The week in security: NSA encryption cracking piques data-security angst

Know an IT team that’s done a great job on a security-related project recently? The Australian Information Security Association (AISA) awards are back this year, with less than two weeks to go until the September 16 nomination deadline.

Two local success stories were chalking up big wins, with Sydney security-forensics startup Packetloop planning major growth after being acquired by security firm Arbor Networks and buoyant crowdsourcing venture Bugcrowd securing a $1.6m round of venture-capital funding that will strengthen its presence in the US.

Looking further: Syrian hackers took on a surprising target, redirecting the US Marine Corps recruitment Web site in an attempt to convince Marines that the Syrian army are allies. Scammers were also jumping on the Syrian cause, with new spins on old scams designed to take advantage of the escalating Syrian crisis.

The US government was doing its own bit for cyber-attacks, with 231 ‘cyber-operations’ carried out in 2011 alone. The US government was also being fingered as the EU Parliament began an inquiry into the National Security Agency’s PRISM system with the expectation that more revelations about the activity were likely to emerge.

One revelation that was already out there came in a report suggesting the NSA had been using supercomputers to decrypt many online technologies – driving many users to try to figure out how to NSA-proof their data and engendering healthy paranoia on the part of many.

Ironically, the agency has also figured out how to protect its Macs from outside eyes. Little wonder that traffic on the anonymous Tor network doubled in a single week, reaching its highest levels ever. These figures seemingly corroborated findings of an Internet survey that 90 per cent of Internet users have taken active steps to avoid surveillance online (although later investigation suggested the surge was due to botnet activity).

Along similar lines, an Android app from Silent Circle debuted by encrypting and securely deleting sensitive messages. Cambridge Research Lab scientists were also on the job, announcing an advancement in the development of multi-user quantum key networks – which may prove increasingly valuable given that security experts still agree the best way to protect data, even with an interventionist NSA out there, is by using encryption.

Security researchers also noticed a resurgence of the NetTraveler advanced persistent threat (APT) malware, even as RSA rubbished the Linux ‘Hand of Thief’ Trojan as being non-viable.

Nonetheless, security firm FireEye debuted an APT-detection service called Oculus, which will notify customers of new attacks. Speaking of new attacks, researchers reported that targeted attacks are now delivering malware in pieces, then assembled inside the enterprise network boundary. Clever hackers have also begun offering an outsourced password-cracking service that can be paid using bitcoin.

A security researcher picked up $US12,500 for identifying a Facebook bug that lets anybody remove photos from another user’s profile. Facebook was also targeted by privacy advocates, who asked the US Federal Trade Commission to stop Facebook from making controversial changes to its privacy policies that are due to take effect next week.

The FTC was also targeting a vendor whose security cameras were compromised and allowed private video of hundreds of people to be compromised. Even Google was working the privacy angle, as it fought a lawsuit trying to stop it from scanning user email for marketing purposes. The US government was also pushing to scan user information, a report revealed, as Yahoo’s first transparency report suggested it received 12,444 requests for user data in the first half of this year.

Australian cloud provider Paradyne made a play for the cloud-authentication market by striking a partnership with identity and access management (IAM) provider Centrify. Cloud-encryption provider Virtustream had its own take on cloud encryption management, arguing that flexibility is a key attribute.

Also in cloud-related news, cloud giant Amazon has been hiring ‘top secret’ IT specialists in an effort to win CIA business. Less secret are what is reported to have been 300,000 attempts to access pornographic websites by UK politicians during 2012 alone. Microsoft was also looking at pictures, with picture-based authentication offering an alternative for users that were already tired of separate passwords.

Mobile devices were also getting a security boost as Samsung incorporated Lookout mobile security software to protect users of its Knox secure mobile platform. Also on the mobile front, Obad malware was growing, and a bank Trojan was targeting mobile authentication systems; little wonder research suggests that security concerns are putting mobile users off of the concept of mobile payments.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags nsaAustralian Information Security Association (AISA)

More about AISAAmazon Web ServicesAPTArbor NetworksArbor NetworksCentrifyEUFacebookFederal Trade CommissionFireEyeFTCGoogleLinuxMacsMicrosoftNational Security AgencyNSAParadyneRSASamsungUS Federal Trade CommissionYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts