Author: Brian

http://online.wsj.com/article/SB124242099361525009.html

By Conor Dougherty

PORTLAND, Ore. — In October, as the stock market tanked and the economy shed 400,000 jobs, Matt Singer moved from Oxnard, Calif. to Portland, Ore. He didn’t have a job, but he was attracted to the city’s offbeat culture and hungered for change. Mr. Singer’s plan was to get an editing or writing gig at an alternative weekly newspaper, the job he was doing in California.

Seven months later, the 26-year-old is still without a steady job — and still here. “I wasn’t really aware of how bad the job situation was at the time,” says Mr. Singer.

This drizzly city along the Willamette River has for years been among the most popular urban magnets for college graduates looking to start their careers in a small city of like-minded folks. Now the jobs are drying up, but the people are still coming. The influx of new residents is part of the reason the unemployment rate in the Portland metropolitan area has more than doubled to 11.8% over the past year, and is now above the national average of 8.9%.

http://www.huffingtonpost.com/2009/03/07/rod-beckstrom-top-us-cybe_n_172729.html

WASHINGTON — The head of the nation’s cybersecurity center has resigned amid persistent turf battles and confusion over the control and protection of the country’s vast computer networks and systems.

Rod Beckstrom’s decision to step down as director of the National Cybersecurity Center comes as the White House is conducting a broad 60-day review of how well the government is using technology to protect everything from classified national security data to key financial systems and air traffic control.

In a blunt letter to Homeland Security secretary Janet Napolitano, Beckstrom complained about a shortage of money for the center and a clash over whether the National Security Agency should control cyber efforts. The role of the NSA in protecting domestic computer networks has triggered debate, particularly among privacy and civil liberties groups who oppose giving such control to U.S. spy agencies.

Intelligence officials argue, however, that they must be involved in order to adequately defend the country and its networks.

Beckstrom’s letter was dated Thursday, and said his resignation would be effective March 13.

Homeland Security Department spokeswoman Amy Kudwa said the department is working with other federal agencies, specifically the NSA, to protect civilian networks, and is reaching out to the private sector to find additional ways to improve cybersecurity.

President Barack Obama last month ordered a 60-day review of the nation’s cybersecurity, and put former Bush administration aide Melissa Hathaway in charge of the effort. Hathaway has been meeting with industry leaders, Capitol Hill staff and other experts, seeking guidance on what the federal government’s role should be in protecting information networks against an attack.

She also is asking for recommendations on how officials should define and report cyber incidents and attacks; how the government should structure its cyber oversight and how the nation can increase security without stifling innovation.

http://ctovision.com/2008/10/melissa-hathaway-op-ed-on-cyber-security/

London shoppers who bought groceries with bankcards over the last two years paid a higher price than they bargained for.

Cyber
thieves had implanted unauthorized circuitry in keypads sold to
supermarkets in the Barking and Dagenham area of the British capital.
The corrupted keypads were then used to capture account information and
Personal Identification Numbers (PINs). The data were siphoned off and
used to skim from or in some cases empty shoppers’ bank accounts.

The thieves covered their tracks by encrypting the
numbers they stole, then storing them on a computer server abroad. It
took more than a year for the authorities to catch on.

Stories such as that aren’t only sobering news for
consumers. For folks charged with securing and protecting the nation’s
defense and intelligence infrastructure, however, increasingly
sophisticated cyber assaults are a chilling — and increasingly
familiar — challenge.

The same devices that thieves use to sneak into bank
accounts, the same techniques that hackers use to disrupt Internet
service or alter a digital profile, are being used by foreign military
and spy services to besiege information systems that are vital to our
nation’s defense.

http://www.eweek.com/c/a/Security/Hackers-Crack-FAA/

The personal information of more than 45,000 Federal Aviation Administration employees and retirees was exposed to possible identity theft. FAA reports that the hacked server was not connected to the air traffic control system or any other FAA operational system.

Just a day after President Obama ordered a comprehensive review of the government’s cyber-security systems, the Federal Aviation Administration reported Feb. 10 that hackers illegally accessed an agency computer and stole employee personal identity information. The FAA said in a statement that the hacked server was not connected to the operation of the air traffic control system or any other FAA operational system.

According to the FAA, two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA’s rolls as of the first week of February 2006. All affected employees will receive individual letters to notify them about the breach.

“The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information,” stated the FAA. “The agency is also providing a toll-free number and information on the employee website for those who believe they may be affected by the breach.”

