Jeh Johnson: Congress, Trump must protect elections from cyber attacks

WASHINGTON — Former Homeland Security secretary Jeh Johnson will testify Wednesday that the threat of cyber attacks against future U.S. elections will only get worse unless Congress and the White House take action to strengthen cybersecurity and protect democracy."Cyber attacks of all manner and from multiple sources are going to get worse before they get better," Johnson will testify, according to written testimony posted Tuesday night by the House Intelligence Committee. "In this realm and at this moment, those on offense have the upper hand. Whether it’s cyber-criminals, hacktivists, or nation-state actors, those on offense are ingenious, tenacious, agile, and getting better all the time. Those on defense struggle to keep up. As in other matters of homeland security, we must mobilize our nation in support of stronger cyber defenses."Johnson, who served as Homeland Security chief under former president Barack Obama, also will reiterate the findings of the Intelligence Community that Russian President Vladimir Putin directed cyber attacks last year to try to influence the American presidential election."In 2016, the Russian government, at the direction of Vladimir Putin himself, orchestrated cyber attacks on our nation for the purpose of influencing our election — plain and simple," Johnson said in his prepared testimony. "Now, the key question for the President and Congress is: what are we going to do to protect the American people and their democracy from this kind of thing in the future?" Read more:During a news briefing Tuesday, White House spokesman Sean Spicer would not say whether President Trump believes that Russia interfered in the presidential election."I have not sat down and talked to him about that specific thing," Spicer said Tuesday.Johnson is scheduled to be the sole witness before the House Intelligence Committee on Wednesday to answer questions related to Russia's actions during the 2016 election. Both the House and Continue Reading

Astorino says county was never told of cyber attack on dam

WASHINGTON – Westchester County officials were never told by their federal partners on a joint terrorism task force about a 2013 cyber attack on a dam owned by the city of Rye, County Executive Rob Astorino said Tuesday."To not have this information is unbelievable,'' Astorino said. "I personally want an answer from Homeland Security or whatever agency is responsible in the federal government to know why there was a breakdown in communications, why this information was not shared and what will be fixed going forward. Because one thing we should have learned from 9/11 right up to San Bernardino, is that all agencies should be communicating with one another in order to prevent these situations or to deal with them afterwards.''The Wall Street Journal, citing current and former unnamed U.S. officials, reported Monday that Iranians hacked a cellular modem in the 2013 attack on the Bowman Avenue Dam in Rye Brook.Westchester County is part of the New York City-area Joint Terrorism Task Force, which consists of federal, state and local law enforcement agencies. There are 104 such task forces across the country.Other lawmakers said Tuesday the hacking incident raises concerns about whether other infrastructure -- such as the Indian Point nuclear plant -- is vulnerable.Sen. Chuck Schumer, D-N.Y., will hold an 11 a.m. news conference Wednesday at the dam to call on the U.S. Department of Homeland Security to immediately investigate the vulnerability of critical infrastructure such as power grids and dams.Rye Mayor Joe Sack confirmed Tuesday that controls at the Rye Brook dam were hacked in 2013, saying federal investigators talked to city leaders in September that year as part of their probe, but did not disclose the suspected source of the hack. Sack was a member of the City Council at the time.The dam’s sluice gate is only about 6 feet wide, Sack said, and was not operable at the Continue Reading

‘Everybody’s vulnerable’: Anonymous computer hackers claim cyber attack on Apple server

Apple is the latest company to come under cyber attack - by the same hackers blamed for infiltrating Sony's Playstation Network. "Not being so serious, but well…Apple could be a target, too," the notorious hacker group Anonymous tweeted Sunday with a link to a list of 27 usernames and passwords supposedly lifted from an Apple server. The server is used by Apple to store technical support surveys. Anonymous published the list on the text-sharing site Pastebin as a part of their Anti-Security, or "AntiSec" campaign. Lance Ulanoff, Editor in chief of, said that though this particular attack on Apple was not very extensive, it is "indicative of an alarming trend" in hacking. "Everyone's vulnerable," Ulanoff said. "Wherever Anonymous wants to go it can." Ulanoff compared the hackers to "malicious children; very smart malicious children," capable of disrupting large corporations to affect change. In April, an Anonymous attack on Sony's Playstation Network was launched in defiance of Sony's attempts to stop users from jail-breaking their PS3 game consoles, forcing the electronics giant to close the network for a month. AntiSec involves members of both Anonymous and Lulz Security, the group responsible for hacking the PBS website with a report that rapper Tupac Shakur was "alive and well" in New Zealand, according to the San Francisco Chronicle. LulzSec is also famous for repeatedly hacking Sony websites as well as websites for the Central Intelligence Agency and a British police unit. Security experts say the group originally emerged from Anonymous. In a separate incident, a group called Script Kiddies hacked Fox News' Twitter account Monday night and falsely reported that President Obama had been assassinated. Script Kiddies also originated within the Anonymous group. With News Wire Services Join the Conversation: Continue Reading

