Group items tagged

China has denied allegations that it hacked into a Pentagon IT system and recovered plans for the Joint Strike Fighter (JSF). The combat aircraft which is to be procured by Britain as well, is being produced by Lockheed Martin. In allegations first reported in the Wall Street Journal, hackers stole "several terabytes of data related to design and electronics systems". The most sensitive data however on weapons systems and its stealth technology was not breached since it is kept on computers not connected to the internet. IT experts have said that they suspect the hackers came from China although it will be difficult to identify their exact origins. Hacking into IT systems as complex as the DoD's would require the help and capabilities of another government. Recovering data on the JSF would allow countries or rogue groups who could face the aircraft in future conflicts to develop counter measures based on the aircraft's weaknesses. The Chinese strongly denied that the breach originated from their country. "China has not changed its stance on hacking. China has always been against hacking and we have cracked down very hard on hacking. This is not a Chinese phenomenon. It happens everywhere in the world," a spokesperson for the Foreign Ministry said. This is not the first time the JSF's security has been breached. Early on in the contract the DoD and Lockheed Martin admitted that there was no universal IT security policy for the 1,200 sub contractors and that leaks may have occurred. BAE subsequently admitted that their IT security for JSF material was lax and that leaks could have occurred. Britain is scheduled to buy 150 of the aircraft by 2018.

A 10-month cyberespionage investigation has found that 1,295 computers in 103 countries and belonging to international institutions have been spied on, with some circumstantial evidence suggesting China may be to blame. The 53-page report, released on Sunday, provides some of the most compelling evidence and detail of the efforts of politically-motivated hackers while raising questions about their ties with government-sanctioned cyberspying operations. It describes a network which researchers have called GhostNet, which primarily uses a malicious software program called gh0st RAT (Remote Access Tool) to steal sensitive documents, control Web cams and completely control infected computers. "GhostNet represents a network of compromised computers resident in high-value political, economic and media locations spread across numerous countries worldwide," said the report, written by analysts with the Information Warfare Monitor, a research project of the SecDev Group, a think tank, and the Munk Center for International Studies at the University of Toronto. "At the time of writing, these organizations are almost certainly oblivious to the compromised situation in which they find themselves." The analysts did say, however, they have no confirmation if the information obtained has ended up being valuable to the hackers or whether it has been commercially sold or passed on as intelligence. Although evidence shows that servers in China were collecting some of the sensitive data, the analysts were cautious about linking the spying to the Chinese government. Rather, China has a fifth of the world's Internet users, which may include hackers that have goals aligning with official Chinese political positions.

Former Booz Allen Hamilton management consultant Melissa Hathaway's much anticipated 60-day review of U.S. cybersecurity policy is scheduled to hit President Obama's desk this Friday. All eyes of the tech security community will be watching. It will signal what approach Obama will take in the complicated task of stemming cyber threats. Obama has said he will make the Internet safer for citizens and businesses, while playing catchup to China and Russia who are far ahead in the cyberwarfare arms race. "We're trying to do cybersecurity in a democracy," says Leslie Harris, President and CEO of the Center for Democracy & Technology. "Doing cybersecurity in China, my guess, is a lot easier." CDT held a press briefing this morning at which it warned that a cybersecurity bill, introduced earlier this month by Sen. John Rockefeller, D-W.Va, and Sen. Olympia Snowe, R-Maine, is the first of several that likely will be proposed once Hathaway's review is out. Harris said CDT agrees with a provision in the Rockefeller-Snowe bill that would create a cabinet-level cybersecurity adviser reporting directly to President Obama, but questions some of the extraordinary federal enforcement powers that could be created. CDT says it doesn't want citizens' civil liberties trampled upon. CDT general counsel Greg Nojeim gave Hathaway high marks for keeping her review process relatively open, in contrast to the Bush administration's penchant for secrecy. "So far the White House review team gets high grades on transparency," Nojeim said. Hathaway has held closed briefings in the past several weeks with Congressional committees, industry groups and privacy organizations, said Nojeim. "But the real test will be whether their recommendations reflect a commitment to transparency in the execution of the program," said Nojeim.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