The personal information of more than 45,000 Federal Aviation Administration employees and retirees was exposed to possible identity theft. FAA reports that the hacked server was not connected to the air traffic control system or any other FAA operational system.Just a day after President Obama ordered a comprehensive review of the government’s cyber-security systems, the Federal Aviation Administration reported Feb. 10 that hackers illegally accessed an agency computer and stole employee personal identity information. The FAA said in a statement that the hacked server was not connected to the operation of the air traffic control system or any other FAA operational system.
According to the FAA, two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA’s rolls as of the first week of February 2006. All affected employees will receive individual letters to notify them about the breach.
“The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information,” stated the FAA. “The agency is also providing a toll-free number and information on the employee website for those who believe they may be affected by the breach.”

http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky

In June 2005, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips and read that five minutes of sprinting was the equivalent of a half-hour jog. This seemed like a great shortcut—an elegant exercise hack—so he bought some running shoes at the nearest Niketown. That same afternoon, he laced up his new kicks and burst out the front door of his Seattle apartment building for his first five-minute workout. He took a few strides, slipped on a concrete ramp and crashed to the sidewalk, shattering his left elbow.

He spent the next few weeks stuck at home in a Percocet-tinged haze. Before the injury, he’d spent his days testing the inner workings of software programs. Tech companies hired him to root out security holes before hackers could find them. Kaminsky did it well. He had a knack for breaking things—bones and software alike.

But now, laid up in bed, he couldn’t think clearly. His mind drifted. Running hadn’t worked out so well. Should he buy a stationary bike? Maybe one of those recumbent jobs would be best. He thought about partying in Las Vegas … mmm, martinis … and recalled a trick he’d figured out for getting free Wi-Fi at Starbucks.

http://www.usatoday.com/tech/news/computersecurity/hacking/2008-08-28-iraqhackers_N.htm

http://www.usatoday.com/tech/news/surveillance/2008-10-26-cia-gadgets_N.htm

By Peter Eisler, USA TODAY

http://online.wsj.com/article/SB123318475748226305.html

By M.P. McQueen

The bear economy is creating a bull market for cyber-crooks.

Experts and law-enforcement officials who track Internet crime say scams have intensified in the past six months, as fraudsters take advantage of economic confusion and anxiety to target both consumers and businesses.

Thieves are sending out phony emails and putting up fake Web sites pretending to be banks, mortgage-service providers or even government agencies like the Federal Bureau of Investigation or the Federal Deposit Insurance Corp. Cellphones and Internet-based phone services have also been used to seek out victims. The object: to drain customer accounts of money or to gain information for identity theft.

Avivah Litan, vice president with Internet-technology research company Gartner Inc., said clients are telling her that cyber-assaults on many banks have doubled in the past six months in the U.S. and other parts of the world, including the U.K., Canada, Mexico and Brazil. Though most are thwarted by computer-security defenses, such as spam filters and fraud-detection systems, that still leaves potentially millions of victims.

“They are all experiencing a lot more attacks, and a lot more ATM fraud” aimed at depositors’ accounts, Ms. Litan said.

More than 800 complaints have been logged by the National White Collar Crime Center in Richmond, Va., so far this year from checking-account customers in the U.S. about mysterious, unauthorized transactions of $10 to $40 that appear on monthly statements. Craig Butterworth, a spokesman for the center, a federally funded group that assists police agencies, said investigators suspect a data breach or “phishing” campaign, where deceptive emails and text messages are used to acquire personal information, such as Social Security numbers, user names and passwords. Separately, a “penny” scam of phantom credit- and debit-card charges from 21 cents to 48 cents has generated 300 complaints, Mr. Butterworth said.

The FBI’s Internet Crime Complaint Center confirms a increase in cyber-attacks. In its most recent Internet Crime Report, the FBI said it received 207,000 complaints about crimes perpetrated over the Internet in 2007, the latest year for which data are available, amounting to nearly $240 million in reported losses, or $40 million more than a year earlier. Organized groups in the U.S. and elsewhere are behind many of the crimes, experts say.

Until recently, most attacks were scattershot, with spam emails blasted randomly to thousands of computer users at once. Now crooks are starting to single out specific targets identified through prior research, a tactic called “spear phishing.” In these attacks, emails are sent to the offices of wealthy families or to corporate money managers, for example. They address potential victims by name and company or appear to come from an acquaintance.

http://articles.cnn.com/2008-08-05/justice/card.fraud.charges_1_card-numbers-debit-magnetic-strips?_s=PM:CRIME