This week in the news, there are reports that a government-grade malware has fallen into hacker hands, while an international collaboration was created to target the Shylock Trojan. An interview with Mike McConnell reveals his fears of a new major cyber-attack, while Edward Snowden touts SpiderOak over DropBox to protect data from government snooping. And a recent blog post muses about the future of the NIST-NSA relationship.
Government-grade malware in hacker hands
ZDNet reported that there is reason to believe that ‘government-grade' malware called Gyges, designed to operate undetected on computer systems, is now in the hands of cybercriminals who are integrating it into rootkits and ransomware. According to security researchers at Sentinel Labs “The Gyges variant not only demonstrates the growing sophistication of malware, but more importantly shows how the lines are blurring between government-grade and mainstream attack code. The fact that "carrier" code can be "bolted on" to any type of malware to carry out invisible attacks is another indication that current approaches to security have reached their end of life for detecting advanced threats.”
International law enforcement targets Shylock Trojan
According to Government Security News, A new law enforcement and industry partnership is working to curtail the Internet domains and servers that form an advanced cybercriminal infrastructure attacking online banking systems around the globe using the Shylock Trojan. Coordinated by the UK National Crime Agency (NCA), the operation was a collaboration between the law enforcement and private sectors, including Europol, the FBI, BAE Systems Applied Intelligence, Dell SecureWorks, Kaspersky Lab and the UK's GCHQ (Government Communications Headquarters) to combat the threat. The operation revealed several previously unknown parts of the infrastructure and follow-up actions were initiated immediately.
Ex-Intelligence Chief McConnell Fears Major Cyber Attack
In an interview with Techonomy, Former National Intelligence Director Adm. Mike McConnell asserted that a cyber-attack on American infrastructure like targeting the utility grid during extremes of the season could be devastating to people and to our economy. He predicts that the industry’s knee-jerk response will be to resist regulation that could prevent such a disaster.
Snowden Says Drop Dropbox, Use SpiderOak
In an interview with The Guardian published Thursday afternoon, Edward Snowden, the former National Security Agency contractor, said the Cloud storage provider Dropbox is “hostile to privacy” because it controls the encryption keys, making it capable of handing over user data stored on its servers to the government. Instead, he urged the adoption of SpiderOak, SpiderOak, a storage startup which takes extra security measures such as not storing users’ passwords, which makes it difficult for the government to access any user data, even with a court order.
NIST's future without the NSA
This piece from Government Computing News examines the future relationship of NIST and the NSA, following a report by the Visiting Committee on Advanced Technology (VCAT), which was released July 14. The report came after last year’s revelation as a part of the Edward Snowden leaks that the NSA had inserted a “backdoor” into a NIST encryption standard that’s used to generate random numbers.
Government IT Talking Points
Government leaders and federal agency heads have been chosen to lead off the upcoming Smart Card Alliance event celebrating the 10th anniversary of the landmark security directive HSPD-121 with special keynote presentations reflecting on the past, present and future of identity and security in government. The one-day "Government Conference Special Edition Event: Celebrating the 10th Anniversary of HSPD-12," held with support from FICAM and the Interagency Advisory Board (IAB), will take place on July 31, 2014 at the Marriott Metro Center Hotel in Washington, D.C. For registration and more details, visit http://bit.ly/1gAzEA9.