News

Fending off cyber attacks as important as combatting terrorism, says new GCHQ chief

12th October 2017

Keeping the UK safe from cyber attacks is now as important as fighting terrorism, the new GCHQ boss has said on the 9th October 2017.

Jeremy Fleming, director of the signals intelligence service, said increased funding for GCHQ was being spent on making it a “cyber-organisation” as much as an intelligence and counter-terrorism unit.

Fleming, who joined GCHQ from the security service (MI5) earlier this year, told The Telegraph: “If GCHQ is to continue to help keep the country safe as we prepare for our second century, then protecting the digital homeland – keeping our citizens safe and free online – must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism.”

The UK’s National Cyber Security Centre said last week that there had been 590 “significant” cyber attacks needing a national response in the last year, as previously reported. This included the WannaCry ransomware outbreak that disrupted the operations of several NHS trusts back in May and attacks on parliamentary email systems in June, among others.

Fleming’s take on the importance of cybersecurity are the most extensive public comments he has made since leaving MI5 to head up GCHQ, but they shouldn’t be confused as a significant shift in priorities or policies by the UK government. For example, the government reaffirmed cyber as a tier-one threat in its 2015 National Security Strategy (PDF, page 13) and has committed to spending £1.9bn between 2016 and 2021 on updating this. Cyber has been treated as a tier-one threat since the 2010 defence review. ®

HACKING AND COUNTER-HACKING

‘Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits’

Updated The brouhaha over Russian spies using Kaspersky antivirus to steal NSA exploits from a staffer’s home PC took an explosive turn on Tuesday.

Essentially, it is now claimed Israeli spies hacked into Kaspersky’s backend systems only to find Russian snoops secretly and silently using the software as a global search engine. Kremlin agents were observed in real-time sweeping computers worldwide for American cyber-weapons, and then extracting any matching files. The Russians, it is claimed, hacked Kaspersky’s servers to harvest any suspicious data flagged up by the antivirus that matched known codenames for American software exploits.

In short, Kaspersky’s code, installed on millions of computers around the planet, was being used as a global searchable spying tool by the Russian government, it is alleged. It also means US intelligence insiders, by revealing all of this to the New York Times this week, have blown the lid on details of a highly sensitive Israeli operation.

“The role of Israeli intelligence in uncovering [the Kaspersky] breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed,” the NYT reported. For good reason: the disclosure means someone in the US intelligence community is prepared to leak against – and put an abrupt end to – an Israeli operation known to America because Israel trusted its intelligence pals.

As we noted last week, antivirus packages can pose a huge risk to organizations, not least the NSA, because if a scan of someone’s computer yields something that looks like a threat, such as a freshly developed exploit or piece of spyware, it’s uploaded to the AV vendor’s cloud for analysis.

If an attacker were able to infiltrate those backend systems, with or without cooperation, they would be able to rifle through collected sensitive documents and snatch copies of any samples. In this case, the Russians were apparently hunting for America’s exploits to, presumably, wield them against corporations and government agencies in the West and beyond, and shore up their IT defenses to thwart the cyber-weapons.

That remains speculative, of course. Tait again:

er-security expert Matt “Pwn All The Things” Tait put it:

The New York Times didn’t identify exactly what information was exfiltrated by the Russians, but it claims the Kremlin’s access into Kaspersky was maintained for two years. Indeed, in 2015, Kaspersky said it detected sophisticated cyber-espionage code within its corporate network, and publicly wrote about it although did not name Israel as the culprit. Back then, Kaspersky was infected by the Duqu 2.0 spyware, which was related to the American-Israeli-developed Stuxnet malware that got into the Iranian government’s nuclear weapons labs in 2010 and knackered its uranium centrifuges.

While digging around inside Kaspersky’s systems, the Israeli were looking for the Moscow-based business’s research into the NSA and the UK’s counterparts, GCHQ. After spotting Kremlin agents, the Israelis tipped off the NSA. And now that’s all over the news.

Unsurprisingly, Kaspersky Labs founder Eugene Kaspersky denies the substance of the NYT article:

In the light of the ongoing scandal, it’s hardly surprising that security vendors are taking a long, hard look at their code review policies – particularly any code that government agents can examine for exploitable bugs to use remotely against customers.

Symantec was the first to jump, with its CEO Greg Clark telling Reutersthis week it will no longer let governments inspect its source code. Clark said: “Saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’” poses an unacceptable risk to customers.

