Similar Posts
HELSINKI – A fibre optic communications cable linking Finland and Germany along the seabed has stopped working and may have been severed by an outside force, Finnish state-controlled cyber security and telecoms network company Cinia said on Monday.
The 1,200 km (745 miles) C-Lion1 cable running through the Baltic Sea from Finland’s capital Helsinki to the German port of Rostock malfunctioned just after 0200 GMT, the company said.
The sudden outage implied that the cable was completely severed by an outside force, although a physical inspection has not yet been conducted, Cinia’s Chief Executive Ari-Jussi Knaapila told a press conference.
The damage occurred near the southern tip of Sweden’s Oland island and could typically take between five and 15 days to repair, he added.
Cinia said it was working with authorities to investigate the incident.
Last year a subsea gas pipeline and several telecoms cables running along the bottom of the Baltic Sea were severely damaged in an incident raising alarm bells in the region.
Finnish police investigating the 2023 case have named a Chinese container ship believed to have dragged its anchor as a prime suspect, but have not said whether the damage was believed to be accidental or done with intention.
In 2022 the Nord Stream gas pipelines linking Russia to Germany in the Baltic Sea were destroyed by explosions in a case that remains under investigation by German authorities. REUTERS
SINGAPORE– The Cyber Security Agency (CSA) is starting a study aimed at raising the productivity and professionalism of cyber-security workers.
It may result in an outline of the competencies required of chief information security officers – known by the acronym Cisos – and their teams of security executives who are in high demand, given their key role amid surging cyber attacks.
Ms Veronica Tan, CSA’s director at safer cyberspace division, told The Straits Times: “For organisations, clarity in standards and desired skills at various roles will mean greater improvements in workforce competency and productivity.”
The study will involve industry players, training institutions and certification bodies, she added.
CSA’s plan comes as companies warm to the idea of designated cyber-security personnel, but sometimes find themselves hindered by limited budgets and a shortage of skilled talent.
Mr Nyan Yun Zaw, the first Ciso at Singapore cyber security advisory firm Athena Dynamics, said: “The industry turnover rate for Cisos is unfortunately pretty high because it is a highly challenging and stressful job.
“When the organisation faces a security incident, this is the first person everyone looks to.”
Chief information security officer, a title that arose up in the 1990s after Citibank appointed one following a cyber attack, have risen in prominence in recent years as some countries made mandatory disclosures of material cyber breaches or attacks.
There have also been high-profile cases of criminal charges taken against such officers, such as at Uber and SolarWinds.
Mr Zaw took on the job at Athena Dynamics just over a year ago when his company expanded it beyond IT infrastructure and support.
His background was a string of roles ranging from engineering, cyber security, programming, to business development and sales in the firm since its set-up in 2014.
He added to his expertise by becoming a Certified Information Systems Security Professional, a label granted by the International Information System Security Certification Consortium, also known as ISC2.
He said: “We felt that there is a need to have a dedicated Ciso since we are also part of a listed company.”
Cisos spend their time securing their companies’ assets, learning new threats and technologies, and working with cross-functional teams, he said.
He added: “Ciso is a management position, so it is important for a Ciso to be knowledgeable in various aspects of cyber ranging from governance, risk and compliance to network security architectures.”
In the 12 months leading up to September, job portal Indeed recorded 48 per cent of its postings in Singapore seeking communication skills in cyber security leaders, compared to 38 per cent specifying expertise in IT, and 16 per cent in information security.
Around the same time, the number of postings for such roles on its portal dropped 36 per cent, suggesting that firms might be filling positions through internal promotions or team restructuring, said Mr Saumitra Chand, Indeed’s career expert.
“This decline may be due to the demanding nature of leadership positions like Cisos, which require high levels of expertise and specialisation,” he said.
To help small and medium-sized enterprises (SMEs) or non-profit organisations that cannot afford designated security personnel, CSA launched its CISO-as-a-Service (CISOaaS) scheme in February 2023.
It has received about 200 applications so far.
