Posts

This Government Agency’s Cover-Up May Have Hindered US Cybersecurity

/0 Comments/in , /by

The Chinese government may have hacked into computers at the Federal Deposit Insurance Corporation on multiple occasions between 2010 and 2013, according to a congressional report.

The report describes various instances of in which current or former FDIC employees inadvertently downloaded sensitive data to portable storage devices, which were later removed from the office. Rep. Lamar Smith, R-Texas, chairman of the U.S. House Science, Space, and Technology Committee, described the FDIC’s cybersecurity efforts as “lax” and asserted that “major improvements need to be made to the FDIC’s cybersecurity mechanism.”

The interim report was issued last Wednesday by the Republican majority of the U.S. House Science, Space, and Technology Committee.

However, the report’s most serious accusation addresses the organization’s handling of the hacks. According to the report, the FDIC not only failed to report major hacks, but also actively worked to “evade congressional oversight” during the congressional investigation.

The FDIC’s attempts to avoid congressional oversight included the organization’s top lawyer instructing employees not to discuss the hacks via email. The FDIC’s chief information officer at the time, Russ Pittman, also called on employees not to discuss the hack. The FDIC’s efforts were apparently an effort not to jeopardize current Chairman Martin Gruenberg’s impending congressional confirmation in 2012.

According to a source close to the investigation, the servers that were targeted indicate the hackers were seeking “economic intelligence.” These accusations follow the hacking of the Office of Personnel Management last year, which saw Chinese hackers obtain the personal records of 22 million current and former government employees.

In September 2015, the United States and China agreed not to engage in corporate cyber espionage and established a joint dialogue to discuss cybercrime. A report by FireEye cybersecurity firm indicated a decrease in Chinese cyber corporate espionage hacking since mid-2014. However, the report also claims Chinese cyberattacks were becoming much more targeted and aimed at specific infrastructure.

The FDIC’s concealment of major data hacks between 2010 and 2013 is worrisome and highlights a continued detriment to U.S. cybersecurity. Cyberspace is incredibly dynamic and the sharing of information is critical in combating cyberattacks. The FDIC’s failure to notify Congress at the time of these major data breaches may have left other agencies vulnerable to similar Chinese cyber espionage attempts. (For more from the author of “This Government Agency’s Cover-Up May Have Hindered US Cybersecurity” please click HERE)

Follow Joe Miller on Twitter HERE and Facebook HERE.

Obama Hopes ‘Climate of Fear’ Will Boost Cyber Security Push

/2 Comments/in , /by

President Obama is banking that a spate of high-profile hacks at major American companies will help his new cybersecurity standards succeed where others failed.

The president called Monday for separate bills that would require companies to notify customers within 30 days if their personal information had been compromised and prohibit the selling of student data to third parties for non-education purposes.

But for Obama to leverage the panic over data breaches at Sony Pictures Entertainment, Target and Home Depot, he’ll have to navigate between governmental and business bureaucracies and find a solution amenable to both sides.

As the president laid out his recommendations, the extent of the cyber problem was made even clearer, when hackers tied to the Islamic State of Iraq and Syria took over the U.S. Central Command Twitter feed.

The broader challenge for the White House now is determining how to address concerns among private companies about the extent of information they would have to turn over to the federal government in warding off cyber attacks. And government agencies already under fire for cyber snooping would also have to consent to sharing a greater level of data with private businesses, a development that makes some in the intelligence community uneasy. (Read more about Obama’s cyber security push HERE)

Follow Joe Miller on Twitter HERE and Facebook HERE.

Controversial CISPA Passed in Congress

/0 Comments/in , /by

Photo Credit: Facebook

The Cyber Intelligence Sharing and Protection Act (CISPA) passed the House of Representatives on Friday and will now head to the upper Senate for further deliberation. This has happened before, but opponents of the controversial CISPA state that it poses a major threat to Fourth Amendment rights. After two days of debate and discussion, the bill was passed 288-127 in favor. Seventeen members of the House abstained from voting.

Proponents of the bill believe it will allow the U.S. government to stop cyber-attacks in their tracks. The bill will also amend the National Security Act. This change would allow U.S. intelligence services to give classified data to those who do not have clearance.

CISPA will allow companies like Facebook, Twitter, Google, and other private sector technology or telecoms companies, including your cell phone service provider, to search personal and sensitive data of average U.S. residents to identify “threat information”.

Read more from this story HERE.

US Plan Calls For More Scanning Of Private Web Traffic, Email (+video)

/0 Comments/in , /by

Photo Credit: YouTube

The U.S. government is expanding a cyber security program that scans Internet traffic headed into and out of defense contractors to include far more of the country’s private, civilian-run infrastructure.

As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks.

Under last month’s White House executive order on cyber security, the scans will be driven by classified information provided by U.S. intelligence agencies — including data from the National Security Agency (NSA) — on new or especially serious espionage threats and other hacking attempts. U.S. spy chiefs said on March 12 that cyber attacks have supplanted terrorism as the top threat to the country.

The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.

DHS as the middleman
By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency’s eavesdropping.

Watch video here:

Read more from this story HERE.

Report: $91 Million Spent On Secret NSA Tests Probing Domestic Computer Systems

/6 Comments/in , /by

The National Security Agency is conducting secret tests on the computer systems of U.S. private sector entities, including public utilities, a CNET report revealed this week.

The secret program, dubbed Perfect Citizen, is part of an effort by the government to improve security systems in the private sector and test offensive operations against enemies’ computer systems.

Targets reportedly include power grids and gas pipelines. The NSA’s operation reportedly probes their computer systems for vulnerabilities as part of a larger cybersecurity and cyberwarfare initiative.

Details about the program were revealed through documents obtained by a Freedom of Information Act request by the Electronic Privacy Information Center (EPIC), a Washington, D.C.-based research nonprofit.

Of the 190 pages obtained by EPIC about the program, 98 were heavily redacted for a number of reasons, including portions labeled “classified top secret.”

Read more from this story HERE.