COMPUTER HACKING FORENSIC INVESTIGATORS
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide [...]
LICENSED PENETRATION TESTERS
Licensed penetration Testers design, secure and test networks to protect your organization from the threats hackers and crackers pose. They apply LPT methodology and ground breaking techniques for security and penetration testing, which helps you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure.
ETHICAL HACKERS
The definition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a Hacker. Hacking is a felony in the United [...]
Cyber hijackers pose threat to planes, vehicles
Posted by amiyabsb on September 9th, 2011
The horrific Sept. 11, 2001, terrorist attacks involved weaponized airliners that were hijacked using brutal, low-tech tactics. But the rapid advances in technology of the last 10 years may mean that tomorrow’s threats to planes and automobiles could come not from armed terrorists, but from stealthy hackers.
The connection between terrorist organizations and cybercriminals exists, say experts, not only in online underground marketplaces where hacking tools are sold, but also in areas of recruitment and training.
Some unfriendly countries are working on so-called cyber warfare programs, and there are also “al-Qaida cells that are acting as training centers for hackers,” said Alan Paller, director of research at the SANS Institute, an information-security training firm based in Bethesda, Md.
Those attackers will have more targets than ever, security firm McAfee noted in a report. The report cited the mobile-phone maker Ericsson’s estimate that by 2020, there will be roughly 50 billion devices connected to the Internet, including airport kiosks, industrial control systems and remote network-monitoring devices.
The perceived threat to these and other systems is rising.
Mounting evidence
Last week, the United States Department of Homeland Security (DHS) issued a security bulletin from the National Cybersecurity and Communications Integration Center warning the security community about new tools and new recruitment techniques being used by various hacker groups.
The report refers to such organizations as soliciting help from disaffected employees, as well as using more nefarious methods, including forcing people to cooperate with hackers using “unwilling coercion through embarrassment or blackmail.”
While the possibility of actually incapacitating an individual plane and causing it to crash via computer remains remote, say experts, hackers can disrupt flights and create potentially life-threatening situations.
In 2004, malware known as the Sasser worm disrupted flights when it infected systems that Delta Air Lines relied upon. Since then, the tools for creating such havoc have become more sophisticated — and more accessible.
The DHS warning included references to new tools being used by politically motivated “hacktivist” groups such as Anonymous. Powerful administrative tools, such as the ” Low Orbit Ion Cannon,” have been repurposed to bring down systems using distributed denial-of-service attacks. While such attacks are rudimentary, they could cause serious problems if directed at critical transportation systems.
Gaping vulnerabilities
Such networks remain frighteningly vulnerable, say law enforcement watchers. As one example, a congressional report on cyber terrorism cited the 2002 case in which a major weakness in the Simple Network Management Protocol (SNMP) was discovered that could have been exploited to bring down “major portions of the Internet.”
The vulnerability was kept a secret while security firms worked to protect telecommunications equipment around the world. According to FBI reports at the time, if the systems had not been patched, they could have been used to interrupt control information exchanged between ground and aircraft flight control systems.
Similar outages in telecommunications systems and embedded systems could be used to disrupt train and track switching information.
“For example, some rail systems are based on SCADA [supervisory control and data acquisition] control systems,” said Tim Armstrong, a malware researcher at Moscow-based Kaspersky Lab. “These are similar to the types of control systems that were compromised in the Stuxnet attacks in 2010.”
But the newest and most unpredictable weaknesses today appear to be in the connected systems embedded in late-model cars.
Several vulnerabilities in remote start, locking, tracking and other car systems have already been demonstrated. Computer security researchers at iSec Partners, for example, have shown how they can unlock a car and turn on its engine using a laptop computer.
The researchers managed this hack with a few hours’ work tapping into the car’s wireless connections. Another security expert has demonstrated how to tap into a police car’s camera and video recorder.
Such attacks already have a name: war texting. Mobile car apps that use a driver’s smartphone are potential targets in many of these cases as well, according to McAfee’s report, “Caution: Malware Ahead.”
Analysts at the firm stress that while no such cases have yet occurred, critical car systems could be vulnerable. One example: remote vehicle immobilization and slow-down systems, such as those used in GM’s OnStar, could be hacked. Though they were intended as theft deterrents, if control of these systems fell into the wrong hands, it could lead to disastrous results.
The connection between terrorist organizations and cybercriminals exists, say experts, not only in online underground marketplaces where hacking tools are sold, but also in areas of recruitment and training.
Some unfriendly countries are working on so-called cyber warfare programs, and there are also “al-Qaida cells that are acting as training centers for hackers,” said Alan Paller, director of research at the SANS Institute, an information-security training firm based in Bethesda, Md.
Those attackers will have more targets than ever, security firm McAfee noted in a report. The report cited the mobile-phone maker Ericsson’s estimate that by 2020, there will be roughly 50 billion devices connected to the Internet, including airport kiosks, industrial control systems and remote network-monitoring devices.
The perceived threat to these and other systems is rising.
Mounting evidence
Last week, the United States Department of Homeland Security (DHS) issued a security bulletin from the National Cybersecurity and Communications Integration Center warning the security community about new tools and new recruitment techniques being used by various hacker groups.
The report refers to such organizations as soliciting help from disaffected employees, as well as using more nefarious methods, including forcing people to cooperate with hackers using “unwilling coercion through embarrassment or blackmail.”