Organisations tapping the scheme can use CSA’s panel of 19 vendors to audit their cyber health and guide them to attain CSA’s Cyber Essentials and Cyber Trust marks, with up to 70 per cent subsidies.
CSA is planning updates to the two marks to reflect new risks in cloud, operational technology and Artificial Intelligence (AI), said Ms Tan.
Digital agency Digipixel, which has used CISOaaS, said achieving both trust marks helped it gain trust from customers.
Its director, Mr Leon Tan, said: “Pooled services can sometimes lack industry-specific context, but our collaboration with CSA has been a productive exchange.”
Mr Dave Gurbani, chief executive at CyberSafe, an appointed vendor, said: “We start by conducting a cyber-security health plan, like a doctor’s check-up.”
The firm then helps its mostly SME clients work through their internal controls, configurations, policies, and training to pass the audits for CSA’s marks.
“Many SMEs still think of cyber security in terms of anti-virus tools or maybe a firewall. To put it simply, that’s like thinking you’re ready for the day just because you have your socks and shoes on,” Mr Gurbani said.
Gaps that frequently show up include outdated systems, misconfigurations from third-party vendors, and weak access controls like shared passwords and lack of Multi-Factor Authentication.
“Without guidance, these vulnerabilities can be hard to recognise and fix,” Mr Gurbani added.
Another vendor, Momentum Z, takes firms calling on the CISOaaS service through a three-pronged assessment of employees’ cyber-security basics, company’s processes and policies, and cyber-security infrastructure such as firewall, antivirus, back-up data use and endpoint security.
Chief executive Shane Chiang said he has had clients that have not changed passwords for six years, or who had been granting external vendors remote access to their network with no inkling.
He said: “’Clients are often surprised to learn the vulnerabilities in their systems, which reinforces the importance of having a Ciso to bring structure and foresight into cyber security.”
CSA’s 2023 cyber security health survey released in March noted that only one in three organisations have fully implemented at least three of CSA’s five categories of recommended measures.
More organisations need help with knowing what data they have, where the data is stored and how to secure the data, CSA’s Ms Tan said. Businesses are also weak at safeguarding their systems and networks against malicious software, as well as guarding access to data and services.
She urged more organisations to tap CSA’s tools to up their game, adding: “Unless all essential measures are adopted, organisations are still exposed to unnecessary cyber risks, especially as they accelerate digitalisation and adopt fast-evolving technologies such as AI.
“Partial adoption of measures is inadequate.”
WASHINGTON – The woman who dubbed herself the “Crocodile of Wall Street” and “Razzlekhan” in rap videos was ordered to serve 18 months behind bars for helping her hacker husband launder cryptocurrency he stole from the Bitfinex exchange.
Heather Morgan, 34, was sentenced on Nov 18 in Washington federal court. Last week, her husband, Ilya Lichtenstein, got five years in prison for his role in the scheme, which stemmed from his 2016 hack of the exchange and the theft of Bitcoin currently worth billions of dollars. Both pleaded guilty last year.
Morgan wasn’t involved in the hack, and her husband said he recruited her to help hide the loot he’d stolen. They could have faced more prison time, but he agreed to aid the United States in other crypto prosecutions and she persuaded him to cooperate with the authorities.
The Verge, which called her “crypto’s most embarrassing rapper”, said she made crypto-themed rap videos under the name Razzlekhan. The whole story is expected to be immortalized in a Netflix documentary series and a film called Dutch & Razzlekhan, the tech news website said.
According to prosecutors, Morgan and Lichtenstein engaged in complex money-laundering techniques, including creating accounts under fictitious identities, moving the stolen proceeds in small amounts, and breaking up the trail of transactions by depositing and withdrawing funds from crypto exchanges and darknet markets. They purchased nonfungible tokens, gold and Walmart gift cards, court records show.
