Just like the rest of the security community, Jimmy Wales, founder of Wikipedia, is worried about state-sponsored cyber attacks. The Wikipedia founder refuses to put up with censorship and is rallying for an open Internet that gives everyone free and unfettered access to information.

“The rise of state-sponsored attacks against companies is something we do worry about,” said Wales in an interview with VentureBeat. “Security is very important for us because if an authoritarian state wants to de-anonymize an account, that’s the type of attack we can expect.”

Wales said that, while Wikipedia hasn’t completely escaped being poked and probed by hackers on the Internet, it hasn’t been a huge target. Wikipedia doesn’t store credit card numbers or a lot of personally identifiable information. But Wales’ organization does hold information that countries, such as China, have been known to block. People contributing information about topics related to those countries could be interesting targets.

“I think in many cases our first job is to be as well-known as possible so that if you shut [us] down it’s a big deal,” he said.

As far as China goes, Wales said the Wikipedia relationship has been growing. China recently blocked Wikipedia’s website wholesale. Now, select pages are allowed through, which Wales attributes to conversations the organization has had with China.

But Wales promises that Wikipedia will never cooperate with censorship. He was disappointed when Google decided to enter China and made compromises in order to stay there because it believed that it could do more good being in China than staying out of the market completely.

“Wow, if Google will do this, someone really has to stand up and say that is not right,” said Wales during a presentation at the RSA Conference in San Francisco. “Thank goodness Google has come to their senses and pulled out of China, which I think is the right thing to do.”

He said he is impressed with a number of security technologies that support privacy and freedoms of speech. One of them is encryption, which Wales calls “a driver for human rights.” Encrypted messaging apps such as Wickr and Silent Circle are examples of this type of technology; they allow anyone to send messages and, in some cases, make encrypted calls that will never be saved on a sever.

Image via Meghan Kelly/VentureBeat

Rupert Murdoch, owner of the Wall Street Journal’s parent company Dow Jones, says Chinese hackers are still attacking the paper’s systems.

Last week a number of well-known newspapers reported hacks on their systems. This included both the New York Times and the Wall Street Journal. It was rumored that The Washington Post has been experiencing breaches as well. The New York Times reported that Chinese hackers had accessed its systems specifically breaking into the accounts of its Shanghai bureau chief and the South Asia bureau chief.

The Wall Street Journal soon followed up, saying Chinese hackers also broke into its systems “apparently to spy on reporters covering China.” This was on January 31. A week later, Murdoch says the paper is still being attacked by Chinese hackers.

He tweeted, “Chinese still hacking us, or were over the weekend.”

According to the New York Times the attacks began soon after the newspaper published a story about China’s Prime Minister and his family’s wealth. The Wall Street Journal is another obvious target given its coverage of the region and popularity. But why the newspapers? The information in those emails is important, especially if these were state sponsored attacks. An attacker may be able to see who the reporter’s source is, where they are at any given time, and gain more understanding of how that reporter gets her information.

You can’t write cyber espionage off as a thing of the future. While the New York Times says that the hackers didn’t actually steal any important information, the technology is there. Viruses like Flame and Gauss that can turn on your camera, record your audio, and take screenshots only when communications apps are open show just how strong spyware is today.

At the time a spokesperson for Dow Jones said that this is an “ongoing issue” and promised the publication is working with law enforcement and security professionals to protect its reporters.

hat tip Cnet; Rupert Murdoch image via World Economic Forum/Flickr

U.S. Defense Secretary Leon Panetta is freaked out, and for good reason. He advised America today that the country is in danger of a cyber attack that could end in civilian death.

According to the New York Times, Panetta aired his concern during a speech in New York City saying we may experience a “cyber-Pearl Harbor that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.”

Specifically, he referenced the growing potential for hacks on critical infrastructure, energy grids, and other smart devices. He mentioned derailing trains and contaminating water supplies. There’s evidence to support his concerns, starting with the Stuxnet attacks in Iran in 2010. Stuxnet infected the fueling systems of Iran’s nuclear power plants, causing them to malfunction. The malware attacked “SCADA” systems used to control infrastructure used in all different kinds of businesses including oil facilities to prisons. Indeed, researchers already believe the prison doors to maximum security prisons could be opened due to a similar attack.

Other than to warn the American public about it’s future doom, Panetta was also there to pull support for a cybersecurity bill. Panetta wants a new kind of communication between private businesses and the government sector, so that law enforcement can find out about and assess new viruses quickly.

