Posts

Swiss plan cyber defence command centre

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Defence Minister Viola Amherd and army chief Thomas Süssli in Bern on Wednesday Keystone / Anthony Anex

The government is beefing up its defences against cyberattacks, focusing on a command centre comprising 575 members of the armed forces who will be trained over the coming years.

This content was published on September 1, 2021 – 18:02

Keystone-SDA/ts

“Not a day goes by without a cyberattack,” Defence Minister Viola Amherd told the media in Bern on Wednesday. IT systems must therefore be better protected – also by the armed forces, she said.

However, army chief Thomas Süssli put things into perspective, saying “it’s not possible to put a soldier behind every user”. The issue now goes to parliament.

Until now the focus of cyber defence has been on the protection of military communication channels and facilities. The new rapid reaction force should be able to provide subsidiary support to operators of critical infrastructures and private companies in the defence against attacks. Infrastructures considered critical by the government include electricity companies, the Federal Railways and telecom companies.

The defence ministry said the plan was to have the specialist staff in position from January 1, 2022, with the number of soldiers increasing from 206 today to 575. However, Süssli said it would “still take some time” until the troops are fully ready.

Mission-oriented

The second piece of the cyber defence puzzle is a new special command. Today’s broadly diversified Command Support Base is to be transformed into a mission-oriented, military cyber command by the beginning of 2024.

In future, this command will provide key military capabilities in the areas of situational awareness, cyber defence, IT, communication, command support, code breaking and electronic warfare.

In May 2019 Switzerland became a member of the NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia. This has given Swiss authorities access to the centre’s knowledge and information as well as research and training activities.

Source…

Centre must give a categorical response to Pegasus row: Justice B N Srikrishna | Latest News India

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Retired Supreme Court judge Justice B N Srikrishna, who authored the first draft of the data protection bill in 2018, says the Narendra Modi government should probe the alleged phone hacking of ministers, politicians, activists and journalists, and also explicitly state if any of its agencies uses Israeli military-grade spyware Pegasus.

Justice Srikrishna, who was appointed by this government to identify and address issues in data protection in India in 2017, described the response of the government, which has thus far denied its involvement in any illegal surveillance as “unsatisfactory”.

“Even the French government has ordered an inquiry so we need to do that too,” said Justice Srikrishna. “I am not at all satisfied with the government’s response. They need to give a categorical answer about who’s behind the hacking.”

As unearthed by a collaborative investigation involving 17 media organisations, and reported by The Wire, which is one of the 17, the phone numbers of Union ministers Ashwini Vaishnaw and Prahlad Patel, opposition leaders Rahul Gandhi and Abhishek Banerjee, activists, and 38 journalists, including three from HT and one from its sister publication Mint, were potential targets of spyware.

While NSO Group, the Israeli firm that makes Pegasus, has maintained that only governments are its clients, India’s IT minister Ashwini Vaishnaw has called the investigation an “attempt to malign Indian democracy and its well-established institutions”.

Home minister Amit Shah has questioned the timing of the revelations that came out just a day before the start of the monsoon session of Parliament. “Aap chronology samajhiye! (Understand the chronology) This is a report by the disrupters for the obstructers. Disrupters are global organisations which do not like India to progress. Obstructers are political players in India who do not want India to progress,” he had said.

“It has nothing to do with timing. That is irrelevant,” said Justice Srikrishna. “An important question is being asked in Parliament and they (government) should answer it. That is how democracy is strengthened. They should give an open answer so that such issues are frankly dealt…

Source…

Some Thoughts on the Recent DNS Operations, Analysis, and Research Centre Workshop, OARC-35

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The DNS Operations, Analysis, and Research Centre (DNS-OARC) convened OARC-35 at the start of May. Here are some thoughts on a few presentations at that meeting that caught my attention.

TTL Snooping with the DNS

These days it seems that the term “the digital economy” is synonymous with “the surveillance economy.” Many providers of services on the Internet spend a lot of time and effort assembling profiles of their customers. These days, it’s not just data in terms of large-scale demographics but the assembling of large sets of individual profiles. We are all probably aware that we emit a steady stream of bits as a digital outflow when we use the Internet, and there is a major ongoing effort to sniff this digital effluent and derive profiles of individual activities from this data. If an entity operates a recursive resolver in the DNS or operates a popular web service, then it’s pretty clear how such user profiles can be assembled if that’s what they want to do. What is not so apparent is that almost anyone can sniff our digital outflow. All it takes is a little ingenuity.

The presentation on “Trufflehunter” at DNS OARC 35 is a good case in point of being able to perform such indirect snooping. The question posed here is to what extent is stalkerware being used. By its very nature, stalkerware is covert, as the intent is that the intended victim should be completely unaware that they have this app running on their device. So, is there a puff of tell-tail smoke that can reveal stalkerware in action? The key observation is that often these apps use the DNS as a command-and-control channel. After all, the DNS is ubiquitous, and the total query volumes are truly prodigious. What are a few more queries in such a torrent of DNS? The app is simply hiding itself in a densely packed crowd. You might get a signal of active stalkerware if you operated a DNS resolver, but if you aren’t the resolver operator, then you just can’t see the signal. Right?

Not true.

The critical piece of data that is used in this form of digital eavesdropping is the TTL (Time to Live) field in DNS responses. When a recursive resolver loads a response that was supplied by an authoritative server,…

Source…

Centre provides ‘Y+’ category security to Lok Sabha MPs Sisir Adhikari, Dibyendu in Bengal | India News

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


NEW DELHI: The Ministry of Home Affairs (MHA) has decided to provide “Y+” security to Lok Sabha members of Parliament Sisir Kumar Adhikari and Dibyendu Adhikari in West Bengal.
Sisir is the father of Bharatiya Janata Party (BJP) leader Suvendu Adhikari while Dibyendu is the latter’s brother. Sisir had quit the TMC ahead of assembly elections to join the BJP while Dibyendu still remains in the TMC fold.
According to the ministry of home affairs order, they will be secured by armed commandos of the Central Reserve Police Force (CRPF) whenever they are in West Bengal.
Under the “Y+” security cover, a person is given protection by 11 security personnel including two gunmen (plus four on rotation) for mobile security, and one (plus four on rotation) for residence security.
Earlier, after Suvendu Adhikari resigned from the TMC and joined the BJP last year, the MHA decided to provide ‘Z’ category security to the leader in West Bengal and Y ‘+’ category CRPF security cover to him in other states.
Violence has been reported in several parts of West Bengal after the results of the assembly elections were declared on May 2. The BJP alleged that nine of its party workers have been killed in the post-poll violence. However, the Trinamool Congress (TMC) is denying the allegations.

FacebookTwitterLinkedinEMail

Source…