A U.S. government cyber security official warned that there has been an increase in attacks that penetrate industrial control system networks over the past year, and said they are vulnerable because they are exposed to the Internet.
Industrial control systems are computers that control operations of industrial processes, from energy plants and steel mills to cookie factories and breweries.
“We see more and more that are gaining access to that control system layer,” said Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.
ICS-CERT helps U.S. firms investigate suspected cyber attacks on industrial control systems as well as corporate networks.
Interest in critical infrastructure security has surged since late last month when Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack.
Experts attending the S4 conference of some 300 critical infrastructure security specialists in Miami said the incident has caused U.S. firms to ask whether their systems are vulnerable to similar incidents.
Edwards said he believed the increase in attacks was mainly because more control systems are directly connected to the Internet.
“I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes,” he said in an on-stage interview with conference organizer Dale Peterson.
Edwards did not say whether those attacks had caused any service disruptions or threatened public safety.
Sean McBride, a critical infrastructure analyst with iSight Partners who attended the talk, said the increase may reflect more publicity in recent years over risks over cyber attacks, which prompted operators to find more infections.
McBride said he could not say if the increase was troubling because he did not know the intent of the attackers.
Edwards and a DHS spokesman declined to elaborate on his comments.
Officers patrolling the Oklahoma State Penitentiary in McAlester noticed the drone lying upside down inside prison grounds after it apparently crashed after hitting razor wire that guarded the facility.
The officers found a package of illicit material that had been suspended from the drone by fishing line. It included two 12-in. hacksaw blades, a cell phone, a cell-phone battery, a hands-free device, two packages of cigarettes, two packages of cigars, two tubes of super glue, a bag containing 5.3 ounces of marijuana, a bag with 0.8 ounces of methamphetamine and a bag containing less than 1 gram of heroin.
The Oklahoma Department of Corrections issued a photo of the drone, which resembles a DJI Phantom quadcopter. Alongside it in the picture were the goods it was carrying.
The incident, which is the first reported case of its kind in the state, is under investigation.
Drones have been used to attempt to smuggle goods and contraband into prisons in other U.S. states.
According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.
Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security numbers was affected, the company said.
According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.
Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.
The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.
Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.
Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.
Technology giant Google Inc’s self-driving cars have been involved in 11 accidents, but have not been the cause of any, over the last six years since the project began, the program’s director said on Monday.
A team of drivers that is testing the fleet of more than 20 vehicles have driven 1.7 million miles so far.
“…Not once was the self-driving car the cause of the accident,” Chris Urmson said in a post on technology news website Backchannel’s blog Medium. No one was injured in the accidents, Urmson added.
“If you spend enough time on the road, accidents will happen whether you’re in a car or a self-driving car.”
The cars had been hit from behind seven times, mainly at traffic lights, with a majority of the accidents being on city streets rather than on freeways.
“We’ll continue to drive thousands of miles so we can all better understand the all-too common incidents that cause many of us to dislike day-to-day driving – and we’ll continue to work hard on developing a self-driving car that can shoulder this burden for us,” Urmson said.
A California civil liberties group unveiled a mobile application that will allow bystanders to record cell phone videos of possible cases of police misconduct and then quickly save the footage to the organization’s computer servers.
The California chapter of the American Civil Liberties Union said the app will send the video to the organization and preserve it even if a phone is seized by police or destroyed.
The launch of the ACLU’s “Mobile Justice CA” app comes as law enforcement agencies face scrutiny over the use of lethal force, especially against African-Americans, following several high-profile deaths of unarmed black men in encounters with police over the last year in the United States.
“It’s critical that people understand what is being done by police officers, because what is being done is being done in the name of the public,” said Hector Villagra, executive director of the ACLU of Southern California.
The app is targeted at residents of the most populous U.S. state, but ACLU chapters have launched similar mobile apps in at least five other states, including New York, Missouri and Mississippi over the last three years.
It also sends an alert to anyone with the app who might be in the area, giving them an opportunity to go to the location and observe, the ACLU said.
Villagra said the ACLU, in looking at which cases to delve into more deeply, will prioritize those that come with a written report, which is another element users can submit through the app. Records of incidents from users living in other states will be sent to ACLU officials there, he said.
ACLU officials advised anyone interacting directly with officers who wants to use the app to announce they are reaching for a phone, because officers might mistake the device for a weapon.
A representative from the California Peace Officers Association declined to comment immediately on the app.
The popular group chat tool Slack had its central database hacked in February, according to the company, potentially compromising users’ profile information like log-on data, email addresses and phone numbers.
The database also holds any additional information users may have added to their profiles like their Skype IDs.
