For those that attended the 2016 Annual Conference, we wanted to provide some additional materials.

The McAfee Labs 2017 Threats Predictions Report was published on November 29th, 2016.

In conjunction with the report, McAfee Labs is hosting a webinar on December 14th, at 11am PST/2pm EST: Live McAfee Labs Webcast: 2017 Threats Predictions.

The Congressional Research Service Extraterritorial Application of American Criminal Law report was published on October 31st, 2016.

Share

A congressional committee criticized the FDIC’s handling of more recent data breaches.

The U.S. Federal Deposit Insurance Corporation is updating cyber security policies after a 2015 data breach in which a former employee kept copies of sensitive information on how banks would handle bankruptcy, the regulator’s chief said on Thursday.

FDIC Chairman Martin Gruenberg also said he made personnel changes after receiving a report in 2013 informing him that he had not been fully briefed about the major compromise of the regulator’s computers by a foreign government in 2010 and 2011.

Gruenberg made the comments in prepared remarks for a hearing of the U.S. House of Representatives committee that on Wednesday said in a report that the FDIC covered up the 2010-2011 hacks, which the panel said also occurred in 2013 and were likely orchestrated by the Chinese government.

The FDIC is a major U.S. banking regulator that keeps confidential data on America’s biggest banks.

Source: FDIC Is Updating Its Cyber Security Policy After 2015 Data Breach – Fortune

Share

WASHINGTON — The Chinese government is believed to have hacked into computers at the Federal Deposit Insurance Corp. in 2010, 2011 and 2013, including the workstation of then-FDIC Chair Sheila Bair, a congressional report says.

The report issued Wednesday by the Republican majority staff of the House Science, Space and Technology Committee cites a May 2013 memo from the FDIC inspector general to agency Chairman Martin Gruenberg. The memo described an “advanced persistent threat,” said to have come from the Chinese government, which compromised 12 computer workstations and 10 servers at the FDIC.

In addition to those incidents, the committee staff has been investigating the FDIC’s response to a number of what it calls major data breaches at the agency and whether it is properly safeguarding consumers’ banking information.

FDIC spokeswoman Barbara Hagenbaugh declined to comment on the report. Gruenberg is scheduled to testify Thursday at a hearing by the committee on cybersecurity at the agency.

Zhu Haiquan, the spokesman at the Chinese Embassy in Washington, said he didn’t have detailed information on the report’s findings. “China firmly opposes and is committed to combatting all forms of cybercrimes,” Haiquan said in a statement. “China and the United States have already established a high-level joint dialogue mechanism on fighting cybercrime and related issues. This is the best channel for both sides to address this challenge. Making unfounded accusations is counterproductive.”

The issue of suspected Chinese government hacking has been sensitive since the disclosure last year of a massive breach of the U.S. Office of Personnel Management’s databases, which the U.S. believed was carried out by Chinese cyber spies. In one of the worst data breaches in U.S. history, the personal files of 21 million Americans were stolen, and the federal personnel agency came under fire for neglecting to put in basic cybersecurity protections to prevent the plunder.

The OPM breach dealt the U.S. a major national security blow, experts say, by exposing the personal information and foreign contacts of millions of people with security clearances.

Source: Chinese government suspected of hacking into FDIC computers – The Washington Post

Share

Swift, operator of the world’s largest money-transfer system, said it has hired a pair of information-security firms to help it scrutinize customers’ use of its systems and detect attempted hacks, following a series of breaches at user sites in recent months.

The Brussels company, whose full name is the Society for Worldwide Interbank Financial Telecommunication, has been battered by a series of cyberthefts that have hit banks in Ecuador, Vietnam, Bangladesh and Ukraine in the past 18 months.

Swift has repeatedly said the core of its network remains uncompromised and it is the responsibility of its users to maintain the integrity of their systems. But it has also faced concerns about its inability to ensure the security of its user interface and the authenticity of its message traffic.

Hackers stole $9 million from a bank in Ecuador last year and walked away with $81 million in a brazen attack on Bangladesh’s central bank in February.

The perpetrators, who haven’t been identified, stole the banks’ Swift credentials and fraudulently sent payment instructions over the Swift network.

Source: Swift Hires Cybersecurity Firms Following Customer Breaches – WSJ

Share

Two-Year Legal Saga Of Chinese Cyber Hack Of U.S. Military Aircraft May Be Ending.

On 28 June 2014, a Chinese businessman based in Canada was arrested on the charge of stealing information about a raft of U.S. military aircraft and weapon systems. This particular case of industrial espionage was described by the U.S. Justice Department as being “unusual for the tremendous amounts of data that is involved.” According to e-mails that were obtained by the U.S. Federal Bureau of Investigation (FBI), “tremendous amounts” came to more than 65 gigabytes over one specifically identified two-year period and involved “dozens of U.S. military projects.”

The businessman in question, Su Bin, finally agreed a plea deal with the U.S. government in March of this year in which he admitted using his company, Lode Technology, to steal data in U.S. military aircraft and weapons programs for years. Court documents also detail how he then collaborated with contacts inside of the People’s Republic of China (PRC) to sell this information to various Chinese military aircraft R&D and production centers.

The data is reported to have been stolen from different computer systems included detailed information on the Boeing C-17 Globemaster cargo lifter and two jet fighter programs for which Lockheed Martin is the prime contractor—the F-22A Raptor and F-35 Joint Strike Fighter (JSF).

Source: Cyber Warfare Episode Plays Out in Court Case | Defense News: Aviation International News

Share