US Govt proposal to classify Security Tools as Weapons of War w/ Export Regulations.

This would be devastating to US business and security products.

In 2013, WA agreed to add the following to their list of dual-use goods: systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software; software specially designed or modified for the development or production of such systems, equipment or components; software specially designed for the generation, operation or delivery of, or communication with, intrusion software; technology required for the development of intrusion software; Internet Protocol (IP) network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor. BIS, the Departments of Defense and State, as well as other agencies have been discussing the best way to add these items, which we have named “cybersecurity items,” to the Commerce Control List (CCL) (Supplement No. 1 to part 774 of the Export Administration Regulations) without reducing encryption controls and while balancing the national security and foreign policy. For resource planning purposes, as well as license requirements, license exceptions, license submission requirements, and internal license reviews and processing planning purposes, this rule is published as a proposed rule.

https://www.federalregister.gov/articles/2015/05/20/2015-11642/wassenaar-arrangement-2013-plenary-agreements-implementation-intrusion-and-surveillance-items

Advertisements

I-R-C-H AAS Infrastructure, Research, Crimeware and Hacking as a Service

How a botnet works: 1. A botnet operator sends...

How a botnet works: 1. A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a malicious application — the bot. 2. The bot on the infected PC logs into a particular command and control (C&C) server (often an IRC server, but, in some cases a web server). 3. A spammer purchases access to the botnet from the operator. 4. The spammer sends instructions via the IRC server to the infected PCs, causing them to send out spam messages to mail servers. (Photo credit: Wikipedia)

If you have not heard of any of these it is not surprising but they are beginning to effect everyones daily lives. All of these have been purchasable in the past but never at the scale that is being exposed today. The advent of the cloud and the proliferation of the internet around the world has brought about a new level of willing hacker. It also has allowed the launching of DDoS attacks that are larger and as complex as the most complex systems in the world.

I recently did an example of an attack that launched 2000 different servers in the matter of minutes to completely flood a switching network shutting off the ability to get any communication out. This shut down everything that ran across an IP network; this included their pbx switch and their building security. It would have only taken a bit more to have caused their cell phones to not work as well leaving the building an island ready for a physical attack.

Crimeware is widely exploited by the criminal underground that seeks to improve its economy by the easiest means. The gist: “Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites,” says Finjan.  In other words, it’s point, click and hack (Dignan, 2008).

Cybercrime thieves operate in a market that is sensitive to location and economic trends, they cannot use a “one-­‐scheme-­‐fits-­‐all” approach. The attacks must be customized for each geographic region and focus on a selected group of users and/or businesses. These attacks are often called “campaigns” and incorporate Crimeware toolkits, Trojans and Botnets to do their dirty work (Finjan, 2008).

http://hacksurfer.com/amplifications/247-cybercrime-is-for-sale-and-the-market-is-booming

Enhanced by Zemanta

Facebook 56 million in the Arab world

English: Middle East and North Africa

Facebook brought into prominence on Tuesday that it has 56 million active users in the Middle East and North Africa (MENA), where activists used the social media network to organize Arab Spring rebellion. In fact, Facebook regional chief Jonathan Labin told a news conference in Dubai while noting a significant increase in the number of people connecting from mobile devices, that half of these users have come back to the website on a daily basis.

Facebook logo Español: Logotipo de Facebook Fr...

Furthermore, Facebook said in a statement that every month 56 million people are active on Facebook across the MENA region, characterized by 50 percent of those coming back on a daily basis. In totality 33 million people in MENA use a phone otherwise tablet to access the service every month, whereas the number of daily active users on mobile has mounted to 15 million.

http://m.phys.org/news/2013-10-facebook-million-arab-world.html

Blackstone Makes Investment in Secure Mentem

Blackstone Group logo

Secure Mentem, an industry leader in the human aspects of cyber security, today announced a strategic investment from Blackstone (NYSE: BX  ) , a leading asset management and advisory firm, to help the company launch Security Awareness as a Service. The service provides a turnkey, comprehensive security awareness program, tailored to diverse corporate cultures, in order to change employee security behaviors.

