Quotulatiousness

November 1, 2013

Let’s hope badBIOS is an elaborate Halloween hoax

Filed under: Technology — Tags: , , , , , — Nicholas @ 08:05

Dan Goodin posted a scary Halloween tale at Ars Technica yesterday … at least, I’m hoping it’s just a scary story for the season:

In the intervening three years, Ruiu said, the infections have persisted, almost like a strain of bacteria that’s able to survive extreme antibiotic therapies. Within hours or weeks of wiping an infected computer clean, the odd behavior would return. The most visible sign of contamination is a machine’s inability to boot off a CD, but other, more subtle behaviors can be observed when using tools such as Process Monitor, which is designed for troubleshooting and forensic investigations.

Another intriguing characteristic: in addition to jumping “airgaps” designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities.

“We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD,” Ruiu said. “At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we’re using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys.”

Over the past two weeks, Ruiu has taken to Twitter, Facebook, and Google Plus to document his investigative odyssey and share a theory that has captured the attention of some of the world’s foremost security experts. The malware, Ruiu believes, is transmitted though USB drives to infect the lowest levels of computer hardware. With the ability to target a computer’s Basic Input/Output System (BIOS), Unified Extensible Firmware Interface (UEFI), and possibly other firmware standards, the malware can attack a wide variety of platforms, escape common forms of detection, and survive most attempts to eradicate it.

But the story gets stranger still. In posts here, here, and here, Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: “badBIOS,” as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.

October 29, 2013

What happens when you challenge hackers to investigate you?

Filed under: Law, Technology — Tags: , , , , — Nicholas @ 09:13

Adam Penenberg had himself investigated in the late 1990s and wrote that up for Forbes. This time around, he asked Nick Percoco to do the same thing, and was quite weirded out by the experience:

It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.

I’m being hacked — and only have myself to blame.

Two months earlier I challenged Nicholas Percoco, senior vice president of SpiderLabs, the advanced research and ethical hacking team at Trustwave, to perform a personal “pen-test,” industry-speak for “penetration test.” The idea grew out of a cover story I wrote for Forbes some 14 years earlier, when I retained a private detective to investigate me, starting with just my byline. In a week he pulled up an astonishing amount of information, everything from my social security number and mother’s maiden name to long distance phone records, including who I called and for how long, my rent, bank accounts, stock holdings, and utility bills.

[…]

A decade and a half later, and given the recent Edward Snowden-fueled brouhaha over the National Security Agency’s snooping on Americans, I wondered how much had changed. Today, about 250 million Americans are on the Internet, and spend an average of 23 hours a week online and texting, with 27 percent of that engaged in social media. Like most people, I’m on the Internet, in some fashion, most of my waking hours, if not through a computer then via a tablet or smart phone.

With so much of my life reduced to microscopic bits and bytes bouncing around in a netherworld of digital data, how much could Nick Percoco and a determined team of hackers find out about me? Worse, how much damage could they potentially cause?

What I learned is that virtually all of us are vulnerable to electronic eavesdropping and are easy hack targets. Most of us have adopted the credo “security by obscurity,” but all it takes is a person or persons with enough patience and know-how to pierce anyone’s privacy — and, if they choose, to wreak havoc on your finances and destroy your reputation.

H/T to Terry Teachout for the link.

August 28, 2013

Home 3D printers are not quite plug-and-play yet

Filed under: Technology — Tags: , , — Nicholas @ 09:45

Ars Technica‘s Lee Hutchinson finds through actual hands-on experience that “home” 3D printers are still in the “tinkering” stage of development:

I volunteered to put the Printrbot through its paces from the perspective of someone who’s only vaguely aware of home 3D printing as a technology. Before getting my hands on the Printrbot Simple, I’d never even seen a home 3D printer before.

What I found as I dug in was a pit without a bottom — an absolute yawning Stygian abyss of options and tweaking and modifications and endless re-printing. To own and use a 3D printer is to become enmeshed in a constant stream of tinkering, tweaking, and upgrades. It feels a lot like owning a project car that you must continually wrench on to keep it running right. Almost from the moment I got the Printrbot out of the box and printing, I had to start the tweaking. And as a total 3D printing newb, it really soured me on the Printrbot and on the entire concept of low-cost 3D printing in general. “Surely,” I thought, “this frustration is because I’m cutting my teeth on a $299 3D printer intended for early adopters. Surely a higher-end 3D printer is easier!”

