Apple may have refused to help the FBI unlock an iPhone used by the San Bernardino shooter, but the tech industry is still better off working with the U.S. government on encryption issues than turning away, according to a former official with the Obama administration.

“The government can get very creative,” said Daniel Rosenthal, who served as the counterterrorism director in the White House until January this year. He fears that the U.S. government will choose to “go it alone” and take extreme approaches to circumventing encryption, especially if another terrorist attack occurs.

[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]

“The solutions they come up with are going to be less privacy protective,” he said during a talk at the Versus 16 cybersecurity conference. “People will think they are horrifying, and I don’t want us to see us get to that place.”

Rosenthal made his comments as President-elect Donald Trump—who previously called for a boycott of Apple during its dispute with the FBI—prepares to take office in January.

A Trump administration has a “greater likelihood” than the Obama administration of supporting legislation that will force tech companies to break into their customers’ encrypted data when ordered by a judge, Rosenthal said.

“You have a commander-in-chief, who said at least on the campaign trail he’s more favorable towards a backdoor regime,” Rosenthal said.

Earlier this year, one such bill was proposed that met with staunch opposition from privacy advocates. However, in the aftermath of another terrorist attack, Congress might choose to push aside those concerns and pass legislation drafted without the advice of Silicon Valley, he said.  

Rosenthal went on to say that U.S. law enforcement needs surveillance tools to learn about terrorist plots, and that’s where the tech industry can help. During his time in the White House, he noticed a “dramatic increase” in bad actors using encryption to thwart government efforts to spy on them.

“There are people trying to come up with a reasonable solution,” he said of efforts to find a middle ground on the encryption debate. “To immediately say there is no solution is counter historical.”

dsc05324Michael Kan

Cindy Cohn (right), executive director of EFF, and Daniel Rosenthal, former director of counterterrorism for the White House.

However, Rosenthal’s comments were met with resistance from Cindy Cohn, executive director for Electronic Frontier Foundation, a privacy advocate. She also spoke at the talk and opposed government efforts to weaken encryption, saying it “dumbs down” security.

“This idea of a middle ground that you can come up with an encryption strategy that only lets good guy into your data, and never lets a bad guy into your data, misunderstands how the math works,” she said.

Law enforcement already possess a wide variety of surveillance tools to track terrorists, she said. In addition, tech companies continue to help U.S. authorities on criminal cases and national security issues, despite past disputes over privacy and encryption.

But law enforcement has done little to recognize the risks of building backdoors into products, Cohn said. Not only would this weaken security for users, but also damage U.S. business interests.

“If American companies can’t offer strong encryption, foreign companies are going to walk right into that market opportunity,” she said.

Cohn also said any effort to force U.S. companies to weaken encryption wouldn’t necessarily help catch terrorists. That’s because other strong encryption products from foreign vendors are also circulating across the world.

“The idea that the Americans can make sure that ISIS never gets access to strong encryption is a pipe dream,” she said. “That’s why I think this is bad idea. Because I don’t think it’s going to work.”

The Versus 16 conference was sponsored by cybersecurity firm Vera. 

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.

InfoWorld Security

A computer hacker who helped the Islamic State group by providing stolen personal data on more than 1,000 US government and military workers was sentenced Friday to 20 years in prison.

Ardit Ferizi, a 20-year-old citizen of Kosovo known by his hacking moniker "Th3Dir3ctorY," was sentenced in a US federal court in Virginia, the Justice Department said.

"This case represents the first time we have seen the very real and dangerous national security cyber threat that results from the combination of terrorism and hacking," said John Carlin, assistant attorney general for national security.

"This was a wake-up call not only to those of us in law enforcement, but also to those in private industry," his statement read.

Malaysian police arrested Ferizi in September 2015 on behalf of a provisional US arrest warrant. The suspect was extradited to the United States for prosecution.

The so-called "terrorist hacker" pleaded guilty in June in US court for his role in the IS group's targeting of US government personnel for attacks.

He admitted he had given hacked data to an IS member who posted a 30-page document on Twitter -- a virtual hit list containing names, email addresses, email passwords, locations and phone numbers for about 1,300 US military and other government personnel.

The Twitter message containing the document read: “NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!”

"We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts," the document said in part, according to the Justice Department.

"We are extracting confidential data and passing on your personal information to the soldiers of the (caliphate), who soon with the permission of Allah will strike at your necks in your own lands!"

