Tuesday, 4 June 2013

U.S. Considering Training Libyan Forces With NATO Allies

The U.S. and NATO allies will consider whether to train Libya’s armed forces at a meeting of alliance defense ministers in Brussels tomorrow, according to two U.S. defense officials.
North Atlantic Treaty Organization ministers, who are also discussing the alliance’s future role in Afghanistan, added Libya to their agenda after Libyan Prime Minister Ali Zaidan visited NATO a week ago as the country sought assistance, said the officials, who briefed reporters on condition of anonymity.
  U.S. Considering Training Libyan Forces With NATO Allies
Libyan Army soldiers parade during a graduation ceremony on May 23, 2013 in Tripoli. Photographer: Mahmud Turkia/AFP via Getty Images
No decision has been made and any such training by NATO forces might not take place within Libya, one official said.
President Barack Obama hinted at a potential NATO training role for Libya’s fledgling government last week after meeting with NATO Secretary General Anders Fogh Rasmussen at the White House. The alliance’s military intervention in Libya helped oust dictator Muammar Qaddafi in 2011.
“We now have a Libyan government that is in a transition process,” Obama said at a May 31 White House appearance with Rasmussen. “And part of where we think we can be helpful is to ensure that a democratically elected Libyan government has the capacity to control its borders to ensure that it does not become a safe haven for terrorism. And I think NATO has an important role to play on that front.”
Rasmussen discussed possible assistance with Libya’s prime minister, Obama said.

‘Strong Partners’

“We are very supportive of those efforts because we think it’s critical that we have strong partners in places like North Africa that are able to meet the security needs of their own people but are also working with the international community to meet the security needs of all of us,” Obama said.
NATO’s possible willingness to further engage in Libya stands in contrast to the alliance’s posture toward Syria, where a civil war has killed more than 70,000 people.
NATO hasn’t conducted any military planning for Syria except for some preliminary plans on how to secure chemical weapons, one defense official said.
Syria won’t be on the formal agenda for NATO defense ministers, although it may come up informally, the official said.
Much of the June 4-5 defense ministers’ meeting at NATO headquarters will focus on defining a mission for alliance forces in Afghanistan after 2014, when NATO’s combat mission will have ended. NATO officials have talked previously of retaining a force of 8,000 to 12,000 troops to train, advise and assist the Afghan army. How to provide that supporting role will be discussed this week, one official said.

Afghan Troops

The U.S. hasn’t said how many troops it will keep in Afghanistan after 2014, when Afghans will take responsibility for securing their country. The official said the U.S. may want to evaluate conditions on the ground over the coming year before making a specific commitment to troop numbers.
Many of the critical decisions on Afghanistan may not be made until a 2014 NATO summit that Obama announced last week. That summit is designed to plan for “this final chapter in our Afghan operations,” Obama said.
The ministers will also devote a formal session at the conference to protecting against computer hacking attacks, in what one official described as an important first step toward devoting more attention to the issue. The session will focus mainly on protecting NATO’s own computer networks, the official said.
U.S. Defense Secretary Chuck Hagel, who took office in February, will be making his first appearance at a NATO defense ministerial meeting.

Palo Alto Networks Falls After Missing Sales Forecast

Palo Alto Networks Inc. (PANW) posted a record decline after the maker of network security systems issued a revenue forecast short of analysts’ estimates.
The shares dropped 11 percent to $48.52 at the close in New York, the steepest slump since the company’s initial public offering in July 2012. The stock has advanced 16 percent since going public.
Revenue in the fiscal fourth quarter ending in July will be $106 million to $110 million, the Santa Clara, California-based company said on a call yesterday, missing the average projection for $113.7 million, according to data compiled by Bloomberg.
Third-quarter sales also lagged analysts’ predictions, the first time Palo Alto has missed revenue estimates since selling shares to the public in July. The company blamed “challenging” economic conditions for a shortfall in Europe and among government clients. Daniel Cummins, an analyst at B. Riley & Co. in New York, estimates that the federal government accounts for as much as 10 percent of Palo Alto’s revenue, while the European region comprises 20 percent to 25 percent.
“To come in at the low end of the guidance range is kind of a recipe for a one-day disaster for the stock,” said Cummins, who recommends buying the shares. Still, “most of us would expect that this won’t be repeated,” he said.
Palo Alto, co-founded in 2005 by former Check Point Software Technologies Ltd. (CHKP) executive Nir Zuk, is going head-to-head in the network-security market with Check Point, Cisco Systems Inc. (CSCO) and Juniper Networks Inc. (JNPR) Palo Alto’s revenue is rising faster than rivals as businesses seek to protect themselves from sophisticated hacking attacks that older security technologies have struggled to stop.