And so, in order to see how a higher-end home 3D printer works, I found myself in possession of a much more expensive, much more impressive-looking Makerbot Replicator 2. That device costs $2,200 as opposed to the Printrbot Simple’s $299. The first few things I printed out with the much more expensive device were amazing. It was like leaving the project car in the garage and driving the Lexus to work — you get in, press the button, and go. But then, after perhaps 20 hours of print time, the problems started. Filament would fail to feed. The printer would clog. The printer produced spaghetti instead of actual models, ruining overnight print jobs. I had to replace the plunger-based filament extruder with a new spring-loaded version to overcome a design flaw. I found myself re-leveling the build plate and disassembling and reassembling the extruder way more than I ever had to do with the little Printrbot. All of that was as fun as it sounds.

The Makerbot wasn’t turning out to be an expensive but reliable Lexus. It was turning out to be an expensive and you-better-own-two-because-one-will-always-be-broken 1970s-era Jaguar. It wasn’t just frustrating — it was actually enraging. If I had paid $2,200 out of my own pocket for the Makerbot, I would have been sorely tempted to drive up to New York and fling the thing through the windows of Makerbot’s office.

Update, 30 August: Another thing holding back widespread adoption of home 3D printing is that you need proper designs to use for your 3D printer, and most people are not familiar with CAD or CAD-like design programs. This will continue to be a hindrance for original designs, but MakerBot Digitizer can help you copy physical items:

The Digitizer is about the size of a portable 45 rpm record player — with a laser-shooting accessory attached to the back. MakerBot head honcho Bre Pettis debuted a prototype of the Digitizer at his SXSW keynote address back in March, and now the device is almost ready for sale. The MakerBot Digitizer starts shipping in October.

Here’s how it works. You start with a relatively small object — you’re limited to a maximum weight of 6.6 pounds, and the object has to be less than 8 inches wide and 8 inches tall. Put it on the Digitizer’s turntable, and the device scans it with two “eye-safe” lasers as the turntable spins. After the object has been fully scanned, the Digitizer outputs a 3-D design file. The entire scanning process takes about 12 minutes, according to the MakerBot website — there are 800 individual steps within a full 360-degree rotation.

Of course, this is just a surface scan: hollow objects or objects with interior voids will still need further design processing before you can hit “copy”.

August 14, 2013

The “Indie Web” is the very definition of a fringe project

Filed under: Media, Technology — Tags: , , , , , — Nicholas @ 08:55

Wired‘s Klint Finley wants you to meet the indie hackers who want to jailbreak the internet (among other things):

One guy is wearing his Google Glass. Another showed up in an HTML5 t-shirt. And then there’s the dude who looks like the Mad Hatter, decked out in a top hat with an enormous white flower tucked into the brim.

At first, they look like any other gaggle of tech geeks. But then you notice that one of them is Ward Cunningham, the man who invented the wiki, the tech that underpins Wikipedia. And there’s Kevin Marks, the former vice president of web services at British Telecom. Oh, and don’t miss Brad Fitzpatrick, creator of the seminal blogging site LiveJournal and, more recently, a coder who works in the engine room of Google’s online empire.

Packed into a small conference room, this rag-tag band of software developers has an outsized digital pedigree, and they have a mission to match. They hope to jailbreak the internet.

They call it the Indie Web movement, an effort to create a web that’s not so dependent on tech giants like Facebook, Twitter, and, yes, Google — a web that belongs not to one individual or one company, but to everyone. “I don’t trust myself,” says Fitzpatrick. “And I don’t trust companies.” The movement grew out of an egalitarian online project launched by Fitzpatrick, before he made the move to Google. And over the past few years, it has roped in about 100 other coders from around the world.

August 13, 2013

Master Sergeant Anonymous

Filed under: Liberty, Military, USA — Tags: , , , — Nicholas @ 10:10

Justine Sharrock talks to someone who claims that there are many members of Anonymous in the ranks of the US military:

Are there a lot of members of Anonymous in the Army?
There are more than you would think, more heavily in the techie world [of the military] — especially at Fort Huachuca, where all the intel people are. A lot of them wanted to get the job [there] because they want to learn secret stuff and have a better personal understanding of how the world actually works.