“Attackers only need to find one weak point in any target, and every major target that Secretary Panetta is concerned about has a truly massive attack surface to check. The need for automation has gone from high to extreme – every critical organization must automate their assessment of whether their attack posture is weak,” said RedSeal Networks chief technology officer Dr. Mike Lloyd in an email to VentureBeat. “However, the Federal Government cannot defend all the private infrastructure we depend on – the banks, the power companies, the transportation infrastructure. These companies have to appreciate the threat to their shareholders and the general public, and this is why Secretary Panetta is making clear how serious the situation is.”

The U.S., according to Panetta, should be watching countries such as Russia, China, and Iran as well. This week the United States Congress Intelligence Committee issued its own warning against Chinese telecommunications vendors Huawei and ZTE stating that they couldn’t be trusted to be out of the influence of the Chinese government. The committee also urged any U.S. companies working with the two should find new partners.

Leon Panetta image via Official U.S. Navy Imagery/Flickr

Iran shut down Internet access to its oil terminals today following a cyber attack that is said to have begun on Sunday afternoon.

The Oil Ministry shut down Internet access to all of its oil facilities, operations, and rigs soon after finding the virus, dubbed “wiper”, according to an anonymous Oil Ministry employee who spoke with The New York Times. According to this individual, Iran’s oil production and exports were not affected.

The virus was responsible for some wiped hard drives within the ministry, appropriately earning its name. Related websites such as the National Iranian Oil Company and the National Iranian Gas Company were also shut down, according to the Times, though whether they were shut down by the virus or the Ministry remains unclear.

This virus isn’t the first of its kind to hit Iranian infrastructure. In 2010, a virus called Stuxnet affected Iran’s nuclear program by attacking its control system called SCADA or supervisory control and data acquisition. The SCADA system controls various processes (both hardware and software oriented) within the nuclear program, including those responsible for creating fuel for potential nuclear weapons.

“Attacks on critical infrastructure are more common than many think,” said McAfee security director Brian Contos in an e-mail to VentureBeat, “Because of a lack of disclosure in these industries, many incidents ranging from sabotage and intellectual property theft to extortion go unreported.”

Other SCADA systems, including those on U.S. soil are flagged as being vulnerable to cyber attack. John Strauchs, who owns a security consulting firm, flagged prison doors controlled by SCADA systems as a potential target. He came to the conclusion soon after receiving a call about a prison’s death-row doors popping open. In that case, the doors were triggered by a faulty wire.

via The New York Times; Oil pump image via Shutterstock

The guidelines issued on Thursday follow a rash of cyber attacks that have caused lawmakers to ask for clearer instructions on reporting cyber crimes. The guidance tells companies what they may be required to disclose.

Senator John Rockefeller asked the SEC to issue the rules amid fears that companies were failing to mention data breaches in their public filings. The SEC said that if a cyber attack occurs and leads to losses, then companies should disclose the losses, or at least estimates of what is “reasonably possible.”

“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement to Reuters.

Breaches have occurred at big companies such as Sony, Google, Lockheed Martin, Citigroup, the International Monetary Fund and others. The SEC said it will not require companies to describe how they will further protect themselves, as that may only give ammunition to criminal hackers on how to attack the companies.

Companies are on the hook for disclosing costs of fixing compromised networks, increased cyber protection costs that may include changes to personnel, lost revenues from unauthorized access to information, losses related to the failure to retain customers after an attack, litigation costs, and reputation damage after an attack.

Hacker group Anonymous plans to launch a new social network called AnonPlus where there will be “no fear of censorship,” after Google+ banned several accounts related to the group.

“As some of you know we got banned from Google+ due to some of our content,” wrote YourAnonNews in a blog post. “What we didn’t know at the time is that we were just one of a handful of Anonymous accounts that was silenced. This is the sad fact of what happens across the internet when you walk to a different beat of the drum.”

Anonymous has gained much exposure in the last year with hacker attacks on PayPal, Visa, Amazon, Bank of America, and various world governments. The group was blamed for the huge attack on Sony’s PlayStation Network but denied involvement. Anonymous also promised to continue where the notorious LulzSec hacking group left off after it made headlines attacking websites of the U.S. Senate, CIA, and games like Minecraft and EVE Online.

Google banned the YourAnonNews Google+ account, not surprisingly, after Google said the group’s posts violated its “Community Standards.” YourAnonPlus had its Gmail account shut down at the same time.

The AnonPlus social network is currently being worked on by 18 developers, according to Anonymous. However, it notes that the list of developers could change “daily if not hourly.”

“This project is not overnight and will take many of those out there who simply want a better internet,” wrote Anonymous on the holding page for AnonPlus. “We will not be stopped by those looking to troll or those willing to stop the spreading of the truth.”