Pentagon hacked, 24,000 files stolen by ‘foreign intruders’ in cyber attack

Foreign hackers broke into the Pentagon computer system this spring and stole 24,000 files - one of the biggest cyber-attacks ever on the U.S. military, according to a Department of Defense official. William Lynn, the deputy secretary of defense, acknowledged the brazen theft during a speech on Thursday while detailing a plan to strengthen the country's cyber-security. Lynn would not disclose what kind of files were stolen or what country was behind the attack, which took place sometime in March. But he did say the confidential documents were swiped from a defense industry computer network in a single intrusion. Several cyber-attacks have previously been blamed on China or Russia. American officials fear that a terrorist group - and not a foreign government - will eventually acquire the tools to break into U.S. computer networks. "If a terrorist group gains disruptive or destructive cyber-tools, we have to assume they will strike with little hesitation," Lynn said during his speech at the National Defense University. Lynn said the Defense Department's new strategy involves developing stronger computer networks so officials can continue to operate even if critical systems are taken down. "Our strategy's overriding emphasis is on denying the benefit of an attack," Lynn said, according to the Washington Post. "Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries' incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place." With News Wire Services Join the Conversation: Continue Reading

U.S. not prepared for major cyber attack, must rapidly increase intelligence, report finds

If the machines haven't taken over yet, it's best they do soon, a new study found. A report by the Intelligence and National Security Alliance says the U.S. must rapidly increase development of cyber intelligence to better fight computer-related threats. The alliance says the dramatic spread of sophisticated cyber attacks shows that the future is now. "The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown," the report said. The report says that the government and many companies are not prepared for a major cyberattack - either from hacker groups or foreign governments. The non-partisan national security group says the current approach of "patch and pray" is not enough. The group says more coordinated policies and efforts are sorely needed. The findings echo those of the Pentagon and Department of Homeland Security, which have argued for greater development of cyber protocols. But efforts at legislation have stalled on Capitol Hill. Officials have long pointed at China and Russia and other Eastern European countries as safehavens for hackers and even government-sponsored cyber attacks. With News Wire Services Join the Conversation: Continue Reading

Lockheed Martin hit with ‘significant and tenacious’ cyber attack

The world's largest defense contractor said Saturday it fought off a "tenacious" cyber attack last week. Lockheed Martin Corp, the Pentagon's No. 1 supplier, said in a statement it detected a "significant" assault on its computer networks on May 21. It was found "almost immediately" and no employee, program or customer data was lost, the company said in a statement. The Department of Homeland Security said it knew about the "cyber incident," and was investigating alongside the Department of Defense. The agencies are "determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk," said Chris Ortman, a spokesman for the agency. Lockheed uses a mobile security system produced by EMC Corp.’s RSA unit. RSA bolstered security for clients, including Lockheed, after a network breach in March resulted in the theft of RSA data, a person familiar with the process said. Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony and Google. Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, governmental and other organizations with critical intellectual property. He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to end-users, which meant the current attacks may have been carried out by the same hackers. "Given the military targets, and that millions of compromised keys are in circulation, this is not over," he said. With News Wire Services Join the Conversation: Continue Reading

WikiLeaks, Julian Assange supporters intensify cyber attacks, hackers bring down Swedish govt site

It's looking like all out (cyber) war on behalf of Julian Assange. Hackers forced a shutdown of the Swedish government's website for several hours on Thursday, as cyber attacks in support of the incarcerated WikiLeaks founder intensified. Swedish newspaper Aftonbladet reported the government's official website,, went offline for several hours overnight showing a message that the server could not be reached. It was up and running later in the day. WikiLeaks' hacker backers also created a website with Swedish Justice Minister Beatrice Ask's name, which then rerouted users to the WikiLeaks website instead, according to the newspaper. A government spokeswoman told AFP that she would not confirm or deny that a cyber attack had taken place. Sweden has issued an arrest warrant for the controversial leader of the whistleblower website over alleged sex crimes. The 39-year-old Australian is currently in jail in London, awaiting an extradition hearing. The computer hackers who support WikiLeaks said Thursday morning that was their next target and they'd attack within hours, CNN reported. The web-hosting arm of Amazon kicked WikiLeaks off its servers last week. An apparent cyber attack against MasterCard and Visa also ensued after the credit companies stopped accepting payments to WikiLeaks. The corporate websites of the credit giants were inaccessible during brief periods on Wednesday.  On Thursday morning, the Visa site was up and running but the Mastercard site was down. WikiLeak's payment processor announced Thursday that it would sue the credit card companies for refusing to process donations. "It is simply ridiculous to think WikiLeaks has done anything criminal," Andreas Fink, CEO of Iceland's DataCell said. One of Assange's self-proclaimed hacker backers from a group called Anonymous told BBC Radio that "thousands" of people had joined what he said was a "war of data." He gave the pseudonym "Cold Blood." Continue Reading

