Links to News from the Media, Cipher Issue E.124, January 2015

Malware vs. steel mill, Software 1, Furnace 0?
A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever
Jan 8, 2015
By Kim Zetter

This article from WIRED cites a short section of a German report on cybersecurity for 2014. The report says that malware caused a furnace to malfunction and become unusable. The comparisons to the Stuxnet malware come to mind, but there are no details about the exploit. Was it specifically targeted at this facility? How and why? How can other industrial sites protect themselves?

Is Your Smart TV Outsmarting You?
CES: Security Risks From the Smart Home
By Molly Wood
Jan 7, 2015

Edith Ramirez, chairwoman of the Federal Trade Commission, addressed the International CES (high-tech electronics show) attendees with warnings about the risks of having household items constantly connected to the Internet.

Ford announced that it would experiment with collecting driving information from volunteers. The information might be used to compute individualized insurance rates, for example. Drivers should not worry, because Ford's chief executive Mark Fields told attendees that his company would be "trusted stewards" of personal data.

Don't Worry About NSA, Anyone Can Listen to Your Phone Calls
German researchers discover a flaw that could let anyone listen to your cell calls
The Washington Post,
By Craig Timberg
December 18, 2014

The phone companies still rely on the venerable SS7 switch for routing calls. The software for the switches supports a variety of functions that can be exploited by hackers to divert calls or change user forwarding functions. Even encryption offers little protection, as shown in some experiments in Germany.

New Malware Earns Kudos from Experts
'Regin' malware described as 'groundbreaking and almost peerless'
Nov. 23, 2014

Experts at the security company Symantec say that the software package is a comprehensive intelligence gathering tool. The predominant occurrences are in Russia and Saudi Arabia.

NSA Says It Watched North Korean Hackers Before SONY Hack
N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say
New York Times
by David E. Sanger and Martin Fackler
Jan. 18, 2015

The NSA claims that it developed deep hooks into North Korea's computer networks even before the Sony hack. Despite their surveillance of the sites, NSA did not realize that North Korea had discovered the access credentials of a Sony system administrator. NSA says its classified program has provided information that validates its claim that North Korea was behind the vandalism.