COUNTER TERRORISM PROJECT

AN OPEN SOURCE VIRTUAL INTELIGENCE SHARING PORTAL TO COUNTER THE GLOBAL THREAT OF TERRORISM THROUGH INNOVATIVE APPROACHES

Sunday, January 03, 2010

IDF dependence on technology spawns whole new battlefield
By Amir Oren
Tags: Israel news, cyberspace, IDF

Lieutenant General Gabi Ashkenazi tends to be quite sparing with praise for his officers. Thus it is particularly notable, say some who are present at discussions led by the chief of staff, when he offers frequent accolades to Brigadier General N., commander of the Intelligence Corps Unit 8200.

The chief of staff, like a few dozen officers in the General Staff, Military Intelligence, Air Force, Navy and special units, lives in a shadowy world of covert operations. Apart from military personnel, this world is also populated by civilians from the Shin Bet security service, the Mossad and sometimes the police as well as a handful of ministers and aides from the political echelon.

To this world, which has always existed, has recently been added the field of military activity concerned with communications networks and computers, for which the IDF is considering instituting a new framework. The person who heads it could essentially be called the "GOC Darkness Command." No one has yet been designated for the position, but Brig. Gen. N. is leading the race.
Advertisement

N., in his late 30s, is a veteran of the general staff's elite special-operations force Sayeret Matkal and other sensitive units in Military Intelligence. For one operation deep in hostile territory, he was awarded a citation by the chief of staff. A few years ago, he was appointed deputy commander of Unit 8200, which handles electronic intelligence gathering.

Brigadier General Danny Harari's tenure as the 8200 commander is not considered a shining success, and this year Ashkenazi and Military Intelligence chief Major General Amos Yadlin decided to appoint N. to command the unit. The only precedent for such a transition from special operations to heading 8200 occurred in the previous decade, with the tenure of Pinchas Barel-Buchris, currently director general of the Defense Ministry.

Unlike most of his predecessors at 8200, N. comes from the operations sphere, which puts him on an equal footing with intelligence clients who have infantry and armored brigades and divisions behind them. Ashkenazi's attitude toward Brigadier General N. is liable to be Military Intelligence's winning card in a hitherto hidden struggle that has been going on in the defense establishment over a key organizational issue: Which body will be authorized to coordinate the cyber combat. Two weeks ago, in a speech before the Institute for Strategic Studies in Tel Aviv, Yadlin, a former fighter pilot and head of an intelligence squadron in the air force, decided to drop plenty of broad hints.

He spoke about the need to preserve the technological disparity in Israel's favor, a supremacy most evident in its intelligence and air force capabilities, and in combining the two with precision-guided armaments to attack targets "that will have a decisive impact." The capabilities of Israel's enemies, said Yadlin, are still far from matching those of the IDF, but they are "defensively and offensively challenging our technological supremacy by means of precision missiles, computerization, anti-aircraft weapons, GPS and pilot-less aircraft."

Thanks to software companies in the West, which have made computer capabilities that were once preserved for superpowers into products available off the shelf to any government or organization, the enemy is now equipped with much more information and encrypting ability.

Yadlin calls this a "dramatic revolution" in cyberspace, which is the fifth dimension, after land and sea (up until the early 20th century), and later air and space. Air power as an arm of combat got off to a modest start as a mode of intelligence gathering; later it gained a defensive aspect (downing observation planes) and finally an offensive aspect (strategic bombings). It took decades for the intelligence and precision weapons technologies to come of age to the point at which they were used in the wars of the late 20th century, in the Middle East and the Balkans.

Given his experience as a fighter pilot who continues to believe in aerial power, Yadlin asserted that even if it is hard to say whether cyber power is now at a point similar to that of the air forces in World War I or World War II, "there is no question that cyber power has taken off as a military dimension in all three areas - intelligence gathering, defense and attack."

Yadlin advised his listeners to think carefully about their personal computers, cell phones and Internet habits, including files of pictures that indicate fields of interest, professional documents and whatever a stranger might be able to learn from their bank account information and reservations made for flights abroad. "Anyone who is able to hack into there ends up knowing quite a lot," warned the Military Intelligence chief, "if you catch my drift."

Even more than the intelligence gathering and attack capabilities ("Just imagine the damage a single skilled hacker could cause if he penetrated the systems of the infrastructure, transportation and communications companies,"), Yadlin is concerned about the potential defensive capabilities. "Many people believe that defense must go hand in hand with intelligence gathering and attack. Cyber power gives the little guys the kind of ability that used to be confined to superpowers. Like unmanned aircraft, it's a use of force that can strike without regard for distance or duration, and without endangering fighters' lives."