While the possibility of actually incapacitating an individual plane and causing it to crash via computer remains remote, say experts, hackers can disrupt flights and create potentially life-threatening situations.
In 2004, malware known as the Sasser worm disrupted flights when it infected systems that Delta Air Lines relied upon. Since then, the tools for creating such havoc have become more sophisticated — and more accessible.
The DHS warning included references to new tools being used by politically motivated “hacktivist” groups such as Anonymous. Powerful administrative tools, such as the ” Low Orbit Ion Cannon,” have been repurposed to bring down systems using distributed denial-of-service attacks. While such attacks are rudimentary, they could cause serious problems if directed at critical transportation systems.
Gaping vulnerabilities
Such networks remain frighteningly vulnerable, say law enforcement watchers. As one example, a congressional report on cyber terrorism cited the 2002 case in which a major weakness in the Simple Network Management Protocol (SNMP) was discovered that could have been exploited to bring down “major portions of the Internet.”
The vulnerability was kept a secret while security firms worked to protect telecommunications equipment around the world. According to FBI reports at the time, if the systems had not been patched, they could have been used to interrupt control information exchanged between ground and aircraft flight control systems.
Similar outages in telecommunications systems and embedded systems could be used to disrupt train and track switching information.
“For example, some rail systems are based on SCADA [supervisory control and data acquisition] control systems,” said Tim Armstrong, a malware researcher at Moscow-based Kaspersky Lab. “These are similar to the types of control systems that were compromised in the Stuxnet attacks in 2010.”
But the newest and most unpredictable weaknesses today appear to be in the connected systems embedded in late-model cars.
Several vulnerabilities in remote start, locking, tracking and other car systems have already been demonstrated. Computer security researchers at iSec Partners, for example, have shown how they can unlock a car and turn on its engine using a laptop computer.
The researchers managed this hack with a few hours’ work tapping into the car’s wireless connections. Another security expert has demonstrated how to tap into a police car’s camera and video recorder.
Such attacks already have a name: war texting. Mobile car apps that use a driver’s smartphone are potential targets in many of these cases as well, according to McAfee’s report, “Caution: Malware Ahead.”
Analysts at the firm stress that while no such cases have yet occurred, critical car systems could be vulnerable. One example: remote vehicle immobilization and slow-down systems, such as those used in GM’s OnStar, could be hacked. Though they were intended as theft deterrents, if control of these systems fell into the wrong hands, it could lead to disastrous results.
Cyber Security Company Lunarline Ranked as One of America’s Fastest Growing Companies
Posted by amiyabsb on September 9th, 2011
For the second year in a row, Lunarline, Inc. is named to the Inc. 500|5000 list, jumping 366 spots to rank No. 1846. This is the fifth year Inc. magazine has compiled their exclusive list of the nation’s fastest growing private companies. The list represents the most comprehensive look at the most important segment of the economy–America’s independent entrepreneurs.
Lunarline is a leading and award winning provider of cyber security solutions, specialized IA services, and certified security training to all US Federal Government (Civilian, DoD, and IC), as well as to customers in selected commercial markets. All Lunarline solutions, services, and training are backed by their unwavering commitment to customer satisfaction.
“We are honored to make the Inc. 500|5000 list. It is a real testament to the growing demand for our cyber security solutions. We will continue to strive to help best protect our customers’ critical assets and our nation’s infrastructure,” said Lunarline CEO, Waylon Krush.
“Now more than ever, we depend on Inc. 500|5000 companies to spur innovation, provide jobs, and drive the economy forward. Growth companies, not large corporations, are where the action is,” says Inc. magazine Editor Jane Brentson.
Complete results of the Inc. 5000, including company profiles and an interactive database that can be sorted by industry, region, and other criteria, can be found at www.inc.com/5000 .
About Inc. Magazine
Founded in 1979 and acquired in 2005 by Mansueto Ventures LLC, Inc. ( www.inc.com ) is the only major business magazine dedicated exclusively to owners and managers of growing private companies that delivers real solutions for today’s innovative company builders. With a total paid circulation of 710,106, Inc. provides hands-on tools and market-tested strategies for managing people, finances, sales, marketing, and technology. Visit us online at www.inc.com .
About the Inc. 500|5000 Conference
Each year, Inc. and Inc.com celebrate the remarkable achievements of today’s entrepreneurial superstars–the privately held small businesses that drive our economy. The Inc. 500|5000 Conference & Awards Ceremony brings together members of the Inc. community, both a new class of Inc. 500|5000 honorees and the list’s alumni, for three days of powerful networking, inspired learning, and momentous celebration. Please join us September 22-24, 2011, at the Gaylord National Resort and Convention Center in National Harbor, Maryland, located minutes from downtown Washington, D.C. For more information about the 2011 Inc. 500|5000 Conference & Awards Ceremony and to register, visit www.inc500conference.com or call 866-901-3205.
About Lunarline
Lunarline is a leading provider of cyber security solutions, specialized IA services, and certified security training to all US Federal Government (Civilian, DoD, and IC), as well as to customers in selected commercial markets. Lunarline is a VA Certified Service-Disabled Veteran-Owned Small Business (SDVOSB) that has been appraised at CMMI(r) Level 2, certified in ISO 9001: 2008, has a DCAA approved accounting system, ranks in the top 2% of D&B Rating, and has an approved Earned Value Management (EVM) system. Lunarline offers certificate programs with CNSS (NSTISSI 4011, 4015 and CNSSI 4012) certified cyber security and privacy training courseware.Lunarline is a recipient of the DOT Cyber Security Excellence Award, the Cyber Warfare Forum Initiative 5-Star Training Award, and was named as one of America’s Fastest-Growing Private Companies in the Inc. 5000 for two years running.
