One of the trickiest problems in cyber security is trying to figure whos really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the cyber equivalent of fingerprints or DNA that can identify even the best-cloaked hackers.

A security researcher has discovered a Chinese government website tainted with an infection much like the one involved in the cyberattack that pushed Google to threaten to pull out of China.

With two major shifts in data security regulations afoot Coviello's recent visit to Australia was well timed. Coviello has praised the federal government's proposed introduction of laws to force companies to publicly reveal data breaches and internet industry calls to take hijacked computers off the internet.

Iowa investigators suspect a serious breach of a state government computer database last week originated in China, which a congressional panel says has increased its use of cyber espionage tactics.

  Google's decision to enlist the help of the National Security Agency in tackling cyber attacks has caused alarm among internet groups and bloggers, who fear that users' personal information could be accessed by the US government.

     Hackers infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, according to a computer security firm.  The attacks are continuing and corporate losses are still being compiled, said Tim Belcher, chief technology officer at Herndon, Virginia-based NetWitness Corp. The Wall Street Journal first reported the breach on its Web site earlier today.

  WASHINGTON, Feb. 4, 2010 – Cybersecurity is seizing more attention and budget dollars from the Defense Department at a time when China’s alleged cyber attack on Google has underscored the urgency of the threat and the vulnerability of U.S. networks.

      The Pentagon’s second-ranking official described cyber threats as his top worry, and a chorus of other defense and government officials recently sounded similar distress signals over the prospect of cyber war.

     “I'm often asked what keeps me up at night,” Deputy Defense Secretary William J. Lynn III said last month. “No. 1 is the cyber threat. If we don't maintain our capabilities to defend our networks in the face of an attack, the consequences for our military, and indeed for our whole national security, could be dire.”

     In the Pentagon’s fiscal 2011 budget proposal unveiled this week, cybersecurity received a $105 million increase from the previous year. The department’s sub-command dedicated to cyber warfare -- a facility in Fort Meade, Md., known as U.S. Cyber Command -- is slated for a fiscal 2011 budget of $139 million under the Air Force budget proposal, in addition to funding from the U.S Strategic Command, which oversees its operations.

     At the same time, cybersecurity is featured prominently in a broad department self-assessment known as the Quadrennial Defense Review, a congressionally mandated report Pentagon officials released this week. Given the military’s dependence on information networks, the QDR states, it’s not surprising this infrastructure has emerged as a key target.

     “Indeed, these networks are infiltrated daily by a myriad of sources,” the report says, “ranging from small groups of individuals to some of the largest countries in the world.”

     U.S. military and corporate concern about cyber security was proved warranted by an alleged attack allegedly conducted by Chinese hackers on Google’s networks that reportedly came in a wave of intrusions beginning in December, and which the search engine company publicly revealed last month.

     “The recent intrusion of Google is yet another wake-up call about just how seriously we have to take this program,” Director of National Intelligence Dennis C. Blair told a House Permanent Select Committee on Intelligence hearing yesterday.

     “Cyber defenders right now have to spend more and work harder than the attackers do,” he said. “And our efforts, frankly, are not strong enough to recognize [and] deal with that reality.”

      At another hearing this week, FBI Director Robert S. Mueller III said the growing cyber threat reflects the pace of change and rate of globalization that have taken place since the end of the Cold War. Gone are the days when state actors posed the primary threat to U.S. national security, he said.

     “But as the global economy integrates, many cyber threats now focus on economic or nongovernment targets, as we have seen with the recent cyber attack on Google,” Mueller told the Senate Select Committee on Intelligence. “Targets in the private sector are at least as vulnerable as traditional targets, and the damage can be just as great.”

     For his part, Defense Secretary Robert M. Gates said the creation of the U.S. Cyber Command reflects the increasing recognition of cybersecurity as a department priority. Speaking to the Senate Armed Services Committee this week, Gates sounded a confident tone in describing the safety of the military’s classified networks.

     “But frankly, we’re not happy with where we are,” he told senators in the Feb. 2 hearing. “I think we’re in good shape now, but we look with concern to the future. And we think a lot more needs to be done.”

