How the government is keeping hackers from disrupting coronavirus vaccine research

Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19, and President Donald Trump addressed a nervous nation, people at the highest levels of the U.S. government became laser-focused on one idea: Coronavirus vaccine research needed to be defended from hacking attempts. Soon after the World Health Organization declared a pandemic, the Pentagon’s Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission for “Operation Warp Speed,” the U.S. government program responsible for producing 300 million coronavirus vaccine doses by January 2021. Known as the Security and Assurance portion of Operation Warp Speed, the mission is no small effort. Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, it has been running behind the scenes for months, and is being detailed here for the first time. […]

The post How the government is keeping hackers from disrupting coronavirus vaccine research appeared first on CyberScoop.

Continue reading How the government is keeping hackers from disrupting coronavirus vaccine research

DEF CON’s aerospace village looks to satellite hacking to improve security in space

Next time your GPS app functions without interruption, or a credit card transaction is approved on the first try, consider thanking a hacker. Both of those everyday activities, along with many others, are made possible in part because of satellites, those orbiting chunks of metal that only a fraction of the population thinks about on a regular basis. Now, though, security-minded officials in the Pentagon’s Defense Digital Service (DDS), the Air Force and New York-based vendor Red Balloon Security are trying to improve satellite security by sending computer researchers the technology they would need to hack them. It’s part of an effort to ensure that those big satellites orbiting the Earth remain reliable, and keep the GPS navigation running. One research challenge, called Nyan-Sat, is broken up into three parts. Hackers are building their own satellite tracking antennae, exploiting a ground station modem, and then participating in a live-streamed ground station event. […]

The post DEF CON’s aerospace village looks to satellite hacking to improve security in space appeared first on CyberScoop.

Continue reading DEF CON’s aerospace village looks to satellite hacking to improve security in space

How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise

This year when U.S. Cyber Command convened with allied countries to test how they would collectively defend against a cyber-operation targeting allied networks, the units came together for what appeared to be a straightforward simulation of an attack against a European airbase. The worldwide coronavirus pandemic made the simulation less than straightforward. For the first time ever, participants conducted the exercise from home, according to U.S. military cyber commanders involved in the exercise. The annual simulation, which simulated an attack that impacted both information technology (IT) and operational technology (OT), took place on a new platform, the Persistent Cyber Training Environment (PCTE). “The impact of COVID-19 is pretty clear and it’s been a challenge for us. But it didn’t pause the action that’s been going on in cyberspace,” U.S. Coast Guard Rear Admiral John Mauger, the director of Cyber Command exercises and training, told reporters Wednesday. “Within Cyber Command we couldn’t stop […]

The post How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise appeared first on CyberScoop.

Continue reading How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise

DARPA invites hackers to break hardware to make it more secure

For more than two years, the Pentagon’s research arm has been working with engineers to beef up the security of computer chips before they get deployed in weapons systems or other critical technologies. Now, the research arm — the Defense Advanced Research Projects Agency (DARPA) — is turning the hardware over to elite white-hat hackers who can earn up to $25,000 for bugs they find. The goal is to throw an array of attacks at the hardware so its foundations are more secure before production. “We need the researchers to really roll their sleeves up and dig into what we’re doing and try to break it,” said Keith Rebello, a DARPA program manager. Hardware hacks often involve identifying vulnerabilities in how a computer chip handles information, like the flaw uncovered in Intel microprocessors in March that could have allowed attackers to run malicious code early in the boot process. While software bug bounties are ubiquitous in […]

The post DARPA invites hackers to break hardware to make it more secure appeared first on CyberScoop.

Continue reading DARPA invites hackers to break hardware to make it more secure

GAO: Cyber Command is overspending on data tools

One of the major initiatives that U.S. Cyber Command has been working on for two years is going to cost five times more than what military officials originally estimated, according to a Government Accountability Office report. The program, a software platform called Unified Platform (UP), is meant to help forces and military services working with Cyber Command to reduce the amount of data silos, and to streamline data processing, storage, queries, and information-sharing to enhance overall mission effectiveness. One of the main contributing factors to the miscalculation is that the overall cost of UP was not based on any independent analysis, GAO found. “UP did not have several key elements of its business case approved at the time of program initiation, such as approved requirements, a cost estimate informed by independent analysis, or a formal schedule risk assessment,” the GAO said. “Our prior work has shown that this type of […]

The post GAO: Cyber Command is overspending on data tools appeared first on CyberScoop.

Continue reading GAO: Cyber Command is overspending on data tools

The governor’s office says the NSA isn’t involved in the response to Minnesota’s protests. But here’s how it could be.

