Skip navigation
Help

Espionage

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."

0
Your rating: None

Given that we now know that the National Security Agency (NSA) has the ability to compromise some, if not all of VPN, SSL, and TLS forms of data transmission hardening, it’s worth considering the various vectors of technical and legal data-gathering that high-level adversaries in America and Britain (and likely other countries, at least in the “Five Eyes” group of anglophone allies) are likely using in parallel to go after a given target. So far, the possibilities include:

  • A company volunteers to help (and gets paid for it)
  • Spies copy the traffic directly off the fiber
  • A company complies under legal duress
  • Spies infiltrate a company
  • Spies coerce upstream companies to weaken crypto in their products/install backdoors
  • Spies brute force the crypto
  • Spies compromise a digital certificate
  • Spies hack a target computer directly, stealing keys and/or data, sabotage.

Let’s take these one at a time.

0
Your rating: None
Original author: 
Dan Goodin

Josh Chin

The Chinese hackers who breached Google's corporate servers 41 months ago gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government, according to a published report.

The revelation came in an article published Monday by The Washington Post, and it heightens concerns about the December, 2009 hack. When Google disclosed it a few weeks later, the company said only that the operatives accessed Google "intellectual property"—which most people took to mean software source code—and Gmail accounts of human rights activists.

Citing officials who agreed to speak on the condition that they not be named, Washington Post reporter Ellen Nakashima said the assets compromised in the attack also included a database storing years' worth of information about US surveillance targets. The goal, according to Monday's report, appears to be unearthing the identities of Chinese intelligence operatives in the US who were being tracked by American law enforcement agencies.

Read 7 remaining paragraphs | Comments

0
Your rating: None

Aurich Lawson

Some say we're living in a "post-PC" world, but malware on PCs is still a major problem for home computer users and businesses.

The examples are everywhere: In November, we reported that malware was used to steal information about one of Japan's newest rockets and upload it to computers controlled by hackers. Critical systems at two US power plants were recently found infected with malware spread by USB drives. Malware known as "Dexter" stole credit card data from point-of-sale terminals at businesses. And espionage-motivated computer threats are getting more sophisticated and versatile all the time.

In this second installment in the Ars Guide to Online Security, we'll cover the basics for those who may not be familiar with the different types of malware that can affect computers. Malware comes in a variety of types, including viruses, worms, and Trojans.

Read 35 remaining paragraphs | Comments

0
Your rating: None

5602111029_159307c5c9_b_thumb

Let’s have a little talk about secrets. There are all kinds of secrets out there in the world: personal secrets, state secrets, secret recipes, secret sauces, top secrets, secret levels in video games, Victoria’s Secret. The list goes on. But as we’re quickly learning from the rapidly unraveling details of David Petraeus’s affair with his biographer Paula Broadwell, secrets are no longer sacred. In a world where America’s chief of secrets— a.k.a. the director of the Central Intelligence Agency —can’t even keep a silly little extramarital affair to himself, there’s something wrong.

0
Your rating: None

mask.of.sanity writes "The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."


Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

An anonymous reader writes I'm part owner of a relatively small video editing software company. We're not yet profitable, and our stuff turned up on thePirateBay recently. Some of our potential paying customers are using it without paying, and some non-potential customers are using it without paying. Our copy protection isn't that tough to crack, and I'd rather see the developers working on the product than the DRM (I'm convinced any sufficiently desirable digital widget will get copied without authorization). Would it be insane to release a 'not for commercial use' copy that does some spying and reporting on you, along with a spy-free version for ~$10,000? I feel like that would reduce the incentive to crack the paid version, and legit businesses (In the US anyway but we're trying to sell everywhere) would generally pay and maybe we could identify some of the people using it to make money without paying us (and then sue the one with the biggest pockets). What would you do?"


Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

Movies like this are the reason I’m able to stay optimistic about remakes. The original BBC version of Tinker, Tailor, Soldier, Spy starring Alec Guinness is a great piece of work. To some fans, it is unimpeachable. But based on the two trailers we’ve seen, the new version looks absolutely fantastic.

This is the second trailer, which gives up a little more of the story and shows off the cast in much more detail. (Includes Gary Oldman, Colin Firth, Tom Hardy, Mark Strong, Benedict Cumberbatch, Ciaran Hinds, Mark Strong, Svetlana Khodchenko, Toby Jones, John Hurt, Stephen Graham and Kathy Burke. Do you have chills? I have chills.)

We also get to see a lot more of the period recreation that is displayed in the same cold, almost threatening style we saw in director Tomas Alfredson‘s last film, Let the Right One In. (A film which, ironically, was set to be remade even before it hit the States, angering Alfredson.)

Check out the great second trailer below.

Here’s an alternate YouTube trailer embed, in case you don’t like the MSN one above.

Nothing but good things to say about that footage. The tension in it is delicious; the way that Gary Oldman is just standing at the center of this developing maelstrom is so impressive and, in a way, intimidating. And is that a little bit of the X-Men: First Class score used to buttress this edit? Sounds like it.

The man he knew as “Control” is dead, and the young Turks who forced him out now run the Circus. But George Smiley isn’t quite ready for retirement-especially when a pretty, would-be defector surfaces with a shocking accusation: a Soviet mole has penetrated the highest level of British Intelligence. Relying only on his wits and a small, loyal cadre, Smiley traces the breach back to Karla-his Moscow Centre nemesis-and sets a trap to catch the traitor.

Tinker, Tailor, Soldier, Spy will premiere at the Venice Film Festival; it then hits the UK on September 16 and the US on November 18.

0
Your rating: None