Google+, which makes its users declare a first and last name, pushes transparency over anonymity. It’s no surprise a group of unnamed hackers would be kicked off. Conversely, the group has an active Twitter presence with its @YourAnonNews account, which has more than 19,000 followers.

Bernard Moon, co-founder & CEO of XS Groupe, thinks Google keeping anonymous users off Google+ is a sound strategy for early growth and building trust among users.

“I’m not sure it’s about banning anonymous people or groups that they don’t like, but it’s about keeping order and transparency,” Moon told VentureBeat via e-mail. “It’s similar to how Facebook started out with people from verified college emails and using real names. It prevents such online communities from being quickly inundated with spammers, trolls and other unwanted parasites.”

What do you think of a social network for hackers? Will it change the fabric of how we view social networking?

“Treating cyberspace as a domain means that the military needs to operate and defend its networks, and to organize, train and equip is forces to perform cyber missions,” Deputy Defense Secretary William Lynn said during a speech that accompanied the announcement at National Defense University in Washington, D.C.

Lynn admitted during the speech that 24,000 government files were stolen from military computers in March. The perpetrator was an unnamed foreign government. Lynn did not outline what types of files were stolen.

The new policies outlined today are designed to stop attacks like the one that occurred in March. The number one way the government intends to stop attacks will be to build strong defenses rather than use scare tactics.

“Just as our military organizes to defend against hostile acts from land, air and sea, we must also be prepared to respond to hostile acts in cyberspace,” Lynn said during the speech.

One of the more interesting tenents of the policies is the intent of the government to plan both public and private networks from attack. Private networks owned by important companies like banks and utility companies would ideally protect themselves but the government will said it will actively work with companies to stop hackers.

The new policy outlines working with private companies this way:

DoD has played a crucial role in building and leveraging the technological prowess of the U.S. private sector through investments in people, research, and technology. DoD will continue to embrace this spirit of entrepreneurship and work in partnership with these communities and institutions to succeed in its future cyberspace activities.

Another important tenet will be specific public-private partnerships to fight against hackers and cyber threats:

Public-private partnerships will necessarily require a balance between regulation and volunteerism, and they will be built on innovation, openness, and trust. In some cases, incentives or other measures will be necessary to promote private sector participation. DoD’s efforts must also extend beyond large corporations to small and medium-sized businesses to ensure participation and leverage innovation.

The only major concern with having the military trying to regulate and defend privately owned networks is that of privacy. If the government has access to an Internet Service Provider’s network, for example, what sort of limitations be set on what data the government is allowed to access?

Obviously there are many more issues to explore on this front, but at the very least, the government indicated today that it is taking cyber attacks more seriously and is thinking of more ways to stop them.

The expert didn’t say which country is thought to be behind the attack, but their cryptic reveal falls in line with what other security professionals are saying about it. The attack follows a string of recent high-profile security intrusions, including a breach in defense contractor Lockheed Martin’s system weeks ago, a Chinese-based phishing attack on Gmail users, and April’s attack on Sony’s PlayStation Network.

David Hawley, an IMF spokesman, confirmed that an attack took place, saying that the organization is “investigating it and the fund is completely functional.”

The IMF houses sensitive data as part of its aim to stabilize international exchange rates and help balance international trade. The organization isn’t saying what exactly was compromised in the attack, but Bloomberg’s security source says that it resulted in a “large quantity” of documents and e-mails being leaked. The attack apparently originated from within the organization via a deliberately infected PC, the BBC reports.

Given the targeted and complicated nature of the cyber attack, other security experts like Tom Kellerman, a former IMF employee, also think that it was likely the work of a foreign government. Kellerman said that the country behind the attack was trying to get a “digital insider presence” within the IMF.

For other organizations and governments, the question remains how to best protect against similar security breaches? Some experts say the only choice now is for public and private sectors to unite, reports Reuters. “We are not doing enough … every year we hope things will change but now people like me have turned cynical. It requires co-operation on a global scale,” Indian security expert Vijay Mukhi told the news agency.

We’ll be exploring the most disruptive mobile trends at our fourth annual MobileBeat 2011 conference, on July 12-13 at the Palace Hotel in San Francisco. It will focus on the rise of 4G and how it delivers the promise of true mobile computing. We’re also accepting entries for our mobile startup competition at the show. MobileBeat is co-located with our GamesBeat 2011 conference this year. To register, click on this link. Sponsors can message us at sponsors@venturebeat.com.

