By David Goldman
Having run out of patience for Congress to act on a cybersecurity bill, President Obama has decided to take matters into his own hands.
Obama signed an executive order on Tuesday addressing the country's most basic cybersecurity needs and highlighted the effort in his State of the Union address.
"We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," Obama said.
The order will make it easier for private companies in control of the nation's critical infrastructure to share information about cyberattacks with the government. In return, the Department of Homeland Security will share "sanitized" classified information with companies about attacks believed to be occurring or that are about to take place.
The order also directs the government to work with the private sector on standards that will help protect companies from cybercrime, though there is nothing in the order about how this will be enforced.
By David Goldman
Security analysts are predicting that 2013 is when nation-sponsored cyberwarfare goes mainstream - and some think such attacks will lead to actual deaths.
In 2012, large-scale cyberattacks targeted at the Iranian government were uncovered, and in return, Iran is believed to have launched massive attacks aimed at U.S. banks and Saudi oil companies. At least 12 of the world's 15 largest military powers are currently building cyberwarfare programs, according to James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
So a cyber Cold War is already in progress. But some security companies believe that battle will become even more heated this year.FULL STORY
By David Goldman
Iran's quest for a nuclear weapon has been the subject of much debate this election season, but the presidential candidates rarely discuss the most imminent danger Iran poses to the United States: cyberwarfare.
Iran is believed to be behind a slew of massive attacks in September that took down a string of U.S. banks' websites. The country is also thought to have launched a devastating cyber time bomb on Saudi Oil company Aramco in August and to have coordinated a similar attack on Qatar's RasGas, an Exxon Mobil subsidiary.FULL STORY
Over the couple of weeks, many major banks in the U.S suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence, reports CNNMoney's David Goldman.
Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks - huge amounts of traffic directed at a website to make it crash - were the largest ever recorded by a wide margin, according to two researchers. A financial services industry security group raised the alert level to high in response to the attacks.
The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called "Operation Ababil," but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch.
A new cyberweapon that secretly steals bank account information from its victims was exposed on Thursday.
The sophisticated malware, discovered by Internet security company Kaspersky Labs, has been capturing online bank account login credentials from its victims since September 2011. There's no evidence it's been used to steal any money. The virus instead appears to be a spy interested in tracking funds: It collects banking login information, sends it back to a server, and quickly self-destructs.
Dubbed "Gauss," a name taken from some of the unique file names in its code, the malware appears to be a cyber-espionage weapon designed by a country to target and track specific individuals. It's not known yet who created it, but Gauss shares many of the same code and characteristics of other famous state-sponsored cyberweapons, including Stuxnet, Duqu and Flame.
Those viruses are widely believed to have been developed by the U.S. government. But unlike Stuxnet and Flame, which targeted an Iranian nuclear facility and spied on Iran's government officials, Gauss seems to have primarily gone after people in Lebanon.
The "Flame" virus, the most complex computer bug ever discovered, has been lurking for years inside Iranian government computers, spying on the country's officials.
In a statement posted on its website on Monday, the Iranian National Computer Emergency Response Team (CERT) said it discovered Flame after "multiple investigations" over the past few months.
The Iranian CERT team said it believes there is a "close relation" between Flame two previous cyber attacks on Iran, known as the Stuxnet and Duqu computer worms. Stuxnet is widely believed to have been launched by either the U.S. or Israel (or both countries).
This isn't traditional war. The Internet has leveled the playing field, allowing governments that would never launch military attacks on one another to target one another in cyberspace.
"In warfare, when a bomb goes off it detonates; in cyberwarfare, malware keeps going and gets proliferated," said Roger Cressey, senior vice president at security consultancy Booz Allen Hamilton, at a Bloomberg cybersecurity conference held in New York last month.
"Once a piece of malware is launched in wild, what happens to that code and its capability?" he added. "Things like Stuxnet are being reverse-engineered."