November 1, 2011
By Kurt Nimmo
On Monday, David Cameron went before an international cyberspace conference in London and said it was “essential to strike a balance between the needs of online security and the right to free expression.”
“We cannot leave cyberspace open to the criminals and the terrorists that threaten our security and our prosperity but at the same time we cannot just go down the heavy-handed route,” he said.
John Kampfner, the chief executive of the Index on Censorship, clarified Cameron’s comments:
“It’s very easy to defend the case of black and white – human rights against dictatorships around the world. But as soon as our own Western-style stability of the state is called into question, well then freedom of expression is expendable. There should be one rule for all including Western governments.”
Cameron’s comments are viewed as a response to China and Russia. Both countries have pushed for tighter regulation of the internet through binding international treaties.
In the United States, the government has used a mostly phantom cyber threat to call for draconian legislation to control the internet. In January, Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) renewed their call for an “internet kill switch” that would allow the president to shut down the internet in response to a national emergency.
The effort came as the Egyptian government shut down the internet in response to demonstrations calling for the removal of president Hosni Mubarak. The move demonstrated that governments have the ability and technical capacity to shut down the internet in response to political crises.
January 10th, 2011
By: Declan McCullagh
President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.
It’s “the absolute perfect spot in the U.S. government” to centralize efforts toward creating an “identity ecosystem” for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.
That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.
The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke.
The Obama administration is currently drafting what it’s calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)
“We are not talking about a national ID card,” Locke said at the Stanford event. “We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”
The Commerce Department will be setting up a national program office to work on this project, Locke said.
Details about the “trusted identity” project are unusually scarce. Last year’s announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.
Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said.
Inter-agency rivalries to claim authority over cybersecurity have exited ever since many responsibilities were centralized in the Department of Homeland Security as part of its creation nine years ago. Three years ago, proposals were were circulating in Washington to transfer authority to the secretive NSA, which is part of the U.S. Defense Department.
In March 2009, Rod Beckstrom, director of Homeland Security’s National Cybersecurity Center, resigned through a letter that gave a rare public glimpse into the competition for budgetary dollars and cybersecurity authority. Beckstrom said at the time that the NSA “effectively controls DHS cyber efforts through detailees, technology insertions,” and has proposed moving some functions to the agency’s Fort Meade, Md., headquarters.
September 21, 2009
By Mike Harvey
Cyber criminals have created a highly sophisticated Trojan virus that steals online banking log-in details from infected computers.
The Clampi virus, which is spreading rapidly across hundreds of thousands of computers in Britain and the United States, infects computers when users visit websites that host a malicious code.
Once on the computer, the virus sits unnoticed until the user logs on to bank, credit card or other financial websites. It then captures log-in and password information and sends it to a server run by the attackers. They can then tell the compromised computer to send money to accounts that they control, or they can buy goods with the stolen credit card details.
The trojan has a list of more than 4,500 finance-related websites that it monitors, including British high street banks. Security experts warned that it was one of the stealthiest and most pervasive threats to computers using the Microsoft Windows operating systems.
Orla Cox, security operations manager with Symantec, the online security company, said: “Clampi is a complex threat. People are only just beginning to understand how it operates.”
Researchers have found that the list of sites that Clampi is monitoring includes banks, credit card companies, online casinos, e-mail, wire transfer services, retail sites, utilities, share brokerages, mortgage lenders and government sites.
Ms Cox said: “The first big wave was in the US in July, but it is spreading around the world, particularly English-language countries. We have seen samples of it targeting UK high street banks. There is potential for another wave to come.”
It is estimated that more than 1,000 out of 40,000 or more infected computers have been in Britain. Only computers running Microsoft Windows are affected. Most of the infections seem to have occurred among small and medium-sized businesses, many of which have been reluctant to reveal how they have fallen victim.
In America, $75,000 (£46,000) was stolen in July from Slack Auto Parts, a car parts supplier in Gainesville, Georgia. In August, criminals used Clampi to steal online banking details for the public school district in Sands Spring, Oklahoma. The attackers then submitted a series of false payroll payments, totalling more than $150,000.
The attack was one of a series on American schools in which criminals hired unsuspecting money mules — people who transfer money or fraudulently obtained high-value goods — to receive the transfers of stolen cash and then wire the money out of the country. Cyber criminals stole more than $700,000 from the Western Beaver School District in 74 fraudulent electronic transfers, The Washington Post reported.
Clampi is one of a new wave of viruses to target the online banking system. Its emergence came as security experts warned that malicious websites hiding trojan viruses were no longer confined to sites such as gambling and pornography.
A recent report by IBM security systems found an increase in malicious content such as viruses on trusted sites, including popular search engines, blogs, online magazines and mainstream news sites. The number of links to malicious web pages rose by more than 500 per cent in the first half of this year. Last week, attackers placed a virus in an advert on the website of The New York Times.
Trojan viruses such as Clampi accounted for 55 per cent of all new malicious software in the first half of the year, IBM said, up from 46 per cent for the same period last year. Researchers say that variants of Clampi — also known as Ligats or Ilomo — have been around since 2005, but the new version appears to be spreading more quickly.
Heading off hackers
Do not click on suspicious links to unknown sites within e-mails, instant messages or social networking sites
Be cautious about doing business with unknown e-commerce sites and always use a credit card, not a debit card
Install a comprehensive security solution and keep it up-to-date
Use a security solution that offers browser protection and a website rating service Browser protection will block questionable downloads from getting on to your computer, and website rating services can warn you if a site is infected
Secure your wi-fi connection with a strong password to ensure that others cannot connect to your network and access data stored on your computer
Any user whose system has been infected by Clampi should immediately change any and all passwords used on that system for any websites, but particularly financial credential.