The passwords were encrypted using a hashing technique. There was no indication the hackers were able to decrypt the passwords, Slack Technologies said in a blog post. No financial or payment information was accessed or compromised, it said.
The unauthorized access took place over about four days in February. The company said it has made changes to its infrastructure to prevent future incidents.
Slack was contacting a “very small number” of individual users who had suspicious activity tied to their accounts, or whose messages may have been accessed. Slack did not say how many users it thinks may have been affected in this way. A company spokeswoman declined to comment further.
There’s been strong interest in Slack’s business chat app since it launched last year, and its user base now tops 500,000.
To beef up security, Slack added a two-factor authentication feature on Friday. If it’s enabled, users must enter a verification code in addition to their normal password whenever they sign in to Slack. The company recommends that all users turn it on.
Slack has also released a password kill-switch feature, to let team owners and administrators reset passwords for an entire team at once. Barring that, users can reset their passwords in their profile settings.
Users should stop using the Chromebook 11 charger immediately and call Google for replacements, said the U.S. Consumer Product Safety Commission in a statement issued Tuesday.
The product was deemed unsafe after Google received reports of chargers overheating and melting. The company also received one report of a small burn to a consumer and “one report of minor property damage to a pillow from an overheating charger.” The recall involves 145,000 units.
Google and HP’s Chromebook 11 was announced in October, and was the first laptop to come with a micro-USB charger, which is also used to charge smartphones and tablets. But incidents of overheating and melting prompted the companies to pull it from retail shelves in early November.
CPSC is advising Chromebook 11 owners to call Google by phone at 1-866 628-1371 or visit the company’s charger replacement form page to request a free replacement. The defective charger unit’s model number is MU15-N1052-A00S.
Meanwhile, Google and HP have resumed sales of Chromebook 11 with non-defective chargers.
“We apologize again for the inconvenience this has caused. Your safety is our top priority. With our partner HP, we are resuming sales of the HP Chromebook 11. All new packages will include the replacement charger,” Google said in a blog entry earlier this week.
The Federal Bureau of Investigation (FBI) has issued a warning about the Syrian Electronic Army (SEA), the pro-Assad hacker group that has become adept at spearphishing attacks and Twitter account takeovers.
The warning is in a memo and comes to us via the security blog belonging to Matthew Keys.
Keys has reproduced the memo and shared it on Scribd. The document says that the SEA has been around since 2011 and has compromised a number of high profile media outlets.
It warns of attack methods that include spearphishing, DNS attacks and web defacements, and it reminds us that the SEA posted a story about US President Obama to the Associated Press.
“Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security,” said the FBI memo. “If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force.”
The SEA acknowledged the FBI’s attention on its Twitter feed. It appeared unmoved by the glare of law enforcement publicity.
It has long played a game of whack-a-mole with websites like Facebook and Twitter, both of which regularly force it to change accounts. According to the SEA the group is on its 225th Facebook account.
It publishes details of its takeovers through these accounts, and on it’s own homepage, a Pinterest webpage and an Instagram account.
As well as hacking into media websites the hacker group has also struck mobile apps, DNS systems and the Australian web hosting business Melbourne IT. Doing all this has helped it to break onto the webpages of news media outfits like the Huffington Post, the BBC and Reuters.
The Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.
The FBI might be behind a security assault on the TOR network that grabs users’ information.
Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.
“[It] doesn’t download a backdoor or execute any other commands, this is definitely law enforcement,” he said in a tweet about the discovery.
He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.
“Briefly, this payload connects to 18.104.22.168:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash,” he added.
“Because this payload does not download or execute any secondary backdoor or commands it’s very likely that this is being operated by an LEA and not by blackhats.”
The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.
Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.
A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.
“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network,” the TOR project said.
“The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research.”
Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.
They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.
A former FBI counter-terrorism agent Tim Clemente appeared on CNN to claim that most of the great unwashed did not know the real capabilities and behavior of the US surveillance state. The comments stem out of anonymous government officials claiming that they are now focused on telephone calls between one of the Boston Bombers and his wife to see if she had prior knowledge of the plot or participated in any way.
The only problem with that was that if the calls were already made, how could the FBI listen to them. Tim Clemente, a former FBI counter-terrorism agent was asked about whether the FBI would be able to discover the contents of past telephone conversations between the two. He quite clearly insisted that they could.
He said that there were ways in national security investigations to find out exactly what was said in that conversation. It’s not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out. He said that all of that stuff is being captured as we speak whether people know it or like it or not.
EPIC already tried to get access twice last September, and now it is trying again. It said that it has sent repeated freedom of information act requests regarding the database, and that the FBI has failed to respond. Now it has filed a lawsuit for access (PDF).
