Shaun Waterman – Page 21 – WindowsTechs.com

Prolific Russian credit-card hacker gets 27 years

Posted on April 21, 2017 by Shaun Waterman

A federal judge in Seattle sentenced prolific Russian hacker Roman Seleznev to 27 years in prison — the longest sentence for computer crime ever imposed in an American court. Prosecutors had asked for 30 years, saying Seleznev had personally helped create the multibillion-dollar market for stolen data, hacking dozens of small businesses and selling millions of sets of credit-card numbers on automated websites authorities likened to an Amazon-type marketplace for cybercriminals. In court Friday, prosecutors compared him to a “Tony Soprano-style mob boss,” according to the Seattle Times. Seleznev, who was seized by U.S. Secret Service agents in the Maldives in July 2014, is the son of Valery Seleznev, an outspoken member of the Russian parliament, a supporter of the ultra-nationalist party of Vladimir Zhirinovsky and a close political ally of Russian President Vladimir Putin. The elder Seleznev and Russian government officials have described the capture as a “kidnapping” — noting that the agents […]

The post Prolific Russian credit-card hacker gets 27 years appeared first on Cyberscoop.

Continue reading Prolific Russian credit-card hacker gets 27 years→

New DARPA program seeks cybersecurity through hardware design

Posted on April 21, 2017 by Shaun Waterman

Pentagon scientists say they could stop 40 percent of current cyberattacks by producing secure computer chips, and Friday they explain how to a closed-door meeting of government contractors. The System Security Integrated Through Hardware and firmware, or SSITH, program aims “to develop hardware design tools that provide security against hardware vulnerabilities that are exploited through software in [Defense Department] and commercial electronic systems,” according to a procurement announcement, called a BAA, from the Defense Advanced Research Projects Agency. The DARPA program seeks only paradigm-shifting research: “Innovative approaches that enable revolutionary advances in science, devices, or systems. Specifically excluded is research that primarily results in evolutionary improvements to the existing state of practice,” reads the BAA. The idea is to break what SSITH program manager Linton Salmon derisively refers to as the “patch and pray” cycle of fixing vulnerabilities through software updates, even when what’s ultimately being exploited is a security weakness in the hardware. “This […]

The post New DARPA program seeks cybersecurity through hardware design appeared first on Cyberscoop.

Continue reading New DARPA program seeks cybersecurity through hardware design→

Six big vendors dominate a fragmented federal cyber market, numbers show

Posted on April 20, 2017 by Shaun Waterman

Federal procurement of cybersecurity goods and services is highly fragmented, according to new research published this week, with more than 7,600 different companies winning U.S. government contracts during the past six years. But despite this long tail of small awards, the market space is dominated by a handful of familiar names. Only six contractors — Leidos, Northrup Grumman, Booz Allen Hamilton, IBM, Hewlett Packard and General Dynamics — earned a billion dollars or more in cyber contracts from the U.S. government in fiscal 2011-16, according to the new report from Govini, a consultancy that crunches procurement numbers. “Acquisition of cybersecurity solutions is highly fragmented now,” Arun Sankaran, Govini’s director of professional services, told CyberScoop. He was the lead author of the report, which analyzes the $45.9 billion obligated between 2011-2016 in three categories of federal cybersecurity spending: defense, resilience and threat analytics. Spending rose significantly in the second half of that period, from an average of $6.3 billion […]

The post Six big vendors dominate a fragmented federal cyber market, numbers show appeared first on Cyberscoop.

Continue reading Six big vendors dominate a fragmented federal cyber market, numbers show→

DHS watchdog’s fraud hotline spoofed in ID theft scam

Posted on April 19, 2017 by Shaun Waterman

The inspector general’s office in the Department of Homeland Security is warning that identity thieves and fraudsters are spoofing caller ID systems to make it look as if victims are being called from the IG’s anonymous tipline. “The perpetrators of the scam represent themselves as employees with ‘U.S. Immigration,’” the office states in a press release circulated Wednesday, and “demand to obtain or verify personally identifiable information from their victims through various tactics, including by telling individuals that they are the victims of identity theft.” “Many of the scammers reportedly have pronounced accents,” states the press release. The office said it wanted to remind the public that it “never uses its hotline number to make outgoing calls — the phone line is only used to receive information from the public.” The hotline remains “perfectly safe” for reporting “fraud, waste, abuse, or mismanagement within DHS components or programs,” the statement concludes. The office […]

The post DHS watchdog’s fraud hotline spoofed in ID theft scam appeared first on Cyberscoop.

Continue reading DHS watchdog’s fraud hotline spoofed in ID theft scam→

DHS watchdog’s fraud hotline spoofed in ID theft scam

Posted on April 19, 2017 by Shaun Waterman

The post DHS watchdog’s fraud hotline spoofed in ID theft scam appeared first on Cyberscoop.

