1-888-PIVOT-POINT | 1-888-748-6876

These Government links are part of a weekly series, Ethical Hacker Roundup, featuring recent information security and cybersecurity related articles that we’ve read over and thought worth sharing.

Mobile App Pen Testing ThumbnailApplications on Mobile Devices carry specific unique security concerns.
This whitepaper explores such vulnerabilities and explains in detail how to avoid them.

Download this Whitepaper Now!

These articles were emailed to us, shared on Twitter @pivotpointsec and our Google+ page, and read in RSS subscriptions this week.

Anonymous Repeatedly Hacks US Government Site

Hackers claiming to be part of the Anonymous hacker collective “owned” the US Sentencing Commission website (ussc.gov) on January 25 through 27, first replacing the home page with a long screed detailing its gripes with the US legal system and threatening to release embarrassing “secrets” stolen from US government websites.  The next move in “Operation Last Resort” was to turn the commission’s restored home page into a playable version of the classic Asteroids arcade game. A subsequent threat to release a list of people in the federal Witness Protection Program was bogus.

The hack was in retaliation for the suicide by hanging of Aaron Swartz on January 11 in his New York apartment. Swartz was awaiting trial on charges of computer intrusion. Swartz invented Really Simple Syndication (RSS) at the age of 14, and started the wiki platform infogami while an undergrad at Stanford. He was charged with breaking into JSTOR files of academic papers in order to make them freely and publically available. Prosecutors said they had no plans to seek jail time for Swartz.

When the Asteroids hack was finally shut down, Anonymous moved it to the US Probation Court for the state of Michigan website (miep.uscourts.gov) – suggesting that Anonymous could have background control of multiple US government websites.

Chinese Government Implicated in Cyber Assault on New York Times

The Chinese government apparently feels it has political reasons to assault the New York Times computer systems over a four-month period with 45 pieces of custom malware, which were built to compromise business processes and steal passwords. The persistent attacks were partly successful; however, the paper was able to surreptitiously detect and investigate them as they were underway, leading to identification of sophisticated Chinese hackers with probable ties to its government/military as the likely perpetrator. The Times has expelled the attackers and strengthened its systems for the future.

The attacks coincided with and were presumably motivated by the reporting of a times investigation that found that relatives of China’s prime minister, had accumulated a multi-billion dollar fortune through their business dealings. A reactionary desire on the part of China’s current oligarchy to control how the world perceives, discusses and acts towards China is the likely ideological basis for this and similar attacks on western media.

White House Cybersecurity Order Likely

The Chairman of the Senate Homeland Security and Governmental Affairs Committee, Tom Carper, said yesterday that the White House has “signaled” it will most likely introduce a long-awaited cybersecurity executive order in mid to late February. The order is a follow-up to the Cybersecurity Act of 2012, which was killed by Senate Republicans back in August 2012. (An early draft of the order was leaked on techdirt.com back in September.)

Carper announced that after the order is released, he plans to hold a joint hearing with the Commerce and Intelligence committees to discuss the measures included in the order. The Obama administration feels an executive order is necessary because the cybersecurity threats facing the US are too great for action to be further delayed by bipartisanship in the legislative branch.

Government IT Security

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant. See how we can help.