At the time of the hack, the stolen Bitcoin was worth about US$71 million (S$95 million). Now it’s valued in the billions of dollars as the price of Bitcoin has surged from US$580 to more than US$90,000. The couple laundered 21 per cent of what was stolen in the Bitfinex hack, according to the government. BLOOMBERG
“Singapore Issues New Guidelines to Protect Businesses from AI Security Risks”
SINGAPORE – Rogue chatbots that spew lies or racial slurs may be just the beginning, as maliciously coded free chatbot models blindly used by businesses could unintentionally expose sensitive data or result in a security breach.
In new guidelines published on Oct 15, Singapore’s Cyber Security Agency (CSA) pointed out these dangers amid the artificial intelligence (AI) gold rush, and urged businesses to test what they plan to install rigorously and regularly.
This is especially crucial for firms that deploy chatbots used by the public, or those linked to confidential customer data.
Frequent system tests can help weed out threats like prompt injection attacks, where text is crafted to manipulate a chatbot into revealing sensitive information from linked systems, according to the newly published Guidelines on Securing AI Systems .
The guidelines aim to help businesses identify and mitigate the risks of AI to deploy them securely. The more AI systems are linked to business operations, the more they should be secured.
Announcing the guidelines at the annual Singapore International Cyber Week (SICW) at the Sands Expo and Convention Centre on Oct 15, Senior Minister and Coordinating Minister for National Security Teo Chee Hean said the manual gives organisations an opportunity to prepare for AI-related cyber-security risks while the technology continues to develop.
Mr Teo said in his opening address that managing the risks that come with emerging technology like AI is an important step to build trust in the digital domain. He urged the audience to learn lessons from the rapid rise of the internet.
“When the internet first emerged, there was a belief that the ready access to information would lead to a flowering of ideas and the flourishing of debate. But the internet is no longer seen as an unmitigated good,” he said, adding that there is widespread recognition that it has become a source of disinformation, division and danger.
“Countries now recognise the need to go beyond protecting digital system to also protecting their own societies,” he said. “We should not repeat these mistakes with new technologies that are now emerging.”
The ninth edition of the conference is being held between Oct 14 and 17 and features keynotes and discussion panels by policymakers, tech professionals and experts.
AI owners are expected to oversee the security of AI systems from development, deployment to disposal, according to CSA’s guidelines, which do not address the misuse of AI in cyber attacks or disinformation.
In a statement released on Oct 15, CSA said: “While AI offers significant benefits for the economy and society… AI systems can be vulnerable to adversarial attacks, where malicious actors intentionally manipulate or deceive the AI system.”
Organisations using AI systems should consider more frequent risk assessments than with conventional systems to ensure tighter auditing of machine learning systems.
WASHINGTON – A U.S. Senate Judiciary subcommittee overseeing technology issues will hold a hearing Tuesday on Chinese hacking incidents, including a recent incident involving American telecom companies.
The hearing to be chaired by Senator Richard Blumenthal will review the threats “Chinese hacking and influence pose to our democracy, national security, and economy,” his office said, adding the senator plans “to raise concerns about Elon Musk’s potential conflicts of interest with China as Mr. Musk becomes increasingly involved in government affairs.”
Musk, the head of electric car company Tesla, social media platform X and rocket company SpaceX, emerged during the election campaign as a major supporter of U.S. President-elect Donald Trump. Trump appointed him as co-head of a newly created Department of Government Efficiency to “slash excess regulations, cut wasteful expenditures, and restructure Federal Agencies.”
Musk, who was in China in April and reportedly proposed testing Tesla’s advanced driver-assistance package in China by deploying it in robotaxis, did not immediately to requests for comment.
The hearing will include CrowdStrike Senior Vice President Adam Meyers and Telecommunications Industry Association CEO David Stehlin, Strategy Risks CEO Isaac Stone Fish and Sam Bresnick, research fellow at the Center for Security and Emerging Technology at Georgetown University,
Last week, U.S. authorities said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking in to an unspecified number of telecom companies, U.S. authorities said on Wednesday.
The hackers compromised the networks of “multiple telecommunications companies” and stole U.S. customer call records and communications from “a limited number of individuals who are primarily involved in government or political activity,” according to a joint statement released by the FBI and the U.S. cyber watchdog agency CISA.
