As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.

How Russian Hackers Stole the Nasdaq - Businessweek

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries. Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

Dragonfly: Western Energy Companies Under Sabotage Threat | Symantec Connect

A ‘threat,’ according to the bill, is anything that makes information unavailable or less available. So, high-bandwidth uses of some types of information make other types of information that go along the same pipe less available," Greg Nojeim, a lawyer with the Center for Democracy and Technology, told me. "A company could, as a cybersecurity countermeasure, slow down Netflix in order to make other data going across its pipes more available to users." That’s a quick and easy way of setting up a two-tiered internet, with built-in Congressional approval, no FCC rules required. Nojeim was one of the authors of a strongly-worded statement of opposition sent to Dianne Feinstein, the bill’s sponsor. In the letter, the CDT, Electronic Frontier Foundation, American Civil Liberties Union, and more than a dozen other civil liberties groups said that the bill "arbitrarily harms average internet users.

Netflix Could Be Classified As a ‘Cybersecurity Threat’ Under New CISPA Rules | Motherboard

Public Wi-Fi has become an integral part of how mobile devices’ apps work. Apple and Google have both configured their mobile services to leverage Wi-Fi networks to improve their location services, and mobile and broadband companies offer public (and unencrypted) Wi-Fi networks to either offload users from their cellular data networks or extend the reach of their wired network services. Comcast, for example, has been expanding its Xfinity broadband networks by turning access points at homes and businesses into public Wi-Fi hotspots for subscriber access. That’s great for customers’ convenience, but it also opens up a potential vector of attack for anyone who wants to get in the middle of broadband users’ Internet conversations. We demonstrated one potential Wi-Fi threat during our testing—using a rogue wireless access point broadcasting the network ID (SSID) “attwifi” prompted AT&T iPhones and Android devices with default settings to automatically connect to them.

Tapped in: How your phone gives you up to companies and criminals | Ars Technica

Out of all of the critical infrastructure sectors reporting attacks, the most vulnerable to attacks is the energy sector," Gomez said. "Not any single sector within the energy industry is outside the scope of recent cyberattacks.

Cyber threats put energy sector on red alert | TheHill

Robert S. Litt, the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy agencies, said on Wednesday that it was “an unquestionable loss for our nation that companies are losing the willingness to cooperate legally and voluntarily” with American spy agencies. “Just as there are technological gaps, there are legal gaps,” he said, speaking at the Wilson Center in Washington, “that leave a lot of gray area” governing what companies could turn over. In the past, he said, “we have been very successful” in getting that data. But he acknowledged that for now, those days are over, and he predicted that “sooner or later there will be some intelligence failure and people will wonder why the intelligence agencies were not able to protect the nation.”

Internet Giants Erect Barriers to Spy Agencies - NYTimes.com

The high number of hacking victims is said to be due to two factors: the increasing dependency of Americans on online transactions and the sophistication of a new generation of hackers. “Now attackers are very focused,” Brendan Hannigan, the head of IBM’s security systems division, told CNN Money. “There are teams of them, and they create malware to attack specific organizations.”

Hackers Gained Access To 432 Million User Accounts Last Year | Digital Trends

62 percent of respondents in a recent national Consumer Reports survey of 3,110 online consumers said they have done nothing to protect their privacy on the Internet. Which is not to say that people don’t care. A recent Associated Press poll found that 58 percent of people have “deep worries” when spending online, and 58 percent of respondents to our survey said they were worried about government spying by the National Security Agency. For most people, the problem is simply not knowing how to attack a problem that seems so wildly out of their control.

Your Secrets Aren’t Safe | Online Security - Consumer Reports

U.S. utility's control system was hacked, says Homeland Security

A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility’s operations were affected, according to the Department of Homeland Security.

DHS did not identify the utility in a report that was issued this week by the agency’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

"While unauthorized access was identified, ICS-CERT was able to work with the affected entity to put in place mitigation strategies and ensure the security of their control systems before there was any impact to operations," a DHS official told Reuters on Tuesday.

» via Yahoo! News

There is no way to simultaneously defend U.S. networks while leaving foreign networks open to attack. Everyone uses the same software, so fixing us means fixing them, and leaving them vulnerable means leaving us vulnerable. As Harvard Law Professor Jack Goldsmith wrote, “every offensive weapon is a (potential) chink in our defense—and vice versa.”

Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them? - Bruce Schneier - The Atlantic