Posts tagged Cyber
For the first time in public, the U.S. is directly accusing the People’s Republic of China’s military of having a direct hand in intrusions aimed at government and defense contractor systems, agreeing with private security firms that have been making the rallying cry about this for some time now.
The official recognition of China’s apparent exploratory maneuvers in cyberspace was part of a 92-page report by the Department of Defense outlining all of China’s perceived military capability.
“China is using its computer network exploitation… capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs,” the Pentagon report stated. “The information targeted could potentially be used to benefit China’s defense industry, high technology industries, policymaker interest in US leadership thinking on key China issues, and military planners building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”
The timing of this notice is interesting, since the Department of Defense has been revising its cyber Rules of Engagement for some time now. The new rules, which define how the military can react to cyber intrusions, will no doubt incorporate responses to China’s activities. Hawkish lawmakers may also be willing to send a little more IT funding the Pentagon’s way.
Image courtesy of Shutterstock.
View full post on ReadWrite
No one is at all clear at all about the origins of a purported cyber attack against South Korean media and financial organizations yesterday, which left broadcaster and bank networks paralyzed for hours. The obvious culprit is a state-sponsored attack from North Korea, but even if that nation isn’t directly responsible, it may not make a difference, given the heightened tensions in the region.
According to reports, three South Korean TV networks, KBS, MBS and YTN, as well as Shinhan Bank and Nonghyup Bank, reported that their networks had suddenly been shut down on Wednesday afternoon, local time. The takedown was apparently not from a distributed denial-of-service (DDOS) attack, but a virus that has apparently infected machines in these organizations and delivered its payload simultaneously. There were scattered reports of users seeing skulls on the screens of the affected machines before they shut down, anecdotal evidence that malware was indeed the cause.
South Korea has been the victim of cyber attacks before, of course, just like any other computerized nation. And many of these coordinated efforts have been ultimately traced back to North Korea.
No broadcasts were interrupted by the crashed computers, which apparently only hit the workstations of the television stations’ staff. Some banking services, such as ATM and online banking, were adversely affected by the shutdowns, though the banks are reporting that those services have been restored.
North Korea is suspected of being the source of these attacks, just as they have done in the past. North Korea has increased its saber-rattling following new UN sanctions and joint US-South Korean military exercises being conducted in the region, and even accused the U.S. and South Korea of similar cyber attacks against its Internet servers on March 15.
No proof has been offered yet on the source of these latest attacks, but it ultimately may not matter. This kind of attack could have been launched by anyone, since malware can be easy to deliver to unsuspecting computer users. Anyone from sophisticated cyber criminals to script kiddies could have started this, and until there is detailed analysis of the malware, conclusions should be approached with caution.
The problem is, it may not matter. Malware attacks within such an increasingly tense political and military situation are the equivalent of yelling “fire!” in a movie theater or – more appropriately – throwing a lit match into a barrel of fuel.
No matter what the source of this attack, tensions have been ratcheted up, the South Korean armed forces on a state of higher alert. If things go sideways on the Korean peninsula, this could be the first major confrontation preceded by cyber attacks. And when the dust settles, no one may care who actually wrote the code.
Image courtesy of Shutterstock.
View full post on ReadWrite
While media and government source continue to allude to China as the biggest source of cyber attacks hitting innocent servers on the Internet, recent evidence instead suggests it’s the Russian Federation that’s king of the cyber attack mountain.
The evidence comes from German telecommunications giant Deutsche Telekom (DT), which has set up a new portal to monitor real-time cyber attacks against its network. According to the data on the sicherheitstacho.eu (loosely translated as “security tachometer”) site, Russia was responsible for 2.4 million attacks against DT last month.
The People’s Republic of China, the current bugaboo of security mavens, ranked 12th on the same list, its 168k attacks far behind nations like Germany, Ukraine and the United States. Curiously, it was Taiwan, Province of China, that made the number two slot, with 907k tracked cyber attacks, seemingly dispelling the notion that it’s the commies out to get Western corporate interests.
The monitored attacks are not actually hurting DT – at least, not directly. The incoming volleys are instead hitting a network of 97 sensored machines deliberately designed to be tempting targets on the Internet, also known as honeypots. According to DT, the honeypots are built to “feign weaknesses to provoke attacks and as such act as early warning systems.”
“Our honeypot systems show that once attackers have identified weaknesses, they exploit them immediately,” said Thomas Kremer, Board Member responsible for Data Privacy, Legal Affairs and Compliance in a statement to the press.