A company that monitors P2P networks says it found details about the president's helicopter, Marine One, on a computer in Tehran. Pittsburgh station WPXI reports. Bob Boback, CEO of Tiversa, said, "We found a file containing entire blueprints and avionics package for Marine One. … What appears to be a defense contractor in Bethesda, MD had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One," Boback said. Retired Gen. Wesley Clark, an adviser to Tiversa, added: We found where this information came from. We know exactly what computer it came from. I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went. It's no accident the information wound up in Iran, the company said. Countries like Iran, Pakistan, Yemen, Qatar and China are "actively searching for information that is disclosed in this fashion because it is a great source of intelligence," Boback said. Rep. Jason Altmire said he will ask Congress to investigate the risk to national security of this sort of exposure. Cnet's Charles Cooper interviewed the Tiversa's Sam Hopkins (Cooper says he's the CEO but the original report said Boback is CEO; the company website doesn't list executives), who said someone at the company was running a Gnutella client - possible a buggy one. Hopkins said it's hardly an unusual occurence - although presumably the usual breaches aren't so closely connected to the President. Everybody uses (P2P). Everybody. We see classified information leaking all the time. When the Iraq war got started, we knew what U.S. troops were doing because G.I.'s who wanted to listen to music would install software on secure computers and it got compromised. … We see information flying out there to Iran, China, Syria, Qatar-you name it. There's so much out there that sometimes we can't keep up with it. Bottom line: P2P is the big

The offshoring of business processes has become increasingly popular. Fueled by advancements in technology, the benefits of offshoring are primarily attributable to the savings from lower personnel costs at foreign locations. According to the Global Financial Services Offshoring Report 2007 by Deloitte & Touche U.SA LLP, over 75% of major financial institutions report offshoring a portion of their operations. Some economists estimate that up to one-third of total U.S. employment in services may ultimately be offshored (Steve Lohr, "At IBM, a Smarter Way to Outsource," The New York Times, July 5, 2007). Offshore entities often operate in developing countries such as India, China, Pakistan, the Philippines, and Vietnam. The offshoring of business processes generally takes two forms: outsourcing to an unaffiliated offshore entity (offshore outsourcing), or ownership and operation of an affiliated offshore entity (AOE). Many multinational companies have AOEs. For example, Accenture has more employees in India than in the United States; IBM is projected to have more than one-quarter of its workforce in India by 2010; and companies like General Electric, Eli Lilly, Google, and Microsoft are expanding their R&D centers in India and China (House Committee on Science and Technology, June 12, 2002). Offshoring and the Auditing Profession The potential benefits of offshoring have not been ignored by the accounting profession. In past years, several large public accounting firms began using AOEs to perform certain nonaudit procedures for their U.S.-based clients. For example, Ernst & Young uses AOE employees to prepare client tax returns (Vanessa Houlder, "E &Y Sends Compliance Work Offshore," Financial Times, July 11, 2007), and a number of accounting firms use AOEs to print documents for delivery to clients. The largest international public accounting firms have recendy begun testing the offshoring of certain auditing procedures on very large U.S. audit engagements to thei

"Two Kansas men have been charged with making $1m in proceeds by buying computer networking gear in China and passing it off as products from Cisco Systems. Christopher Myers, 40, and Timothy Weatherly, 27, obtained the networking gear from a variety of sources and then slapped phony Cisco labels on them, according to documents filed in federal court in Kansas City. To give the goods the additional air of legitimacy, they put them in purported Cisco boxes and included counterfeit Cisco manuals. Myers also stands accused of obtaining access to a website containing Cisco's confidential serial numbers, so the men could affix them to the gear they sold. Prosecutors said the men sold the equipment on eBay and on private websites. They were charged with one count of conspiracy, 30 counts of trafficking in counterfeit goods and one count of trafficking in counterfeit labels. The government is seeking forfeiture of $1m in proceeds from the alleged crimes. If convicted, the men also face a maximum of fives years in prison and $250,000 in fines. Myers made an initial appearance in court on Thursday. Security experts have warned that counterfeit networking gear could contain back doors that allow spies to conduct industrial espionage on US companies."

