Yet another federal agency envisions a possible broader role for itself in securing private sector Internet infrastructure. The Federal Communications Commission issued on August 9 a notice (.pdf) soliciting public comment on an anticipated FCC plan to address vulnerabilities to core Internet protocols, as well as cybersecurity threats to all end users.

“Cybersecurity is a vital topic for the Commission because end user lack of trust in online experiences will quell demand for broadband services,” the notice states. The National Broadband Plan calls for the FCC to issue a Cybersecurity Roadmap. A plan, the FCC says in the notice, should be completed by November 2010.

Meanwhile, the FCC says it will accept comments through September 23, and encourages notes on what are the most vital cybersecurity vulnerabilities, what role–if any–the FCC should take in addressing them, and recommendations for what entity should fulfill the role of addressing those vulnerabilities if it’s not the FCC.

What role federal agencies should play in private sector cybersecurity is an increasing topic of debate. The Commerce Department is also soliciting public comment on whether it should set up a third party verification system of website security.

“Let’s not pretend we live in an unregulated system now,” said Philip Reitinger, deputy undersecretary of national protection and programs directorate at the Homeland Security Department, during a July 27 panel that discussed the Commerce notice.

Defense Department has also suggested it could play a role in securing the networks of its industrial base and a cybersecurity bill proposed by Sen. Joe Lieberman (I-Conn.) would allow the federal government to impose emergency measures onto private infrastructure, such as the wholesale blocking of Internet traffic from a particular source.

However, federal cybersecurity efforts have come under criticism from the Government Accountability Office, which found in a recent report that no clear cybersecurity strategy exists.

The GAO report portrays a chaotic, interconnected federal cyberspace policy field populated by many players and littered with many hurdles. It attributes the current state to an absence of top-level leadership.

For more:
- download the FCC public notice (.pdf)
- download the Commerce Department notice of inquiry (.pdf)
- read GAO report 10-606 (.pdf)
- go to the THOMAS page of the Lieberman cybersecurity bill

[Via: fiercegovernmentit.com]

More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm.

The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon-based NetWitness.

News of the attack follows reports last month that the computer networks at Google and more than 30 other large financial, energy, defense, technology and media firms had been compromised. Google said the attack on its system originated in China.

This latest attack does not appear to be linked to the Google intrusion, said Amit Yoran, NetWitness’s chief executive. But it is significant, he said, in its scale and in its apparent demonstration that the criminal groups’ sophistication in cyberattacks is approaching that of nation states such as China and Russia.

The attack also highlights the inability of the private sector — including industries that would be expected to employ the most sophisticated cyber defenses — to protect itself.

“The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats,” Yoran said. “The things that we — industry — have been doing for the past 20 years are ineffective with attacks like this. That’s the story.”

The intrusion, first reported on the Wall Street Journal’s Web site, was detected Jan. 26 by NetWitness engineer Alex Cox. He discovered the intrusion, dubbed the Kneber bot, being run by a ring based in Eastern Europe operating through at least 20 command and control servers worldwide.

The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or “bots,” enabled the attackers to commandeer users’ computers, scrape them for log-in credentials and passwords — including to online banking and social networking sites — and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially, he said.

“Because they’re using multiple bots and very sophisticated command and control methods, once they’re in the system, even if you whack the command and control servers, it’s difficult to rid them of the ability to control the users’ computers,” Yoran said.

The malware had the ability to target any information the attackers wanted, including file-sharing sites for sensitive corporate documents, according to NetWitness.

Login credentials have monetary value in the criminal underground, experts said. A damage assessment for the firms is underway, Yoran said. NetWitness has been working with firms to help them mitigate the damage.

Among the companies hit were Cardinal Health, located in Dublin, Ohio, and Merck, according to the Wall Street Journal. A spokesman for Cardinal said the firm removed the infected computers as soon as the breach was found.

Also affected were educational institutions, energy firms, financial companies and Internet service providers. Ten government agencies were penetrated, none in the national security area, NetWitness said.

The systems penetrated were mostly in the United States, Saudi Arabia, Egypt, Turkey and Mexico, the firm said.

WASHINGTON — On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.

The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.

What some participants in the simulation knew — and others did not — was that a version of their nightmare had just played out in real life, not at the Pentagon where they were meeting, but in the far less formal war rooms at Google Inc. Computers at Google and more than 30 other companies had been penetrated, and Google’s software engineers quickly tracked the source of the attack to seven servers in Taiwan, with footprints back to the Chinese mainland.

After that, the trail disappeared into a cloud of angry Chinese government denials, and then an ugly exchange of accusations between Washington and Beijing. That continued Monday, with Chinese assertions that critics were trying to “denigrate China” and that the United States was pursuing “hegemonic domination” in cyberspace.

These recent events demonstrate how quickly the nation’s escalating cyberbattles have outpaced the rush to find a deterrent, something equivalent to the cold-war-era strategy of threatening nuclear retaliation.

So far, despite millions of dollars spent on studies, that quest has failed. Last week, Secretary of State Hillary Rodham Clinton made the most comprehensive effort yet to warn potential adversaries that cyberattacks would not be ignored, drawing on the language of nuclear deterrence.

“States, terrorists and those who would act as their proxies must know that the United States will protect our networks,” she declared in a speech on Thursday that drew an angry response from Beijing. “Those who disrupt the free flow of information in our society or any other pose a threat to our economy, our government and our civil society.”

