SurvivalRing

Rich Fleetwood on Survival & Preparedness - Founded/Established 1997

Personal Cybersecurity #24: Daily news

What you need to know for your personal cyber security life… 

Number twenty-four in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday now is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.  

evil inside

# # #

HEADLINES…for this issue…

  • China’s Hackers to Target U.S. Entertainment Industry, Security Firm Warns
  • Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It
  • Pwn2Own: The perfect antidote to fanboys who say their platform is safe
  • Top Gun takeover: Stolen F-35 secrets showing up in China’s stealth fighter
  • A Close Look at the NSA’s Most Powerful Internet Attack Tool

China’s Hackers to Target U.S. Entertainment Industry, Security Firm Warns

http://variety.com/2014/digital/news/chinas-hackers-to-target-u-s-entertainment-industry-security-firm-warns-1201131720/

  • David S. Cohen
  • Senior Editor, Features
  • Variety.com
  • March 13, 2014

A new report from cybersecurity firm FireEye warns that the U.S. film and entertainment industries could come under cyberattack from Chinese hackers intent on undermining companies’ content, technology and internal communications.

“China’s Soft Power Strategy and Cyber Intrusions: What Hollywood Should Know,” due to be officially published next week, posits that Chinese authorities see U.S. domination of filmed entertainment as a strategic advantage for America, and want that advantage for China.

“We judge that links between China’s soft power strategy (in this case, their cultural means of influence) and its designation of ‘creative industries’ as strategic, provides the motivation for groups to commit cyber espionage,” says the report.

Of course, FireEye sells threat protection and stands to gain financially if the entertainment industry invests in cyber-security.

But cybersecurity expert Hemanshu Nigam, founder of SSP Blue, says China’s cyber threat to the entertainment industry is already well known. “When your’e doing business with a country or company that has very different beliefs than the American value system, there’s always a chance this kind of thing can happen,” Nigam told Variety.

[…]

# # #

Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

  • By Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack
  • Bloomberg Businessweek Technology
  • March 13, 2014

The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.

It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then…

Nothing happened.

For some reason, Minneapolis didn’t react to the sirens. Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.

[…]

# # #

Pwn2Own: The perfect antidote to fanboys who say their platform is safe

# # #

Top Gun takeover: Stolen F-35 secrets showing up in China’s stealth fighter

http://www.washingtontimes.com/news/2014/mar/13/f-35-secrets-now-showing-chinas-stealth-fighter/

  • By Bill Gertz
  • Washington Free Beacon
  • March 13, 2014

A cyber espionage operation by China seven years ago produced sensitive technology and aircraft secrets that were incorporated into the latest version of China’s new J-20 stealth fighter jet, according to U.S. officials and private defense analysts.

The Chinese cyber spying against the Lockheed Martin F-35 Lightning II took place in 2007 under what U.S. intelligence agencies codenamed Operation Byzantine Hades, a large-scale, multi-year cyber program that targeted governments and industry.

Defense officials said the stolen data was obtained by a Chinese military unit called a Technical Reconnaissance Bureau in the Chengdu province. The data was then passed to the state-run Aviation Industry Corp. of China (AVIC).

An AVIC subsidiary, the Chengdu Aircraft Industry Group, used the stolen data in building the J-20, said defense and intelligence officials familiar with reports of the illicit tech transfer.

[…]

 # # #

A Close Look at the NSA’s Most Powerful Internet Attack Tool

http://www.wired.com/opinion/2014/03/quantum/

  • By Nicholas Weaver
  • Wired.com
  • 03.13.14

We already knew that the NSA has weaponized the internet, enabling it to “shoot” exploits at anyone it desires. A single web fetch, imitated by an identified target, is sufficient for the NSA to exploit its victim.

But the Edward Snowden slides and story published yesterday at The Intercept convey a wealth of new detailed information about the NSA’s technology and its limitations.

First, it’s clear that the NSA has settled on a system called QUANTUM as its preferred, if not near-universal, internet exploitation mechanism. QUANTUM is vastly more effective than just sending spam. But since its launch at NSA, the program has clearly suffered from both mission creep and target creep.

If NSA only used QUANTUM to attack wannabee terrorists attempting to read Inspire, hardly anyone would object. But instead the agency expanded it greatly, not only in target scope (including its confirmed use against Belgacom) but also in functionality.

[…]

# # #

Updated: March 16, 2014 — 5:35 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 20th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural Missouri, just a few miles from the Big Muddy. Always ready to help others, he shares what he learns on multiple blogs, social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises. Since 1997, he has provided guidance, authentic government survival history, and commentary on why we all need to get ready for that fateful day in the future, when we have to get our hands dirty and step in to save the day. He is an award winning videographer (2005 Telly Award), has received state and national scholarly recognition (2006 New Century Scholar and All USA Academic Team), and is a natural with computers, technology, gadgets, small furry mammals, and anything on wheels. Rich likes making friends, solving problems, and creating solutions to everyday issues. He doesn't mind mixing things up, when there is a teaching moment ready to happen. As a constitutional conservative, he's staying quite busy these days. The SurvivalRing Radio Show at www.survivalringradio.com will be coming back SOON!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Connect With Us at
Twitter Twitter | FaceBook Facebook | LinkedInLinkedIn | Quora Quora | Instagram Instagram | Pinterest Pinterest | Youtube Youtube | Tumblr Tumblr
SurvivalRing © 2018
Contact Us | Advertise | Terms of Use | GDPR | TradeMarks | Privacy | Fair Use | Sitemap | F.T.C
Social Media Disclosure | Earnings Disclaimer | Anti Spam Policy | D.M.C.A.
Site Design by Richard Fleetwood - Founder / Director of SurvivalRing.org
Copyright © 1997-2018 SurvivalRing.org/SurvivalRing Media - All Rights Reserved. -
SurvivalRing is the Trademark (TM) & Service Mark (SM) of all SurvivalRing Media Projects
THIS WEBSITE HOSTED BY SURVIVALRING.ORG - Comments Welcome!