Jun 11. Hardly a month has gone by this year without a multinational company such as Google, EMC Corp. or Sony disclosing it’s been hacked by cyber intruders who infiltrated networks or stole customer information. Yet no hacker has been publicly identified, charged or arrested. If past enforcement efforts are an indication, most of the perpetrators will never be prosecuted or punished.
“I don’t have a high level of confidence that they will be brought to justice,” said Peter George, chief executive of Fidelis Security Systems Inc., a Bethesda, Md.-based data protection consulting firm whose clients include IBM, the U.S. army and the Department of Commerce. “The government is doing what they can, but they need to do a lot more.”
In the United States, the FBI, the Secret Service and other law enforcement agencies are confronting what amounts to a massive crime wave that’s highly organized and hard to combat with traditional methods. The hacker organizations are well-funded and global, eluding arrest except in the rarest of cases. Attacks are coming from organized crime groups based in Eastern Europe and Russia, from industrial spies in China and from groups such as LulzSec, whose members appear to reside mostly in the U.S. and Europe and seem more interested in publicity than in making a profit from their crimes. LulzSec took credit for hacking into Nintendo’s computers, an intrusion the Kyoto, Japan-based company disclosed recently, describing it as unsuccessful. Last week it was Google, which revealed an attempted hack, originating in China, into the Gmail accounts of U.S. government officials, military personnel and journalists. Days before that, it was military contractor Lockheed Martin, which said its network had been penetrated by an unknown intruder.LulzSec said it also had attacked the Atlanta chapter of InfraGard, an information-sharing organization of companies that is affiliated with the FBI to thwart cybercrime. (Source: Len Zuga/Calgary Herald)

18 Jun 11. The U.S. Department of Defense (DOD) and Department of Homeland Security (DHS) have established a pilot program with leading private defense contractors and ISPs called DIB Cyber Pilot in an attempt to strengthen each others’ knowledge base regarding growing security threats in cyberspace, a high-ranking DOD official told a gathering of global security experts this week. “[F]or all the military capability that information technology enables, it also introduces vulnerabilities,” said Deputy Secretary of Defense William J. Lynn, speaking at the 28th Annual International Workshop on Global Security in Paris on Thursday. “We learned this lesson in 2008 when a foreign intelligence agency used a thumb drive to penetrate our classified computer systems—something we thought was impossible. It was our worst fear: a rogue program operating silently on our system, poised to deliver operational plans into the hands of an enemy. “The cyber threat continues to grow, posing new dangers to our security that far exceed the 2008 breach of our classified systems.” The Defense Industrial Base (DIB) Cyber Pilot program was started last month, Lynn said. The voluntary program involves sharing the DOD’s classified threat intelligence with defense contractors and their private Internet service providers (ISPs), “along with the know-how to employ it in network defense.” He said DIB Cyber Pilot does not involve “monitoring, intercepting, or storing any private sector communications” by the DOD and DHS. Lynn broke down the types of new threats emerging into three categories: Suspected government-backed hacks of military and private sector networks, crude but disruptive attacks on networks from hacking groups such as Anonymous, and destructive attacks targeting critical infrastructure and military networks. (Source: Len Zuga/PCMag.com)

17 Jun 11. The U.S. Department of Homeland Security on Thursday warned that Chinese-made software used by chemical, defense, and energy firms contains