Lunarline is a leading and award winning provider of cyber security solutions, specialized IA services, and certified security training to all US Federal Government (Civilian, DoD, and IC), as well as to customers in selected commercial markets. All Lunarline solutions, services, and training are backed by their unwavering commitment to customer satisfaction.
“We are honored to make the Inc. 500|5000 list. It is a real testament to the growing demand for our cyber security solutions. We will continue to strive to help best protect our customers’ critical assets and our nation’s infrastructure,” said Lunarline CEO, Waylon Krush.
“Now more than ever, we depend on Inc. 500|5000 companies to spur innovation, provide jobs, and drive the economy forward. Growth companies, not large corporations, are where the action is,” says Inc. magazine Editor Jane Brentson.
Complete results of the Inc. 5000, including company profiles and an interactive database that can be sorted by industry, region, and other criteria, can be found at www.inc.com/5000 .
About Inc. Magazine
Founded in 1979 and acquired in 2005 by Mansueto Ventures LLC, Inc. ( www.inc.com ) is the only major business magazine dedicated exclusively to owners and managers of growing private companies that delivers real solutions for today’s innovative company builders. With a total paid circulation of 710,106, Inc. provides hands-on tools and market-tested strategies for managing people, finances, sales, marketing, and technology. Visit us online at www.inc.com .
About the Inc. 500|5000 Conference
Each year, Inc. and Inc.com celebrate the remarkable achievements of today’s entrepreneurial superstars–the privately held small businesses that drive our economy. The Inc. 500|5000 Conference & Awards Ceremony brings together members of the Inc. community, both a new class of Inc. 500|5000 honorees and the list’s alumni, for three days of powerful networking, inspired learning, and momentous celebration. Please join us September 22-24, 2011, at the Gaylord National Resort and Convention Center in National Harbor, Maryland, located minutes from downtown Washington, D.C. For more information about the 2011 Inc. 500|5000 Conference & Awards Ceremony and to register, visit www.inc500conference.com or call 866-901-3205.
About Lunarline
Lunarline is a leading provider of cyber security solutions, specialized IA services, and certified security training to all US Federal Government (Civilian, DoD, and IC), as well as to customers in selected commercial markets. Lunarline is a VA Certified Service-Disabled Veteran-Owned Small Business (SDVOSB) that has been appraised at CMMI(r) Level 2, certified in ISO 9001: 2008, has a DCAA approved accounting system, ranks in the top 2% of D&B Rating, and has an approved Earned Value Management (EVM) system. Lunarline offers certificate programs with CNSS (NSTISSI 4011, 4015 and CNSSI 4012) certified cyber security and privacy training courseware.Lunarline is a recipient of the DOT Cyber Security Excellence Award, the Cyber Warfare Forum Initiative 5-Star Training Award, and was named as one of America’s Fastest-Growing Private Companies in the Inc. 5000 for two years running.
4 in 5 Indians are victims of cyber crime: Reports
Posted by amiyabsb on September 9th, 2011
Cyber crimes have cost Indians $4 billion. A Norton study revealed that global cyber crime costs nearly $114 billion, annually.
In India, it is estimated that more than 29.9 million people fell prey to cyber crimes in the past one year, suffering $4 billion direct financial losses and an additional $3.6 billion in time spent to resolve the crime.
According to the cyber crime report released by Norton, more than two-thirds of adults who spend time online have fallenprey to cyber crimes in their life.
The report states that every second adult has become a victim of cyber crime resulting in more than one million cyber crime victims every day. In India, four out of five adults are victims to cyber crimes.
Cyber crimes cost the world significantly more than the global market in marijuana, cocaine, and heroin combined.
The Symantec Internet Threat Report revealed that globally 10%of adults online and 17% in India have fallen prey to cyber crimes via mobile phones.
Cyber criminals are focusing more on the mobile space. The new mobile operating system vulnerabilities have increased from 115 in 2009 to 163 in 2010. In addition, threats via mobile devices have increased due to social networking.
The studyalso revealed that men aged between 18 and 31, who access internet via their mobile phone, more often are victims to cyber crimes.
“There is a serious disconnect in how people view cyber crime threats,” said Gaurav Kanwal, country sales manager, India and SAARC, consumer business unit, Symantec.
“Cyber crime is much more prevalent than people realise. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of the respondents think they are more likely to become a victim of cyber crime than offline crime. While 89% of respondents agree that more needs to be done to bring cyber criminals to justice, fighting cyber crime is a shared responsibility. It requires all of us to be more alert and to invest our time online in a safe manner,” he said.
In India, it is estimated that more than 29.9 million people fell prey to cyber crimes in the past one year, suffering $4 billion direct financial losses and an additional $3.6 billion in time spent to resolve the crime.
According to the cyber crime report released by Norton, more than two-thirds of adults who spend time online have fallenprey to cyber crimes in their life.
The report states that every second adult has become a victim of cyber crime resulting in more than one million cyber crime victims every day. In India, four out of five adults are victims to cyber crimes.
Cyber crimes cost the world significantly more than the global market in marijuana, cocaine, and heroin combined.
