The week in security: NSA encryption cracking piques data-security angst

Know an IT team that’s done a great job on a security-related project recently? The Australian Information Security Association (AISA) awards are back this year, with less than two weeks to go until the September 16 nomination deadline.

Two local success stories were chalking up big wins, with Sydney security-forensics startup Packetloop planning major growth after being acquired by security firm Arbor Networks and buoyant crowdsourcing venture Bugcrowd securing a $1.6m round of venture-capital funding that will strengthen its presence in the US.

Looking further: Syrian hackers took on a surprising target, redirecting the US Marine Corps recruitment Web site in an attempt to convince Marines that the Syrian army are allies. Scammers were also jumping on the Syrian cause, with new spins on old scams designed to take advantage of the escalating Syrian crisis.

The US government was doing its own bit for cyber-attacks, with 231 ‘cyber-operations’ carried out in 2011 alone. The US government was also being fingered as the EU Parliament began an inquiry into the National Security Agency’s PRISM system with the expectation that more revelations about the activity were likely to emerge.

One revelation that was already out there came in a report suggesting the NSA had been using supercomputers to decrypt many online technologies – driving many users to try to figure out how to NSA-proof their data and engendering healthy paranoia on the part of many.

Ironically, the agency has also figured out how to protect its Macs from outside eyes. Little wonder that traffic on the anonymous Tor network doubled in a single week, reaching its highest levels ever. These figures seemingly corroborated findings of an Internet survey that 90 per cent of Internet users have taken active steps to avoid surveillance online (although later investigation suggested the surge was due to botnet activity).

Along similar lines, an Android app from Silent Circle debuted by encrypting and securely deleting sensitive messages. Cambridge Research Lab scientists were also on the job, announcing an advancement in the development of multi-user quantum key networks – which may prove increasingly valuable given that security experts still agree the best way to protect data, even with an interventionist NSA out there, is by using encryption.

Security researchers also noticed a resurgence of the NetTraveler advanced persistent threat (APT) malware, even as RSA rubbished the Linux ‘Hand of Thief’ Trojan as being non-viable.

Nonetheless, security firm FireEye debuted an APT-detection service called Oculus, which will notify customers of new attacks. Speaking of new attacks, researchers reported that targeted attacks are now delivering malware in pieces, then assembled inside the enterprise network boundary. Clever hackers have also begun offering an outsourced password-cracking service that can be paid using bitcoin.

A security researcher picked up $US12,500 for identifying a Facebook bug that lets anybody remove photos from another user’s profile. Facebook was also targeted by privacy advocates, who asked the US Federal Trade Commission to stop Facebook from making controversial changes to its privacy policies that are due to take effect next week.

The FTC was also targeting a vendor whose security cameras were compromised and allowed private video of hundreds of people to be compromised. Even Google was working the privacy angle, as it fought a lawsuit trying to stop it from scanning user email for marketing purposes. The US government was also pushing to scan user information, a report revealed, as Yahoo’s first transparency report suggested it received 12,444 requests for user data in the first half of this year.

Australian cloud provider Paradyne made a play for the cloud-authentication market by striking a partnership with identity and access management (IAM) provider Centrify. Cloud-encryption provider Virtustream had its own take on cloud encryption management, arguing that flexibility is a key attribute.

Also in cloud-related news, cloud giant Amazon has been hiring ‘top secret’ IT specialists in an effort to win CIA business. Less secret are what is reported to have been 300,000 attempts to access pornographic websites by UK politicians during 2012 alone. Microsoft was also looking at pictures, with picture-based authentication offering an alternative for users that were already tired of separate passwords.

Mobile devices were also getting a security boost as Samsung incorporated Lookout mobile security software to protect users of its Knox secure mobile platform. Also on the mobile front, Obad malware was growing, and a bank Trojan was targeting mobile authentication systems; little wonder research suggests that security concerns are putting mobile users off of the concept of mobile payments.

Join the CSO newsletter!

Error: Please check your email address.

Tags nsaAustralian Information Security Association (AISA)

More about AISAAmazon Web ServicesAPTArbor NetworksArbor NetworksCentrifyEUFacebookFederal Trade CommissionFireEyeFTCGoogleLinuxMacsMicrosoftNational Security AgencyNSAParadyneRSASamsungUS Federal Trade CommissionYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place