Cyber wars between companies, hacker groups and governments can force entire countries to a standstill. A lone, but sophisticated, hacker can bring global organisations to their knees from just an internet café. The threat isn’t even entirely external; perhaps the greatest threat sits uncomfortably in plain sight – from inside your staff.  Arm yourself with the top cyber security titles:

CyberWar, CyberTerror, CyberCrime

This book is written by Dr Julie Mehan who is a Principal Analyst for a strategic consulting firm in the State of Virginia. She has been a Government Service employee, a strategic consultant, and an entrepreneur – which either demonstrates her flexibility or inability to hold on to a steady job! Until November 2007, she was the co-founder of a small woman-owned company focusing on secure, assured software modernization and security services. She led business operations, as well as the information technology governance and information assurance-related services, including certification and accreditation, systems security engineering process improvement, and information assurance strategic planning and programme management. During previous years, Dr Mehan delivered information assurance and security-related privacy services to senior department of defence, federal government, and commercial clients working in Italy, Australia, Canada, Belgium, and the United States.

Here are the contents of this book.

The world is becoming ever more interconnected and vulnerable, as has been demonstrated by the recent cyber attacks on Estonia. Thus the need for stringent and comprehensive methods for combating cyber crime and terror have never before been need more than now.
Information security should not be an after thought. It should be ingrained into the organisation’s culture. This book will help you create this forward thinking culture using best practices and standards.
Key Features:

• Straightforward and no-nonsense guide to using best practices and standards, such as ISO 27001, to instil a culture of information security awareness within an organisation.
• Distils key points on how to use best practices and standards to combat cyber crime and terror.
• The information within the book is presented in a straightforward and no-nonsense style, leading the reader step-by-step through the key points.

Related articles

• Silicon Valley At Front Line Of Global Cyber War
• We are sharing info with competitors to combat cyber threats, says BSkyB
• Cyber War articles from same website contradict each other.

A vicious piece of malware (known as Flame) was uncovered this week and is believed to have infected over 600 targets, be 20 times larger than Stuxnet and to have been backed by state sponsorship.
Realize the underground economy of hacking and crimeware with this handy pocket guide. It will provide you with a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.

An Introduction to Hacking & Crimeware: A Pocket Guide (eBook)

Know your enemy: An Introduction to Hacking & Crimeware is a comprehensive guide to the most recent and the more serious threats. Knowing about these threats will help you understand how to ensure that your computer systems are protected and that your business is safe, enabling you to focus on your core activities.

Fighting back
In this pocket guide, the author:

• defines exactly what crimeware is – both intentional and unintentional – and gives specific, up-to-date examples to help you identify the risks and protect your business
• explores the increasing use of COTS tools as hacking tools, exposing the enemy’s tactics gives practical suggestions as to how you can fight back
• provides a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.

By Paul C Dwyer

“Tis the season to get scammed!”

Phishing Scams: PCD Says “Beware of emails that appear to be from charities. Not all will be real and bogus sites could steal your credit card details. These “Phishing” emails can also pretend to be banks, telephone companies and even the revenue commissioners. There is even now a category of “recession based” scams which involve targeting consumers with products such as pre approved loans etc. There is also an increase in “Smishing” attacks, that is phishing messages sent out by text.”

PBX / Telephone Fraud: PCD Says “This is the time of year when SME’s and indeed large enterprises phone systems often get hacked. Hackers penetrate the phone system and can reroute Euro 1,000’s of calls through the companies phone system. The criminals often sell call cards openly in markets and on the streets which operate off these hacked phone systems. The first the company know about it is when they return after Christmas to a massive phone bill. Consider having a security audit on your phone system.”

Free iPad’s: PCD Says “Offers of free iPads and similar gadgets are included in most cyber scams lists at the moment. Victims are often requested to participate in some sort of basic quiz or supply their mobile telephone number. In many cases their mobile phone is then “subscribed” to some sort of service that costs Euro X per week.”

Fake Delivery Services Invoices: PCD Says “Over the Christmas period, cyber criminals will email fake invoices and delivery notifications appearing to come from legitimate courier companies. The emails will indicate that they were unable to deliver a package to your address and of course ask you to confirm your address and provide credit card details pay for delivery.”

Smartphone App Scam: PCD Says “Malicious spyware is disguised in a game or an application, which is then marketed to users. If downloaded, the malware steals data from the phone, such as passwords and financial details. Always check a developer is legitimate and review comments regarding the app.”

Fake Goods: PCD Says “Don’t be stupid, if the offers looks too good to be true it probably is. Beware of imitation goods for sale, most are sub standard, many are dangerous and in some cases lethal. Be especially careful when buying computers good such as laptops etc, we have come across a number “preloaded” with key logging software. There are also lots of fake auctions and classified ad sites appear that over Christmas, make sure you are dealing with a genuine business.”

