“Federal Aviation Administration computer systems remain vulnerable to cyber attacks despite improvements at a number of key radar facilities in the past year, according to a new government review.

The Department of Transportation’s Inspector General said while the FAA has taken steps to install more sophisticated systems to detect cyber intrusions in some air traffic control facilities, most sites have not been upgraded. And there is no timetable yet to complete the project, the IG said.

FAA spokeswoman Laura Brown said the agency is working on a timetable and will notify the IG with that information soon. The FAA also said that upgrades to critical air traffic control systems have taken precedence over the intrusion detection improvements at a number of facilities.”

(The Associated Press: FAA computers still vulnerable to cyberattack)

“As the most popular operating system in use around the globe, Microsoft Windows is also the most targeted OS for cyber criminals looking to steal data and exploit systems. In the past when hackers attacked a system, they were often looking to steal or change data to suit their needs.

However, cyber attacks and malicious code are now being designed that look to actually take over systems that perform functions in major companies including critical systems in the financial and power industries. Many of these attacks are executed taking advantage of security holes in the Windows operating system.”

(Source: DailyTech – Hackers Target Power Plants and Physical Systems)

“U.S. intelligence agencies have obtained a Chinese military book that will provide new insights into the Chinese military’s information-warfare plans.

The book is being translated, but Inside the Ring obtained its table of contents, which reveals Beijing’s priorities for high-technology warfare using computers and electronic-warfare weapons.

The 322-page book, ‘Information Warfare Theory,’ was published in May 2007 and written by Wang Zhengde, president of the People’s Liberation Army Information Engineering University.

“

(Source: Inside the Ring – Washington Times.)

“Officials in charge of the reliability of the U.S. electric grid are taking a closer look at how to respond to cyberattacks and other possible catastrophic events.

The North American Electric Reliability Corp., or NERC, and the U.S. Department of Energy in a report to be released Wednesday call for a range of steps– from increasing communication to ensuring the supply of transformers and other equipment–to mitigate what they described as a ‘high-impact, low- frequency’ event on the nation’s power system.

The report looked at a cyberattack, a pandemic and the detonation of a nuclear bomb at high altitudes among other possibilities. The catastrophic events the report examines aren’t necessarily the most probable, yet officials say cyberthreats are being detected currently on the nation’s grid.”

(Source: US Officials Look At How To Respond To Threats To Electric Grid.)

“The past decade may be portrayed as a period of growing cyber threats, or at least as a period of increasing fear and a growing conviction regarding cyber insecurity. Among many different cyber-vulnerable industries, critical infrastructure in the energy sector is paramount in facing new risks and threats due to the connection and interdependence of their information systems with the open internet. Cyberspace has become a major potential landscape of insecurity, and both experts and governments admit that critical infrastructures, which include electric power transmission systems, water distribution systems, and oil-gas distribution systems are susceptible to cyber attacks. Some of the more startling issues that have surfaced are:

* Chinese and Russian infiltration of the US electricity grid
* In 2009, the U.S oil companies Marathon Oil, ExxonMobil and ConocoPhillips were the targets of cyber attacks. Data was leaked as a result of cyber espionage, and the perpetrators could have been Chinese hackers.
* In February 2010, the European Union’s Emissions Trading Scheme (ETS) was the victim of fraudulent cyber attacks. The registries in 13 European countries were forced to close.
* According to a recent survey by McAfee, ‘the most victimized sector was oil and gas, where two thirds of executives report distributed denial of service (DDoS) attacks’. Twenty-seven percent in the power sector and thirty-one percent in the oil and gas sectors reported being victim of extortion through cyber attacks. “

(Source: China’s Strategy for Information Warfare: A Focus on Energy.)

“Canadian government, college and industry computers are increasingly vulnerable to cyberattack, federal authorities said.

Cyberattacks via social networking sites have grown ’substantially’ in Canada, said a censored report from Canada’s Security Intelligence Service.

The Canadian government needs to act now or risk being targeted by computer hackers who use social networking services to steal government, academic and corporate information, said the report obtained by the Canadian Broadcasting Corp. “

(Source: Report: Canada vulnerable to cyberattack – UPI.com.)

“Hackers have begun using compromised servers instead of client PCs to launch more powerful denial of service attacks.

Hundreds of web servers are infected with a DoS application that transforms them into zombie drones, according to database security firm Imperva. These zombie servers are controlled using a simple web application, consisting of just 90 lines of PHP code.”

(Source: Server-based zombies power souped-up DDoS assault • The Register.)

“The 22-year-old son of a Tennessee state senator was convicted last week on one felony charge and one misdemeanor charge arising from his hacking into Sarah Palin’s Yahoo mail account during the 2008 presidential campaign.

PCWorld.com reports David Kernell was convicted of ‘felony destruction of records to hamper a federal investigation and of a misdemeanor charge that he unlawfully accessed a protected computer.’ The jury acquitted him of federal wire fraud charges.”

(Source: Palin Hacker Convicted, Faces Up to 21 Years in Prison | Blogs | ITBusinessEdge.com.)

“Computer networks essential to the Pentagon and military are attacked by individual hackers, criminal groups and nations hundreds of thousands of times every day, according to the officer nominated to lead a cyberwarfare command.

The officer, Lt. Gen. Keith B. Alexander, said Thursday that one crucial reason that Defense Secretary Robert M. Gates created a Cyber Command was ‘the amount of attacks that we’re seeing coming into the Defense Department gateways every day.’ “

(General Cites Attacks on Military Computers – NYTimes.com)

“Cyber criminals are focusing on developing expertise in one specific skill–such as coding, hacking or moving money–rather than being generalists as they collaborate with colleagues to carry out computer exploits, a senior FBI cybersecurity official said today.

The cyber underground now consists of subject matter experts that focus on their specific areas, Steven Chabinsky, an FBI deputy assistant director in the bureau’s Cyber Division, said today at the FOSE 2010 trade show in Washington. Chabinsky added that almost every cyber criminal is now a member of an online forum or chat service.

‘Just like you have doctors who are specialists instead of general practitioners, we have cyber criminals who are specialists instead of general practitioners,’ Chabinsky said.”

(Source: Cyber criminals getting specialized, FBI says — Federal Computer Week.)