Apple iPhone security breached by modified chargers

Researchers at Georgia Institute of Technology have built a modified iPhone charger capable of hacking users' handsets and filling them with malware in just one minute.
The team, who will present their work at the forthcoming Black Hat security conference in Las Vegas, claim the method works for handsets running the latest version of iOS and does not require a jailbroken phone.
Researchers Billy Lau, Yeongjin Jang and Chengyu Song claim to have used the USB capailities in the iPhone charger to bypass the handset's built-in defences.
“The results were alarming. Despite the plethora of defence mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices,” the team said. The malicious charger, dubbed Mactans, was built using a BeagleBoard, which is a low-cost, credit card-sized computer.
“To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications,” the team said.
While the malicious charger is currently just a proof of concept device, the researchers warned that better-funded, highly motivated attackers could achieve more devastating attacks. And given the proliferation of knock-off chargers available for iPhone users, and increasingly common connection points and docking stations at photo shops or hotel lobbies, users would be well advised to treat these little white plugs with caution.
While the volume of mobile malware has been rocketing recently, most of its has been targeted at the Android platform. According to antivirus vendor F-Secure, the first three months of 2013 saw a 50 percent rise year-on-year in the volume of Android malware.

Hackers' Citadel and Koobface Trojans pose major threats to business data

Data security
Cyber criminals are using evolved versions of old attack tools to expand their operations, according to security firm McAfee.
McAfee listed tweaked versions of the Citadel and Koobface Trojans as two of the biggest threats facing businesses in its Q1 2013 Threat Report on Monday. The firm said the Citadel Trojan is particularly dangerous as crooks had developed it to steal a more diverse pool of data from its victims, making it one of 2013's most dangerous emerging threats.
"Citadel is considered an emerging threat to not only the financial services industry, but to other industries as well. Citadel gives cyber criminals advanced remote connectivity, and it also gives them the ability to dynamically decide which target to engage," said the report.
"There is a significant amount of recent activity to suggest that perpetrators will continue to use Citadel to attack businesses and government organisations around the world."
McAfee researchers also detected a surprise spike in the number of attacks using the 2008 Koobface Trojan to target social networks. McAfee Labs senior vice president, Vincent Weafer said the attacks on Facebook are troublesome as they could lead to more serious breaches on company networks. "Cyber criminals have come to appreciate that sensitive personal and organisational information are the currency of their ‘hacker economy'," said Weafer.
"The resurrection of Koobface reminds us that social networks continue to present a substantial opportunity for intercepting personal information. Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly-targeted attacks are achieving new levels of sophistication."
Outside of Citadel and Koobface the firm also detected a marked increase in the number of spam campaigns targeting corporate data. "One of the biggest stories this quarter is the increase in spam after more than a year of decline. We counted 1.9 trillion messages in March. That's lower than record levels but about twice the volume of December 2012. Cybercriminals continue to develop and market crimeware tools, which make it easy for inexperienced scammers to join the ranks and exploit victims," said the report.
The quarter also saw yet another boom in the number of mobile malware families operating in the wild. "Our count of mobile malware samples, just about exclusively for the Android OS, continues to skyrocket. Almost 30 percent of all mobile malware appeared this quarter. Malicious spyware and targeted attacks highlighted the latest assaults on mobile phones. All malware that we track affecting clients, servers, networks, mobiles-now stands at more than 128 million samples," reads the report.
McAfee's findings mirror those of numerous other security firms. Most recently Russian competitor Kaspersky confirmed detecting 22,750 versions of evolved mobile malware in its Q1 2013 Threat Report earlier this year.