And discussion of these matters, the man responsible for secrets in the IDF added surprisingly, needn't be confined to private forums.

Besides Military Intelligence, the other main contender for the cyber crown is the Teleprocessing Branch, a more modern incarnation of the Communications Corps and the youngest of the branches of the General Staff, which will celebrate just its eighth birthday two months from now. Military Intelligence, meaning Unit 8200, and the Teleprocessing Branch - through its Teleprocessing and Information Technology Unit (known by the Hebrew acronym Lotem). Part of Lotem's duties is to safeguard military data and it includes the Center of Encryption and Information Safety. The powerful Military Intelligence branch is threatening to deny Lotem the pleasure, which would put a damper on next week's 50th-anniversary celebrations of the unit's Center of Computers and Information Systems.

Cyber wars

In the wake of a series of events in the past two years (Estonia, Georgia, the Pentagon being attacked by a computer virus), governments, armies, police forces and intelligence communities have awakened to the dangers emanating from the direction of China, Russia, terror groups and criminal gangs. The fall of the barriers between telecommunications, Internet and television, and the total dependence on computer networks, to which entire economies and populations are exposed and have come to rely upon to the point of addiction, has spawned new organizations. The aim of these groups is to operate within this sphere that blurs the old inner-outer, military-civilian, security-criminal lines, or to coordinate the actions of existing groups.

In Britain, the government secretariat is to include a section to coordinate government, military and civilian cyber policy. The British counterpart of Unit 8200, in Cheltenham, will "host" the new Cyber-Security Operations Centre, in addition to its regular duties.

The American situation is more complicated. Last week, President Obama appointed a cyber-security czar, Howard Schmidt, who has experience in the defense and technology fields (and is a former eBay and Microsoft executive). On the operational level, responsibility for cyber-security is divided between the NSA (army and intelligence) and the Department of Homeland Security (administration and economy). "Our friends in the world share the unease," said Yadlin in his lecture, citing the Americans' cyber command. "It fits with Israel's conception of security. No great natural resources are required. It's all available right here, without any dependence on foreign aid, in an area with which Israeli young people are very familiar. Staying ahead of the game is important in light of the dizzying change of pace in the cyber world: at most, a few months in response to a change, compared to the years that pilots had."

Yadlin concluded with some words of praise for his underlings in Military Intelligence: "Every day I meet the soldiers and officers whose job is to march us confidently ahead into this new world. With them," referring to Brigadier General N. and his colleagues in Unit 8200, "we will be able to compete in the cyber Premier League."

At the end of the summer, N. visited NSA chief General Keith Alexander and came back determined to be appointed, like him, a commander of the cyber battle. Alexander, meanwhile, is due to receive a fourth star when he assumes command of the cyber division being established by the Pentagon at the instruction of Defense Secretary Robert Gates. But copying a foreign structure like this to IDF conditions would necessitate some adjustments. Nor is it clear where the Shin Bet, which is legally mandated as a "national authority for the securing of data," fits within the boundaries of this new sector.

A reservist general who is well versed in the matter expressed concern this week that expanding 8200's field of responsibility to cyberspace will adversely impact the unit's core intelligence skills. But another former senior Military Intelligence officer believes there is no other practical solution: With all due respect to the Teleprocessing Branch and to Lotem, it would be easier to attract the best recruits to 8200, he says.

Friday, December 25, 2009

Best Defense is a Good Offense

The Best Defense Against Cyber Insurgents is a Good Offense

Danger Room is doing an outstanding job covering the story regarding insurgents capturing data from drones by eavesdropping the airwaves first revealed by the Wall Street Journal. Additional stories have covered other systems potentially vulnerable, potential ramifications of insurgent data interception, and my personal favorite – a discussion with Rex Buddenberg of the Naval Postgraduate School regarding the broader problem where the DoD focuses primarily on link security (communication protection) as opposed to data security (information protection).

But most of the conversation to date has taken a traditional military view of the problem. Ask an Army General what it means when the enemy is using specific tactics to infiltrate your lines of communication, and the General is unlikely to give you any good news. Ask a cyber soldier what it means when the enemy is using specific tactics to infiltrate your lines of communication, and you might notice a slight smile cross the soldiers face. When the enemy is in your lines it means bad news in traditional military terms, but in the asymmetrical world of cyber warfare this development should be seen as an opportunity.