How do you know who is in Anonymous?
Initially we have the handshaking phase. The lingo is still relatively unknown. In conversation, you drop in jokes. If you are with someone on a mission, you’re like, “Man, there are over 9,000 reasons that this is a bad idea.” That initially establishes friendship. Once you feel comfortable with the person and they aren’t just posing as part of the culture, then you talk about what they’ve done and how much a part of it they are. It gets to the point where you are discussing individual operations.

What are the most popular operations amongst soldiers?
Anonymous is so distributed and leaderless that everyone has operations they love and hate. Operation Cartel, especially at Fort Bliss. Operation Dark Net was universally loved. And Operation Payback was pretty well received.

[…]

Does the military know about the Anonymous presence?
Pre-Manning, there were several academic papers put out trying to analyze it and school the leadership. Because the Army is a very top-down organization, they assume that [Anonymous] is too. Leadership wasn’t concerned with it until Manning happened. Then they read everything under the [lens] of what Manning did and it just scared them — scared them blind. They know we are in there and they assume that we are all going to do a Manning or a Snowden.

How have they addressed it?
Every six months you are mandated to get a Threat Awareness and Reporting Procedures Brief. It used to be very much like how to … spot the Iraqi contractor who is pacing off your base. Now it is, “Look at the person at your left and right. Are they espousing social beliefs that don’t line up with Army values? What websites do they go to at work?” With the caveat that it is OK to have political beliefs that are different. You get a heavy-handed feeling.

I have had more than a few officers come up to me and as we are trying to talk about [Anonymous] they are worried, like, “Are you CID [working undercover for the Central Investigative Division]?” Because you always worry about that.

August 8, 2013

A home-made Gauss gun

Filed under: Technology, Weapons — Tags: , , — Nicholas @ 08:14

It may not be the most functional weapon in the world, but it does show that there might be a niche for this kind of development:

While it may only be able to shoot a few cans right now, we certainly wouldn’t want to be in front of [Jason]‘s fully automatic Gauss gun capable of firing 15 steel bolts from its magazine in less than two seconds.

The bolts are fired from the gun with a linear motor. [Jason] is using eight coils along the length of his barrel, each one controlled by an IGBT. These are powered by two 22 Volt 3600mAh LiPo battery packs.

As for the mechanical portion of the build, the bolts fired from this gun are actually 6.5mm nails, cut off and sharpened. These are chambered from a spring-loaded magazine, with each new bolt put into the breech with a small solenoid retracting for an instant.

July 24, 2013

Anti-porn UK MP gets hacked, threatens reporter who publicized the hack

Filed under: Britain, Liberty, Media, Politics — Tags: , , , , , — Nicholas @ 11:13

Apparently British Conservative MP Claire Perry doesn’t know a lot about the way the internet works, despite being described as an “architect” for David Cameron’s proposed porn blocker:

UK MP Claire Perry hacked

Claire Perry is the UK Tory MP who architected David Cameron’s idiotic national porno firewall plan. Her website was hacked and defaced with pornographic gross-out/shock images. When Guido Fawkes, a reporter and blogger, wrote about it on his website, Perry took to Twitter to accuse him of “sponsoring” the hack, and publicly announced that she would be speaking to his editor at the Sun (Fawkes has a column with the tabloid) to punish him for writing about her embarrassment.

Perry is so technologically illiterate that she can’t tell the difference between writing about someone hacking your website and hacking itself. No wonder she’s credulous enough to believe the magic-beans-peddlers who promise her that they’ll keep porn off the British Internet — a feat that neither the Chinese nor the Iranian governments have managed.

July 13, 2013

TV station pranked

Filed under: Humour, Media — Tags: , , , — Nicholas @ 00:01

TV station KTVU actually reported that the flight crew on board crash-landed Asiana flight 214 were:

TV station pranked

Deadspin has more, including the video clip:

Bay Area Fox affiliate KTVU purportedly learned the names of the flight crew of Asiana flight 214, which crashed last Saturday at San Francisco International Airport, killing two. These — “Sum Ting Wong,” “Wi Tu Lo,” “Ho Lee Fuk,” and “Bang Ding Ow” — are not their names. The newscaster’s credulous reading puts it over the top.

H/T to Doug Mataconis for the link.

Update: Dave Owens offered the following explanation on one of my mailing lists:

What’s even more awful is that an intern at the NTSB gave them the names.

I imagine he’s a former intern now.

NTSB has apologized.

Update, 15 July: Asiana Airlines has lawyered up over the incident.

