Group items tagged

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, the Wall Street Journal reported on Wednesday. The spies came from China, Russia and other countries, and were believed to be on a mission to navigate the U.S. electrical system and its controls, the newspaper said, citing current and former U.S. national security officials. The intruders have not sought to damage the power grid or other key infrastructure but officials said they could try during a crisis or war, the paper said in a report on its website. "The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the Journal. "So have the Russians." The espionage appeared pervasive across the United States and does not target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official told the paper, referring to electrical systems. "There were a lot last year." The administration of U.S. President Barack Obama was not immediately available for comment on the newspaper report. Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on." Officials said water, sewage and other infrastructure systems also were at risk.

It was the annual crunch time between Thanksgiving and the new year, and Nuala O'Connor Kelly had just sent to the printer the first-ever report to Congress by a chief privacy officer. This was it, the historic reporta 40-page description of what O'Connor Kelly had been doing during her first year as the first CPO of the U.S. Department of Homeland Security. Like addressing concerns about DHS's policies with privacy officers from other countries. Examining the department's growing use of biometrics. And reading irate e-mails from the public about controversial initiatives like the Transportation Security Administration's passenger screening program. If O'Connor Kelly was nervous about the grilling she was likely to get once members of Congress got their mitts on her report, she wasn't letting on. "It's actually a great moment for the [privacy] office to sit back and take stock of where we are now and where we're going for the next two, three, four, five years," says O'Connor Kelly, dashing from one meeting to the next with one of her staff members. At the time, O'Connor Kelly was the only federal government CPO whose position was mandated by law and who was required to file an annual report to Congress. But this seemed on the brink of change. Congress's consolidated 2005 appropriations bill, signed by President Bush in December, contains a provision thatdepending on how the White House's Office of Management and Budget interprets itwould create a handful or more of CPOs at federal agencies.

Online crime is increasingly hitting small and mid-size companies in the U.S., draining those entities' bank accounts through fraudulent transfers. The problem has gotten so bad that a financial services group recently sent out a warning about the trend, and the Federal Deposit Insurance Corporation (FDIC) issued an alert today. "In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," says a bulletin sent on Aug. 21 to member financial institutions by the Financial Services Information Sharing and Analysis Center, (FS-ISAC). The FS-ISAC is part of the government-private industry umbrella working with the Department of Homeland Security and Treasury Department to share information about critical threats to the country's infrastructure. The member-only alert described the problem and told its members to implement many of the precautions and monitoring currently used to detect consumer bank and credit card fraud.

Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched , copied and even held by customs agents -- all without need to show suspicion for cause. Notices are being proposed by the Privacy Office at the U.S. Department of Homeland Security (DHS), which last week released a report approving the suspicionless searches of electronic devices at U.S. borders. The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so. Also, while in many cases searches would be done with the knowledge of the traveler in some situations, the report says, "it is not practicable for law enforcement reasons to inform the traveler that his electronic device has been searched." In arriving at the assessment, the Privacy Office argued that such searches of electronic devices were really no different from searches of briefcases and backpacks. They are needed to interdict and investigate violations of federal law at U.S. borders and have been supported by courts in the past, the assessment said.

Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched, copied and even held by customs agents -- all without need to show suspicion for cause. Notices are being proposed by the Privacy Office at the U.S. Department of Homeland Security (DHS), which last week released a report approving the suspicionless searches of electronic devices at U.S. borders. The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so.

The ranking member of the Senate Homeland Security and Governmental Affairs Committee told the chief executive of Heartland Payment Systems that she was "astonished" a breach the company's information system lasted for nearly 1½ years without being detected. At a panel hearing Monday on protecting industry against growing cyber threats, Sen. Susan Collins, R.-Maine, asked Heartland CEO Robert Carr to explain how this delay happened. Carr responded that a breach is usually detected when the processing payer is notified of fraudulent use of cards, and that didn't occur until the end of 2008. "Isn't there software in the systems to detect such a breach?" Collins asked.