“If, for example, a provider announces an update for its operating system, attackers launch themselves at the old system to find the gap that the update is intended to close.” Kremer said. “For this reason, customers should install updates immediately – this successfully prevents 90 percent of attacks. Apart from up-to-date virus protection, that is the most important security precaution for all IT users.”
The honeypots are programmed to mimic a wide variety of Internet-facing systems, such as servers, desktops and even vulnerable smartphones.
Hardening Against 24/7 Attacks
The site itself is definitely an eye-opener, even in DT’s soothing trademark pink tones (DT is the parent company of U.S. carrier T-Mobile). According to the information provided by DT, most of the attacks are in the form of automated bots, which probe a potentially weak system for holes. If a human hacker wants to come back later and investigate further, they may, or the bot may simply call other bots in to further infiltrate the system.
Security experts won’t find this map much of a surprise, since it’s long been known that Russia is still a source of cyber trouble – far more, in sheer numbers, than China.
Of course, this map could give contrarian evidence, too: perhaps the bot handlers in the other countries recognize the DT machines for what they are and have moved on. Or the targets presented simply aren’t interesting.
Whatever the explanation, it’s clear that the Internet is far from safe, and vulnerabilities on any platform can be discovered at any moment.
Image courtesy of Deutsche Telekom.
View full post on ReadWrite
Over the next few years the U.S. Cyber Command, an army of 900 military personnel and civilians who monitor and defend against cyber attacks, is set to grow by 4,000 cyber soldiers. The command will expand its role in national defense by becoming a new kind of fighting force, one that protects the Internet safety of the entire country. As the expansion is implemented, Cybercom will be separated into three teams:
- National Mission Forces
- Combat Mission Forces
- Cyber Protection Forces
Department Of Offense
Each team serves as an offensive front against potential cyber attacks. The National Mission Force will protect computer networks for infrastructure like electrical grids, telecommunications and power plants from overseas attacks. The Combat Mission Force will provide assistance to the military to respond or implement cyber attacks of their own; and the Cyber Protection Force will add protection levels to Department of Defense websites. (Even though they aren’t DoD, the Department of Justice certainly could have used wsome protection when Anonymous hacked the U.S. Sentencing Commission twice in tribute to Aaron Swartz.)
With the recent cuts to the Department of Defense’s budget, questions are being raised about where the money to pay these people is going to come from. If the shift happens without adding many new members to the force, possibly by moving people from non-cyber positions to cyber ones, there shouldn’t be much of a problem. However, if the change requires lots of new people, there could be budgetary issues and Congress may have to get involved.
Shifting some of its cyber defenses to offensive roles is a different move for the DoD. However, with the rise in cyber crime and cyber warfare, it’s no surprise that the Pentagon is taking this action. The general consensus seems to be that the military has to add cyber attacks to its arsenal of traditional warfare capabilities. Even the current Secretary of Defense seems to think so. In New York last fall, Leon Panetta said, “A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11.” he added that an attack like that could paralyze the nation.
Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), said in an email to ReadWrite that cyber attacks are becoming more attractive as a means of warfare because they can be launched from anywhere, and don’t always come from the usual suspects: “Cyber attacks can be launched by groups that may not be aligned with nation states.”
Are There Enough Cyber Soldiers Available To Meet The Demand?
The demand for skilled and qualified personnel is there, but is there skilled manpower available to fill that need?
Cyber attacks are expensive, dangerous and can hit anyone from the federal government to national banks. Many companies and government agencies will be in a bidding war to get these people on their team. Kaiser says that the demand for professionals in this field ranges from 30,000 to2 million and according to NPR’s “All Things Considered,” there are currenlty only around 1,000 qualified people nationwide.
It’s not just hacking, specialists need to know how to clean networks that have been compromised, how to reverse engineer malware and how to develop offensive capabilities for the agency they work for, among many other things. According to eWeek, experts say training a college grad to protect networks could take as many as 2,000 hours.
Companies like defense contractor Northrop Grumman are working with universities nationwide to drum up interest in the cyber security field, even going as far as developing high school programs. A spokesperson from Northrop Grumman, Marynoele Benson, said that its efforts are “aimed at filling the pipeline of needed cyber pros across all sectors of industry and the government.”
Hopefully, the interest in cyber defense will grow at more quickly than the incidents of attack.
View full post on ReadWrite
An analysis of the holiday spending of various retailers in their efforts to cope with the madness of Black Friday and Cyber Monday shows some interesting and perhaps unexpected results regarding how they adjusted their expenditure and advertising.
View full post on Search Engine Watch – Latest
Overall, Cyber Monday has proven the greatest online retail day in history, with paid search spend, site traffic, mobile traffic and total revenue all showing healthy growth. Learn more from comScore, Marin Software, IBM, Kenshoo and others.
