A spate of computer failures at South Korean banks and television networks this morning is being blamed on a computer virus, a government official tells the BBC.

The virus apparently generated “malicious” code that resulted in the cyberattack, which is a sign that it’s part of a planned attack. The outage affected South Korea’s Shinhan and Nonyup banks, as well as three TV broadcasters. Government investigators are still looking into the computer failures, and not surprisingly, North Korea remains the prime suspect.

North Korea blamed the U.S. and South Korea for attacks on its own servers last week, so today’s attacks could be some sort of retaliation. North Korea was responsible for cyberattacks on South Korea’s government and financial institutions in 2009 and 2011.

“We do not rule out the possibility of North Korea being involved, but it’s premature to say so. It will take time to figure out,” South Korea Defence Ministry spokesman Kim Min-Seok told the AFP.

Skulls appeared on some of the affected computer screens, while others simply displayed error messages and couldn’t be restarted. The attack also affected ATM and online banking services for Shinhan bank. Additionally, internet service provider LG UPlus reported that its network was hacked.

South Korea’s Defense Ministry raised its cyber threat alert status from level four to three as a result of the cyberattack.

Photo: Emanuelle Dyan/Flickr

1. Find a bug that could reveal the personal information of 250,000 students
2. Report it to the proper authorities at his school, Dawson College in Montreal, Canada
3. Get threatened with jail, and get expelled from college

Twenty-year-old Ahmed Al-Khabaz found a flaw in the college-management Omnivox software that most colleges in Quebec use, according to Canada’s National Post. He reported it to the college’s director of IT, who congratulated him and thanked him.

But two days later, when Al-Khabaz decided to double-check whether a fix was in place, he was surprised by a phone call from Edouard Taza, the president of Skytech, the company that makes Omnivox. Al-Khabaz say that Taza accused him of implementing a “cyber-attack,” threatened him with jail, and forced him to sign a nondisclosure agreement.

But despite his cooperation with what some might say was an unreasonable and bullying approach, Al-Khabaz was expelled from college.

Calls to Donna Varrica and Carey-Ann Pawsey at the Dawson’s communications office go straight to voicemail, but the college has posted a statement on its website, standing by its decision and saying that Al-Khabaz had been warned on at least one occasion to “cease and desist.”

Dawson College stands by its policies regarding academic integrity and professional code of conduct. The provisions of these policies are clearly stated in the Institutional Student Evaluation Policy and the Code of Conduct on the website (listed below).

Under the terms of Quebec privacy laws, it is illegal to discuss the details of student files with individuals or with the media. Dawson College practices due process and due diligence in every case brought before the review committee. If a student does not agree with a decision, he or she has the right to appeal, as spelled out in the policies

In the recent case of Ahmed Al-Khabaz, which he himself brought to the media, the College stands by its decision. The reasons cited in the National Post article for which the student was expelled are inaccurate. The process which leads to expulsion includes a step in which a student is issued an advisory to cease and desist the activities for which he or she is being sanctioned, particularly in the area of professional code of conduct. Conditions for remaining in the College on good terms are clearly explained in person to the student.

When this directive is contravened by the student by engaging in additional activities of the same sort, the College has no recourse but to take appropriate measures to sanction the student.

I have not been able to speak to Al-Khabaz yet, but based on the publicly available facts, Dawson College and Skytech — sounds suspiciously like Skynet, no? — should be thanking him and perhaps rewarding him.

VentureBeat has reached out to Edouard Taza, Skytech’s president, and will update if he responds.

photo credit: Gìpics via photopin cc

If you’re unfamiliar with the term “botnet,” then perhaps your computer wasn’t one of the 5 million systems infected worldwide between January and March of this year. Botnets are collections of infected computers used maliciously to create spam, flood traffic to websites and even steal private information.

In an earlier story from VentureBeat, it was reported that the United States fell into the “top five vulnerable countries with 19.32 percent of computers at risk.” Bottom line: it isn’t always in your best interest to click on every link someone sends you.

