Links to News from the Media, Cipher Issue E.124, January 2015

This article from WIRED cites a short section of a German report on cybersecurity for 2014. The report says that malware caused a furnace to malfunction and become unusable. The comparisons to the Stuxnet malware come to mind, but there are no details about the exploit. Was it specifically targeted at this facility? How and why? How can other industrial sites protect themselves?

Edith Ramirez, chairwoman of the Federal Trade Commission, addressed the International CES (high-tech electronics show) attendees with warnings about the risks of having household items constantly connected to the Internet.

Ford announced that it would experiment with collecting driving information from volunteers. The information might be used to compute individualized insurance rates, for example. Drivers should not worry, because Ford's chief executive Mark Fields told attendees that his company would be "trusted stewards" of personal data.

The phone companies still rely on the venerable SS7 switch for routing calls. The software for the switches supports a variety of functions that can be exploited by hackers to divert calls or change user forwarding functions. Even encryption offers little protection, as shown in some experiments in Germany.

Experts at the security company Symantec say that the software package is a comprehensive intelligence gathering tool. The predominant occurrences are in Russia and Saudi Arabia.

The NSA claims that it developed deep hooks into North Korea's computer networks even before the Sony hack. Despite their surveillance of the sites, NSA did not realize that North Korea had discovered the access credentials of a Sony system administrator. NSA says its classified program has provided information that validates its claim that North Korea was behind the vandalism.