The Symantec Internet Threat Report revealed that globally 10%of adults online and 17% in India have fallen prey to cyber crimes via mobile phones.
Cyber criminals are focusing more on the mobile space. The new mobile operating system vulnerabilities have increased from 115 in 2009 to 163 in 2010. In addition, threats via mobile devices have increased due to social networking.
The studyalso revealed that men aged between 18 and 31, who access internet via their mobile phone, more often are victims to cyber crimes.
“There is a serious disconnect in how people view cyber crime threats,” said Gaurav Kanwal, country sales manager, India and SAARC, consumer business unit, Symantec.
“Cyber crime is much more prevalent than people realise. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of the respondents think they are more likely to become a victim of cyber crime than offline crime. While 89% of respondents agree that more needs to be done to bring cyber criminals to justice, fighting cyber crime is a shared responsibility. It requires all of us to be more alert and to invest our time online in a safe manner,” he said.
Symantec security survey shows cyber attacks remain top risk for businesses
Posted by amiyabsb on August 31st, 2011
Cyber security is the top risk for businesses for the second year running, ahead of traditional crime, natural disasters and terrorism, according to Symantec’s 2011 State of Security survey.
The top three concerns are related to data and network security, with more than 3,000 respondents in 36 countries ranking cyber attacks as the top concern. This is followed by IT incidents caused by well-meaning insiders and internally generated IT-related threats.
However, this year’s survey found organisations are getting better at fighting threats, with many respondents reporting a decline in the number and frequency of cyber attacks from 2010.
Only 71% of respondents saw attacks in the past 12 months, compared with75% in 2010. Respondents reporting an increasing frequency of attacks fell from 29% in 2010 to 21% in 2011.
The number of companies experiencing losses because of cyber attacks fell from 100% in 2010 to 92% in 2011.
The survey found an increasing number of businesses believe keeping their operations and information secure is of vital importance, with 41% of respondents saying cyber security is somewhat or significantly more important than 12 months ago.
Organisations are still investing more in protecting physical assets such as laptops, which are continually falling in value, and not enough on securing information assets, which are rapidly increasing in value, said Greg Day, chief technology officer for security at Symantec.
While the number of incidents are going down because organisations are getting better at general defences, the attacks that are getting through are costing more, he says, because they tend to be targeted, with attackers keeping at it until they get in.
Nearly half of respondents said mobile computing was affecting the difficulty of providing cyber security, followed by social media (46%), and the consumerisation of IT (45%).
Organisations said the threats they face are continually evolving. Although hackers are still a top concern, followed by well-meaning insiders, new to the list this year are targeted attacks, such as Stuxnet, that zero-in on a single organisation for political or economic reasons.
“Organisations today have more to lose than ever before and need to keep adopting the security innovations and best practices the industry is delivering to stay protected,” said Sean Doherty, chief technology officer of enterprise security at Symantec.
More than half of respondents said they are doing somewhat or extremely well in addressing routine security measures, and 51% reported that they are doing somewhat or extremely well in responding to security attacks or breaches.
However the survey revealed they are not doing as well in areas of compliance and pursuing strategic initiatives or innovative security measures.
Businesses are increasing staffing levels and budgets for the IT department to address these shortfalls. Most staff are being added in areas of network, web and endpoint security.
Security budgets are also growing in web and network security, as well as data loss prevention (DLP). This suggests organisations are stepping up their efforts in improving their protection, the survey report said.
However, investment is still fairly low down on the list in the UK, said Greg Day. Companies are investing in mobile security followed by web and network security because this is where they see the potential for business growth.
The fact that investment in DLP is still low suggests organisations still do not understand the value of data, said Day.
The top three concerns are related to data and network security, with more than 3,000 respondents in 36 countries ranking cyber attacks as the top concern. This is followed by IT incidents caused by well-meaning insiders and internally generated IT-related threats.
However, this year’s survey found organisations are getting better at fighting threats, with many respondents reporting a decline in the number and frequency of cyber attacks from 2010.
The number of companies experiencing losses because of cyber attacks fell from 100% in 2010 to 92% in 2011.
The survey found an increasing number of businesses believe keeping their operations and information secure is of vital importance, with 41% of respondents saying cyber security is somewhat or significantly more important than 12 months ago.
Organisations are still investing more in protecting physical assets such as laptops, which are continually falling in value, and not enough on securing information assets, which are rapidly increasing in value, said Greg Day, chief technology officer for security at Symantec.
While the number of incidents are going down because organisations are getting better at general defences, the attacks that are getting through are costing more, he says, because they tend to be targeted, with attackers keeping at it until they get in.
Organisations adopting to mobile technologies
The survey revealed organisations are adopting new computing models and technologies.Nearly half of respondents said mobile computing was affecting the difficulty of providing cyber security, followed by social media (46%), and the consumerisation of IT (45%).
Organisations said the threats they face are continually evolving. Although hackers are still a top concern, followed by well-meaning insiders, new to the list this year are targeted attacks, such as Stuxnet, that zero-in on a single organisation for political or economic reasons.
“Organisations today have more to lose than ever before and need to keep adopting the security innovations and best practices the industry is delivering to stay protected,” said Sean Doherty, chief technology officer of enterprise security at Symantec.
More than half of respondents said they are doing somewhat or extremely well in addressing routine security measures, and 51% reported that they are doing somewhat or extremely well in responding to security attacks or breaches.
However the survey revealed they are not doing as well in areas of compliance and pursuing strategic initiatives or innovative security measures.