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, the Wall Street Journal reported on Wednesday. The spies came from China, Russia and other countries, and were believed to be on a mission to navigate the U.S. electrical system and its controls, the newspaper said, citing current and former U.S. national security officials. The intruders have not sought to damage the power grid or other key infrastructure but officials said they could try during a crisis or war, the paper said in a report on its website. "The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the Journal. "So have the Russians." The espionage appeared pervasive across the United States and does not target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official told the paper, referring to electrical systems. "There were a lot last year." The administration of U.S. President Barack Obama was not immediately available for comment on the newspaper report. Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on." Officials said water, sewage and other infrastructure systems also were at risk.

Netbook web surfers beware. That low-cost netbook you're using could be a high-speed gateway into your life, bank accounts, passwords and other personal data. Netbooks have made headlines since their 2007 launch, making PCs accessible to millions of non-traditional users. But their cheap cost could also carry a steep price tag due to lax security that makes them easier prey for viruses and hackers. Since their introduction less than two years ago by Taiwan's Asustek, nearly all major PC makers, including Hewlett-Packard, Dell, Acer and Lenovo, have jumped on the netbook bandwagon. But their no frills nature, combined with low computing power and relative lack of sophistication among their users could combine to create the perfect storm for hackers and virus creators looking for easy targets, analysts say. "The Internet is full of dangers, regardless of what computer you are using," said Sam Yen, greater China marketing manager at anti-virus software maker Symantec. "But keeping in mind that the netbook is primarily used to surf the Internet, those dangers are possibly multiplied many-fold, especially if there is no anti-virus software installed in the machine." Price tags as low as $300 mean that netbooks often lack such standard gear as firewalls and other anti-virus software typically found in other computers, leaving them highly vulnerable to attacks. "Frankly, netbook security is not there yet," said Pranab Sarmah, an analyst at the Daiwa Institute of Research. "The positioning of the netbook means PC brands are going to do whatever it takes to make the price point attractive to consumers, which means keeping costs low." Many netbook users are relative Internet newcomers, and may not be aware of precautions they can take to protect themselves. Low computing power also means savvy netbook users may shut down critical security programs to boost speed. "It's a Catch-22 situation," said Gartner analyst Lillian Tay. "If you're running too many security prog

Fraud on the Internet reported to U.S. authorities increased by 33 percent last year, rising for the first time in three years, and is surging this year as the recession deepens, federal authorities said on Monday. Internet fraud losses reported in the United States reached a record high $264.6 million in 2008, according to a report released on Monday from the Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center. Online scams originating from across the globe -- mostly from the United States, Canada, Britain, Nigeria and China -- are gathering steam this year with a nearly 50 percent increase in complaints reported to U.S. authorities in March alone. "2009 is shaping up to be a very busy year in terms of cyber-crime," the report's author, John Kane, told reporters in a telephone briefing. Last year's losses compared with $239.1 million in 2007 and dwarfs the $18 million of losses of 2001.

IT practices such as identity management, email and URL filtering, virus scanning and electronic monitoring of employees can get companies that do business globally into a heap of trouble if deployed without an understanding of global data privacy laws. The warning was one of several alarms raised in a presentation on global privacy best practices by Gartner Inc. analysts Arabella Hallawell and Carsten Casper at the recent Gartner Risk Management and Compliance Summit in Chicago. Always a thorny issue, the protection of personally identifiable information (PII) is made more complicated in a world where there is limited agreement on how best to do that. According to the Gartner analysts, the world is divided into three parts when it comes to data privacy laws: countries with strong, moderate or inadequate legislation. The European Union, under the European Union Directive on Data Protection, possesses the strongest privacy regulations, followed by Canada and Argentina; Australia, Japan and South Africa have moderate to strong, recent legislation; laws in China, India and the Philippines are the least effective or laxly enforced. The United States has the dubious distinction of occupying two categories -- the strong column, due to the 45 state breach notification laws on the books, and the weak column, because of the lack of a federal law. Even among the three categories, nuances abound. Under the European Union Directive, member countries enact their own principles into legislation, and some laws (like Italy's) are more stringent than the directive's standards. Russia's very recent law is modeled after the strong EU laws, but how it will be enforced remains questionable. And in the U.S., state breach notification laws vary, with Nevada and Massachusetts proposing the most prescriptive data privacy legislation to date.