It warned that the Next Generation Identification system (NGI) is a massive database that “when completed, [will] be the largest biometric database in the world”.
The NGI will use CCTV systems and facial recognition, and it includes DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other “identifying information”.
The FBI has an information page about the NGI, and there it said that photographs of tattoos are also included and that the system is designed to speed up suspect detection and response times.
“The NGI system will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality,” it said.
“The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology”.
In its lawsuit EPIC said that the NGI database will be used for non law enforcement purposes and will be made available to “private entities”.
EPIC said that it has asked the FBI to provide information including “contracts with commercial entities and technical specifications”.
It said that so far it has received no information from the FBI in response to its requests.
In a move that’s will most likely cause alarm with privacy advocates, the FBI has begun searching for a tool that will allow it to gather and mine data from social networks like Facebook, Twitter and blogs.
The goal is to use the tool to keep on top of breaking events, incidents and emerging threats, the agency said in a recent Request for Information (RFI) from IT vendors.
The FBI said it’s seeking a “secure, lightweight web application portal using mashup technology.”
According to the RFI document, “The application must have the ability to rapidly assemble critical open source information and intelligence that will allow [the FBI's Strategic Information and Operations Center] to quickly vet, identity and geo-locate” potential threats to the U.S.
The FBI said the tool must have the ability to automatically search and scrape data off social networking and news sites based on specific queries. It must also be able to display alerts on geo-spatial maps and give users the ability to quickly summarize the “who, what, when, where and why” of specific threats and incidents.
The FBI hopes to use information posted on social networks to detect specific and credible threats, locate those organizing and taking part in dangerous gatherings and predict upcoming events, the FBI said.
“Social media will be a valued source of information to the SIOC intelligence analyst in a crisis because it will be both eyewitness and first response to the crisis,” the RFI said.
It noted that social media networks have been trumping police, firefighters and new media when it comes to communicating news of developing incidents and protests.
An FBI spokesman said the proposed system will be used only to monitor publicly available information, and won’t be used to focus on specific individuals or groups, according to an Associated Press report.
At a time when technology is supposed to be getting simpler, less complex and easier to manage, more people are calling help desks for assistance than ever before, according to a new report. That’s one of the findings that HDI, formerly known as the Help Desk Institute, revealed in its recently released 2010 study of help desk trends.
What HDI found is that the number of incidents reported to help desks via chat, e-mail, telephone, self-help systems, social media, the Web and walk-ins is rising, with 67% of all help desk operations experiencing increases in 2010. That’s roughly the same percentage who reported an increase in 2009.
In recent years, many organizations have moved to centralize their help desk operations and establish a single point of contact for workers, said Roy Atkinson, an analyst at HDI, whose members represent a help desk community of about 50,000 people.
Those centralization efforts have improved incident data collection, which helps to explain the spike in reports. Moreover, creating a single point of contact, and offering multiple ways for people to reach the help desk, encourages users to seek assistance, Atkinson said.
While centralization and better record-keeping may explain much of the increase in reported calls, it doesn’t completely explain it. Atkinson said another part of the explanation could be the fact that IT complexity is actually increasing, especially as users seek to connect multiple devices, including mobile phones, tablets and laptops to corporate networks.
“There is the trend to being able to work anywhere and anytime,” Atkinson said. And that “requires more support, so the environment as a whole is probably more complex.”
Earl Begley, who heads HDI’s desktop advisory board and is an IT project manager at the University of Kentucky, said incident volumes for the university’s healthcare help desk, which serves the UK hospital, have increased by 15% to 20% a year. Part of this increase can be attributed to the use of new technology in the healthcare industry, he said.
The increasing call volume at the university keeps the staff busy, said Begley, adding that “it is frustrating, because they see the same problems occurring over and over again.”
Technologies that could reduce help desk support demand include things like desktop or application virtualization, where an application can be accessed via a browser. And increasing use of voice-over-IP (VoIP) technology reduces the time it takes support phone systems.
For those organizations reporting an increase in help desk calls, about 41% attributed the uptick to infrastructure or product changes, upgrades or conversions; 26% cited expanded service offerings by the support center; and 22.5% said they have more customers, according to the HDI study.
The increase in the number of help desk support requests is happening at the same time IT managers are cutting money spent on supporting help desks, according to another new study that was released recently by Computer Economics.
In its survey of IT organizations, the IT research firm found that help desk employees now represent about 6% of the total IT staff, after accounting for about 6.9% of the average IT staff for the past several years.
The report said that this decrease “represents a relatively substantial dip and indicates that providing high-quality support to users assumed a lower priority amid the wave of operational budget-cutting and staff reductions that accompanied the official end of the recession.”