Consider the details surrounding this massive security breach and consider whether things are as they appear. We know a lot of detail, a shocking amount actually.

* We know what systems are most vulnerable.
* We know what software is being used by the enemy.
* We know what hardware is being used by the enemy.
* We may even have a good idea of the skill level of the cyber insurgent.
* We have a good degree of knowledge on the devices receiving and potentially disseminating the data.
* We have complete control over the devices expected to send the information.

In cyber warfare terms, that is a gold mine of information.

There is a phrase in cyber warfare: The distance between information dominance and disinformation dominance is measured in millimeters. The use of “disinformation” in that phrase is often confused to mean playing charades with data (or changing data), but it should be seen in the context of social engineering for information (sometimes described as lie to learn). The DoD treats information as a weapon, always has. That isn’t always a good thing for our strategic communications, but in this case, treating information as a weapon is appropriate. Unless the Wall Street Journal article is one of the best conceived disinformation campaigns in cyber military history, it is very unlikely the WSJ’s source is a cyber security expert – rather a traditional military thinker who is forgetting to channel his inner Clausewitz.

In the old days of full disclosure for computer security vulnerabilities it was common for cyber experts wearing either a white or black hat to utilize a honeypot set to detect, deflect, sometimes counteract, but always to make record of attempts at unauthorized use of information systems. The purpose of most honeypots was to learn new techniques and identify common patterns used in the internet wild. Honeypots were intentionally left undefended in many cases, because the hope was to lure the hacker in.

From a cyber warfare perspective, the short term solution to the UAV video issue is not to encrypt the data (which is the long term solution), rather to use the unencrypted video stream to go after the cyber insurgents – with the specific intention of getting inside their network. It is not complicated to have a normal UAV camera send a video signal exactly as intended for the military function, but include packet data that exploits vulnerabilities in software like skygrabber, or to include code that exploits known vulnerabilities in popular video players. I’m sticking to very common examples that are easily understood by the masses, but at many layers of the UAVs video signal the potential to exploit the unencrypted broadcasted video feed as a weapon is significant.

In cyber warfare on today’s military battlefield, the UAV would became the signaling device intended to turn every unauthorized listening laptop into a potential breached system of the insurgent network, and there are many ways to add data to the UAV video system without compromising the military use of the video system. It is entirely probable the DoD is leveraging the known vulnerabilities of the video feed to turn the insurgent satellite snooper network into a new gateway into the insurgent information network.

While this UAV data breach does represent a horribly designed, taxpayer funded military information network, there is no reason the DoD isn’t already using this “problem” to our advantage, and leveraging the detailed knowledge of the insurgent eavesdropping techniques to get the cyber insurgents unwittingly working for our side. Most of the social engineering work has already been done; we know what the target network entry point, hardware, software, and user skill level… all that is left is to develop and deliver payloads.

Our Clausewitz trained military knows the best defense is a good offense. On today’s cyber military battlefield, going offensive with cyber “smart bombs” is a legitimate response to unauthorized network intruders in a war zone, indeed it should be standard operating procedure for all unencrypted military networks moving potentially sensitive data.

[U.S. Naval Institute]

Tuesday, November 10, 2009

BRAZIL CYBER ATTACKS???????



SAO PAULO, Brazil — A massive 2007 electrical blackout in Brazil has been newly blamed on computer hackers, but was actually the result of a utility company’s negligent maintenance of high voltage insulators on two transmission lines. That’s according to reports from government regulators and others who investigated the incident for more than a year.

In a broadcast Sunday night, the CBS newsmagazine 60 Minutes cited unnamed sources in making the extraordinary claim that a two-day outage in the Atlantic state of Espirito Santo was triggered by hackers targeting a utility company’s control systems. The blackout affected 3 million people. Hackers also caused another, smaller blackout north of Rio de Janeiro in January 2005, the network claimed.

Brazilian government officials disputed the report over the weekend, and Raphael Mandarino Jr., director of the Homeland Security Information and Communication Directorate, told the newspaper Folha de S. Paulo that he’s investigated the claims and found no evidence of hacker attacks, adding that Brazil’s electric control systems are not directly connected to the internet.

The utility company involved, Furnas Centrais Elétricas, told Threat Level on Monday, it “has no knowledge of hackers acting in Furnas’ power transmission system.”

insulatorA review of official reports from the utility, the country’s independent systems operator group and its energy regulatory agency turns up nothing to support the hacking claim.