Asiana is suing KTVU-TV to ‘strongly respond to its racially discriminatory report’, Asiana spokeswoman Lee Hyomin said.

She said the airline will likely file suit in U.S. courts. KTVU-TV did not immediately reply to emails sent by The Associated Press seeking comment.

The station was quick to correct the gaffe after an ad break following the humiliating broadcast, clarifying the names were clearly wrong and blaming the NTSB for the incorrect information.

Update, 29 July: Korean newscasters get a bit of revenge:

It looks like a Korean news agency is having some fun at KTVU’s expense. After the landing gear failure of the Southwest flight at LGA they showed this graphic with American pilot names “Captain Kent Parker Wright”, “Co-Captain Wyatt Wooden Workman”.

They even went as far as making up fake names for people to interview. Flight instructor “Heywood U. Flye-Moore” and skeptical passenger “Macy Lawyers”.

H/T to Tabatha Southey for the link.

June 8, 2013

Anonymous claims to have successfully hacked Turkish government network

Filed under: Europe, Government, Middle East, Technology — Tags: , , , — Nicholas @ 09:48

A report at RT.com says the Turkish government’s internal network has been breached by members of Anonymous:

Turkish government networks were hacked on Wednesday, compromising the private information of staffers in PM Tayyip Erdogan’s office, a source in PM’s office confirmed to Reuters. The attack was in support of the ongoing anti-government protests.

Staff email accounts were reportedly accessed after a phishing attack, and those affected were cut off from the network, a source said.

Anonymous hacked the Prime Minister’s official website (basbakanlik.gov.tr) and gained access to staff email addresses, passwords and phone numbers, the group said in a press release.

[. . .]

The group also stressed it will not share most of the hacked data because it “respects people’s privacy” and “does not believe in the full use of power against the weak.”

June 1, 2013

QotD: Internet espionage

Filed under: China, Humour, Quotations, Technology — Tags: , , , — Nicholas @ 08:26

A new report says that the Chinese are hacking American computer networks at an alarming rate. This is hardly news. I’ve been including the phrase “早安,我抱歉有沒有在這封電子郵件中的商業秘密或加拿大色情。請停止殺害酷動物啄木鳥醫學。剛剛買了一些偉哥了” at the bottom of every e-mail for months (I put it just above where it says “Hello Mr. Holder!”). It means, according to Google translate: “Good Morning, I’m sorry there’s no trade secrets or Canadian porn in this e-mail. Please stop killing cool animals for pecker medicine. Just buy some Viagra already.”

What is new is the scope of the problem the report lays out. This is a thorny issue and I think the U.S. needs to be much, much more aggressive in combating it. Why it’s not a bigger issue for the WTO, for instance, is baffling to me. They are stealing our stuff, which strikes me as a bigger deal than taxing it at the border.

Explaining to the Chinese leadership that they shouldn’t be doing this because it’s wrong is like explaining to a dog licking its nethers that what he’s doing is bad manners: To the extent they understand at all, they couldn’t care less. They respect power. They understand when you put a price on bad behavior. So we need to put a price on Chinese hacking. It’s really that simple. The hard thing to figure out is how.

Jonah Goldberg, “Chiiiiiicoms in (Cyber) Spaaaaaaaaaaaace!”, The Goldberg File, 2013-05-31

May 9, 2013

The NSA’s guide to hacking Google searches

Filed under: Technology, USA — Tags: , , , , — Nicholas @ 10:34

Wired‘s Kim Zetter on how the NSA recommends its own analysts get the best intelligence use out of Google and other online tools:

There’s so much data available on the internet that even government cyberspies need a little help now and then to sift through it all. So to assist them, the National Security Agency produced a book to help its spies uncover intelligence hiding on the web.

The 643-page tome, called Untangling the Web: A Guide to Internet Research (.pdf), was just released by the NSA following a FOIA request filed in April by MuckRock, a site that charges fees to process public records for activists and others.

The book was published by the Center for Digital Content of the National Security Agency, and is filled with advice for using search engines, the Internet Archive and other online tools. But the most interesting is the chapter titled “Google Hacking.”

[. . .]

Stealing intelligence on the internet that others don’t want you to have might not be illegal, but it does come with other risks, the authors note: “It is critical that you handle all Microsoft file types on the internet with extreme care. Never open a Microsoft file type on the internet. Instead, use one of the techniques described here,” they write in a footnote. The word “here” is hyperlinked, but since the document is a PDF the link is inaccessible. No word about the dangers that Adobe PDFs pose. But the version of the manual the NSA released was last updated in 2007, so let’s hope later versions cover it.

