The week in security: In 2014, it's still the NSA's world

Welcome back, after what has hopefully been a restful break and respite from the never-ending onslaught of security issues. Get ready to hit the ground running, however: signs are that cybercriminals used the time to plan a very busy 2014 – which means it's time to carefully weigh up your strategies for bring your own device (BYOD) mobile rollouts and other elements of your security practice – including the cloud, which has [[xref: by the likes of Eastman Chemical Company.

Security researchers had a less than desirable present for Samsung after discovering a vulnerability in the company's Knox security software, which leads the company's efforts to secure BYOD rollouts.

Edward Snowden had a different Christmas message, warning that a child born today will grow up to have no idea of what privacy is and should be. That's a particularly chilling summation as 2013 is being widely regarded as the year of the personal data breach, with the situation unlikely to get much better.

As if to confirm that, a US court ruled that country's NSA is within its rights to collect phone records and tossed out a lawsuit from civil-rights group the American Civil Liberties Union (ACLU); the ACLU quickly appealed the decision, even as another judge validated the practice of searching the laptops of travellers when they cross US borders.

While that activity may be legal, however, there's been no ruling on German allegations that the NSA is intercepting computer deliveries to plant spyware on new computer equipment. At the same time, major networking equipment vendors were predictably unhappy about alleged NSA back doors built into iPhones and other equipment.

No wonder some people are calling the NSA the security industry's “dream enemy” – a moniker it will surely wear with pride if reported plans to use a quantum computer to quickly crack all encryption methods, are proved correct.

Google didn't have the same luck, with an appeals court rejecting Google's argument that it did not break wiretapping laws by collecting user data during its Street View mapping project.

Cybercriminals are having to go back to basics after the disappearance of the popular Blackhole exploit kit left them with, yes, a black hole in the roster of potential alternatives.

Yet others are continuing to find success through other methods, such as a hole in the Snapchat service that researchers say could allow attackers to quickly find the phone numbers of many users. As if to prove the point, hackers claimed they had done just that by exposing the phone details of 4.6 million Snapchat users, while Skype's social-media accounts were targeted by a hacker group.

Seemingly validating Snowden's point about online privacy, some argue that few users will be scared away from Snapchat after the breaches. Facebook was alleged to have been scanning users' private messages, although analysts believe the concerns won't stick.

Retailer Target was also counting the cost of a breach as it admitted customer PINs had been stolen in a high-profile hack but argued that customer data was still safe. Little wonder the government is seen as being trusted more for data protection than the private sector – despite revelations more than 1 million UK schoolchildren have been fingerprinted.

Meanwhile, a Russian cybercriminal took over a BBC server and tried to sell access to it. The online Steam game server was rendered unusable after a DDoS attack. And, perhaps signalling the way of things to come, security firm FireEye gave itself a $US1 billion Christmas present after snatching up incident-response vendor Mandiant.

Join the CSO newsletter!

Error: Please check your email address.

Tags BYODsamsungvulnerablitiessecurityEdward Snowdencybercriminalssecurity research

More about BBC Worldwide AustralasiaFacebookFireEyeGoogleNSASamsungSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place