Related: 'IS Hacker' Accused of Stealing US Data Arrested in Malaysia

Related: ISIS Cyber Ops: Empty Threat or Reality?

view counter

© AFP 2016


SecurityWeek RSS Feed

Two US lawmakers who are members of their respective intelligence committees said Thursday that a spate of recent cyber attacks suggests Russia is trying to disrupt the November election.

"Based on briefings we have received, we have concluded that the Russian intelligence agencies are making a serious and concerted effort to influence the US election," said a statement from Senator Dianne Feinstein and Representative Adam Schiff, both Democrats from California.

"At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes of the election -- we can see no other rationale for the behavior of the Russians."

US officials have stopped short of blaming Moscow for the wave of computer intrusions, but many analysts have said the attacks appear to be from Russian hackers.

Feinstein and Schiff, who as members of their intelligence committees receive classified briefings, said they believe that the hacks "could come only from very senior levels of the Russian government" and called in Russian President Vladimir Putin "to immediately order a halt to this activity."

"Americans will not stand for any foreign government trying to influence our election," they said.

"We hope all Americans will stand together and reject the Russian effort."

The recent breach of Democratic National Committee data, along with other electronic intrusions, has raised concerns about cyber incidents that could affect the outcome of the US presidential race, or other contests.

The campaign of Democratic presidential candidate Hillary Clinton said one of the hacks had accessed an analytics data program.

Cybersecurity experts see a potential for more hacks and incidents in the coming months which could hurt the integrity of the election campaign.

Related: XTunnel Malware Specifically Built for DNC Hack

view counter

© AFP 2016


SecurityWeek RSS Feed

Crafty GovRAT malware is found targeting U.S. government employees

The U.S. Capitol building in Washington.

Credit: Matt Wade

A tough-to-detect malware that attacks government and corporate computers has been upgraded, making it more aggressive in its mission to steal sensitive files, according to security firm InfoArmor.

Last November, InfoArmor published details on GovRAT, a sophisticated piece of malware that’s designed to bypass antivirus tools. It does this by using stolen digital certificates to avoid detection.

[ Roger Grimes' free and almost foolproof way to check for malware. | Discover how to secure your systems with InfoWorld's Security newsletter. ]

Through GovRAT, hackers can potentially steal files from a victim’s computer, remotely execute commands, or upload other malware to the system.

Earlier this year, however, the makers of GovRAT came out with a second version, according to a new report from InfoArmor. The malware features an additional function to secretly monitor network traffic over the victim’s computer -- something with scary consequences.

“If you’re downloading something from a particular resource, the hackers can intercept the download and replace it with malware,” said InfoArmor CIO Andrew Komarov on Friday.

Last year, InfoArmor said that earlier versions of GovRAT had attacked more than 15 governments around the world, in addition to seven financial institutions and over 100 corporations.

The number of GovRAT victims, however, is growing, according to InfoArmor. That’s partly because the maker behind the malware has been selling it to other hackers on Hell Forum, a black market website, Komarov said.

Buyers of GovRAT have also been supplied with a stolen database of 33,000 Internet accounts, some of which belong to U.S. government employees, InfoArmor said. It includes email addresses, hashed passwords, full names, and addresses.

Hackers can use the contact information to carry out GovRAT attacks on U.S. government targets, Komarov said. That can be done through phishing emails or
InfoWorld Security

The FBI is taking "very seriously" the possibility a foreign country is trying to meddle with America's electoral process and even influence voting outcomes, the agency's director James Comey said Thursday.

US agencies, companies and individuals are frequently targeted by overseas hackers, and Democratic presidential nominee Hillary Clinton's campaign has accused Moscow of hacking into Democratic National Committee (DNC) emails.

The recent breach of DNC data, along with other electronic intrusions, has raised concerns about cyber incidents that could affect the outcome of the US presidential race, or other contests.

FBI agents "take very seriously the notion that a state actor is messing someway in our electoral process -- whether that is to disrupt, to influence, to sow discord, or to create doubt," Comey said at a Washington security summit, without specifically mentioning Russia.

The FBI is "working very hard" to understand the size and scope of any hacking attempts, he said, but tried to reassure the public that the old-fashioned way of tallying ballots in many states protects them from hackers.

"The actual vote counting in this country tends to be kind of clunky, in a way that's a blessing because it makes it more resilient," he said.

Director of National Intelligence James Clapper on Wednesday said Russia hacks US computer networks "all the time."

view counter

© AFP 2016


SecurityWeek RSS Feed

Two men suspected of belonging to a network that hacked the emails of top American officials including CIA chief John Brennan were arrested Thursday in North Carolina, the authorities announced.