The office of Minnesota Gov. Tim Walz says the National Security Agency did not provide the state with signals intelligence as its law enforcement agencies responded to protests against the killing of George Floyd. For awhile this weekend, though, the governor stirred up some confusion about whether the intelligence agency could do so. “No NSA involvement,” a Walz spokesperson told CyberScoop. The Democratic governor was mistaken in suggesting Saturday during a press conference that the U.S. military had provided the state with signals intelligence collected by the NSA, the spokesperson said. CyberScoop could not independently verify the spokesman’s comment. The NSA deferred comment to the governor’s office. Generally speaking, the NSA, the Pentagon’s foreign signals intelligence agency, does not target U.S. citizens to collect electronic communications information. But there are specific times when it can. Walz’s comments — combined with speculation about how those legal circumstances might apply to the protests — were enough to fuel questions about the NSA’s involvement. Walz said Saturday that he had […]

The post The governor’s office says the NSA isn’t involved in the response to Minnesota’s protests. But here’s how it could be. appeared first on CyberScoop.

Continue reading The governor’s office says the NSA isn’t involved in the response to Minnesota’s protests. But here’s how it could be.

FBI, DHS to go public with suspected North Korean hacking tools

The FBI and the Department of Homeland Security are preparing to jointly expose North Korean government-backed hacking this week, CyberScoop has learned. Threat data meant to help companies fend off hackers has already been shared with the private sector in an effort to boost cyber-defenses in critical infrastructure sectors. The circulating information, contained in several documents known as malware analysis reports (MARs), details activity from Hidden Cobra hackers, an advanced persistent threat group that the U.S. government has previously linked with the North Korean government. The Hidden Cobra group frequently targets financial institutions such as banks, cryptocurrency exchanges, and ATMs for financial gain, the government says. However, it was not immediately clear which specific security incidents, if any, the U.S. government sought to expose in the information sharing effort. The documents, which sources say contains 26 malware samples, appear to be the latest piece of a broader U.S. government effort […]

The post FBI, DHS to go public with suspected North Korean hacking tools appeared first on CyberScoop.

Continue reading FBI, DHS to go public with suspected North Korean hacking tools

Hackers are using coronavirus-themed phishing lures to go after DOD networks

Cybercriminals have been targeting U.S. military organizations with coronavirus-related spearphishing schemes, the Department of Defense Cyber Crime Center (DC3) said Monday in a release. “Even though many supplies, services and leisure activities have slowed down or come to a screeching halt, the one thing that has remained the same — or even gained momentum — is cyber-espionage,” the DC3 said in the announcement. According to DC3’s assessment, those behind the campaign aren’t just targeting defense industrial base companies and their networks — the goal is to break into systems run by the DOD. While cybercriminals and nation-state hackers have been targeting businesses and individuals around the world for months with coronavirus-themed spearphishing and spyware operations, it’s the first time the Pentagon has publicly said its own networks are coming under fire from hackers seeking to exploit the fears surrounding the pandemic. The memo comes via DC3’s information sharing outreach, which offers […]

The post Hackers are using coronavirus-themed phishing lures to go after DOD networks appeared first on CyberScoop.

Continue reading Hackers are using coronavirus-themed phishing lures to go after DOD networks

Pentagon bristles at anti-American rhetoric in foreign coronavirus reports

U.S. military officials are criticizing foreign governments for spreading disinformation related to the coronavirus pandemic. In the latest example of the Pentagon trying to mitigate foreign propaganda, U.S. officials admonished the governments of Russia, China and Iran for leveraging the international COVID-19 outbreak to summon anti-American sentiment. U.S. officials, in a statement Monday on a government website, accused state-funded media agencies, like Russia’s Sputnik News, of creating mistrust in credible information in order to create confusion. “These are the messages that are endangering global health because they’re undermining the efforts of governments, of health agencies and of organizations that are in charge of disseminating accurate information about the virus to the public,” said Laura Cooper, deputy assistant secretary of Defense for Russia, Ukraine and Eurasia in a piece published by DOD News, a U.S. government-funded media agency. It’s the latest example of U.S. officials responding to foreign propaganda since the State Department began tracking […]

The post Pentagon bristles at anti-American rhetoric in foreign coronavirus reports appeared first on CyberScoop.

Continue reading Pentagon bristles at anti-American rhetoric in foreign coronavirus reports

Federal agencies recommend U.S. bar China Telecom over cybersecurity concerns

Several federal agencies recommended Thursday that U.S. regulators block a Chinese state-owned telecommunications firm from providing service to American customers. The Departments of Justice, Defense, and State urged the Federal Communications Commission to take action against China Telecom, a subsidiary of a Chinese state-owned telecommunications company, over cybersecurity and national security concerns, according to a Justice Department statement. The departments said the FCC should revoke China Telecom’s licenses to operate in the U.S. because, as a Beijing-based firm, China Telecom can “provide opportunities for [China] to engage in malicious cyber activity enabling economic espionage and disruption and misrouting of U.S. communications,” the department says. China Telecom has acted as a “common carrier,” meaning it connects domestic and international networks, since 2007. The U.S. government in recent years has warned that Chinese companies may not be able to refuse Beijing’s intelligence requests. This recommendation comes after U.S. intelligence officials have warned for years that the Chinese government could leverage another […]

The post Federal agencies recommend U.S. bar China Telecom over cybersecurity concerns appeared first on CyberScoop.

Continue reading Federal agencies recommend U.S. bar China Telecom over cybersecurity concerns