But Mrs. Clinton did not say how the United States would respond, beyond suggesting that countries that knowingly permit cyberattacks to be launched from their territories would suffer damage to their reputations, and could be frozen out of the global economy. … Continue Reading

For years, the U.S. intelligence community worried that China’s government was attacking our cyber-infrastructure. Now one man has discovered it’s worse: It’s hundreds of thousands of everyday civilians. And they’ve only just begun.

At 8 a.m. on May 4, 2001, anyone trying to access the White House Web site got an error message. By noon, whitehouse.gov was down entirely, the victim of a so-called distributed denial-of-service (DDoS) attack. Somewhere in the world, hackers were pinging White House servers with thousands of page requests per second, clogging the site. Also attacked were sites for the U.S. Navy and various other federal departments.

Xiao Tian: In the male-dominated world of hacking

A series of defacements left little doubt about where the attack originated. “Beat down Imperialism of America, Attack anti-Chinese arrogance!” read the Interior Department’s National Business Center site. “CHINA HACK!” proclaimed the Department of Labor home page. “I AM CHINESE,” declared a U.S. Navy page. By then, hackers from Saudi Arabia, Argentina and India had joined in. The military escalated its Infocon threat level from normal to alpha, indicating risk of crippling cyber-attack. Over the next few weeks, the White House site went down twice more. By the time the offensive was over, Chinese hackers had felled 1,000 American sites.

The cyber-conflict grew out of real-world tensions. A month earlier, a U.S. EP-3 reconnaissance aircraft flying off the southern coast of China had collided with a Chinese F-8 fighter jet. The American pilot landed safely, but the Chinese pilot was killed. China’s hackers lashed out. It wasn’t the first foreign attack on American sites, but it was the biggest — “the First World Hacker War,” as the New York Times dubbed it.

The Chinese attacks were poorly coordinated, and it’s tempting to dismiss them as harmless online vandalism. But subsequent attacks have become more serious. In the past two years, Chinese hackers have intercepted critical NASA files, breached the computer system in a sensitive Commerce Department bureau, and launched assaults on the Save Darfur Coalition, pro-Tibet groups and CNN. And those are just the attacks that have been publicly acknowledged. Were these initiated by the Chinese government? Who is doing this?

Cyber attacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea’s main government spy agency said on Wednesday.

Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.

A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new anti-terrorism bill that would give it more power.

Access to at least 11 major Web sites in South Korea — including those of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the mass-circulation daily newspaper Chosun Ilbo and the top Internet portal Naver.com — have crashed or slowed down to a crawl since Tuesday evening, according to the government’s Korea Information Security Agency.

On Wednesday, some of the sites regained service, but others remained unstable or inaccessible.

In an attack linked with the one in South Korea, 14 major Web sites in the United States — including those of the White House, the State Department and the New York Stock Exchange — came under similar attacks, according to anti-cyberterrorism police officers in Seoul.

“This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,” the National Intelligence Service said in a statement, adding that it is cooperating with the American investigative authorities to investigate the attacks.

The Associated Press reported Tuesday night that a widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several American government agencies, including some that are responsible for fighting cybercrime.

The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, The A.P. reported, citing officials inside and outside the American government. The fact that the government Web sites were still being affected after three days signaled an unusually lengthy and sophisticated attack, the news agency reported, citing anonymous American officials.

The Washington Post, which also came under attack, reported on its Web site Wednesday that a total of 26 Web sites were targeted. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, it reported, citing researchers involved in the investigation.

Amy Kudwa, a Department of Homeland Security spokeswoman, said that the agency was aware of the attacks on “federal and private sector public-facing Web sites.” The department, she said, has issued a notice to federal departments and agencies, as well as other partner organizations, on the activity and advised them of steps to take to help mitigate against such attacks.

“We see attacks on federal networks every day, and measures in place have minimized the impact to federal websites,” she said.

In the attack, an army of thousands of “zombie computers” infected by the hackers’ program were ordered to request access to these Web sites simultaneously, causing an overload that caused the sites’ servers to crash, South Korean officials said.

Although most of the North Korean military’s hardware is decrepit, the South Korean authorities have recently voiced their concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operates through the Chinese Internet network and tries to hack into American and South Korean military networks.

In South Korea, the Blue House reported no data loss or other damage except disrupted access. The Defense Ministry and banks attacked also reported no immediate loss of security data or financial damage.

“The traffic to our site surged nine times of the normal level,” the Blue House said in a statement. “Computer users in some regions still suffer slow or no access at all to our site.”

Hwang Cheol-jeung, a senior official at the government’s Korea Communications Commission, said the attacks were launched by computers infected by a well-known “distributed denial of service,” or DDoS, hackers’ program.

The spy agency said 12,000 computers in South Korea and 8,000 overseas appeared to have been mobilized in the attacks. The Korea Communications Commission reported 22,000 infected computers.

“The infected computers are still attacking, and their number is not decreasing,” Mr. Hwang told reporters in a briefing. The government was urging users to upgrade their computers’ antivirus software.

Denial of service attacks against Web sites are not uncommon, but they can be made far more serious if hackers infect and use thousands of computers. Hackers frequently single out the American government: According to the Homeland Security Department, there were 5,499 known breaches of American government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006, The A.P. said.

The South Korean news agency Yonhap said the police have traced a possible starting point for the attack back to members of a small cable TV Web site in Seoul. But officials said that does not mean it originated there.

Mr. Hwang said South Korean authorities suspected that the hackers used a new variant of the denial of service program to attack the Web sites.