Photo: DoD

The military is cracking down on would-be leakers who could compromise military and government networks.

This week, the Defense Advanced Research Projects Agency opened bids for a new Cyber Insider Threat program.

The CINDER program arises from the military being targeted by a number of high-profile security breaches over the past few years.  Rather than targeting only outside hackers, this program aims to prevent insiders from conducting in espionage, such as the recent posting of classified documents on WikiLeaks.

According to FedBizOpps.gov, DARPA is looking for “novel approaches to insider-threat detection that greatly increase the accuracy, rate and speed of detection and that impede the ability of adversaries to operate within government and military interest networks.”

Proposals are currently under consideration and can be submitted to the agency until the Aug. 25, 2011 deadline.

Photo: FCC

Over the past months, the Federal Communications Commission has worked to preserve the freedom and openness of the Internet, efforts that over time have changed the terms of a longstanding and acrimonious debate, said FCC Chairman Julius Genachowski.

“We have moved from a world of four disputed and unenforceable open Internet principles–about blocking by broadband providers of lawful online content, applications, and services–toward the acceptance of six enforceable rules: the original four principles plus the concepts of nondiscrimination and transparency,” he said. “These would prevent broadband providers from wrongly playing favorites with lawful Internet speech or businesses, and would empower consumers and entrepreneurs with information about broadband choices and networks.”

Acknowledging that progress has been made over the last year, Genachowski noted that a lot of work remains to be done.

“Recent events have highlighted questions on how open Internet rules should apply to ‘specialized’ services and to mobile broadband–what framework will guarantee Internet freedom and openness, and maximize private investment and innovation,” he said. ” As we’ve seen, the issues are complex, and the details matter. Even a proposal for enforceable rules can be flawed in its specifics and risk undermining the fundamental goal of preserving the open Internet.”

FCC’s wireline and wireless bureaus are seeking soliciting the public’s insight on issues related to “specialized” services and mobile broadband. The information received through this inquiry, along with the record developed to date, will help complete the commission’s efforts to establish an enforceable framework to preserve Internet freedom and openness, Genachowski said.

“As we move forward, the FCC will continue to be vigilant in guarding against threats to Internet freedom,” he said. “We will be focused on a vision of a ubiquitous and superfast Internet, with flourishing entrepreneurship and vibrant start-ups, and massive private investment in Internet infrastructure, content, and services — an Internet that is an engine for our economy, and provides a world of knowledge and free speech accessible to all.”

Tufin Technologies’ “Hacking Habits” surveyed attendees of last month’s DEFCON conference in Las Vegas, Nev. The report found that among those hackers who search for vulnerabilities, 73 percent come across a misconfigured network more than three quarters of the time – which, according to the majority the respondents, is the easiest IT resource to exploit.

Reuven Harrison, CTO and co-founder of Tufin Technologies, said he was surprised to find that 58 percent of respondents also viewed network misconfiguration as being caused by IT staffers who do not know what to look for when assessing the status of their network configurations. He said the survey is notable because more than half of respondents work in corporate IT.

“The really big question coming out of the survey,” Harrison said, “is how to manage the risk that organizations run dealing with the complexity that is part and parcel of any medium-to-large sized company’s security operations.”

Sandra Teague’s activities were exposed when the Department of Education’s Office of Inspector General began investigating to find out whether its employees, or those of its contractors, had inappropriately accessed the student-loan information of certain celebrities or famous political figures and athletes.

A number of leads came back to a DOE contractor, which assists with student-loan inquiries via its call center and engages in debt collection. The contractor’s employees use the National Student Loan Data System database, which contains the private
information of borrowers, including that of Obama.

When Teague testified at trial, she claimed someone stole her unique NSLDS identifier and password to access Obama’s information. The jury, however, did not believe her and found her guilty.

Charles Anderson told El Reg he received an email from a “Gladlord Mohammed” informing him that “i have being paid $200,000.00 in advance to terminate you with some reasons listed to me by my employers.”

However, Mohammed continued: “i have followed you closely for one week and three days now and have seen that you are innocent of the accusation.” Thus, Mohammed had decided to pass up the contract on Anderson–if he agreed to hand over “$50,000.00 to the account i will provide for you.”

Once Anderson had paid money and met with Mohammed, the hired gun said he would hand over the tape that contained the information on the contracted kill. That information would “be enough evidence for you to take him to court (if you wish to), then the balance will be paid later,” Mohammed wrote.

Anderson was told to keep quiet and not contact the FBI or the police. The assassin reminded him that “I have your picture with me and other vital information. I was hired with my team from Yemen Arab Republic down here. So you don’t need to ask any question. Deal/No Deal?”

Anderson, a software engineer, concluded the email was a scam and simply pressed Gmail’s “Report Spam” button.

“It’s the first scam I’ve ever received that tried to intimidate me into handing over money, rather than just playing on my greed and stupidity,” he told El Reg. “Is this the start of a trend, or have I just been lucky so far?”

For some Facebook users, it may be a dream come true to express what they really think of others’ not-so-exciting posts. However, Sophos warns that this new scam tricks users into giving a rogue Facebook application permission to access profiles, post spam messages from users’ account and asking users to complete an online survey.

Although there is a genuine “I Don’t Care” button available as an extension for the Google Chrome browser, Facebook does not have an official “Dislike” or “I Don’t Care” option within the social-networking site.

These events, held Sept. 14-17, 2010, will give attendees the opportunity to hear presentations by, and to network with, leading academic experts and researchers on a wide array of topics in the areas of intrusion detection and cybersecurity. The events will feature presentations, workshops, panel discussions and a showcase of innovative technology.

The two international cybersecurity events will be hosted by Defence Research and Development Canada – Ottawa and Communications Research Centre Canada.

The financial sector in Africa has experienced a recent increase cyber crime, threatening to stall the launch of online banking and electronic commerce services. An explosion of mobile money services as banks and mobile providers compete for customers who would otherwise not have a bank account has increased phishing attacks.

Launched in Uganda last week, the new organization will monitor cyberspace and cyber crime in Africa. The center will also deal with organized crime, online child pornography, cyber terrorism, online tax fraud and information security.

Several countries in the region, including Zambia, Nigeria and Uganda, have established national policy frameworks on cyber crime.

The Nigerian government has approved a computer crime prosecution unit for prosecuting cyber criminals, and the Ugandan parliament has developed laws to tackle cyber crime after several cases of cyber attacks. Zambia was the first country in Africa to pass an Internet crime law under which convicted hackers can be sent to prison for up to 25 years.

The official who serves at the Federal Law Enforcement Agency said the Ministry of Interior repeatedly drew attention of the Ministry of Telecommunications and Information Technology to announce the ordinance through the Parliament, without any success, The Nation reports.

Sources in the FIA Lahore said many complaints, inquiries and cases were pending with the FIA’s National Response Centre for Cyber Crime, which was established to counter cyber-related crimes and terrorism.

The email encourages recipients to fill out a survey, which erroneously states a fast-food restaurant sponsored, and make a $90. After filling out the survey and clicking on the “proceed” button, users are directed to enter their credit-card information to receive $90. To process the request, the payment web page asks for the payment card’s security code.

Symantec said it appeared as if the phish was targeted users in New Zealand.

“Our analysis shows that most of the recipients where in Australia or New Zealand, the URL of the site included a.nz, presumably a very poor attempt by the phishers to try to fool people that they were browsing the organization’s legitimate website,” said Nick Johnston, senior software engineer at Symantec Hosted Services. “Why New Zealand was targeted is unclear; perhaps the phishers wanted to acquire New Zealand-based credit cards. Nevertheless, this shows the global nature of the phishing problem.”