April 29, 2013

US Navy’s innovative Littoral Combat Ship designs still undergoing teething problems

Filed under: Military, USA — Tags: , , , — Nicholas @ 07:53

Strategy Page looks at the documented issues facing the two different ships in the Littoral Combat Ship (LCS) class:

The U.S. Navy is encountering a seemingly endless list of problems with their new “Littoral Combat Ship” (LCS). Last year it was decided to put the ship into mass production. But it was recently revealed that last year the navy discovered that the computerized combat systems of the LCS were vulnerable to hacking. The navy understandably won’t provide details about the vulnerability or the fixes that have since been implemented. This sort of vulnerability on U.S. warships has been hinted at for years, but navy officials have largely been silent on the subject.

Such vulnerabilities have become more common as warships became more networked (internally and externally) over the last two decades and installed constant Internet connections for work and improving morale. The LCS problems were encountered when one of the navy “red teams” (sometimes called “tiger teams”) played offence on the LCS electronics and found there was a way in that provided opportunities to do damage. The navy has no comment on the vulnerabilities with other ship classes.

The LCS has been unique in many ways and this has caused the navy all manner of grief in the media. The LCS is a new ship type and generating a larger number of problems than older, more traditional ship designs. The media loves this, because problems with weapons grab attention and ad revenue. In response to this media feeding frenzy the navy has tried some damage control.

[. . .]

This is all part of the expected years of uncertainty and experimentation as this radical new combat ship design seeks to find out what works, to what degree, and what doesn’t. There is some nervousness about all this. The U.S. Navy has not introduced a radical new design for nearly a century. The last such new design was the aircraft carrier, which required two decades of experimentation and a major war to nail down what worked. Even the nuclear submarines of the late 1950s and early 60s were evolutionary compared to what the LCS is trying to do.

In the last seven years two different LCS designs were built and put into service. Problems were encountered and that was expected. The much smaller crew required some changes in how a crew ran a ship and how many sailors and civilians were required back on land to support a LCS at sea. It was found that the interchangeable mission modules take far longer (2-3 days instead of 2-3 hours) to replace. The LCS has still not seen combat and the navy wants the first violent encounter to be successful or at least not disastrous. It is expected that there will be surprises, which is about all that can be guaranteed at this point.


USS Freedom at sea. Click for full-sized image at Wikipedia


USS Independence at pier side. Click for full-sized image at Wikipedia.

April 21, 2013

Documentary War for the Web includes final interview with Aaron Swartz

Filed under: Liberty, Media, Technology — Tags: , , , , , — Nicholas @ 08:51

CNET‘s Declan McCullagh talks about an upcoming documentary release:

From Aaron Swartz’s struggles with an antihacking law to Hollywood’s lobbying to a raft of surveillance proposals, the Internet and its users’ rights are under attack as never before, according to the creators of a forthcoming documentary film.

The film, titled War for the Web, traces the physical infrastructure of the Internet, from fat underwater cables to living room routers, as a way to explain the story of what’s behind the high-volume politicking over proposals like CISPA, Net neutrality, and the Stop Online Piracy Act.

“People talk about security, people talk about privacy, they talk about regional duopolies like they’re independent issues,” Cameron Brueckner, the film’s director, told CNET yesterday. “What is particularly striking is that these issues aren’t really independent issues…. They’re all interconnected.”

The filmmakers have finished 17 lengthy interviews — including what they say is the last extensive one that Swartz, the Internet activist, gave before committing suicide in January — that have yielded about 24 hours of raw footage. They plan to have a rough cut finished by the end of the year, and have launched a fundraising campaign on Indiegogo that ends May 1. (Here’s a three-minute trailer.)

