European Central Bank Hacked; Norwegian Banks, Companies Hit By Cyber Attacks

Hackers have stolen personal information from the European Central Bank (ECB) in what seems to be a blackmail scheme. The stolen data includes email addresses and contact information taken from the organization's database.

United States Agencies Struggle To Combat Cyberattacks

A $10 billion-a-year effort to protect sensitive government data, from military secrets to Social Security numbers, is struggling to keep pace with an increasing number of cyberattacks and is unwittingly being undermined by federal employees and contractors.

Workers scattered across more than a dozen agencies, from the Defense and Education departments to the National Weather Service, are responsible for at least half of the federal cyberincidents reported each year since 2010, according to an Associated Press analysis of records.

Researchers Identify Sophisticated Chinese Cyber-espionage Group

A coalition of security researchers has identified a Chinese cyberespionage group that appears to be the most sophisticated of any publicly known Chinese hacker unit and targets not only U.S. and Western government agencies but also dissidents inside and outside China.

Russian Hackers Exploit Bug In Microsoft Windows To Hack Nato Computers

Russian hackers exploited a bug in Microsoft's Windows to spy on computers used by Nato and western governments, a report indicates.

Nigeria's Electronic I.D Card: National Security and Unintended Consequences

                                                      Written by:

Don Okereke

President Goodluck Jonathan recently launched a MasterCard-branded Nigerian National Electronic I.D Card amidst pomp and pageantry.

Russian Gang 'Steals' 1.2 Billion Usernames and Passwords

A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security - a US firm specialising in discovering breaches.
Hold Security described the hack as the "largest data breach known to date".

It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".
Hold Security did not give details of the companies affected by the hack.
"They didn't just target large companies; instead, they targeted every site that their victims visited," Hold Security said in its report .

"With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."

The New York Times, which first reported the findings , said that on its request "a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic".
"Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," the paper said.

The paper added: "Hold Security would not name the victims, citing nondisclosure agreements and a
reluctance to name companies whose sites remained vulnerable."

The Wall Street Journal later revealed that Hold Security intended to offer website owners the ability to check
whether they had been affected, but only if they paid a fee.
The firm has since posted a message on its site saying it will charge $120 (£71) a month for a "breach notification service".

One computer security expert said he was surprised by this approach.
"This situation is quite unusual in that the company has decided to charge for this information," Dr Steven Murdoch from University College London's computer science department told the BBC.
"Usually they would do an initial disclosure [of who had been affected] for free and then offer their services for a fee at a later stage.
"The company rightly points out that there is going to be a huge amount of work to securely contact all the
affected websites, but a common solution to this is to partner with a government or industry-funded
organisation to help with that."

Despite the large amount of credentials said to have been compromised, Dr Murdoch added that it would be premature to advise the public to reset all their passwords.
"Although there's a large amount of passwords involved, a lot of them could be irrelevant and many of the
websites tiny," he said.
"It's not necessarily the case that a large proportion of internet users have been affected. Until we get more statistics we won't know that.

"So, there's no reason to panic now, but perhaps it's a good reminder to follow best practice of not using the same password on multiple websites, because this will not be the last time such a breach happens."

Multi-pronged attack?
Hold Security, which has previously reported about hacks on Adobe and Target, said it took more than seven months of research to discover the extent of the latest hack.
Other security experts are surprised by the way Hold Security is sharing its information.

The firm claimed the gang initially acquired databases of stolen credentials from fellow hackers on the black market.
"These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems," Hold Security said.
The hackers also got access to data from botnets - a network of computers infected with malware to trigger online fraud.

Hold Security said the botnets helped the hacking group- which it dubbed CyberVor - identify more than 400,000
websites that were vulnerable to cyber attacks.
"The CyberVors used these vulnerabilities to steal data from these sites' databases," the firm said.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."
The firm is now marketing its breach notification service as a way to "stay ahead of the hackers ".

But one of its rivals expressed surprise at this approach.
"For a long time the security industry has freely shared information on breaches within its own community,"
said Vanja Svajcer, principal security researcher at Sophos.
"Researchers discovering credentials breaches usually help end users either by making the information about
compromised accounts public or by working with the company whose servers were compromised to inform all affected users.
"In this case, the credentials were harvested from thousands of servers and it would be difficult to work
with every server owner to inform the compromised users. Nevertheless, it is reasonable to expect the company to make the information freely available so everybody can check that none of their email addresses have been compromised."