Ignorance is bliss!

IT professionals are under pressure from upper level executives to open the floodgates to the latest Web-based platforms, relaxing Web security policy, according to a new survey of 1,300 IT managers. The survey, conducted by independent research firm Dynamic Markets Ltd., was commissioned by Web, DLP and email security vendor Websense Inc. Dynamic Markets conducted interviews with IT managers in Australia, Canada, China, France, Germany, Hong Kong, India, Italy, the U.K. and the U.S. Nearly all those surveyed said they allow access to some Web-based services, such as webmail, mashups and wikis. But more employees are turning to online collaboration platforms; some are turning to Google Apps, which are integrated with Google's Gmail platform, and others are turning to popular social networking sites, such as Twitter and Facebook. Some users are bypassing Web security policy to access the services, according to 47% of those surveyed.

Hackers, possibly from Asia, have stolen about a decade's worth of personal information on current and former UC-Berkeley students, the university announced Friday. The breaches involved records dating to 1999 at the school's health center that included Social Security numbers, health insurance information, immunization history and the names of treating physicians. No other treatment-related records were stolen, the university said, although self-reported medical histories of students who studied abroad were hacked. The school on Friday sent e-mails and letters to 160,000 people, including about 3,400 Mills College students who used or were eligible for University of California-Berkeley medical services. About 97,000 people are most at risk because their names and Social Security numbers could be connected by the hackers, said Steve Lustig, the university's associate vice chancellor for health and human services. "What's been taken is bits of data that the thief might put together into an identity," he said. The university traced the hackers back to Asia, possibly China, but the exact origin could not be pinpointed. UC and FBI investigators are probing the breaches, which apparently occurred over several months. An FBI spokesman said the agency was informed of the hacking immediately, but declined to provide more information. The thefts were discovered about a month ago, but system administrators did Advertisement not realize the breadth of the attack until April 21. The hackers disguised their work as routine operations and then left taunting messages for UC-Berkeley employees, said Shelton Waggener, the university's associate vice chancellor for information technology. The thieves accessed the information through the university Web site, he said. "You should think of it as a public building," Waggener said. "They got into the building properly, but then they broke into secure areas." Administrators at Mills College, which contracts with UC-Berkeley for

It's not exactly what anyone might expect to find at a garbage dump in Ghana. Journalism students from the University of British Columbia discovered intact hard drives containing secret international security data and personal information at a digital dumping ground in Ghana, said their teacher, Peter Klein. Mr. Klein, a producer for the PBS television program Frontline and an Emmy Award winning journalist, said the drives included information about U.S. Homeland Security and Pentagon defence contracts as well as social security numbers, credit card numbers, and family photos. The dumps are frequented by criminal gangs in the country, he said. The findings are part of a project by Mr. Klein's graduate students investigating electronic waste, or e-waste. The team also travelled to Guiyu, China, and India, piecing together the afterlife of discarded computers, drives and parts. To find out if cyber criminals could get information stored on the computers, the students bought several hard drives from vendors near the Ghana dumps to test at home in Vancouver. One of the drives came from Northrop Grumman, a large U.S. military contractor. It contained "details about sensitive, multimillion-dollar U.S. government contracts" as well as contracts with the defence intelligence agency and NASA, according to a synopsis of the project on the PBS website.

"Facebook CEO Mark Zuckerberg has just written an open letter to Facebook users regarding a privacy overhaul that is due to hit the site in the next few weeks. Soon, users will be able to selectively choose, on a per-post basis, who can see the content they post to the site. Facebook is also going to remove regional networks entirely, largely because some of those networks (like China) consist of millions of users, which makes them useless from a privacy standpoint. If these changes sound familiar, it's because Facebook actually announced them way back in July. Zuckerberg also notes that Facebook now has 350 million users ? it has added a whopping 50 million of them in the last two and a half months. Alongside the regional network change, privacy controls will be simplified. As Facebook rolls out the new privacy settings, users will be presented with a page designed to walk them through the new options. Depending on your current privacy level, Facebook will make recommendations, though you'll be able to change them as usual. "