Businesses are increasing staffing levels and budgets for the IT department to address these shortfalls. Most staff are being added in areas of network, web and endpoint security.
Security budgets are also growing in web and network security, as well as data loss prevention (DLP). This suggests organisations are stepping up their efforts in improving their protection, the survey report said.
However, investment is still fairly low down on the list in the UK, said Greg Day. Companies are investing in mobile security followed by web and network security because this is where they see the potential for business growth.
The fact that investment in DLP is still low suggests organisations still do not understand the value of data, said Day.
Recommendations from Symantec’s 2011 State of Security survey
- Organisations need to develop and enforce IT policies. By prioritising risks and defining policies that span across all locations, businesses can enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur or anticipate them before they happen.
- Businesses need to protect information proactively by taking an information-centric approach to protecting information and interactions. Taking a content-aware approach to protecting information is key in identifying and classifying confidential, sensitive information, knowing where it resides, who has access to it and how it is coming in or leaving the organisation. Proactively encrypting endpoints will also help organisations minimize the consequences associated with lost devices.
- To help control access, IT administrators need to validate and protect the identities of users, sites and devices throughout their organisations. They also need to provide trusted connections and authenticate transactions where appropriate.
- Organisations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
- IT administrators need to protect their infrastructure by securing all of their endpoints – including the growing number of mobile devices – along with messaging and web environments. Defending critical internal servers and implementing the ability to back-up and recover data should also be priorities. In addition, organisations need visibility, security intelligence and ongoing malware assessments of their environments to respond to threats rapidly.
Cyber attacks: MEA orders PCs’ re-formatting
Posted by amiyabsb on August 31st, 2011
Faced with growing cyber attacks on its diplomats’ computers, the government has asked every computer in South Block and embassies abroad to be re-formatted at the earliest. Diplomats across the world have been asked to only operate through the government’s secure cyber network, and not operate on the generic mails.
At least three instances in the recent months, top government sources told The Indian Express, have exposed the vulnerability of the diplomats’ cyber network.
In the first case, Foreign Secretary Nirupama Rao had received an e-mail purportedly from the Indian High Commissioner in Pakistan, and it was understood to have contained malware.
In the second instance, an e-mail from a First Secretary (political) in the embassy in Beijing, with the subject-line saying “India’s foreign policy with China”, had landed in the inbox of over a dozen officials in the Ministry of External Affairs.
At least three instances in the recent months, top government sources told The Indian Express, have exposed the vulnerability of the diplomats’ cyber network.
In the first case, Foreign Secretary Nirupama Rao had received an e-mail purportedly from the Indian High Commissioner in Pakistan, and it was understood to have contained malware.
In the second instance, an e-mail from a First Secretary (political) in the embassy in Beijing, with the subject-line saying “India’s foreign policy with China”, had landed in the inbox of over a dozen officials in the Ministry of External Affairs.
Cyber law casts the proper net
Posted by amiyabsb on August 30th, 2011
Last week, the House of Representatives passed important changes that will improve the way Australian law enforcement agencies are able to detect and investigate cyber criminals. Of great concern to me, however, has been the alarmist and entirely false assertions made about the new laws. These must be corrected.
Cybercrime is a growing threat to individuals, businesses and governments around the world and has already overtaken the drug trade as the most profitable form of all crimes.
This is remarkable if you consider the internet was born a little more than two decades ago. Today, nearly every Australian home has a computer connected to the web.
Cybercrime is a growing threat to individuals, businesses and governments around the world and has already overtaken the drug trade as the most profitable form of all crimes.
This is remarkable if you consider the internet was born a little more than two decades ago. Today, nearly every Australian home has a computer connected to the web.
China gets tough on cyber crime
Posted by amiyabsb on August 30th, 2011
China’s Supreme People’s Court (SPC) and Supreme People’s Procuratorate (SPP) have announced new, tougher penalties for those convicted of computer hacking.
This move will be welcomed by firms in the UK and elsewhere, hoping that tougher penalties will act as a deterrent to any China-based hackers looking to target international businesses.
According to a statement released jointly by the SPC and SPP, reported by Xinhua, the Chinese state-run news agency, the penalties are designed to protect national security and the public interest.
“A crime endangering information network security poses a threat not only to network security but also to national security and the public interest,” the organisations said in the statement.
The penalties have also been extended to cover those who knowingly purchase, sell or cover up illegally obtained data or network control, in an effort to apply to more of the cyber criminal ecosystem than just the hackers.
China, along with Russia, is widely thought to harbour a substantial proportion of the world’s cyber criminals.
However, the statement describes the country as a victim of cyber attacks.
“More than one million IP addresses in China were controlled from overseas in 2009, 42,000 web sites were distorted by hackers, and 18 million Chinese computers have been infected by the Conficker virus every month.”
In February this year, the Chinese government was forced to deny that it was behind cyber attacks on Canada, as the Canadian Treasury Board and Finance Department were both forced offline.
Last month, Xinhua showed footage that appeared to reveal army-labelled software for attacking US-based web sites, apparently confirming that the country is behind persistent cyber attacks on the west.
However, Beijing continues to deny responsibility for such attacks.
This move will be welcomed by firms in the UK and elsewhere, hoping that tougher penalties will act as a deterrent to any China-based hackers looking to target international businesses.
