Who's hacking whom? U.S.-based computer security firm Norse has released a real-time animated map that illustrates ongoing cyberattacks around the world.
"The Tallinn Manual on the International Law Applicable to Cyber Warfare...is the result of a three-year effort to examine how extant international law norms apply to this ‘new’ form of warfare."
An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.
The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation “Red October.”[more inside]
Calls are growing for a special counsel to investigate leaks of classified information by the Obama administration. Concerns have been raised over leaks involving classified information on cyberwarfare, infiltration of an Al Qaeda cell in Yemen, and drone warfare procedures. [more inside]
U.S. and Israel have been confirmed as the authors behind the Stuxnet virus. The program — codenamed "Olympic Games" — was started under Bush and accelerated under Obama. The virus was never meant to expand beyond the Iranian nuclear facility it targeted. (non-NYTimes link)
The circumstantial evidence suggests that the attack originated in Iran. Every time you see a little lock icon in your browser and are using HTTPS connections, odds are you're using a site whose certificate was signed by an Certificate Authority like VeriSign, Comodo, or Thawte. This week, SSL certificate provider Comodo announced that one of its accounts had been compromised. The attacker used the account to generate 9 bogus certificates to use for 7 well-known domains. While the breach was discovered and the certificates were revoked, it does raise questions about the chain of trust for all SSL certificates. [more inside]