Andrew Otto Boggs, 22, and Justin Gray Liverman, 24, are accused of taking part in a group of hackers nicknamed the "Crackas With Attitude," a Justice Department statement said.

Members of the network illegally accessed the personal data of the officials and their families between October 2015 and February 2016, downloading private information and then publishing it on public sites or harassing their victims by telephone, according to the department.

At least three members of the group reside in Britain, where they are under investigation, the department said.

Boggs, who uses the alias "INCURSIO," and Liverman, who goes by "D3F4ULT," are to appear next week before a federal court in Virginia to answer to the charges.

In October 2015, the WikiLeaks organization published documents drawn from Brennan's personal emails. He expressed "outrage" over the cyber-attack, saying he had not been irresponsible in his use of a personal email account.

Police in Britain investigating the matter, in February arrested a 16-year-old student suspected of involvement.

CNN and the technology website Motherboard reported at the time that the targets of "Crackas With Attitude" included top CIA officials like Brennan, as well as senior figures in the FBI, the Homeland Security Department, the White House and other federal agencies.

In January, the US director of national intelligence James Clapper said that he, too, had been the victim of cyber pirates who had gained access to the personal account he used for internet and telephone service, managing even to intercept phone calls from his home, Motherboard reported. 

view counter

© AFP 2016


SecurityWeek RSS Feed

Almost half of U.S. businesses hit by ransomware, study says

Ransomware has become a growing menance.

Credit: Palo Alto Network

The threat of ransomware is becoming widespread among corporations, with almost half of U.S. businesses suffering an attack from the nasty form of malware recently, according to a new survey.

Security firm Malwarebytes sponsored the study, which found in June that 41 percent of U.S. businesses had at least encountered between one to five ransomware attacks in the previous 12 months. Another 6 percent saw six or more attacks.

[ Roger Grimes' free and almost foolproof way to check for malware. | Discover how to secure your systems with InfoWorld's

The malware, which can infect a computer and take the data hostage, can be bad for business. 34 percent of the victim corporations in the countries surveyed reported losing revenue because the ransomware had prevented access to important files.

U.S. businesses victimized by the malware generally didn’t suffer a heavy toll, and only 6 percent of them reported losing revenue. In most cases, the malicious code only affected personal files.

The survey also looked at how the ransomware was affecting these enterprises, and found that generally the malware had been designed to affect desktop PCs or laptops. The infection often came through links and attachments inside emails, or from a website or web application.

The response of companies to the threat varied across countries. In the United States, only 3 percent of the businesses hit by the ransomware decided to pay the hackers.

That’s a big difference from the Canadian businesses surveyed, of which 75 percent said they agreed to pay the ransom.

The survey said this was probably because the ransomware attacks in the United States often target lower-level employees and tend to only infect a few computers.

ransomware figure2Osterman Research

More amateur cyber criminals are probably indiscriminately spreading ransomware in the United States like spam, the survey added. Low-level ransom demands of up to $ 500 are prevalent in the United States. However, high ransom demands of over $ 10,000 are more common in Germany.

Malwarebytes sponsored Osterman Research to conduct the study by surveying 540 CIOs, CISOs, and IT directors across the four countries.

Cyberattacks from U.S. "greatest concern"
Published: 2010-01-28

Global companies worry more about cyberattacks from actors based in the United States, not China, according to a survey of 600 information-technology executives released by McAfee on Thursday.

The survey found that 36 percent ranked network attacks coming from the United States as their "greatest concern," compared to 33 percent most concerned about attacks from China. Russia came in a distant third, with only 12 percent of those polled rating it the most concerning. Different industry sectors worried about potential attackers from different countries: Government agencies worried more about attacks from China, while executives in the power industry worried more about attacks from Russia.

The report also put a number on the cost to companies of a network attack: $ 6.3 million a day.

"That is a huge number and it incentivizes companies to tackle their security problems," said Phyllis Schneck, vice president of threat intelligence for McAfee. "It opens people's eyes to infrastructure protection as a global cybersecurity issue."

The report arrived two weeks after Google publicized a series of network attacks that targeted the online giant and at least twenty, and as many as 33, other companies. The company attributed the attack to attackers operating out of China.

The report also found that cybercrime had plagued infrastructure firms, with one-in-five companies reporting extortion attempts or threats of cyberattack in the past two years. Some industry sectors were targeted more often, however. Nearly a third of respondents in the oil-and-gas industry were threatened with attacks, while 27 percent of power firms acknowledged such threats.

On Monday, the Christian Science Monitor documented its five-month investigation into attacks on oil-and-gas firms.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos

SecurityFocus News