According to a statement released jointly by the SPC and SPP, reported by Xinhua, the Chinese state-run news agency, the penalties are designed to protect national security and the public interest.
“A crime endangering information network security poses a threat not only to network security but also to national security and the public interest,” the organisations said in the statement.
The penalties have also been extended to cover those who knowingly purchase, sell or cover up illegally obtained data or network control, in an effort to apply to more of the cyber criminal ecosystem than just the hackers.
China, along with Russia, is widely thought to harbour a substantial proportion of the world’s cyber criminals.
However, the statement describes the country as a victim of cyber attacks.
“More than one million IP addresses in China were controlled from overseas in 2009, 42,000 web sites were distorted by hackers, and 18 million Chinese computers have been infected by the Conficker virus every month.”
In February this year, the Chinese government was forced to deny that it was behind cyber attacks on Canada, as the Canadian Treasury Board and Finance Department were both forced offline.
Last month, Xinhua showed footage that appeared to reveal army-labelled software for attacking US-based web sites, apparently confirming that the country is behind persistent cyber attacks on the west.
However, Beijing continues to deny responsibility for such attacks.
Peter David Gibson is charged as the Met continues its crackdown on computer related offences.
Posted by amiyabsb on August 26th, 2011
A 22-year-old British student has been charged following police investigations into Anonymous attacks in January on big name sites including PayPal.
Hartlepool resident Peter David Gibson was charged with conspiracy to carry out an unauthorised act, “with intent to impair the operation of any computer or prevent or hinder access to any programme or data held in a computer or to impair the operation of any such programme or the reliability of such data.”
Gibson is due to appear on bail at City of Westminster Magistrates’ Court on 7 September.
In July, an FBI-run operation led to the arrests of 20 individuals in the US, the UK and the Netherlands as part of an investigation into attacks on PayPal. It was believed a UK teenager was arrested on suspicion of involvement in Anonymous.
Anonymous recently started a campaign calling for people to ditch their PayPal accounts, taking a less illegal strategy in their protests.
Yesterday, Anonymous posted a message to law enforcement bodies, including the Metropolitan Police, calling for the release of people suspected of involvement in the hacktivist group.
It called for the release of Jake Davis, who was arrested in July. It is believed Davis is Topiary – a key figure of LulzSec.
“Failure to comply with these demands will result in dramatically increased hostilities against authorities currently holding any members of Anonymous worldwide,” the message, from an Anonymous member known as Bree, on Pastebin read.
“You cannot arrest an idea, nor can you stop one as powerful as the one Anonymous, Anti-Sec, and LulzSec are championing. We are not afraid anymore.”
Meanwhile, the Met’s Police Central e-Crime Unit confirmed it had arrested a man in connection into malicious threats made to Louise Mensch MP via email and social networking sites.
A 61-year-old was arrested at an address in the Gloucester and remains in custody.
Mensch had publicly claimed Anonymous and LulzSec had sent threats against her children. “Had some morons from Anonymous/Lulzsec threaten my children via email,” the Conservative MP tweeted.
Anonymous subsequently denied its involvement.
Hartlepool resident Peter David Gibson was charged with conspiracy to carry out an unauthorised act, “with intent to impair the operation of any computer or prevent or hinder access to any programme or data held in a computer or to impair the operation of any such programme or the reliability of such data.”
Gibson is due to appear on bail at City of Westminster Magistrates’ Court on 7 September.
In July, an FBI-run operation led to the arrests of 20 individuals in the US, the UK and the Netherlands as part of an investigation into attacks on PayPal. It was believed a UK teenager was arrested on suspicion of involvement in Anonymous.
Anonymous recently started a campaign calling for people to ditch their PayPal accounts, taking a less illegal strategy in their protests.
Yesterday, Anonymous posted a message to law enforcement bodies, including the Metropolitan Police, calling for the release of people suspected of involvement in the hacktivist group.
It called for the release of Jake Davis, who was arrested in July. It is believed Davis is Topiary – a key figure of LulzSec.
“Failure to comply with these demands will result in dramatically increased hostilities against authorities currently holding any members of Anonymous worldwide,” the message, from an Anonymous member known as Bree, on Pastebin read.
“You cannot arrest an idea, nor can you stop one as powerful as the one Anonymous, Anti-Sec, and LulzSec are championing. We are not afraid anymore.”
Meanwhile, the Met’s Police Central e-Crime Unit confirmed it had arrested a man in connection into malicious threats made to Louise Mensch MP via email and social networking sites.
A 61-year-old was arrested at an address in the Gloucester and remains in custody.
Mensch had publicly claimed Anonymous and LulzSec had sent threats against her children. “Had some morons from Anonymous/Lulzsec threaten my children via email,” the Conservative MP tweeted.
Anonymous subsequently denied its involvement.
Cyber labs train over 3,000 security personnel
Posted by amiyabsb on August 26th, 2011
The Bangalore Cyber Lab, which was set up in the year 2007 at the Cyber Crime Police Station at CID, has trained around 3,000 security personnel from various departments including police, Indian airforce, corps of military police, CBI, department of public prosecution and the banking industry.
This cyber lab was started with with a view of acting as a cyber crime investigation resource centre for police officers of Karnataka.
But now, it has the main training centre and has trained all the officers to face cyber security threats.
“The police officers of Karnataka are greatly benefited by the Bangalore cyber lab and they consult us for any technical advice in investigations of technology related cases.