The arrests signal that authorities the world over are taking cyber attacks much more seriously. Just this week, the FBI said it would increase its focus on hackers and last week, the Pentagon said cyber attacks could be considered acts of war.

Spain said the arrests were made in three cities: Barcelona, Valencia, and Almeria. The first arrest targeted a 31-year-old man in Almeria some time after May 18. The police said they had also seized this man’s computer server, located in the northern city of Gijón, which was found to have executed cyber attacks.

Following this arrest, new hacker attacks targeted the websites of Spanish Parliament, the UGT trade union, and the Catalan regional police. The tracing of these attacks led to the arrest of two separate men in their early thirties in Barcelona and Valencia. The Spanish police did not indicate when exactly the arrests occurred but said they were “recent.”

Spain’s investigation into the group began last October after Spain’s Ministry of Culture website was attacked to protest legislation against illegal computer downloads. Other targets of the Spanish branch of Anonymous, according to police, included Spanish banks BBVA and Bankia, Italian energy firm ENEL, and government websites in Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand.

Anonymous is a loose collective of hackers that was formed in 2008 and has individual cells all over the world. It has attracted notoriety during the past several years with its attacks. A few weeks ago it said it planned to attack the U.S. Chamber of Commerce. Other targets have included Visa, MasterCard, Amazon, PayPal, and Bank of America.

Sony blamed Anonymous in the case of the major PlayStation Network breach, in which the network was shut down and many customers’ data stolen. Anonymous denied involvement but said it was possible that individual members could have taken action on their own.

The names of customers, account numbers, and contact information, including email addresses, were viewed in the breach. Citi told Reuters that “social security number, date of birth, card expiration date and card security code were not compromised”.

The high-profile data breach is the latest cyber attack on a major company, following attacks on Sony, Google, and Lockheed Martin. It makes you wonder just how vulnerable other companies holding your data are to similar attacks.

A Citi spokesman noted that the breach affected just 1 percent of North American card customers, which total 21 million. The bank said it would be contacting customers whose data was accessed and would implement “enhanced procedures to prevent a recurrence of this type of event.”

U.S. government officials have recently started to address cyber attacks in a more serious manner. Yesterday, FBI director Robert Mueller told Congress that the bureau plans to increase its focus on cyber attacks. The Pentagon also recently weighed in on cyber attacks and said that if a hacker attack produces “death, damage, destruction or high-level disruption that a traditional military attack would cause,” then the attack could by considered an act of war and merit retaliation by force.

Are you a Citi customer? Does this data breach make you want to switch banks?

“We will increasingly put emphasis on addressing cyber threats in all of their variations,” Mueller said today at a Senate Judiciary Committee hearing on extending his term by two years.

Mueller’s words are especially meaningful in the wake of the recent attacks on Google’s email system and major defense supplier Lockheed Martin. Hacker attacks on Sony’s PlayStation network, while not relevant to national security, have also increased public awareness of cybercrime and online threats. Mueller said the FBI will make sure “the personnel in the bureau have the equipment, the capability, the skill, the experience to address those threats.”

The Pentagon recently weighed in on cyber attacks and decided that if such an attack produces “death, damage, destruction or high-level disruption that a traditional military attack would cause,” then the attack could merit retaliation by force.

It’s good to see the Pentagon and FBI talking about cyber security on a more consistent basis and making the issue a higher priority. The last ten years have brought incredible advances in technology, but the U.S. government is considerably behind the curve at preventing potentially crippling cyber attacks.

As new types of threats consistently emerge in the digital landscape, the U.S. military has to be ready to deal with more sophisticated attacks. Cyber warfare is not covered by the Rules of Armed Conflict, which is based on a series of international treaties like the Geneva Conventions. U.S. military officials said they will use this proposal to come up with a consensus among allies.

The report specifies how cyber attacks would be evaluated:

If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a “use of force” consideration, which could merit retaliation.

The proposal will likely cause a debate over the certainty of a cyber attack’s origin and which specific types of a attack would constitute the use of force — issues the Pentagon has not yet addressed.

Frankly, I think the U.S. government and its allies are severely behind the curve on this issue. In 2008, a Pentagon computer network was breached by an attack believed to have originated in Russia. Why this hasn’t been a more pressing issue since that time is baffling to me.

The popular 2007 movie Live Free or Die Hard depicts a group of cyber terrorists attacking U.S. government computers. As silly as the movie is, it’s not hard to imagine a sophisticated group of hackers exploiting weaknesses in U.S. government systems and shutting down important services. Having a defined military response to attacks of this nature is an important step to deterring future attacks.