Monday, 14 November 2016

Join the Q: British intel agencies seek tech-savvy apprentices

Q in James Bond
GCHQ, MI5 and MI6 are searching for would-be Qs, technically minded apprentices keen to cut their teeth working for British intelligence. Would-be tech quartermasters have until 14 November to get in their security service apprenticeship applications for this year's scheme.
An apprenticeship "could be a tempting alternative to a university degree – and a unique start to a career" for "prospective programmers and tech-savvy talent", according to a UK government statement. The apprenticeships offer a mix of classroom-based learning and practical experience that "could lead to a recognised qualification and, potentially, a full-time job".
A spokesperson representing Careers in British Intelligence said: "This is a fantastic opportunity for recruits to get unique insights and perspectives into the work of the intelligence services. In addition, the opportunity to do real hands-on work that makes a difference to keeping the country safe makes this apprenticeship exciting and different. We have been offering apprenticeships for a number of years and see a huge amount of value in them for our work."
Two schemes are on offer. The British Intelligence Higher Apprenticeship in IT, Software, Internet and Telecoms leads to a Foundation Degree and offers a year working in Cheltenham with placements at GCHQ or possibly in London with either MI5, MI6 or the National Crime Agency afterwards.
The second programme offers a three-year technical apprenticeship based in the Greater Manchester area and leads to a BSc Honours Degree. Apprentices will have the opportunity to build and maintain some of the world's most sophisticated electronic equipment.
Participants in both schemes to earn a salary while they build up their technical expertise and develop soft skills like teamwork, communication and leadership. More details can be found on the GCHQ careers website.
Former chancellor George Osborne last year promised that 1,900 new recruits would be hired by the intelligence agencies by 2020. The agency faces an uphill struggle meeting these targets in a competitive marketplace with better salaries on offer from the private sector, as previously reported. The apprenticeship scheme represents an attempt to nurture talent and bridge the skills gap.

Russian banks floored by withering DDoS attacks

Russian hacking
At least five Russian banks weathered days-long DDoS attacks this week.
A wave of assaults began on Tuesday afternoon and continued over the next two days. Victims include Sberbank and Alfabank, both of which confirmed DDoS attacks on their online services, RT reports.
The attacks were powered by compromised IoT devices, according to an unnamed Russian Central Bank official. Early indications are that the Mirai IoT botnet which disrupted DNS services for scores of high-profile websites in October 2016 may be behind the latest attacks but this is unconfirmed.
The last DOOS attack on this scale against Russian banks was in October 2015, when eight major institutions were targeted.
David Kennerley, director of threat research at Webroot, commented: "These latest DDoS attacks are extremely similar to the recent ones targeted at Dyn last month, and really drives home the security issues of the Internet of Things. While attacks like these are complicated, there's still an element of basic security that could have reduced success – password management.
"Consumers and end users need to understand the importance of changing your password from the manufacturer's default. If the default password had been changed, many of the webcams and CCTV devices that formed the botnet army would not have been successfully hijacked."
Paul McEvatt, senior cyber threat intelligence manager for Fujitsu in UK and Ireland, added: "The issue is that IoT device manufacturers are failing to implement robust security controls from the outset, whether that's for routers, smart devices or connected cars. Anyone can use online services such as Shodan to look for vulnerable IoT devices, making organisations an easy target for low-level cyber-criminals. The worrying reality is that security is often an afterthought and security fundamentals are still not being followed such as changing default passwords."

AdultFriendFinder network hack exposes 412 million accounts