The earliest explanation for the blackout came from Furnas two days after the Sept. 26, 2007, incident began. The company announced that the outage was caused by deposits of dust and soot from burning fields in the Campos region of Espirito Santo. “The concentration of these residues would have been exacerbated by the lack of rain in the region for eight months,” the company said.

Brazil’s independent systems operator group later confirmed that the failure of a 345-kilovolt line “was provoked by pollution in the chain of insulators due to deposits of soot” (.pdf). And the National Agency for Electric Energy, Brazil’s energy regulatory agency, concluded its own investigation in January 2009 and fined Furnas $3.27 million (.pdf) for failing to maintain the high-voltage insulators on its transmission towers.

Cascading electrical failures like the one in Espirito Santo often have a number of contributing factors, and it’s possible that the poorly maintained insulators were only the most conspicuous element in the 2007 incident.

Reports that hackers triggered at least one blackout outside the United States first got wide attention last year, based on comments made by the CIA’s chief cybersecurity officer, Tom Donahue. He declined, however, to identify any country or the specifics of the alleged attacks. The blackout claim even made it into a speech given by President Obama in May. “In other countries cyberattacks have plunged entire cities into darkness,” Obama said, not mentioning the cities. In an interview with Threat Level last month, former cybersecurity czar Richard Clarke named Brazil as a hack-attack blackout victim, but didn’t provide verifiable details.

In some versions of the story, the hackers were trying to extort money from the utility. The 60 Minutes broadcast this week — which cited six unnamed sources in the intelligence, military and cybersecurity communities — was the first to peg the story to specific blackouts. CBS did not repeat the extortion claim, reporting instead that the location and motives of the hackers are a mystery.

Fallout from the story kept telephones ringing in Brazil’s electricity sector Monday. “Everyone’s been calling us all day about it,” said a beleaguered spokesman with the National Operator of the Electric System.

Top image: Sao Paolo endures a power outage in 1999.
Dario Lopez-Mills/AP

GRID ATTACKS OR HUMAN FAULT OUTAGE

Brazilian Blackout Traced to Sooty Insulators, Not Hackers
http://www.wired.com/threatlevel/2009/11/brazil_blackout/

Errata Security: Power Outage NOT Caused by Hackers
http://erratasec.blogspot.com/2009/11/brazil-outage-not-caused-by-hackers.html
• Report: Cyber Attacks Caused Power Outages in Brazil
• No Chinese Hackers Found in Florida Outage Either
• Did Hackers Cause the 2003 Northeast Blackout? Umm, No
• Put NSA in Charge of Cyber Security, Or the Power Grid Gets It

Sunday, October 25, 2009

New Security Paradigm Needed

http://www.hartfordbusiness.com/news10467.html

New Security Paradigm Needed

10/05/09


With the eighth anniversary week of 9/11 behind us, the U.S. remains vulnerable to a devastating cyber attack directed at its critical infrastructure. Despite warning signs of this threat, policy makers continue to prepare for the last war, ignoring the major lesson of both 9/11 and Pearl Harbor — not to “be prepared,” but to understand the changing nature of warfare. U.S. policy makers need to adopt a new security paradigm to defend critical asset, especially energy infrastructure, from a devastating cyber strike.

Several years ago the California Independent System Operator reported: “For at least 17 days at the height of the energy crisis, hackers mounted an attack on a computer system that is integral to the movement of electricity throughout California.” A more recent public report by a CIA analyst says this is a global problem and criminals have launched cyber attacks against foreign power utilities with the goal of extorting money.

One call to action came with the release of a CNN video showing how a software attack quickly destroyed a generator. A similar attack on key electric facilities could take out power to major geographic areas and if incapacitated for three months, the economic price tag would be about $700 billion, according to Scott Borg, chief economist at the U.S. Cyber Consequences Unit, a private nonprofit think tank. While the North American Electric Reliability Corporation (NERC) approved new standards to improve cyber security, the grid remains vulnerable as regulations require further refinement, focus and effective enforcement.

In preparing for the future, it might be useful to look back at other grim prophecies that, had they been heeded, could have prevented catastrophes. One example was Brigadier General Billy Mitchell who warned in April 1926 that there would be “a surprise aerial attack on Pearl Harbor;” or just as Richard Clarke, former top US counterterrorism official and “Cyber Czar” warned White House officials of the threat of al Qaeda prior to 9-11.

The Obama administration’s prioritization of energy security is a start as energy and telecom are the two primary critical infrastructures upon which all others are dependent. All modern infrastructures including banking, hospitals, water, and defense depend on these interrelated infrastructures for their operation and “the power grid is the foundation of it all,” noted cyber war expert Winn Schwartau.