The Bangalore Cyber lab is being upgraded with latest computer systems to provide hands on experience to the police participants in appreciating the Digital forensics investigation.
The DIT (Department of Information Technology) and the Government of India are funding for this upgradation,” said Senior Director- Cyber Security NASSCOM Pratap Reddy IPS.
“The Detective Inspectors working at Cyber Crime Police Station are basically law graduates with technical certifications and they support the cyber lab by handling the sessions relating to the legal aspects of digital evidence and information technology Act,” he added.
Program manager, Cyber labs, DSCI, K Venkatesh Murthy said that, the fastest growing peril of usage of technology by the criminals has increased sophistication in cyber attacks.
To counter this hitch, there is a lack of investigators who are well versed with technology.
Handling information technology related crimes requires technical skills and at the same time, the public prosecutors should also be able to understand the digital procedures carried out by the Police during an investigation, he said.
This cyber lab was started with with a view of acting as a cyber crime investigation resource centre for police officers of Karnataka.
But now, it has the main training centre and has trained all the officers to face cyber security threats.
“The police officers of Karnataka are greatly benefited by the Bangalore cyber lab and they consult us for any technical advice in investigations of technology related cases.
The Bangalore Cyber lab is being upgraded with latest computer systems to provide hands on experience to the police participants in appreciating the Digital forensics investigation.
The DIT (Department of Information Technology) and the Government of India are funding for this upgradation,” said Senior Director- Cyber Security NASSCOM Pratap Reddy IPS.
“The Detective Inspectors working at Cyber Crime Police Station are basically law graduates with technical certifications and they support the cyber lab by handling the sessions relating to the legal aspects of digital evidence and information technology Act,” he added.
Program manager, Cyber labs, DSCI, K Venkatesh Murthy said that, the fastest growing peril of usage of technology by the criminals has increased sophistication in cyber attacks.
To counter this hitch, there is a lack of investigators who are well versed with technology.
Handling information technology related crimes requires technical skills and at the same time, the public prosecutors should also be able to understand the digital procedures carried out by the Police during an investigation, he said.
National Cyber Security Alliance to Coordinate Data Privacy Day
Posted by amiyabsb on August 24th, 2011
The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cybersecurity awareness and education for all digital citizens, today announced that it will organize and lead efforts for Data Privacy Day on January 28, 2012. This annual international awareness initiative promotes data privacy and protection across the United States, Canada, and a host of other countries across the globe.
Data Privacy Day is an international celebration that focuses on educating people about the importance of protecting the privacy of personal information and that promotes individual control over private data. With the explosion of digital communications, people depend increasingly on mobile devices, instant access to information, and intelligent services. As they benefit from using these technologies, consumers and citizens must be vigilant about protecting their personal information. Data Privacy Day generates dialogue among all digital community stakeholders, including businesses, government officials and agencies, educators, nonprofits, academics and individuals to examine how advanced technologies can positively affect daily lives without putting user information and personal data at risk.
“We are delighted to incorporate Data Privacy Day into our cybersecurity education and awareness calendar,” said Michael Kaiser, executive director of the NCSA. “Data privacy and cyber security are deeply intertwined. Everyone is safer and more secure when people protect their own information and take responsibility to protect the information that others have entrusted to them. Data Privacy Day will become a part of STOP. THINK. CONNECT. – a national cyber security education and awareness campaign.”
Kaiser added: “Under the leadership of The Privacy Projects, Data Privacy Day has emerged as an important international awareness day. NCSA plans to build on the strong foundation that already exists and to recruit more companies, government agencies and nonprofit organizations to get involved Data Privacy Day and educate those around them about the importance of privacy and protecting personal information.”
Data Privacy Day began in Europe in 2007 and continues to be celebrated there in more than 30 countries as Data Protection Day. The United States and Canada joined the celebration in 2008. Since 2009, the U.S. Senate has recognized January 28th as National Data Privacy Day in the United States. Over the past four years, Data Privacy Day has grown significantly and has been celebrated by at least one entity in the following areas: India, Turkey, Azerbaijan, Australia, the Philippines, and Hong Kong.
Data Privacy Day has thrived with the support and participation of major international corporations. Once again, this year, Intel and Microsoft are official sponsors of Data Privacy Day 2012. “We are pleased to have NCSA lead future efforts around Data Privacy Day,” said David Hoffman, director of Security Policy and Global Privacy Officer at Intel. “Intel has had the privilege of being a part of Data Privacy Day since its inception, and it has been a terrific experience to work with individuals and groups dedicated to privacy. We are confident that NCSA will continue to make this day a success and we look forward to participating in Data Privacy Day this January.”
“As a founding member of the National Cyber Security Alliance (NCSA), and a longtime supporter of Data Privacy Day (DPD), Microsoft welcomes NCSA’s leadership of Data Privacy Day (DPD) 2012,” said Microsoft’s Chief Privacy Officer Brendon Lynch. “We thank The Privacy Projects for its DPD leadership over the years, and will continue to build on that good work. Microsoft looks forward to collaborating with NCSA to raise awareness of and discuss solutions to help address security and privacy concerns during DPD and through other shared initiatives.”
“It has been a rewarding experience to be involved with Data Privacy Day’s broad educational effort,” said Jolynn Dellinger, program manager of the Data Privacy Day project since 2008. “The interest in privacy is global, the need for privacy education and commitment to best privacy practices is substantial, and the evolution of Data Privacy Day has been tremendous. I look forward to working with NCSA to grow Data Privacy Day’s footprint.”