Blackstone Makes Investment in Secure Mentem (BX).

Enhanced by Zemanta

Cybersecurity is attracting lots of capital

English: Seal of the United States Department ...

The tremendous and rapid growth of big-time Internet based corporations, such as Google, Yahoo, Microsoft, Intel, Apple, Facebook and many others, highlights the immense potential this particular industry is enjoying and will continue to enjoy in the years to come.

However, this tremendous growth is associated with a significant increase in cybercrime and security threats. Companies are spending huge amounts to implement strategies and solutions that would keep cyberspies, hackers and data thieves away from their sensitive and confidential information. In a recent USA Today report, it was noted that global spending on information security is expected to total $64.4 billion this year and will continue to grow at an average annual rate of 8.7 percent throughout the next four years until 2017.

“The cybersecurity market is in a renaissance period that should enable the good guys to leapfrog the bad guys in prevention and detection capabilities,” stated Greg Fitzgerald, chief marketing officer security start-up Cylance, in an interview with the national news outlet.

Although venture capitalists are in the late stages of getting behind these types of firms, a lot of them are hoping to garner massive billion-dollar paydays, at least according to James Foster, CEO of security start-up Riskive. “”The VC’s want to know, ‘Can you get me to an IPO and show me a billion dollar return?’”

Investment capital floods cybersecurity market.

Enhanced by Zemanta

Deadly Cyberattacks Highlight the Need for a Cybersecurity Upgrade

2009 Sayano-Shushenskaya hydro accident

It was Aug. 17, 2009 — just over four years ago. The location was Siberia, at the sixth largest hydro-dam in the world. It’s a place called Sayano-Shushenskaya.

The tips of the turbine that the witness saw spinning moved at near-supersonic speed, generating 475 megawatts of power. That’s enough electricity to light up a city of more than half a million people. And then the entire device blew straight up, right out of its housing. Within moments, the death toll at Sayano-Shushenskaya was 75. The entire hydro-dam electrical output, totaling 6,400 megawatts — about the equivalent of three nuclear power plants — went offline, representing an immediate loss of over 10% of the power in the Russian Far East.

According to Gen. Keith Alexander, head of the U.S. National Security Agency, a power grid operator nearly 500 miles away sent a rogue command to the Sayano-Shushenskaya hydro-dam control complex. Basically, the grid managers who control the Siberian region wanted more electricity in the wires to meet the load. Evidently, the distant signal caused floodgates to open. This allowed more water to pass through to Turbine No. 2. But the increased water flow caused a “hammer” effect on the spinning machinery, which exceeded the design parameters for this particular element of the complex. Turbine No. 2 accelerated too fast.

The point to keep in mind is that the Sayano-Shushenskaya hydro-dam disaster was a cyberattack. You can characterize it as an accident in the nature of “friendly fire.” But overall, this cascading wave of destruction was triggered by a bad computer command.

Deadly Cyberattacks Highlight the Need for a Cybersecurity Upgrade.

Enhanced by Zemanta

Priority Based Budgeting and the Start-Up Revolution!

Image:Wafer 2 Zoll bis 8 Zoll.jpg uploaded by ...

The US high tech startup revolution is really spread across the country.  It’s no surprise that, based on a recent report from the Kauffman Foundation (Tech Starts: High Technology Business Formation and Job Creation in the United States), the top three metro areas across the US with the greatest density of high-tech start-ups are also successful Priority Based Budgeting communities. The top three metro areas are Boulder, Colorado, Ft. Collins, Colorado, and Sacramento, California.

Brad Feld and many others in Bolder, CO are really driving the Tech advancement of northern Colorado. Congrats to Brad and others!! Brad Feld Twitter @bfeld

I am rather surprised that Austin is not higher on the tech density scale.

The Kauffman report http://www.kauffman.org/uploadedFiles/bds-tech-starts-report.pdf

Priority Based Budgeting and the Start-Up Revolution! | icma.org.

Enhanced by Zemanta