Massive Government Data Breach Caused by Bogus White House Holiday eCard

ITACadmin — Thu, 06 Jan 2011 14:56:46 +0000

Who would not be excited to receive a holiday card from the Obama Administration via whitehouse.gov? Come on…a holiday eCard from President Obama has to be legit, right? Well, a number of government agencies and contractors are learning the hard way that the bad guys can even disguise themselves as the Obama administration to steal secret data.

According to Network World, numerous government agencies received said bogus Obama eCard and the recipients who clicked on the links and opened the card.zip file were infected with a Zeus Trojan variant that snatched documents and passwords and then uploaded the stolen data to a server in Belarus.

So, what government entities were impacted by this? Well, according to computer security expert Brian Krebs, “an intelligence analyst in the Massachusetts State Police gave up dozens of documents that appear to be court-ordered cell phone intercepts. Several documents included in the cache indicate the victim might have recently received top-secret clearance. Among this person’s cache of documents is a Department of Homeland Security tip sheet called Safeguarding National Security Information.”

In addition, Krebs pointed out that an employee at the National Science Foundation’s Office of Cyber Infrastructure was also a victim. In this instance, the documents collected include hundreds of NSF grant applications for new technologies and scientific approaches.

Talk about the scam of the century. Well that may be a bit extreme. But to have both a law enforcement analyst and a cyber employee at NSF fall for the bogus Obama eCard trick says plenty about how cunning the bad guys really are when it comes to stealing secret data.

House to Consider Cybersecurity Bill Today

ITACadmin — Wed, 03 Feb 2010 15:28:27 +0000

Today, the U.S. House of Representatives is scheduled to vote on a proposed bill that is designed to enhance federal cybersecurity research and development activities, and stimulate the growth of a cybersecurity workforce. Called the Cybersecurity Enhancement Act of 2009 (HR 4061), this piece of legislation was introduced by Rep. Daniel Lipinski (D-IL) last year, and was passed by the House Science and Technology Committee.

If passed, HR 4061 would reauthorize several cybersecurity grant program the National Science Foundation (NSF). The NSF will get up to $396 million over the next four years to fund research and development programs that are focused on cybersecurity. The bill also sets aside another $94 million in scholarships over the same period for students who pursue cybersecurity studies, so long as they commit to the public sector after graduating. In addition, about another $120 million will be available to the NSF for funding activities related to improving cybersecurity, including constructing research facilities and offering training programs in colleges and universities. Read the full Computerworld article here.

What do you all think about this legislation? A critical piece is the funding of scholarships for students who want to study cybersecurity. We need to tap into our nation’s young bright minds to help develop key innovations for dealing with cybersecurity issues that plague our country.

ITAC Blog » National Science Foundation

Massive Government Data Breach Caused by Bogus White House Holiday eCard

House to Consider Cybersecurity Bill Today