In an effort to bring information privacy into our daily actions, Data Privacy Day activities will include presentations, conferences, technology demonstrations, webpage and video competitions, instructional videos, workshops, and regional events. For more information about Data Privacy Day 2012, please visit: www.dataprivacyday.org
About The National Cyber Security Alliance
The National Cyber Security Alliance is a non-profit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA works to create a culture of cyber security and safety through education and awareness activities. NCSA board members include: ADP, AT&T, Bank of America, Cisco Systems, EMC Corporation, ESET, Facebook, General Dynamics Advanced Information Systems, Google, Intel, Lockheed Martin Information Systems & Global Services, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Verizon and Visa. Visit www.staysafeonline.org for more information.
About STOP. THINK. CONNECT.
STOP. THINK. CONNECT.™ is the first-ever coordinated message to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, non-profits and government organizations. The Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA) led the effort to find a unified online safety message that could be adopted across public and private sectors. The campaign hopes to achieve for online safety awareness what “Smokey Bear” did for forest fire safety and “Click It or Ticket” did for seatbelt safety, more information can be found at www.stopthinkconnect.org.
More inf :- Click here
Data Privacy Day is an international celebration that focuses on educating people about the importance of protecting the privacy of personal information and that promotes individual control over private data. With the explosion of digital communications, people depend increasingly on mobile devices, instant access to information, and intelligent services. As they benefit from using these technologies, consumers and citizens must be vigilant about protecting their personal information. Data Privacy Day generates dialogue among all digital community stakeholders, including businesses, government officials and agencies, educators, nonprofits, academics and individuals to examine how advanced technologies can positively affect daily lives without putting user information and personal data at risk.
“We are delighted to incorporate Data Privacy Day into our cybersecurity education and awareness calendar,” said Michael Kaiser, executive director of the NCSA. “Data privacy and cyber security are deeply intertwined. Everyone is safer and more secure when people protect their own information and take responsibility to protect the information that others have entrusted to them. Data Privacy Day will become a part of STOP. THINK. CONNECT. – a national cyber security education and awareness campaign.”
Kaiser added: “Under the leadership of The Privacy Projects, Data Privacy Day has emerged as an important international awareness day. NCSA plans to build on the strong foundation that already exists and to recruit more companies, government agencies and nonprofit organizations to get involved Data Privacy Day and educate those around them about the importance of privacy and protecting personal information.”
Data Privacy Day began in Europe in 2007 and continues to be celebrated there in more than 30 countries as Data Protection Day. The United States and Canada joined the celebration in 2008. Since 2009, the U.S. Senate has recognized January 28th as National Data Privacy Day in the United States. Over the past four years, Data Privacy Day has grown significantly and has been celebrated by at least one entity in the following areas: India, Turkey, Azerbaijan, Australia, the Philippines, and Hong Kong.
Data Privacy Day has thrived with the support and participation of major international corporations. Once again, this year, Intel and Microsoft are official sponsors of Data Privacy Day 2012. “We are pleased to have NCSA lead future efforts around Data Privacy Day,” said David Hoffman, director of Security Policy and Global Privacy Officer at Intel. “Intel has had the privilege of being a part of Data Privacy Day since its inception, and it has been a terrific experience to work with individuals and groups dedicated to privacy. We are confident that NCSA will continue to make this day a success and we look forward to participating in Data Privacy Day this January.”
“As a founding member of the National Cyber Security Alliance (NCSA), and a longtime supporter of Data Privacy Day (DPD), Microsoft welcomes NCSA’s leadership of Data Privacy Day (DPD) 2012,” said Microsoft’s Chief Privacy Officer Brendon Lynch. “We thank The Privacy Projects for its DPD leadership over the years, and will continue to build on that good work. Microsoft looks forward to collaborating with NCSA to raise awareness of and discuss solutions to help address security and privacy concerns during DPD and through other shared initiatives.”
“It has been a rewarding experience to be involved with Data Privacy Day’s broad educational effort,” said Jolynn Dellinger, program manager of the Data Privacy Day project since 2008. “The interest in privacy is global, the need for privacy education and commitment to best privacy practices is substantial, and the evolution of Data Privacy Day has been tremendous. I look forward to working with NCSA to grow Data Privacy Day’s footprint.”
In an effort to bring information privacy into our daily actions, Data Privacy Day activities will include presentations, conferences, technology demonstrations, webpage and video competitions, instructional videos, workshops, and regional events. For more information about Data Privacy Day 2012, please visit: www.dataprivacyday.org
About The National Cyber Security Alliance
The National Cyber Security Alliance is a non-profit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA works to create a culture of cyber security and safety through education and awareness activities. NCSA board members include: ADP, AT&T, Bank of America, Cisco Systems, EMC Corporation, ESET, Facebook, General Dynamics Advanced Information Systems, Google, Intel, Lockheed Martin Information Systems & Global Services, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Verizon and Visa. Visit www.staysafeonline.org for more information.
About STOP. THINK. CONNECT.
STOP. THINK. CONNECT.™ is the first-ever coordinated message to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, non-profits and government organizations. The Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA) led the effort to find a unified online safety message that could be adopted across public and private sectors. The campaign hopes to achieve for online safety awareness what “Smokey Bear” did for forest fire safety and “Click It or Ticket” did for seatbelt safety, more information can be found at www.stopthinkconnect.org.
More inf :- Click here
