dhs

ACLU sues to get U.S. agencies' license plate tracking records

The American Civil Liberties Union today sued the U.S. government to get access to information about how authorities are using automated license plate readers to track people's movements and location.

The ACLU filed Freedom of Information Act requests on July 30 with the departments of Justice, Homeland Security, and Transportation to try to find out how much officials use the technology and how much it is paying to expand the program. Agencies are required by law to respond to FOIA requests within 20 working days, but more than a month later, only one DOJ office and a few … Read more

DHS warns Siemens 'flaw' could allow power plant hack

The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure.

Security researcher Justin Clarke exposed the flaw at a Los Angeles conference last week, claiming he discovered a way of spying on encrypted traffic in hardware owned by a Siemens subsidiary, RuggedCom.

The DHS advisory noted: "An attacker may use the key to create malicious communication to a RuggedCom network device."

DHS added that the government department was in contact with RuggedCom and the researcher in order to … Read more

U.S. warns of cyberattacks on gas pipeline companies

U.S. gas pipeline operators have been targeted in sophisticated phishing attacks since at least December, with the Department of Homeland Security helping firms deal with the incidents since March, the DHS and an industry expert said.

"DHS's Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies," DHS spokesman Peter Boogaard said in an e-mail sent to CNET today.

"The cyber intrusion involves sophisticated spear-phishing activities targeting … Read more

DHS: Cybersecurity plays into online voting

As the 2012 presidential election revs up, 33 states now permit some form of Internet ballot casting. However, a senior cybersecurity adviser at the U.S. Department of Homeland Security warned today that online voting programs make the country's election process vulnerable to cyberattacks.

"It is premature to deploy Internet voting in real elections at this time," DHS cybersecurity adviser Bruce McConnell said at a meeting of the Election Verification Network, which is a group that works to ensure every vote is counted. He explained that all voting systems are susceptible to attacks and bringing in Internet … Read more

DHS disputes memo on purported railway computer breach

The Department of Homeland Security is disputing a government memo obtained by Nextgov.com that said a targeted attack on the computer network of a railway company in the Northwest disrupted train service in early December.

"Following more in-depth analysis, it appears that the potential cyber incident did not in fact target a transportation entity," a senior DHS official told CNET today. "DHS worked with the affected entity, the FBI, and the Transportation Information Sharing and Analysis Center (ISAC) to resolve the issue and send alerts to notify the community of the anomalous activity as it was … Read more

BitTorrent downloads linked to RIAA, DHS IP addresses

The TorrentFreak blog has outed the RIAA and U.S. Department of Homeland Security as harboring downloaders of pirated songs by hip hop artists and crime-based TV shows, but the RIAA denies it.

TorrentFreak said it used the YouHaveDownloaded.com site to find instances of IP addresses within the RIAA and the DHS linked to downloads of copyrighted content from BitTorrent.

Six RIAA IP addresses were linked to downloads of music by Jay-Z ("American Gangster") and Kanye West ("My Beautiful Dark Twisted Fantasy"), as well as the first five seasons of "Dexter," a "… Read more

DHS denies report of water utility hack

The Department of Homeland Security and FBI today dismissed the conclusions of a report that a cyber intrusion caused a pump at an Illinois water utility to burn out. But the statement doesn't explain why an Illinois state terrorism intelligence center would say it was a hacker when it wasn't.

In the meantime, the DHS is investigating a claim by a hacker who goes by "pr0f" who claimed to have compromised a Texas water utility last week.

"After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA … Read more

Homeland Security moves forward with 'pre-crime' detection

An internal U.S. Department of Homeland Security document indicates that a controversial program designed to predict whether a person will commit a crime is already being tested on some members of the public voluntarily, CNET has learned.

If this sounds a bit like the Tom Cruise movie called "Minority Report," or the CBS drama "Person of Interest," it is. But where "Minority Report" author Philip K. Dick enlisted psychics to predict crimes, DHS is betting on algorithms: it's building a "prototype screening facility" that it hopes will use factors such … Read more

U.S. warns of security holes in Chinese SCADA apps

Software made by a Chinese company and used around the world by chemical, defense, and energy companies contains security holes that attackers could exploit to hack into critical systems.

In an advisory issued yesterday (PDF), the Department of Homeland Defense warned of two vulnerabilities in software made by Beijing-based Sunway ForceControl (Google Translate English version). The Chinese company makes SCADA (supervisory control and data acquisition) software, which is used in computer systems that control and monitor manufacturing plants and equipment used by different industries.

Discovered by security researcher Dillon Beresford of NSS Labs, the security holes could allow cybercriminals to … Read more

SCADA hack talk canceled after U.S., Siemens request

Two researchers say they canceled a talk at a security conference today on how to attack critical infrastructure systems, after U.S. cybersecurity and Siemens representatives asked them not to discuss their work publicly.

"We were asked very nicely if we could refrain from providing that information at this time," Dillon Beresford, an independent security researcher and a security analyst at NSS Labs, told CNET today. "I decided on my own that it would be in the best interest of security...to not release the information."

Beresford said he and independent researcher Brian Meixell planned on … Read more