Cyber attacks target nuclear power plants. Is Oyster Creek safe?

LACEY – Computer hackers, not content with mucking around with U.S. commerce and elections, have trained their sights on nuclear power plants, prompting questions about cyber security at Oyster Creek.Industry officials and federal regulators say there's nothing to fear, but experts say there is cause for concern, including from the harm that could be caused by cyber attacks on the electrical grid upon which power plants depend.In recent weeks, hackers tried to  – and in at least one case succeeded – in penetrating the firewalls and digital protections of administration information at these nuclear facilities, according to government reports cited recently in the New York Times and Bloomberg News. "The nuclear industry didn't really believe that they were a target," said Edwin Lyman, senior scientist of the Global Security Program of the Union of Concerned Scientists in Washington, D.C.Industry executives learned otherwise when hackers worked their way into computers at Wolf Creek nuclear power plant near Burlington, Kansas, according to the Times. The Asbury Park Press asked nuclear experts if hackers could also penetrate Oyster Creek."A plant like Oyster Creek, it’s old. Its systems that are used to control plant functions are mostly analog based, and that’s true for most of the plants in the United States. So the scenario of some malevolent terrorist pushing a button and causing a plant to melt down, that’s far-fetched," Lyman said. But there are reasons hackers might want to penetrate other plant systems."The fact is, a successful radiological sabotage attack on a nuclear plant, or on the spent fuel pool (where radioactive waste is cooled) at the plant, could cause a devastating catastrophe," he added. "It could essentially contaminate hundreds of square miles with long-lived radioactive material. It could require the forced resettlement of millions of people. It could Continue Reading

Microsoft admits Internet Explorer could have been weak link in recent Google cyber attacks

In a blog post, Microsoft admitted that a vulnerability in its Internet Explorer could have been responsible for the recent attacks that originated in China on Google’s systems.So far, Microsoft "has not seen widespread customer impact, rather only targeted and limited attacks exploiting Internet Explorer 6". "Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," said Microsoft's director of security response Mike Reavey in the post, as reported by the BBC. Microsoft has released preliminary guidance to fix the problem and is working on an update to its software. The Microsoft advisory follows after security company McAfee issued a security alert warning users that malware used in an attack on Google  exploited newly discovered vulnerability in Microsoft Internet Explorer. Altogether, the critical flaw affects almost all of Microsoft's IE releases, including IE 6, IE 7 and IE 8. However, security researchers have only seen the attacks on Google exploiting IE 6, according to the Microsoft advisory. McAfee's vice-president of threat research Dmitri Alperovitch told Agence France Presse that although the firm had "no proof that the Chinese are behind this particular attack, I think there are indications though that a nation-state is behind it". Google has threatened to leave China over the recent cyber-attacks. The networks of dozens of other major firms, including Yahoo, Symantec, Adobe, Northrup Grumman and Dow Chemical, were also attacked.With News Wire Sources Join the Conversation: Continue Reading

SEE IT: BBC News appears to fall victim to ISIS cyber-attack during live broadcast

Did ISIS hack the BBC? The British broadcaster's News Channel is feared to been the victim of a cyber-attack after the words "Je SuIS IS" appeared on TV screens, according to the Mirror. The word "CYBERCALIPHATE" was also seen during a report by the BBC's long-established Diplomatic Editor James Robbins. Back in the studio, presenter Clive Myrie apologized to viewers for the loss of the report. The incident happened on Thursday, just hours after the French channel TV5Monde was hacked and experienced a three hour blackout. TV5Monde's website and Facebook page were also attacked, prompting a call from France's culture minister to hold emergency talks with broadcasters. The BBC said the incident was an "operational error in which a graphic being used in BBC reports about the French cyber-attack was broadcast briefly by mistake during another time." ON A MOBILE DEVICE? WATCH THE VIDEO HERE. Continue Reading