“The issue of botnets is larger than any one industry or country,” Howard Schmidt, the White House cybersecurity coordinator, said in an e-mailed statement. “This is why partnership is so important.”

According to Schmidt, the voluntary principles announced are intended for partnership with the government in regards to malware, while working together to confront cyberattacks globally.

“IBG has also developed a framework for shared responsibility across the botnet mitigation lifecycle from prevention to recovery that reflects the need for ongoing education efforts, innovative technologies, and a feedback loop throughout all phases,” IBG said on their website.

In all of this, the Cyber Intelligence Sharing and Protection Act (CISPA) that was passed by the House in April — an act that would allow the government and other companies to voluntarily share information on cyber threats — was opposed by President Obama due to his belief the act would invade the public’s Fourth Amendment rights.

Senator Joe Lieberman recently created a bill (S. 2105) that would put the Department of Homeland Security in the front lines of regulating cybersecurity through transportation networks and power grids. The bill has yet to move to the Senate floor.

Via Bloomberg; Photo via hyperproteinus

The attacks are under investigation, and not many details have been released by investigators.

The first attack happened at the Energy Department’s Jefferson Lab, located in Newport News, VA.  The lab’s website is currently live at www.jlab.org and it appears to be fully restored. We have put in a request for an update with the public affairs manager, but have not heard back yet.

The Pacific Northwest National Laboratory in Richland, Washington (PNNL) was the second laboratory attacked. PNNL’s website is still down as of today, but according to Government Computing News (GNC.com), it has restored internal communications and external e-mail. The Department of Homeland Security’s Daily Open Source Infrastructure Report cites a Pacific Northwest spokesman saying the lab’s external computer network averages 4 million unauthorized access attempts each day.

Battelle, a government contractor that manages PNNL, was the third attack over weekend.

“The good news is no classified information has been compromised or is in danger from this attack,” said PNNL spokesman Greg Koller in an interview with Reuters. “At this time, we have not found any indication of ‘exfiltration’ of information from our unclassified networks as well.”

There has been a string of attacks on U.S. government organizations in recent months. Network access was shut down in May after a cyber attack at Lockheed Martin and the Oak Ridge National Laboratory, which is also managed by Battelle. Oak Ridge was attacked via spear-phishing: More than 50 employees clicked on a malicious link in a false e-mail from the human resources department.

“If we don’t act boldly, something really bad is going to happen,” said retired Air Force General Michael Hayden, a former director of central intelligence and ex-head of the Pentagon’s National Security Agency. “Then we’ll over-react.”

General Hayden spoke from a forum on cyber deterrence hosted by the Potomac Institute for Policy Studies in Washington. Hayden didn’t give any specifics regarding how the U.S. might “over-react” to a cyber attack. Michael Tiffany, Chief Architect at Recursion Ventures, also spoke. He described how he demonstrated before a group of U.S. intelligence experts how hackers can bring 90 percent of a major U.S. city’s vital systems down without anyone noticing.

“The nature of the way hackers go about things is that the risk of failure is very low,” Tiffany said. “We can tell when we succeed and we get good feedback and our opponents don’t.”

“Today the people who are succeeding at these types of attacks are the ones who are try the hardest. It’s actually not very difficult,” he said.

This is one of the new rules, similar to existing guidelines for nuclear bombs, missiles, and espionage, signed today by President Barack Obama. The executive orders outline cyber attack etiquette for military commanders. The United States is currently collaborating with other countries on the rules.

Word on the guidelines, which have not yet been released in their entirety (that will happen “soon,” whatever that means.), comes from the Associated Press. The AP spoke with “several” government officials on condition of anonymity, although they point out some of the rules have been made public by US officials in recent speeches.

Perhaps one of the most significant results of the rules is the acknowledgement that cyber attacks are the new bomb. A cyberattack can bring down an enemy’s electrical grid much like bombs have done in the past.