Swartz, who was charged under the Computer Fraud and Abuse Act, faced a criminal trial that would have begun this month and the possibility of anywhere from years to over a decade in federal prison for alleged illegal downloads of academic journal articles. He told the filmmakers last year, in an interview that took place after his indictment, that the U.S. government posed a more serious cybersecurity threat than hackers:

    They cracked into other countries’ computers. They cracked into military installations. They have basically initiated cyberwar in a way that nobody is talking about because, you know, it’s not some kid in the basement somewhere — It’s President Obama. Because it’s distorted this way, because people talk about these fictional kids in the basement instead of government officials that have really been the problem, it ends up meaning that cybersecurity has been an excuse to do anything…

    Now, cybersecurity is important. I think the government should be finding these vulnerabilities and helping to fix them. But they’re doing the opposite of that. They’re finding the vulnerabilities and keeping them secret so they can abuse them. So if we do care about cybersecurity, what we need to do is focus the debate not on these kids in a basement who aren’t doing any damage — but on the powerful people, the people paying lots of money to find these security holes who then are doing damage and refusing to fix them.

April 13, 2013

3D printing, guns, and the hacker ethic

Filed under: Liberty, Media, Technology — Tags: , , , — Nicholas @ 10:22

At The Verge, Joshua Kopstein outlines the state of play in 3D printing, guns, and the hacker subculture:

Cyberculture icon Stewart Brand’s famous notion that “information wants to be free” has been an almost ubiquitous refrain ever since utopian-minded hackers began populating computer networks in the 1980s. Today, 3D printing has given the phrase a whole new meaning, allowing raw data to become real world weapons with the click of a button. Cody R. Wilson, the antagonistic founder of Defense Distributed, is taking that idea to its logical — and hugely controversial — extreme.

Having recently obtained his federal manufacturing license, Wilson hopes to release files for the world’s first fully 3D-printable firearm by the end of this month. His past progress has already thrown a major wrench into America’s resurgent gun control debate, feeding doubts about the efficacy of renewed bans on undetectable firearms. But his reasoning, he claims, isn’t really about the Second Amendment at all — it’s about technological progress rendering the very concept of gun control meaningless.

“It’s more radical for us,” he told Motherboard in “Click Print Gun,” a recent mini-doc about the dark side of the 3D printing revolution. “There are people all over the world downloading our files and we say ‘good.’ We say you should have access to this. You simply should.”

If this all sounds very similar to the good gospel spread by Brand and advanced by progressives and activists like the late Aaron Swartz, you’re hearing it right. But even without the context of Wilson’s operation, firearms and freedom of information share a strangely similar history, an oft-overlooked ideological confluence between hackers and gun advocates that seems to be gaining momentum.

March 27, 2013

MI5 and GCHQ will include assistance from the IT industry in the fight against online crime

Filed under: Britain, Government, Technology — Tags: , , , , — Nicholas @ 08:42

Two of the British government’s top intelligence agencies will team up with specialists from the IT field in a new initiative to counter online “cyber” crime:

Cyber-security experts from industry are to operate alongside the intelligence agencies for the first time in an attempt to combat the growing online threat to British firms.

The government is creating a so-called fusion cell where analysts from MI5 and GCHQ, the domestic eavesdropping agency, will work with private sector counterparts.

The cell is part of the Cyber Security Information Sharing Partnership (Cisp), launched on Wednesday, to provide industry with a forum to share details of techniques used by hackers as well as methods of countering them.

At any one time there will be about 12 to 15 analysts working at the cell, based at an undisclosed location in London.

“What the fusion cell will be doing is pulling together a single, richer intelligence picture of what is going on in cyberspace and the threats attacking the UK,” a senior official said.

John Leyden at The Register has more:

The programme, which follows a successful pilot scheme in 2011, is designed to support the wider aims of the UK’s cyber security strategy: such as making Britain the best country in the world to do e-business and protecting critical components of the national infrastructure (ie banks, utilities, telecoms and power grid).

Eighty companies from five key sectors of the economy — finance, defence, energy, telecommunications and pharmaceuticals — were encouraged to share information as part of the pilot scheme. The wider programme (involving a reported 160 organisations, at least initially) will allow access to a secure web-portal to gain access to shared threat intelligence information in real time, the BBC reports.

[. . .]

Terry Greer-King, UK MD for internet security firm Check Point, commented:

“This is a key step forward for both Governments and business in fighting web attacks, and reducing their impact. It’s essential that organisations collaborate and share intelligence with each other to track emerging threats, mitigate their severity or block them before they cause damage. Fighting threats together is much more effective than fighting alone.”

“In 2012, our research found that 63 per cent of organisations were infected with bots, and 54 per cent infected with malware that they didn’t know about. Any move which helps to reduce these figures is very welcome,” he added.

« Newer PostsOlder Posts »

Powered by WordPress