The announcement confirmed the broad outlines of previous media reports that Chinese hackers were believed to have opened a back door into the interception systems used by law enforcement to surveil Americans’ telecommunications.
It follows reports Chinese hackers targeted telephones belonging to then-presidential and vice presidential candidates Donald Trump and JD Vance, along with other senior political figures, raised widespread concern over the security of U.S. telecommunications infrastructure.
Beijing has repeatedly denied claims by the U.S. government and others that it has used hackers to break into foreign computer systems.
Last month, a bipartisan group of U.S. lawmakers asked AT&T, Verizon Communications and Lumen Technologies to answer questions about the reporting hacking of the networks of U.S. broadband providers. REUTERS
WASHINGTON – The mastermind behind one of the biggest-ever Bitcoin heists was ordered to serve five years in prison for conspiring with his social-media rapper wife to launder money he stole by hacking into the Bitfinex exchange and grabbing cryptoassets now worth billions of dollars.
Ilya “Dutch” Lichtenstein was sentenced in Washington on Nov 14, after he and his wife, Heather Morgan, pleaded guilty last year in a scheme to hide proceeds from the 2016 hack. Morgan, known as “Razzlekhan” in her rap videos, will be sentenced Nov 18. The government recommended an 18-month sentence for her.
Lichtenstein, 37, faced as long as 20 years behind bars. But the government cited his substantial assistance that “has benefited numerous investigations.” The Bitfinex hack resulted in the theft of 119,754 Bitcoin worth about US$71 million (S$23 million) at the time. But since then, the token has surged from US$580 in 2016 to more than US$90,000 this week, boosting the value of the assets to billions.
“This is so massive, it is not comparable to other crypto crimes” based on its scale and complexity, US District Judge Colleen Kollar-Kotelly said before sentencing. Lichtenstein carried out his scheme over several years, which undermines defense claims that his actions were “impulsive,” the judge said.
Lichtenstein, a “highly skilled computer expert,” used several hacking techniques to gain access to the Bitfinex network, and then, in August 2016, fraudulently authorised more than 2,000 transactions to move Bitcoin to a cryptocurrency wallet he controlled, the government said.
He and his wife used sophisticated and meticulous money-laundering techniques to hide the stolen proceeds, including setting up accounts under fictitious identities, moving funds in small amounts, and breaking up the trail of transactions by depositing and withdrawing funds from crypto exchanges and darknet markets. They bought nonfungible tokens, gold and Walmart gift cards, according to the government.
Lichtenstein “became one of the greatest money launderers that the government has encountered in the cryptocurrency space,” prosecutors wrote in an October sentencing memo. “If the defendant were to take what he has learned from this prosecution and incorporate it into a future money laundering scheme, he would be even better-equipped to conceal his activity while monetizing his crimes,” they wrote.
Since his plea last year, Lichtenstein has assisted the government in other criminal cases, including as a government witness in a money-laundering trial involving a mixing service called Bitcoin Fog.
Other hacks
While Lichtenstein had no official criminal history before his arrest in 2022, the Bitfinex hack wasn’t his first, the government said. As a juvenile, he experimented with hacking and financial fraud, and around 2015, he illegally transferred a small amount of PayCoin, an alternative form of virtual currency, prosecutors said. The following year, he stole about US$200,000 from a virtual currency exchange, the government said.
But he also worked in legitimate businesses. While in college, Lichtenstein ran a digital marketing agency from his dorm, and after graduation, a software company he co-founded grew to 30 employees, the government said.
“His decision to use his skills for criminal ends is thus particularly disappointing, but it gives hope for continued successful rehabilitation,” prosecutors said in the sentencing memo.
Morgan attended her husband’s sentencing, along with Lichtenstein’s family. Lichtenstein expressed remorse to the judge and pledged that he would use his skills to help with cybersecurity. “I can make a real difference in the fight against cybercrime,” he said.
He asked that his wife avoid prison time. “Heather is only involved in this case because of me,” he said. BLOOMBERG