For several days, Bank of America’s systems had problems. The problems – primarily denial of service disruptions – hit their web site and reportedly their mobile banking services.

For BofA, the nation’s largest bank based on assets, this was not the first issue or attack they experienced in the past year. Nor in fact, was BofA the only U.S. financial institution that has been experiencing what appears to be a series of directed cyber attacks. JPMorgan Chase and Citigroup also are reported to have been struck by similar related aggressive cyber activities, beginning last year. Keep reading →

The head of Iran’s Presidential Center for International Legal Affairs has announced that Iran plans to bring legal action against those that launched cyber attacks against their uranium enrichment equipment in a move that promises to raise the stakes for the U.S. cybersecurity policy officials.

Majid Jafarzadeh made the announcement this week after consulting Iranian and foreign legal experts, saying Iran has decided to file a lawsuit against the “cyber terrorists” who have attacked the country’s nuclear enrichment infrastructure. Keep reading →

Intelligence organizations are racing to collect cyber intelligence in efforts to identify and monitor the development, use and sale of offensive cyber capabilities by individual actors, criminal organizations, terrorist groups and nation states. This is a formidable undertaking to say the least. Consider the facilities and infrastructure needed to make a tank. Now think about the facilities and infrastructure needed to make a cyber weapon. All you need is ambition coupled with a laptop, Internet connection, programming skills, a search engine for research and maybe a couple of books – all of which are openly available. Add to that the hacker underground and black-market for malicious code and sale of newly discovered vulnerabilities and you have everything needed for the development and sale of cyber weapons. Keep reading →

Cyber investigators looking at the Stuxnet code determined that on June 24th the sophisticated cyber weapon would stop operating and remove itself from the systems it had infiltrated.

This function was identified long ago and cyber researchers have patiently waited to see what if any implications this will have on the tens of thousands of computers in more than 155 countries the sophisticated cyber weapon had infected. By all accounts this is a self-destruction, an unusual function not often seen embedded within malicious code. The inclusion of this function is a strong indicator that those behind this cyber attack did not believe that Iran would discover the malicious code. Keep reading →

The big news reverberating through cybersecurity circles last week, reported by the New York Times, that the U.S. was behind the Stuxnet cyber attack on Iranian nuclear enrichments back in 2010 has set off a new firestorm of concern about the likelihood of retaliation.

The news report was based on information provided by “unnamed participants in the program.” In the article it states that the information in the piece was called an “account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts.” Keep reading →

Earlier this year Iran’s President Mahmoud Ahmadinejad announced that Iran would establish a Supreme Council of Cyberspace. This was the latest action intended to strengthen Iran’s cyber power and defend the country against cyber attacks.

Sources inside of Iran have said that the council will be comprised of high-ranking Iranian officials such as the Iran’s Parliament speaker, Judiciary chief, head of the Islamic Republic of Iran Broadcasting, and ministers of Communication and Information Technology, Culture and Islamic Guidance and Intelligence. Keep reading →

It is getting to the point that those reporting acts of cyber aggression, particularly in the area of cyber espionage, think they are in a repetitive do-loop. It is the same story over and over again with the only difference being the list of victims.

The news of late has been the discovery of yet another sophisticated cyber attack that resulted in the collection of untold information, some general some sensitive, from the business community as well as defense contractors and government officials. Keep reading →