“You don’t have to bomb them anymore. That’s the new world,” said James Lewis, cyber security expert at the Center for Strategic and International Studies, in an interview with the Associated Press.

Other guidelines indicate that the US can defensively take down servers in other countries and has the “right to pursue attackers across national boundaries — even if those are virtual network lines,” explains the AP.

The Wall Street Journal broke the original story on the guidelines at the end of May 2011, following reports of cyber attacks on the Pentagon and Lockheed Martin.

[Photo credit: West Point Public Affairs via Flickr]

Click here to download the new VentureBeat Windows 7 Desktop App, sponsored by the Intel AppUp developer program.

This is the second high-profile cyber attack in a little more than a month on important computer networks that are increasingly seeming vulnerable to cyber attacks. A cyber attack on Sony’s PlayStation Network (PSN) led to hackers stealing sensitive information from potentially more than 100 million PSN and Station.com users. Hackers were able to break into Sony’s network on April 19, forcing the company to bring it down and beef up security.

Lockheed Martin said it thwarted the “significant and tenacious” attack on its information systems network that took place on May 21, according to a report by Reuters. The U.S. Department of Defense is working with the defense contractor, which builds major weapons systems ranging from fighter jets to ships for the U.S. government, to find out how the cyber incident affected the company and whether any information was compromised. The U.S. Department of Defense is also working with the company to offer recommendations that will help secure its network and prevent future intrusions, the company told Reuters today.

Lockheed Martin’s network contains sensitive data about contracts and defense technology that is currently in development. The network also holds sensitive information about state-of-the-art technology that is deployed in Iraq and Afghanistan — possibly similar to the stealth helicopter used in a raid that lead to the death of Osama bin Laden. The government did not say whether any sensitive information was compromised from Lockheed Martin’s private network.

The defense company recently made news after it purchased a state-of-the-art 128-bit quantum computer from quantum computer manufacturer D-Wave — one of the first commercially available quantum computers — which could be applied to security and advanced encryption projects. The purchase seems oddly appropriate given the highly sensitive information that might have been compromised in the company’s latest cyber incident.

[Photo: cliff1066]

Bit9

The Waltham, Mass.-based company offers protection for endpoints, or the smartphones, tablets, and computers that connect to an enterprise network. Since those endpoints are increasingly vulnerable to attack, Bit9 specializes in protecting them so that information technology managers can still allow employees to use them. Overall, the endpoint security market is expected to reach $10 billion by 2014 as corporations try to protect their assets from increasingly sophisticated cyber attacks.

Atlas Venture led the round, with participation from existing investors Highland Capital Partners, Kleiner Perkins Caufield & Byers, and .406 Ventures. New investor Paul Capital also joined the funding. To date, Bit9 has raised more than $23 million.

Demand for Bit9′s technology has escalated in the past year across industry segments such as government, healthcare, defense and retail. That happened in part because of sophisticated attacks, such as Operation Aurora, which cracked Google’s security system, and Stuxnet, which destroyed some of Iran’s nuclear centrifuges.

Patrick Morley, chief executive of Bit9, said that the company’s technology allows IT teams to precisely control what software is allowed to run and what is not. The company saw 140 percent revenue growth in 2010 and 60 percent growth in new customer acquisition. The company will use the money for new product development, better sales and marketing, and expansion in Europe.

Market researcher IDC expects the market to grow at a compound annual growth rate of 8.3 percent, reaching $10 billion in 2014, compared to $6.6 billion in 2009.

Bit9 was founded in 2002 and has more than 70 employees. Rivals include Symantec, McAfee and others.

[image credit: inbluetech]

Epsilon

Epsilon said that only 2 percent of its users had their name and email stolen. But that could add up to a very large number of users — surely in the millions — as Epsilon handles email marketing services for more than 2,500 companies. The problem is that cyber criminals can now use those email lists to send phishing attacks — with personalized messages from brands that consumers do business with — that could be much more effective than random email spam. The company says a full investigation is underway.