View full post on Search Engine Watch – Latest
Shoppers flocked to the Web’s e-commerce sites over the long Holiday weekend, and Web retailers welcomed them with open arms and fast response times while ringing up record sales. But customers hoping to shop via their smartphones met the equivalent of long lines.
According to Akamai Technologies, traffic to online retail sites topped 8.5 million page views per minute on what has become known as “Cyber Monday,” just before 9pm Eastern Time. That peak was the largest retail traffic spike in history, Lelah Manz, the chief strategist of commerce at Akamai, wrote in a blog post.
All the traffic seems to have paid off in dollar sales, too: According to IBM’s Digital Analytics Benchmark, online sales jumped 30.3% over 2011, which would break comScore’s forecast of a 20% increase in online sales, or $1.5 billion on that one day alone.
Online, Amazon was the big winner on Cyber Monday, enjoying a 36% increase to almost 35 million visits, as measured by Experian; Walmart and Best Buy were close behind.
A Big Online Shopping Win
“I think the only way to describe the Thanksgiving openings was a huge win,” the president and chief executive of the National Retail Federation (NRF), Matthew Shay told reporters in a Sunday briefing. “And in that regard lots of people won this weekend, and it wasn’t just Notre Dame and Ohio State.”
According to the NRF, which includes both brick-and-mortar as well as online retailers, shoppers are beginning to treat Thanksgiving through Cyber Monday as a five-day holiday, with both brick-and-mortar and online shoppers benefiting. “It’s becoming more and more of a tradition,” Shay said.
Thanksgiving was a “blow-out traffic day,” wrote Akamai’s Manz, with an early peak of 4,910,674 page views per minute at Noon Eastern Time, then an even bigger peak of 7,411,734 page views per minute at 10pm. Just as in 2011, Thanksgiving drove higher shopping spikes, but Black Friday produced consistently more page views overall – 25% more, according to Akamai. Unexpectedly, though, Cyber Monday topped them both, generating a 13% higher spike than Thanksgiving, and 16% more traffic volume than Black Friday. Cyber Monday online sales were up more than 36% compared to Black Friday, IBM reported.
“Cyber Monday was not only the pinnacle of the Thanksgiving shopping weekend but when the cash register closed it officially became the biggest online shopping day ever,” said Jay Henderson, strategy director of IBM Smarter Commerce, in a statement. “Retailers that adopted a smarter marketing approach to commerce were able to adjust to the shifting shopping habits of their customers, whether in-store, online or via their mobile device of choice, and fully benefit from this day and the entire holiday weekend.”
Most Web Retailers Were Prepared
While most sites planned for a surge of traffic via PCs, some notable retailers apparently did not, with mobile sites being even worse. According to Panopta, Kmart, Sears and CDW fared the worst, with outages that topped a total of ten hours in Kmart and Sears’ case. Although those outages were spread out going back to November 10, a total of 41 sites failed to meet the goal of 99.9% uptime, the lowester threshold for an acceptable online presence. The top five worst-performing sites also included TigerDirect and Victoria’s Secret; other notables that failed to meet the 99.9% threshold included Gamefly, Gamestop, Office Depot, Blockbuster and Shutterfly.
Other e-tailers excelled. Compuware’s Application Performance Management (APM) system named Apple, Costco, JCPenney, Dell and Overstock (O.co) the fastest Web sites. Panopta credited a number of major online retailers, including Amazon, Apple, Buy.com, Costco, eBay, Kohls, Lowes, REI, Staples and Target, among others, with suffering no downtime whatsoever. That’s a significant change from past years, when even the largest retailers sometimes staggered under the load.
“Even with record numbers of visitors coming to online retailers, it is clear that most of them were prepared for the traffic this year,” Compuware said in a statement. “Throughout the holiday weekend and into Cyber Monday, no major retailer suffered a significant online outage. And when issues were detected with sites, in most cases it resulted from third-party content having performance issues, not the host site. This is a problem retailers need to attend to.”
What About Mobile?
The problem, if there was one, was that most e-tailers still prioritize shoppers coming from desktop and laptop PCs. They either forgot about or didn’t have the resources to properly service mobile consumers trying buy something on the go or compare online prices to what they saw in brick-and-mortar stores.
This last practice, dubbed “showrooming,” has been exploited by Amazon with apps that allowed mobile shoppers to take pictures of items and scan barcodes, then find the same product online. But retailers like Macy’s have begun to fight back, with apps that offer “unpublished” deals to shoppers who are physically within their stores. Shopkick, another third-party app, published a “black book” of deals for retailers like Old Navy, offering in-store deals as well.