One bright spot is the government’s allocation of $4.1 billion of stimulus funds to invest in the new “Smart Grid.” “Smart” implies a move away from totally centralized generation and control to two-way communications between the utility and end users.

However, unless security is part of the design criteria, the smart grid will not live up to its name; done poorly, increased communications will be accompanied by increase cyber vulnerabilities. First and foremost, a new paradigm must include security into the design and operational criteria as something more than merely an afterthought. More specifically, adaptive islanding or physically dispersing small, modular generators allows for some continued operation if the overall transmission system has been disrupted either physically or by cyber attack. Locating the distributed sources closer to the place of use minimize the vulnerability of transmission lines.

Another one of the challenges is the private sector owns and operates the majority of the country’s critical energy infrastructure. A leading advocate of building a private-public partnership, Richard Clarke, commented: “The owners and operators of electric power grids, banks and railroads; they’re the ones who have to defend our infrastructure.”

Until these improvements are made, the current electrical grid will continue to operate with inefficiencies; physical and cyber vulnerabilities that could potentially cripple our economy. Current economic inefficiencies cost billions of dollars in losses each year and present a major challenge as increases in the world’s energy demand will require supply to triple by 2050. Combined with the new cyber threats, we must quickly employ public-private partnerships that engage entrepreneurs to incorporate comprehensive security into any future “smart grid” design in ways that also minimize loses in operational efficiency. Moreover, building a stronger and smarter electrical energy infrastructure will transform the country, mitigate risk, create jobs, and slow destruction of the environment.

Joel Gordes is an energy security consultant and President of Environmental Energy Solutions in West Hartford. Michael Mylrea is a security consultant.


Saturday, December 06, 2008

Most UAE hacking attacks from Chinese servers - The National Newspaper

Most UAE hacking attacks from Chinese servers - The National Newspaper

ABU DHABI // More than 70 per cent of the hundreds of hacking attacks that target UAE computers every month come through Chinese servers, according to the national body responsible for combating cybercrime.

Computer security experts from the Computer Emergency Response Team, or aeCert, said another 14 per cent of hacking, phishing and other internet attacks originated in Iran and 14 per cent from North Korea, with just two per cent coming from elsewhere in the world.

“Most of the attacks we are seeing in the UAE are either phishing, where people are tricked into putting their bank or credit card details into fraudulent websites, or hackers defacing websites,” said Fatma Bazargan, the research and analysis manager for aeCert. “Most attacks are aimed at private individuals and a lot of people have lost out financially because of phishing scams.”

Wednesday, November 26, 2008

Terror filter software available
Tuesday, November 18, 2008

The Home Office and industry have produced filtering software that can restrict access to websites which advocate or promote terrorism.

Aimed at schools, businesses and parents, it is hoped it will further enhance internet safety on home computers.

"Stopping people becoming or supporting terrorists is the major long-term challenge we face," Home Secretary Jacqui Smith said. "I want to give parents and guardians the power to decide what content is downloaded on their computers at home, which is why we have worked hard to develop these tools with various software companies.

"Building on the work we have done around child protection on the Internet, this software is a significant step in making the Internet a safer place for vulnerable people and these tools will also offer our schools, colleges and businesses further safety nets.

"It is reassuring that filtering software companies are taking the threat of online terrorism seriously and have developed the appropriate tools for all internet users. I would like to thank them for their hard work."

Those interested in downloading the software should check with their Internet Service Provider.

Tuesday, November 25, 2008

Economic Bust, Cybercrime Boom - Forbes.com

Economic Bust, Cybercrime Boom - Forbes.com


Forbes.com


Security
Economic Bust, Cybercrime Boom
Andy Greenberg, 11.19.08, 12:00 AM ET

The first ripples of a growing wave of cybercrime may be appearing.

In the physical world, the connection between declining business and crime is simple enough: As the above-ground economy suffers, the underground economy swells. The connection between economic trouble and cybercrime is trickier to prove. But as the economy slows, some online crime watchers see signs that a portion of newly unemployed skilled tech workers are turning to the theft and exploitation of sensitive data even as the existing cybercriminal economy is finding new ways to exploit consumer confusion around the banking meltdown.

Meanwhile data on industry spending for security suggests that companies are preparing for the worst. Fear about the downturn's consequences for data protection has kept the cybersecurity industry practically recession-proof, even as other IT spending slumps.