I received two emails — yeah, can you beat that number? — from some of those brands saying that my data had been leaked and that I should beware of suspicious emails. If you have signed up for or opted into email or other digital marketing campaigns from the affected brands, there’s a chance the thieves have your name and email. Epsilon sends billions of emails a year on behalf of its clients. That is jarring for consumers, since they’re getting emails today from brands who say they turned over their email address and the name that goes with it to an outsourcing company, Epsilon, that nobody ever heard about. The advice for now is, don’t respond to any new messages coming from these brands, and certainly don’t click on anything in your warning email.

Best Buy, one of the chains that was hit, told customers that it will never ask anyone to provide information such as credit card numbers unless they are on its secure e-commerce site http://www.bestbuy.com. If you receive an email asking for the personal information, you should delete it because “it did not come from Best Buy.” Citibank told customers it would send emails using your first and last name, the last four digits of a Citi credit account number, and the “member since” date to show that it’s a legitimate email.

The list includes the following companies. Please leave comments below about how many times your email was stolen and whether there are more companies than the ones below that are affected:

Target
Best Buy
Walgreen’s
Capital One
TiVo
JP Morgan Chase & Co.
Kroger
US Bank
Citi
McKinsey & Company
Ritz-Carlton Rewards
Marriott Rewards
New York & Company
Brookstone
The College Board
Home Shopping Network (HSN)
LL Bean
Disney Destinations
Barclays Bank of Delaware

[image credit: malwareresearchgroup]

The fallout from whistle-blower site’s release of secret government documents hit the removable media industry today. The military has decided to ban the use of DVDs, CDs, thumb drives and other removable media that can transfer data from a computer to a portable device. Anyone who violates the order faces court-martial.

That’s because U.S. Army private Bradley Manning is suspected of downloading hundreds of thousands of files from the Defense Department and giving the files to WikiLeaks. The Pentagon wants to disable removable media on all computers with classified data. Can major corporations, who also value their secrecy, be far behind? In all likelihood, the crackdown won’t last. But you can bet there are plenty of people who are thinking about designing computer systems where it’s impossible to steal data and get away with it.

Hackers continued to come to the defense of WikiLeaks. Headed by a group called Anonymous, the hackers are attacking the sites of companies that have cut ties to WikiLeaks, bringing down sites belong to Visa, MasterCard, PayPal Amazon, and others.

While WikiLeaks founder Julian Assange is in jail in England, awaiting extradition to Sweden on sex charges, WikiLeaks continues to operate. WikiLeaks itself has been under attack as well. But the organization distanced itself from the cyber attackers.

In a Tweet, Wikileaks spokeswoman Kristinn Hrafnsson said: “We neither condemn nor applaud these attacks. We believe they are a reflection of public opinion on the actions of the targets.”

Marcia Hoffman of the Electronic Frontier Foundation said in an interview with NPR that it’s sad that attackers are defending the free speech rights of WikiLeaks by trying to silence the speech of anti-WikiLeaks corporations.

Meanwhile, Ars Technica reported that Dutch police have arrested a 16-year-old teen associated with the revenge attacks on the companies. The unnamed teen’s computers were seized after it was found that some of the attacks originated in the Netherlands.

It’s hard to say where this is all going. The Google Trends chart shows there is enormous interest in the subject of WikiLeaks at the moment.

WikiLeaks will likely find it harder to operate in the future, and the U.S. government will likely find it impossible to crush WikiLeaks and maintain its ideals of freedom. For now, both the Obama administration and the hackers themselves would do well to heed the voice of the Economist, which has weighed in with this advice about whether it makes sense to crack down extremely hard on WikiLeaks.

“The best lessons to bear in mind are those learned in such costly fashion during the past decade of the ‘war on terror’. Deal with the source of the problem, not just its symptoms. Keep the moral high ground. And pick fights you can win.”

[top photo: techchee]