Mobile performance issues could also impact showrooming. Accessing mobile sites and apps can take a relatively long time even on the best of days, and during the extraordinarily busy holiday period few sites managed to offer anything close to a speedy mobile shopping experience.
Compuware said the five fastest mobile sites were Office Depot, Barnes and Noble, Williams-Sonoma, Buy.com and HSN, and that mobile traffic grew more than 250% for Thanksgiving and Black Friday. Cyber Monday saw mobile traffic volumes that were slightly lower than Black Friday, the company said, but the volume of mobile visitors was substantially higher than these same retailer sites saw during the previous week. That makes sense, as the whole point of Cyber Monday is that shoppers are back at their work computers. Overall, of the sites Compuware tracked, only 10% of site visits were accessed via a smartphone.
Keynote provided more granular numbers, but tracked just six sites that it claimed delivered the full mobile page in less than 7 seconds: Toolfetch (which loaded in a sparkling 2.96 seconds), Office Depot (3.15 seconds), Barnes & Noble (4.95 seconds), Buy.com (6.40 seconds), Amazon.com (6.56 seconds), Best Buy (6.63 seconds), Grainger (4.66 seconds), HSN (6.74 seconds) and Sears (6.95 seconds).
For its part, online payment service PayPal reported 196% more mobile payment volume on Cyber Monday 2012 than Cyber Monday 2011. That indicates that many shoppers were buying using their smartphones even while at work.
So what were all those people actually buying? Well, Microsoft claimed it sold more than 750,000 Xbox 360 consoles in the U.S. alone.
Image source: Flickr/Wesley Fryer
View full post on ReadWrite
Black Friday seems to have brought its fair share of shopping glee, according to Comscore online retail spending jumped 26% to something over $1.04 Billion this year, and for the fist time. To put that into perspective, online sales now represent about one tenth of all sales. So today we are wondering how Cyber Monday will [...]
View full post on Search Engine Journal
Are Black Friday and Cyber Monday fighting a battle neither of them can win? It certainly looks that way as shopping landscape shifst both online and offline. A few holiday seasons down the road, both big-deal days may seem as quaint and dated as Sears Catalogs and keeping stores closed on Sundays.
Enter Cyber Monday
The term “Cyber Monday” was born during the holiday season of 2005, when the U.S. Trade Association’s National Retail Federation began to notice that shoppers who had just spent the entire Thanksgiving weekend barreling through crowded stores, were cyber-shopping when they sat down at their work computers on the following Monday. The federation’s site Shop.org officially coined the term in 2005 and set up an eponymous site in 2006.
Obviously, post-Thanksgiving online shopping at work had been going on long before the NRF put a name on it. But it’s grown into something bigger and more influential, not only changing the way Black Friday works, but also the way retail stores handle the holiday shopping season.
Cyber Monday revealed the biggest weakness in the Black Friday concept: brick-and-mortar. What used to be an asset is now hurting this once powerful shopping day as harried workers rebel against early hours and ornery customers fighting over flat screens. Add on the fact that retailers are now expanding Black Friday into Thanksgiving evening, and you’ve got one messed up system.
That’s why Black Friday is now projected to be only the second busiest shopping day of the year, behind Cyber Monday. Research from Compuware APM pegs total spending on Cyber Monday at $1.44 billion.
But what about Cyber Monday? Does it even make sense?
In the modern world, it doesn’t matter what day it is, wherever you are, you can shop the holiday sales from anywhere as long as you’re connected. Most shoppers now have decent Internet connections from home, and as Dan Rowinski pointed out last week, mobile shopping now accounts for about 12% of the purchases made on Cyber Monday. Obviously, you don’t need to be back at work to use your smartphone.
Et Tu, Target?
So what’s the future of Cyber Monday in a world where office computers are not required to buy online? Retailers are recognizing this and beating Cyber Monday to the punch by starting sales earlier – both online and in store. The sales calendars don’t matter any more, but that doesn’t mean retailers won’t try to leverage the ideas with sales and deals tied to no-longer-relevant concepts.
Online-only sites like Amazon are morphing Cyber Monday into Cyber Week. They’re posting new deals every day leading up to Black Friday or during the week following Cyber Monday to help keep the shopping excitement going longer. Brent Shelton, a spokesman for FatWallet, told the Daily Finance Blog that we should be expecting events like “Cyber Monday II” on December 5.
Whether it’s longer sales online or in store, the retail calendar we follow today won’t stand the test of time. And that’s probably a good thing compared to getting up at 4am to stand in line at Wal-Mart – or spending your work day on eBay.
Image courtesy of Shuttershock.
View full post on ReadWrite