Tuesday, 31 March 2015

Taiwan seeks stronger cyber security ties with U.S. to counter China threat

Taiwan wants to join a major anti-hacking drill conducted by the United States to strengthen cyber security ties with its staunchest ally, its vice premier said on Monday, a move which would help safeguard against constant targeting by hackers in rival China.
Many hacks into Taiwan systems have been traced to sites belonging to China's People's Liberation Army, Vice Premier Simon Chang told Reuters in an interview, without elaborating on the locations.
"Taiwan has no enemy in the international community except you-know-who. Who in the world would try to hack Taiwan?" Chang, a former director of Asia hardware operations for internet giant Google Inc, said.
China has vehemently denied accusations of cyber theft.
Making the case for Taiwan's inclusion in the "Cyber Storm" drill, Chang reiterated the long-held view that China's 'cyber army' regularly uses Taiwan as a 'testing ground' for its most advanced hacking attempts.
"The U.S. has the Cyber Storm drill – we were not invited. We would like to be invited," Chang said.
The drill is held biennially, according to the website of the U.S. Department of Homeland Security, though the timing for the next one is unknown.
Taiwan had invited U.S. officials to observe its own mock drill against cyber attacks in 2013.
Cooperation between Taiwan and the United States would aim to strengthen defenses against hackers looking to steal government, military and industrial intelligence.
Taiwan was the most-targeted country in the Asia-Pacific region during the first half of 2014 for hacking attempts aimed at penetrating computer systems to steal data, according to U.S. data security firm FireEye Inc.
Chang said the percentage of cyber attacks on government systems originating from mainland China was "very high", and warned that there was potential for hackers to use Taiwan as a back door into the U.S. systems.
"The possibility is there," Chang said, while emphasizing that the main purpose of Chinese hacking attempts into Taiwan is not to steal U.S. data and that he has "no way of knowing" if an incursion into Taiwan has led to any U.S. intelligence leaks.
Despite a raft of recent trade deals between the two historical foes, China regards Taiwan as a renegade province and has not ruled out the use of force to bring it back under its control.
The two sides' shared language, culture and political animosity make Taiwan a particularly high-profile target for Chinese hackers.
Chang warned in January that all of Taiwan's government departments were subject to "staggering" numbers of hacking attempts, including departments that were not related to cross-straits matters but could be used as spring-boards to gain access elsewhere.
The Center for Strategic and International Studies, based in Washington, published a paper in January that noted Taiwan could be a major asset for exercises like "Cyber Storm".
"Taiwan is uniquely positioned to assist the international community in protecting itself from cyber theft," the authors wrote.
Earlier this month, U.S. President Barack Obama told Reuters he was concerned about Beijing's plans for a far-reaching counter-terrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security "backdoors" in their systems to give Chinese authorities surveillance access.
Taiwan is not discussing cyberspace with China, Chang said.
"I don't think raising this issue is any help," Chang said. "You're only going to let them know that you know what they're doing. It's only going to make them more cautious and more crafty."

Cyberattack causes computer slowdown at Rutgers University

The FBI is investigating a cyberattack at Rutgers University that led to a weekend computer slowdown.

The school's system suffered a 'denial of service' attack on Friday.

That means a user redirected computers to contact one specific server, which caused a slowdown.

There was no breach of confidential information.

The Rutgers Office of Information Technology said it is monitoring closely for any potential breach.

The disruption reportedly came from overseas.

The internet was slow and sometimes not available at all on campus during the weekend.

A university spokesman says the system is now working on campus, but that university servers were not available Monday morning to users who are off-campus.

Rutgers students had trouble accessing notes and assignments through the school's computer system.

"You can't get onto any of the Rutgers sites," said student Erica Cipollina. "Sakai was down, where you get in contact with your teachers. Even the Rutgers mail system was down to talk to your teachers."

Uber denies it was hacked

Uber insisted it had not been hacked following the discovery that log-in information for thousands of the car-sharing service's users is widely available on the online black market.
Motherboard confirmed last week that several dark Web forums — hidden from the regular internet using the online anonymity software Tor — were selling working log-ins for Uber for as little as $1.
Uber denies the information was taken from its own servers, however.
“We investigated and found no evidence of a breach,” the company said in a statement. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report.”
An Uber log-in can not only be used to rack up fraudulent trips, but would also give access to the user’s travel history, exposing home addresses. An account also contains partial credit card information.
Uber said the log-ins might have been lifted by either breaking weak passwords, or by trying passwords exposed in other data breaches.
“This is a good opportunity to remind people to use strong and unique usernames and passwords, and to avoid reusing the same credentials across multiple sites and services,” Uber said.
The company’s data security has made headlines in recent months. In late February, it came out that the personal information of up to 50,000 drivers had been compromised during a May 2014 breach.
The 2014 hack is not related to the current rash of Uber log-ins for sale, the company said.

Blokes disguised as women storm NSA HQ: One shot dead, one hurt

NSA's Fort Meade headquarters
One man is dead and another seriously hurt after they tried ramming a car into the gates of the NSA's headquarters in Fort Meade, Maryland.
Just before 9am on Monday, Eastern Time, the two men – dressed as women – attempted to smash through a checkpoint and into the data center complex using a stolen Ford Explorer, NBC reports.
NSA cops opened fire after the pair refused to stop, the agency said in a statement to The Register. One man in the car was shot and killed, the other was seriously wounded and airlifted to hospital. A security guard was mildly hurt. The Ford also careered into an NSA motor.
"The shooting scene is contained and we do not believe it is related to terrorism," the FBI's Baltimore office said in a statement. "We are working with the US Attorney's Office in Maryland to determine if federal charges are warranted."

A senior US official said the attack appeared to be a "local criminal matter." A gun and a quantity of drugs were reportedly found in the stolen vehicle.
The NSA's black monolith headquarters are on the site of Fort Meade, which is a US military base. About 11,000 troops guard nearly 30,000 civilian employees who work at the complex – making it a very unhealthy place to try some ram raiding.
"The incident has been contained and is under investigation,” said Colonel Brian Foley, Fort Meade garrison commander, in a statement to El Reg.
"The residents, service members and civilian employees on the installation are safe. We continue to remain vigilant at all of our access control points."
This is the second kerfuffle outside the NSA's headquarters this month. On March 3, an NSA building was hit by gunfire, leading to the arrest of former prison correctional officer Hong Young, 35, on firearms charges.