Probably the worst nightmare of the data protection specialist is the idea of a trusted member of the organization loading confidential data onto a home machine that is connected to a P2P file sharing network.   These events happen all the time and they are inevitable.  The latest incident occurred in Hong Kong.

Read more

I have a problem with hackers. I don't think they are heroes. I don't think they should be rewarded for their illegal activities. It bugs me that ex-hackers make big bucks trading on their notoriety with book deals and public speaking engagements . Mind you I know lots of people that were hackers at an early age and got caught. They were usually scared onto the straight and narrow by a knock on the door by the FBI, or a call from the site administrators of one of their targets. No big deal.

Read more

This is great. Three roomates were burglerized. Over $5,000 worth of electronics were stolen from their apartment. One of the vicitims, who happens to work in an Apple store, recieves a call from a friend telling her it looks like she is on-line. The woman uses a remote access program for the Mac to log in to her computer and turn on the webcam. She snaps pictures of the thieves and gives them to the police who nab them!

I love it. This story ranks right up there with the woman who recovered the stolen thumb drive with her master's thesis on it.

With this news story it is time to start accumulating a list of countries that have found that they are being targeted by China in industrial and military espionage efforts. In this case they are using the tried and true Trojan Horse technique.

Here we go:

UK

Germany

United States

Tibetan support groups

France

India

Belgium

Holland

That is from memory. Anyone know of others?

Update from commenter Brian:

Read more

This article in the India Times is a bit sensationalist. About all I can glean from it is that India is not left out of China's wide spread cyber espionage efforts.  It helps one imagine the scale of China's operations.

Read more

Ryan Singel over at Wired.com spells out some of the mysterious activity on the part of the US government recently.  Most disturbing to me is the attempt by the NSA to take over cyber surveillance on US citizens. Or rather continue their cyber surveillance of US citizens.

Senators Joe Lieberman (I-Connecticut) and Susan Collins (R-Maine)  state in a letter to DHS Secretary Chertoff on Friday:

Read more

Alright I will take the bait. I am a sucker for a good troll. :-) Alan Shimel, chief blogger for NAC provider StillSecure, came away from RSA pretty upbeat about the prospects for NAC. His likening me to the Grinch refers to my frequent cries of protest that NAC is worthless. I guess he is afraid that I will ruin the Christmas morning pay off that the NAC vendors hope for.

Read more

After three years four of the PI's that used Michael Haephrati's Trojan software to gather competitive intelligence for their clients have finally been sentenced. This article in The Register gets some of the facts of the original story wrong.

Read more

The Bank of Israel's website had been defaced by hacktivists.  According to a spokesman for the Bank of Israel the site was hosted by a third party and is not actually connected to internal systems.  Interesting that traceroutes indicate that the site is hosted by Bezeq, the Israeli telephone company, and that the IP address is in the Israeli governement's netblock.   So, while it may be true that the website is not directly connected to the internal systems at the Bank of Israel it appears that an Israeli government sustained website has been taken down for almost two days.

Read more

There is an odd private-public partnership at work in China. I trace it back to May 1, 2001, when Chinese hackers attacked US web sites in protest over the US spy-plane incident,  although you can argue that Chinese hacking pre-dates that by years. 

Read more

I am in Nampa, Idaho today outside Boise.  My topic is The Cyber Crime Scenario where I build off of a ten minute presentation I first gave at Network World’s Security Standard event in Boston. The topic then was the Doomsday scenario.  In my Cyber Crime Scenario I propose the logical extension of what we see today continuing unimpeded.  There are only two inhibiters to the rise of cyber crime that I can identify. One is better security, thus the security industry.  The other is international cooperation of law enforcement agencies.

Read more

As I distribute the news of my new startup, Seccom Global ,  I am getting asked why? And why now?   The answer derives from my travels over the last year and a half. I have been to six continents and 28 countries evangelizing both the changes in the threat-scape as well as value proposition of UTM (Unified Threat Management).    I am seeing the beginnings of a confluence of factors all of which point to managed security being the next big thing.   Those factors include:

Read more

Netcraft is reporting that the Barak Obama campaign site has been hacked to re-direct visitors to Hilary Clinton's web site. Hard to tell if the guy who did it was truly politically motivated or just demonstating how susceptable Obama's site was to cross site scripting.

Meanwhile, Chinese hackers are attacking CNN through one of its sports sites.   Google cache here. 

Read more

Most enterprises have some sort of security department by now.  Some even have Chief Information Officers with teams of six or seven people just to oversee IT security.   But, it occurred to me as I was preparing my thoughts this morning for my keynote at the Western Canada Information Security Conference here in Winnipeg , that the structure of most IT security organizations does not provide adequate coverage for today’s threat levels.  

Read more

Every RSA show is different. Every year there is a buzz.  It takes two or three days of walking the show floor, hearing vendor pitches (you have to stop and talk to people manning the booths to pick up their vibes, don’t just wander the floor), and hob nobbing  with Wall Street analysts to identify that buzz.

Read more

While the RSA 2008 show floor engendered the usual feelings of euphoria I had the most valuable learning experience at a breakfast meeting hosted by Marci McCarthy of the Executive Alliance. Marci has been building a successful business around the idea of creating an Academy Awards for security professionals. I have participated in a few of her events over the years and was always impressed at her team's ability to fill a room with IT execs.

Read more

Registration has begun for RSA 2008. Just monitoring my Twitter network it feels like the whole security world is descending on San Francisco today. I have already staked out my customery seat inside the lobby of the "W" across the street from Moscone Center, although two geeks got th the power plugs in the floor before I could.

Read more

If you really want to set me off just point me to an interview with some old military guy who uses "cyber" as a noun and uses euphemisms for everything. This article for instance. Apparently there was a conference on Cyber Warfare in London this week and an Air Force base commander was spouting off about counter-measures in cyberspace. Let me re-iterate a few things I have mentioned in previous postings.

Take this from the article:

Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force.

Read more

E-stonia, that burgeoning technology center and booming economic wunderkind, is sharing its cyber defense expertise with the other 25 nations of NATO.  A new Cyber Defense Center of Excellence is being set up in Tallinn by seven NATO nations including the US. Each will provide staff members who will concentrate on developing defense methods.

Read more