Social Networking Friend Requests: PCD Says “Scammers take advantage of this social time of year by sending out authentic looking friend requests via email. You should not click on the links in the email but sign into your social networking site and look there for friend requests. If you click on a link it could install malware on your computer. Beware of related scams such as “Help I’ve been Mugged!”, this is when you receive a fake distress message from someone in your network requesting money as they have been robbed whilst traveling.”

Fake Christmas Cards: PCD Says “Be careful if clicking on a Christmas E-card or Gift Cards. This method is used to install Malware and other bad stuff. Many E-cards look genuine and authentic so be very careful when considering click on them. If you use an E-Card service obviously make sure it is a reputable one.”

PC Support Fraud: PCD Says “Criminals will attempt to gain access to your computer by calling up and saying you have a problem with your computer. They often claim to be from large legitimate corporations and will either ask for a payment to fix your computer or ask you to download a software patch. In the first case they will steal your credit cards details and in the second instance they will infect your machine with spyware or malware that will provides access to your machine bandwidth to support other attacks.”

Social Network Virus: PCD Says “This is very basic and involves a friend posting a link on your social network wall page or in the status update. This gives the impression that the site is a safe site to visit. However, in some cases it is the result of malware and could result in the download of viruses on your machine.”

Shopping smart and avoid scams: financial literacy during the holiday season: hearing before the Committee on Banking, Housing

The Ghost in the Wires is a well written and captivating tale of Kevin Mitnick which tells his story of how artfully he used social engineering time and again as a first step for some of his famous hacks. During his social engineering hacks how he became an absolute authority on subject at hand and got the trust of a person on phone in just a matter of minutes.

“When you use social engineering, or “pretexting,” you become an actor playing a role. I had heard people try to pretext and knew it could be painfully funny. Not everybody could go on stage and convince an audience; not everybody could pretext and get away with it.”

Per Kevin what he likes about the best of Ghost in The Wires is his life story because it’s kind of like a Catch Me If You Can version for a computer hacker. What is unique about it that it is a true story. People really seem to like it.

Ghost in the wires have been on the New York Times best seller list for a month so far. the only hacking book that made the bestseller list was a book called The Cuckoo’s Egg by Cliff Stoll.

Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

Audiobook Chapter:

Alex O’Donnell and the 40 CyberThieves

sfchronicle.com by Marcus Chan

Social Security numbers and other personal information have been popular targets by cyber crooks. But a new report says thieves have shifted their focus to corporate data such as trade secrets and marketing plans, making it the “new currency” of the underworld economy.

The report, based on a global survey of more than 1,000 senior IT workers, follows recent headlines of hacker attacks on Nasdaq OMX Group, RSA Security and energy companies.

When it comes to these targeted attacks, many companies have taken the approach that “it won’t happen to us, and if it does, we’ll just pay for it then,” said Simon Hunt, a vice president and chief technology officer at McAfee, which is based in Santa Clara. “What’s become evident over the past year is that it’s happening more than people expected.”

McAfee, which sells cyber security products and services, authored the study with SAIC, a scientific and engineering company that works with national security agencies.

The potentially bigger payday from selling stolen proprietary data, along with the trend of businesses putting more of their information in the cloud, have made intellectual capital a bigger target, the report said.

To illustrate the impact of these targeted attacks, the report noted how a quarter of the companies said a data breach – or the serious threat of one – caused them to either stop or delay a merger and acquisition or a new product rollout.

The survey also found that when an organization suffers a data breach or loss, only 3 out of 10 report all such instances to government agencies or authorities, or stockholders. About 6 out of 10 “pick and choose” the incidents they report.

“Companies certainly aren’t doing all the reporting they should or that I think most people would like them to,” said Scott Aken, vice president for cyber operations at SAIC.

Businesses are also “generally trying to store their data in locations where they’re offered the best ability to pick and choose whether they have to notify (about) a breach or not,” he added. “Some countries’ laws are set up in such a way that maybe they don’t have to report.”

Further obscuring the full picture of data theft is the fact that many companies may not even realize they’ve been breached.

“Malware is really clever, hides itself well and is hard to detect,” said Fred Rica, a security expert and principal at PricewaterhouseCoopers. “We still see a lot of clients where we find evidence of a breach on their network, but they just didn’t know.”

Rica also said that amid cyber criminals’ efforts to steal intellectual capital, he’s still seeing a huge amount of personally identifiable information, such as credit card numbers, being stolen.

Among the report’s other findings:

— Lost or breached data cost companies more than $1.2 million on average. That compares to less than $700,000 in 2008, when a similar study was done.

— In the United States, China and India, organizations are spending more than $1 million a week on protecting sensitive data abroad.

— Employees’ lack of compliance with internal security policies was considered the greatest challenge to securing information.

As for the outlook, Aken of SAIC expects to see more of these sophisticated attacks.

“We’ll continue to see very well-coordinated attacks against big companies that have good security postures in place,” he said.