Continue reading DHS watchdog’s fraud hotline spoofed in ID theft scam→

Prosecutors throw the book at Russian behind credit card hacking plot

Posted on April 19, 2017 by Shaun Waterman

U.S. prosecutors are asking a federal court in Seattle to sentence prolific Russian hacker Roman Seleznev to 30 years this week, saying he personally helped create a multibillion-dollar ecosystem for credit card fraud. Calling Seleznev “a pioneer” in the online theft and monetization of card data, a sentencing memorandum claims he “became one of the most revered point-of-sale hackers in the criminal underworld … a market maker whose automated vending sites and tutorials helped grow the market for stolen card data,” by effectively creating an Amazon.com for cyber-thieves and card fraudsters. Cards that Seleznev sold through his sites generated nearly $170 million in fraudulent charges, prosecutors said. “This prosecution is unprecedented. Never before has a criminal engaged in computer fraud of this magnitude been identified, captured, and convicted by an American jury,” prosecutors claim. In arguing for the 30-year sentence, prosecutors also say Seleznev tried to game the court system: “Burning through” six sets of […]

The post Prosecutors throw the book at Russian behind credit card hacking plot appeared first on Cyberscoop.

Continue reading Prosecutors throw the book at Russian behind credit card hacking plot→

Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities

Posted on April 18, 2017 by Shaun Waterman

Homeland Security Secretary John Kelly laid out the new administration’s priorities for his department Tuesday, listing cybersecurity alongside defending the nation’s borders and stopping terrorist attacks — but providing far fewer details about the online defensive mission than about the other two. “We live in an interconnected world,” Kelly told a packed theater at the George Washington University in his first major policy address since taking office in January. “That’s not a trend, that’s reality. We rely on technology for everything from programming our coffee makers to running global corporations. This reliance, perhaps over-reliance, brings risks … These digital threats are no less significant than threats in the physical world,” he said. In a section of prepared remarks he did not deliver, apparently due to time constraints, he ridiculed “the plodding pace of bureaucracy,” and the government’s arthritic procurement system, comparing it to “sending troops to take Fallujah armed with muskets […]

The post Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities appeared first on Cyberscoop.

Continue reading Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities→

Hackers using pixel tracking to build data for better phishing practices

Posted on April 18, 2017 by Shaun Waterman

A technique used by marketers and advertisers to track web users and email recipients has been repurposed by cybercriminals and online spies as a way of discovering potential hacking targets, according to new security research. “We’ve seen a lot more use of this tactic recently as a probing or information-gathering tool,” by phishers and other cybercriminals, Donald Meyer of Check Point Software Technologies Ltd., told CyberScoop. Tracking pixels, or web beacons, are tiny images, one pixel large, that are downloaded when a user opens an email or visits a website. Because they’re so small, most users don’t even notice them. “Often the image is designed to blend into the background,” according to the Network Advertising Initiative, a trade association and standards group of the digital advertising industry. Because of the way most email programs and web browsers work, tracking pixels, once downloaded, can collect and repot information about the device on which the […]

The post Hackers using pixel tracking to build data for better phishing practices appeared first on Cyberscoop.

Continue reading Hackers using pixel tracking to build data for better phishing practices→

DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies

Posted on April 13, 2017 by Shaun Waterman

New cybersecurity tools being deployed across the U.S. government found huge numbers of uncatalogued and unmanaged computer devices connected to federal networks — a phenomenon known as “shadow IT” — that necessitated urgent modifications to many hundreds of millions of dollars’ worth of contracts. Some departments and agencies had “several hundred percent” more devices on their networks than they expected and the average across government was about 44 percent more, Department of Homeland Security official Kevin Cox said last week at the McAfee Security Through Innovation Summit, hosted by CyberScoop. “There was something of a ‘oh shit’ moment,” said a person familiar with the discovery, made during the recent rollout of phase one of Continuous Diagnostics and Monitoring tools. CDM is a DHS-funded, government-wide acquisition program that buys and installs cybersecurity tools on U.S. departmental and agency networks. The tools found every kind of device imaginable on federal networks, this person said, from […]

The post DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies appeared first on Cyberscoop.

Continue reading DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies→

Business lobby pushes back on NIST Framework measurement plans

Posted on April 13, 2017 by Shaun Waterman

Business lobbying groups are pushing back on plans by federal scientists to add third-party measurement of cybersecurity to a voluntary framework designed to help private companies improve its defenses against hackers, cybercriminals and online spies. A draft proposed revision of the National Institute of Standards and Technology’s Cybersecurity Framework, to be known as version 1.1, includes a new section on “measuring and demonstrating cybersecurity.” But public comments filed by business groups voice concern about what metrics should be used for measurement and how public that demonstration ought to be. “Measuring state and trends over time, internally, through external audit, and through conformity assessment, enables an organization to understand and convey meaningful risk information to dependents, partners, and customers,” reads the introduction to the proposed new section. One of the complaints about the framework — which is generally recognized as a useful tool for companies looking to improve their online security — is that […]

The post Business lobby pushes back on NIST Framework measurement plans appeared first on Cyberscoop.

Continue reading Business lobby pushes back on NIST Framework measurement plans→