     Michele Flournoy, undersecretary of defense for policy, said the ability to conduct offensive and defensive operations in cyberspace is a capability shared among U.S. federal agencies. She emphasized the need for better organization to address the threat of cyber attacks.

     “Whether it is offense, whether it is defense, we are working through those issues conceptually,” she told reporters at the Pentagon. “But in the meantime, we've got to better organize ourselves to deal with some of the challenges that are on our doorstep.”

By John J. Kruzel

View this article at: http://www.defense.gov/news/newsarticle.aspx?id=57871!

      Hackers infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, according to a computer security firm.  The attacks are continuing and corporate losses are still being compiled, said Tim Belcher, chief technology officer at Herndon, Virginia-based NetWitness Corp. The Wall Street Journal first reported the breach on its Web site earlier today.

      Belcher said that while it’s difficult to confirm who is behind the breach, the type of software used and method of attack point to an Eastern European criminal organization. Crime groups “running this activity are every bit as expert at compromising systems and siphoning off information as nation states,” Belcher said. “They’re well funded, motivated and successful.”  The problems of protecting networks from cyber attacks have been highlighted recently by Google Inc.’s threat to leave China after the company said e-mail accounts of Chinese human rights activists were breached. Mountain View, California-based Google, owner of the most popular Internet search engine, is working with the National Security Agency to boost its computer security, a person familiar with the arrangement has said.

      This latest attack is more widespread, affecting at least 2,411 companies and 80,000 computer systems, Belcher said. NetWitness is in the process of notifying people who’ve been infected, he said. Belcher declined to identify the companies. Whitehouse Station, New Jersey-based Merck & Co. and Dublin, Ohio-based Cardinal Health Inc. were among the companies targeted in the attack, according to the Journal.

by Jeff Bliss

View this article at: http://www.businessweek.com/news/2010-02-17/global-hackers-breached-2-400-companies-security-firm-says.html

   Exclusive A digital attack against the UK causing even minor damage would have a "catastrophic" effect on public confidence in the government, GCHQ has privately warned Whitehall.

     The Cheltenham spy agency's new Cyber Security Operations Centre (CSOC) makes the prediction in a document prepared for Cabinet Office and seen by The Register.

     Growing reliance on the internet to deliver public services will "quickly reach a point of no return", meaning "any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being", CSOC says.

     "A successful cyber attack against public services would have a catastrophic impact on public confidence in the government, even if the actual damage caused by the attack were minimal," it adds.

     The warning forms part of a preliminary "horizon scanning" report produced by the new unit, which is scheduled to begin operations next month. Its job will be to continually monitor internet security, producing intelligence on botnets, denial of service attacks and other digital threats to national security.

     CSOC was established by last summer's Cyber Security Strategy. With an initial staff of 19 and funded from GCHQ's budget of hundreds of millions of pounds, it reports to the equally nascent Office of Cyber Security within the Cabinet Office, which coordinates digital national security policy across Whitehall.

      Most cyber attacks are likely to remain difficult to trace to official sources, the report explains, citing the denial of service attacks on Georgia as Russia's army invaded in 2008. This year GCHQ's close US counterpart, the National Security Agency (NSA), has been called in to investigate attacks on Google's GMail service apparently from inside China.

     "An internationally agreed definition of cyber warfare will remain elusive, with state actors making increasing use of hired criminals and 'hacktivists' to carry out deniable cyber attacks on their behalf," CSOC predicts.

     The offical British view casts ongoing talks between the US and Russia - aimed at fostering cooperation between states on internet security and agreeing ground rules - in a pessimistic light.

     "States are likely to increasingly see the cyber domain as an area in which to wage war... it is difficult to see international agreement on what acts are and are not acceptable in a cyber war being achieved within five years," CSOC says. "Even if regulation of this kind was to emerge, it is likely that it would make little difference.

     "The increasing sophistication of criminal cyber tools and the availability of cheap, fast broadband will mean that states are able to achieve their aims by hiring criminal botnets to carry out DDOS or other attacks on their enemies' infrastructure."

By Chris Williams

View this article at http://www.theregister.co.uk/2010/02/22/csoc_report/