This NASA hack story keeps getting worse and worse. We knew that NASA had been the target of a handful off attempted cyber attacks last year, but in testimony before the U.S. House Committee on Science, Space, and Technology over the last week, we're getting the details straight from Paul Martin, NASA's inspector general. NASA was targeted 47 times last year and 13 of those hacks were successful, at various points handing hackers "full functional control" of critical NASA networks. At one point the agency even lost the keys to the International Space Station.
This week’s big cyber news comes packing quite a headline: More than four million PCs have been infected by a malicious program known as TDL-4, a botnet that is so sneaky, so evasive, so hard to detect and disinfect that it is “practically indestructible.” That quote comes courtesy of security researchers Sergey Golovanov and Igor Soumenkov of Kaspersky Labs, a cyber security firm and maker of anti-virus software. It’s a scary thought: a botnet so sophisticated that it can’t be detected and dismantled. But is it true?
Today in cyber threats: more than four million Windows PCs have been commandeered by a botnet that cybersecurity experts are calling nearly “indestructible.” Known as TDL-4 (it’s the fourth iteration of the malicious program), this particular little nuisance hides in places security software rarely checks and speaks with other infected machines and their overseers in a novel encrypted code. Some are calling it the most sophisticated threat out there today. Watch your back, Stuxnet.
The cyber-security cat is slowly slinking out of the bag, it seems. It's been a big month in cybersecurity news, ranging from some high-profile hacks at companies like Lockheed (home to sensitive American defense technologies) and a declaration from the Pentagon that cyber attacks perpetrated by foreign governments can be considered acts of war and dealt with accordingly.
More news on the cyber warfare front today as more details leak out about the Pentagon’s ongoing efforts to produce a cyber operation framework. Today we learn via the Washington Post that the Pentagon has a classified list of approved cyber weapons and tools that are ready to be deployed if necessary, just as the DoD has an approved list of traditional military responses to certain scenarios.
On the heels of a cyber attack that breached defense contractor Lockheed Martin’s network defenses last week, the Pentagon is opening the door to new means of dealing with cyber attacks perpetrated by foreign nations. In a new, formal 30-page cyber strategy document--unclassified portions of which will be made public next month--the Pentagon has deemed that cyber attacks can constitute acts of war, and that responses can include traditional military retaliation.
Hackers used Amazon’s Elastic Cloud Computing service to wage an attack on Sony’s PlayStation network last month, according to a report by Bloomberg News. If it’s true, it’s the first acknowledgement that a cloud service — billed as a cheap, dynamic solution for safely storing data and ramping up processing power — has been used as a platform for a cyber attack.
In the first on-the-record, official recognition that a foreign intelligence agency infiltrated sensitive U.S. military CentCom networks in 2008, Deputy Defense Secretary William J. Lynn III has revealed the source of the attack. And it was -- drumroll please -- a flash drive. A simple flash drive inserted into a military laptop at a location in the Middle East allowed malicious code to install and conceal itself on both classified and unclassified servers, opening them to foreign control.