ClearSky Cyberdefense Forum

In a paper that has been published in draft form online and seen by the Guardian, researchers Sergei Skorobogatov of Cambridge University and Chris Woods of Quo Vadis Labs say that they have discovered a method that a hacker can use to connect to the internals of a chip made by Actel, a US manufacturer.

“An attacker can disable all the security on the chip, reprogram cryptographic and access keys … or permanently damage the device,” they noted.

To the research draft :

http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf

To the article :

http://www.guardian.co.uk/technology/2012/may/29/cyber-attack-concerns-boeing-chip?newsfeed=true

Technical Report, Laboratory of Cryptography and System Security (CrySyS Lab) budapest

http://www.crysys.hu/skywiper/skywiper.pdf

A sophisticated cyber attack against the Thrift Savings Plan contractor responsible for maintaining the agency’s data centers compromised the information of 123,000 TSP participants.

Of the compromised accounts, about 43,000 had personal information, such as names, Social Security numbers and bank-account numbers exposed. Another 80,000 compromised accounts had only Social Security numbers and other TSP-related information exposed.

http://www.federalnewsradio.com/pdfs/tsp_cyber_attack.pdf

http://www.federalnewsradio.com/241/2878970/Cyber-attack-against-TSP-contractor-exposes-thousands-of-accounts

The volume of malware surged in the first three months of 2012. In particular, there’s been a flood of new types of rootkits, password-stealing Trojan applications, malware targeting Android users, and botnet infections.

http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2012.pdf

http://www.informationweek.com/news/security/attacks/240000992

The annual Pentagon report “Military and Security Developments Involving the People’s Republic of China 2012” said that Chinese military spending in 2011 amounted to US$180 billion, a figure much higher than previously thought. The report noted sustained investment in Chinese cyber warfare, hinting that Beijing is using cyber intrusions to gather strategic intelligence.

http://www.defense.gov/pubs/pdfs/2012_cmpr_final.pdf

“Something pretty bad is coming,” the Michigan Republican said during a forum in Washington, citing data provided to his panel by senior U.S. intelligence leaders.

http://www.usnews.com/news/blogs/dotmil/2012/05/17/house-intel-chairman-predicts-major-cyber-attack-on-us

http://www.cso.com.au/article/424753/auscert_2012_day_1_wednesday_16th_may_roundup/

CSIS has issued a list of significant cyber events from 2006 to 2012.

http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf

Researcher Justin W. Clarke discovered a vulnerability in an industrial networking system used by American power grids and the Pentagon. Now, after public pressure, the manufacturer is promising a fix.

http://www.csmonitor.com/USA/2012/0501/How-one-man-may-have-foiled-a-devastating-cyberattack-against-America

A  major cyber attack is currently underway aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.

At least three confidential “amber” alerts – the second most sensitive next to “red” – were issued by DHS beginning March 29, all warning of a “gas pipeline sector cyber intrusion campaign” against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing.

That fact was reaffirmed late Friday in a public, albeit less detailed, “incident response” report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based inIdaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.

http://www.csmonitor.com/USA/2012/0505/Alert-Major-cyber-attack-aimed-at-natural-gas-pipeline-companies