Gartner security analyst Avivah Litan reports that in recent months, banking clients have been warning her of a spike in fraud, much of it based on the use of stolen financial data. "There's been a marked increase in the number of attacks and the number of successful fraud attempts," says Litan, who plans to publish a formal report in December. "This is the busiest my practice has ever been."

Litan blames the attacks on the thousands of IT workers who have recently found themselves jobless, with the technical abilities needed to steal data or perpetrate fraud along with specific knowledge of their former employer's IT systems. "In times like these, people need the cash," she says. "You have disgruntled IT employees that leave companies, take customer records with them to sell them on the black market."

As the financial crisis spreads from the U.S. to other parts of the world, it will likely drive more laid-off employees into the Eastern European and Russian cybercriminal economy, says Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit, a nonprofit organization that acts as a go-between for the private sector and government on cybersecurity issues. Borg says he's spoken with local government officials about "identifiable pockets of engineers" that are migrating from legitimate computer work to the Internet underworld. "These are talented computer scientists, people who expected to be in positions of prestige, but are now unemployed without prospects, basically let down by their system."

For now, those hints of a trend are difficult to back up with numbers. Security researchers at McAfee, for instance, report an explosion in the number of different strains of malicious software plaguing the Internet in recent months. Dave Marcus, McAfee's director of security research, says the most recent uptick began in March--when the company began detecting around 170,000 strains a month versus 30,000 or 40,000 in earlier months. This was around the time of the collapse of Bear Stearns but still several months before the brunt of the credit crisis hit the technology sector.

At least one sort of cyberattack can be linked directly to the downturn: scam e-mails that exploit consumer confusion resulting from the banking crisis. E-mail security firm Message Labs has tracked floods of so-called "phishing" e-mails following practically every rumor of a bank merger or collapse, impersonating official bank statements and asking users to "verifying your account details." That string of new scam targets has pushed the total volume of phishing e-mails from a maximum of around 400,000 a day in August to nearly 800,000 a day in November.

There's also some evidence that the scams are more profitable than ever. MessageLabs researcher Maksym Schipka, who often monitors Russian-language cybercriminal Web forums, says he has seen dozens of advertisements for stolen identity information that have doubled or tripled their prices over the last month. A stolen identity that once cost $5, for instance, now sells for $15, he says.

Schipka believes that's a result of two factors: Consumers are using a smaller fraction of their credit cards' credit limit, leaving more to be stolen by fraudsters, and a higher fraud rate has led to more demand for personal information. "This is a market driven completely by supply and demand, and a rise in demand is driving the change in the shadow economy," he says.

While that kind of data remains largely anecdotal, the evidence is enough to keep corporations spending on cybersecurity technology even as they trim expenditures on other information technology. According to a report earlier this month from Gartner's Avivah Litan, banks plan to keep spending on fraud prevention systems through the downturn.

In another report last month from research firm IDC, less than 10% of companies planned to cut security spending, the least of any category of tech expenditures. More than a quarter of those companies, by contrast, planned to scale back spending on business intelligence software and collaboration software.

Another report from Forrester Research in September showed that security spending would increase during the banking meltdown to account for 10% of total IT budgets. The bulk of that money, says Forrester analyst Jonathan Penn, will go toward systems designed to keep former employees or disgruntled workers out of proprietary systems and to prevent business-killing data breaches.

"In periods of recession or slow growth, companies are going to turn their attentions to customer retention rather than customer acquisition," writes Penn in an e-mail. "The last thing you need in that environment is a data breach and the associated brand damage."

See Also:

Cybercrime Gets Its Game On

The State of Cybercrime

Our Hackable Democracy




US taps online youth groups to fight crime, terrorism News - Yahoo!Xtra News

US taps online youth groups to fight crime, terrorism News - Yahoo!Xtra News

WASHINGTON (AFP) - The US State Department announced plans on Monday to promote online youth groups as a new and powerful way to fight crime, political oppression and terrorism.

Drawing inspiration from a movement against FARC rebels in Colombia, the State Department is joining forces with Facebook , Google, MTV, Howcast and others in New York City next week to get the "ball rolling."

It said 17 groups from South Africa , Britain and the Middle East which have an online presence like the "Million Voices Against the FARC" will attend a conference at Columbia University Law School from December 3-5.

Observers from seven organizations that do not have an online presence -- such as groups from Iraq and Afghanistan -- will attend. There will also be remote participants from Cuba.

They will forge an "Alliance of Youth Movement," said James Glassman, under secretary of state for public diplomacy.