Password tips:
The University of Surrey's Prof Alan Woodward suggests the following rules should be observed when picking a new password.

Don't choose one obviously associated with you:
Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.

Choose words that don't appear in a dictionary:
Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

Use a mixture of unusual characters:
You can use a word or phrase that you can easily remember but where characters are substituted, eg,
Myd0gha2B1g3ars!

Have different passwords for different sites and systems:
If hackers compromise one system you do not want them having the key to unlock all your other accounts.

Keep them safely:
With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.

BBC

Apple's iPhone Branded a 'National Security Concern'

Apple's iPhone has been labelled a "national security concern" by Chinese state broadcasters as relations between the country and US over cybersecurity worsen.

The influential state-sponsored China Central Television broadcast declared the iPhone a "national security concern" as part of its national noon broadcast on Friday, according to the Wall Street Journal. CCT criticized the "frequent locations" function present on Apple's iOS 7 operating system, declaring that researchers believe data points recorded by the service could give those with access to this data knowledge of Chinese concerns and even "state secrets."

Found in Settings , the "frequent locations" function is an opt-in feature which allows users to grant their
devices permission to record places they often go, in order to provide useful location-based information.
The relationship between China and the US in relation to cybersecurity has never been close, but became far more strained following the leak of
confidential documents by former US National Security Agency (NSA) contractor Edward Snowden earlier this year.
Out of all the leaks which showed the widespread surveillance activities of the intelligence agency, the NSA's secret tapping of networks belonging to Chinese telecom and internet giant Huawei were of interest to the country, as were disclosures which suggest the NSA hacked major telcos in China to mine text messages - as well as sustained attacks on Tsinghua University networks.

The broadcast touched upon the Snowden leaks, and according to the WSJ called the US technology firms'
databases a "gold mine." In addition, the broadcast quoted Chinese officials who insisted that Apple would need to "take on any legal responsibilities" if data leaks caused by the firm's devices caused harm.
In addition, the recent arrest of five "military hackers" who allegedly stole US corporate data by US law
enforcement is not likely to have improved matters. Following the arrests, China's defence ministry
said:
"From 'WikiLeaks' to the 'Snowden' case, US hypocrisy and double standards regarding the issue of cyber security have long been abundantly clear."

Apple is the latest in a string of US companies to be facing backlash over tense relations between China and
the United States, following questions raised by Chinese media in June over the security of Microsoft's Windows
operating system and an earlier ban of the use of Windows 8 in government computers by the Chinese Central Government Procurement Centre.

Courtesy:
ZDNet.com

Israel Revs Up Cyber-Security Defences

Worried by imminent fears of a cyber-attack by Palestinian activists, Israel has blocked international data from reaching government sites. By blocking traffic, Israel hopes to limit activists' ability to knock out official sites. In addition, government workers are being instructed to be wary of email messages from beyond the nation's borders.

The precautions are expected to be in place over the weekend.
The measures involve filtering traffic so only data originating within Israel reaches the sites. Systems that accept payment for government services made by people outside the country are also being put on hold.

Israeli web news site Walla said the precautions were being taken to deal with a "huge attack" being prepared by hacktivists acting for pro-Palestinian groups.
Reuters reported that Israeli government security teams were also carrying out work on official websites to make them more resistant to attack.
Israeli officials have declined to comment on the action the country is taking.
The precautions come a couple of months after security company Seculert revealed that activists had managed to breach Israeli government defences using a booby-trapped email.
The attack reportedly left the perpetrators in control of 15 computers that were used to manage some of Israel's armed forces.

BBC

United Kingdom Launches CyberSecurity Team

United Kingdom's Computer Emergency Response Team (CERT-UK), which will co-ordinate the country's cybersecurity defence, has been formally launched. The body will deal with "cybersecurity incidents" of national significance. It will also provide advice and alerts on cyber-threats to government, industry and academia.

Speaking at the launch, Cabinet Office Minister Francis Maude said that 93% of large corporations had had "a breach" over the past financial year. The attacks cost on average between £450,000 and £850,000, he added.
The minister also repeated the claim that one London-based company had suffered a security breach which cost it "£800m worth of revenue".