Nick Clegg reaffirms anti-Snoopers Charter stance

Liberal Democrat leader Nick Clegg
Deputy prime minister Nick Clegg has pledged the government will not revive the controversial Communications Data Bill, commonly known as the Snooper's Charter.
Clegg said that despite calls for reforms to track extremist behaviour online, practical limitations make granting law enforcement the power to force internet service providers (ISPs) to store details of everyone's internet use remain unworkable. The comments were made during his weekly LBC 97.3 radio slot.
"Very important parts of what was proposed weren't workable because the industry -  the Facebooks, the Googles and all these people - upon whose cooperation we rely to go after the bad people, just said it wasn't workable in its present form. I think other aspects of it also struck me as perhaps being disproportionate," he said.
Clegg said that forcing ISPs to store and hand over data would also have wider global political ramifications. "I spend a lot of time working with industry, the people who make these things work and they told you can't do it, you just can't do this, no other country in the world has done this, no other democracy has done this, it will set a dangerous precedent that may then be followed by less law abiding regimes."
However, even without the Snooper's Charter, Clegg said the government will push forward with plans to grant law enforcement increased IP address tracking powers.
"At the moment you've got more devices than there are IP addresses so it's very difficult for the police and security services when they've got an IP address and need to find who's using them. I think that's something we do need to crack and we're doing good work in government on that."
The IP tracking reforms come alongside a wider shift in Britain's Cyber Strategy. The Cyber Strategy was announced in 2011 when the UK government pledged to invest £650m to help improve the nation's cyber defences. The strategy has seen the creation of several new measures designed to help police combat cyber threats, including the creation of a new national cybercrime unit later this year.
At Infosec in London earlier in the year, Metropolitan Police Central e-crime Unit head Charlie McMurdie warned that even with the new powers police will need help from businesses to combat the growing number of cyber attacks targeting industry.

US defence secretary tells troops to prepare for cyber war

US defence secretary Chuck Hagel has called for troops to arm themselves against cyber attacks, listing them as the biggest threat facing the nation.
Hagel issued the warning on Thursday, during an address to 200 US service members in Hawaii. During it he claimed a single successful cyber attack on the nation's critical infrastructure would have disastrous consequences.
The secretary added that the threat is too big for any one nation to handle alone, reiterating President Obama's call for a united response. "We live in a world where one country's just not big enough or wealthy enough to handle it alone," he said.
"Cyber is one of those quiet, deadly, insidious unknowns you can't see. It's in the ether - it's not one big navy sailing into a port, or one big army crossing a border, or squadrons of fighter planes [...] This is a very difficult, but real and dangerous, threat. There is no higher priority for our country than this issue."
Russian security tycoon Eugene Kaspersky mirrored Hagel's sentiment during a keynote speech at InfoSec in London earlier this year, claiming a single attack on critical infrastructure areas like water or power has the potential to cripple a nation.
Prior to Hagel, the US Department of Defense issued a similar statement, claiming Chinese state sponsored hackers are skilled enough to mount Stuxnet-level cyber attacks in its Military and Security Developments Involving the People's Republic of China 2013 report to Congress earlier in May. Stuxnet is a notorious malware created by the US to sabotage Iranian power plants.
US President Barack Obama issued an Executive Order calling on congress to improve the nation's cyber defences, during his state of the Union address, hoping to calm concerns about the threat. Since the order several of the country's military forces have put forward bids for funding to improve their cyber arsenal. Most recently the US Air Force reclassified to tools as cyber weapons to showcase how well it would use increased funding.
Hagel said the government will support military agencies in this endeavour. "Cyber warfare capabilities: we are increasing that part of the budget significantly," he said.
Numerous other nations outside of the US to put cyber security at the head of their agenda to countermand the growing cyber threat facing them. In the UK the government has listed security as a key part of its Cyber Strategy.
As opposed to military investment the strategy has chosen to focus on education, launching several initiatives designed to train the next generation of security experts. Most recently the strategy has seen the creation of two new cyber security higher education centres at Oxford University and Royal Holloway University London.