reported it had been developed in a joint U.S.-Israeli intelligence operation. The German publication Der Spiegel said Monday that Israeli sources doubt the U.S. played a significant role in the Stuxnet program.

Neither U.S. nor Israeli officials publicly took credit for the cyber attack, but it was reportedly referenced in a video montage of "accomplishments" by an outgoing Israeli general, and several cyber security experts -- including American government officials -- put the U.S. and Israel on a short list of countries with the means and motivation to carry out such an attack.

It is not the first time Iranian officials have taken a vocal, defensive position against perceived Western cyber threats.

In June, Iran's head of intelligence claimed the state was also capable of combating the U.S.'s so-called "internet in a suitcase" program which he said was designed to connect dissidents directly with the CIA in hopes of undermining the Iranian government.

"We had predicted these [U.S.] devised actions...and devised proper ways to combat them," Iranian Intelligence Minister Heidar Mosleshi said.

In addition to the reported secret cyber command, the Israeli military recently revealed it was dedicating resources to public "new media" operations online, run from the Israeli Defense Forces Spokespersons Unit.

"The tools are infinite. The question is not whether we should be there, but how we should be there," IDF New Media chief Lt. Sacha Dratwa said in a post on the IDF website. "Computers and keyboards are the weapons, Facebook and Twitter are the battlefields. It is there that we fight, each and every day."

Spokesmen for the Israeli military did not immediately respond to requests for comment for this report.

Copyright 2011 ABC News Radio


Security Firm Uncovers International Cyber Siege

Hemera Technologies/Thinkstock(NEW YORK) -- Major companies and organizations have been under a sustained international cyber attack for several years, according to a report released Wednesday by McAfee.

Investigators for the security firm say the intruders have been in operation for five years and targeted sensitive data from U.S. military, corporate, and other systems.

The cyber spying investigation dubbed "Operation Shady Rat" uncovered a number of groups under siege from the hacking effort, including the United Nations, natural gas companies, a Florida real estate company, the government of Taiwan, and International Olympic Committee.

McAfee officials say 49 of the 72 organizations affected by the cyber attack were based in the U.S.

“We’re facing a massive transfer of wealth in the form of intellectual property that is unprecedented in history,” said Dmitri Alperovitch, McAfee’s vice president of threat research. “Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators.”

Alperovitch also stirred speculation as to who might be responsible for the attack in saying McAfee believes one "state actor" was behind the intrusion because, "there is likely no commercial benefit to be earned from such hacks." Vanity Fair, which broke a story on the cyber siege, reports security experts the magazine consulted all pointed fingers at China.

McAfee says it became aware of the breach of security in March and released the 14-page report after working with the targeted organizations.

Copyright 2011 ABC News Radio


Police Nab Teen in England Believed to Be Behind LulzSec

Digital Vision/Thinkstock(LONDON) -- A teenager believed to be a main player behind the hacking group LulzSec has been arrested in England, according to Scotland Yard.

The 19-year-old, who has not been identified, was detained in Wickford, Essex after a joint operation by the FBI and Scotland Yard.  He is being held at a police station in London where he is being questioned.  No charges have yet been filed.

LulzSec has taken credit for cyber attacks on various websites, including ones belonging to Sony and the U.S. Senate.  Just last week, the group claimed responsibility for an electronic attack on the CIA's public website.

Copyright 2011 ABC News Radio


Canada Shuts off Internet Access After China-Based Cyber Attack

Photo Courtesy - Getty Images(OTTAWA, Canada) -- Officials in Canada have traced a cyber-attack on government servers to China-based computer servers, forcing several agencies to cut Internet access to protect secret files, reports the BBC.

Cyber-security agents say the hackers had gained access to secret data, specifically in a security breach of a civil agency of the national defense department.

The breach forced both the Treasury Board and the finance department to cut Internet access.

Officials in Beijing Thursday denied any involvement in the attacks, which were first discovered in January. Canadian officials are working to determine whether the attacks actually originated in China, or if they were routed though the country.

Copyright 2011 ABC News Radio

ABC News Radio