HACKERS STEAL 30GB OF AUSSIE DEFENSE PLANS

According to the website https://www.infosecurity-magazine.com/news/hackers-steal-30gb-of-aussie, the hackers are on the rampage. Australia has been hit hard. Read the following.

Some 30GB of commercially sensitive data on Australia’s defense program was stolen in an “extensive and extreme” cyber-attack on a government contractor, it has emerged.

The attack happened in July last year but spy agency the Australian Signals Directorate (ASD) didn’t become aware of a breach until November.

The data was unclassified and the Australian government has been keen to emphasize that national security was not at risk.

“I’m sure there is work being done on finding out who did it,” said defence minister Christopher Pyne, according to broadcaster ABC. “It could be a number of different actors, it could be a state actor, a non-state actor, it could’ve been someone who was working for another company.”

The stolen data apparently included info on the F-35 Joint Strike Fighter, P-8 Poseidon surveillance aircraft and C-130 transport plane, as well as details on a few Australian naval vessels.

The threat actor, codenamed “Alf” after a popular character from Aussie TV soap Home and Away, is said to have accessed “pretty much every server” and was able to read emails of the chief engineer and a contracting engineer at the breached aerospace firm.

That firm apparently had just one IT professional managing the entire function, among a total staff roster of only 50.

The attacker is said to have exploited a software vulnerability that hadn’t been patched for 12 months, although the firm’s web portal was also accessible using the username-password combinations “admin admin” and “guest guest”.

Paul German, CEO of Certes Networks, argued that the industry needs to rethink security as breach detection times still aren’t falling fast enough.

“We need to decouple security from infrastructure and adopt a ‘zero trust’ security model: to achieve access, a user needs to both see an application and be permitted to use it,” he added.

“Taking this model and securing it with cryptographic segmentation allows an organization to embrace zero trust irrespective of infrastructure, of data center locations, new cloud deployments, and / or the desire of workers to hang out in the local coffee shop.”

SIA KEYHOLDING ACCREDITATION

6th October 2017

We are pleased to inform our numerous clients that Guarding Professionals Limited has received accreditation from the SIA to offer keyholding services to its numerous clients across the South of England. This means that we are now in a position to hold keys, respond to alarm and conduct mobile patrol services on properties of clients who do not want static guarding services.

With a good number of mobile patrol vehicles on the road, you can be confident that we are able to response quickly when the alarm on your premises is activated. Our mobile patrol drivers can also conduct regular patrols on your premises if required.

 

EQUIFAX DATA BREACH- ARE YOU AFFECTED?

5th October 2017

What will be your reaction if your physical space has been invaded or your privacy compromised? I have no doubt you will go berserk. Each one of us as much as possible tries to protect whatever property we have.

It is a fact that the world has gone digital and we conduct our lives in the digital world and consequently we lose the power to be able to protect our most valuable property being our data (identity, address, date of birth, bank account details etc) as this power is entrusted to third parties.

Unfortunately, things go wrong, and when they do it is on a gargantuan scale. One only needs to read the news item of Equifax data breach and it will all come home what one means by data breach http://www.wired.co.uk/article/equifax-credit-data-breach-uk-security.

This is why we have partnered with Perceptive IT (a company specialising in IT security), to help our clients protect their most valuable assets from hackers. From this month onwards, we will offer free advice to our clients who need advice as to how they can protect themselves from “thieves” stealing their data.

TAKEOVER OF S&E SECURITY LTD

 

We are delighted to announce that we have concluded the takeover of S&E Security Limited. S&E is a security services company specialising in Key Holding, Alarm Response and Mobile Patrol services based in South West of England. The company currently offers its services to clients in the Bristol and Bath areas as well as South Gloucestershire, South West Wiltshire, North Somerset and South East Wales.

As part of the agreement, Mr Clive Smith (MD of S&E) and other key personnel of S&E have joined Guarding Professionals Limited. Clive brings many years of experience in the security industry, having been involved in providing Mobile Patrol services in the areas listed above since 1995, and he is a welcome addition to the management team of Guarding Professionals Limited.

As an Approved Contractor with the SIA for Key Holding, Alarm Response and Mobile Patrols Guarding Professionals Limited is now able to provide its clients, in the aforementioned areas and beyond, with highly trained staff that can deliver an excellent standard of service at a highly competitive rate.

New Website Launch

5th August 2015

WELCOME TO GUARDING PROFESSIONALS WEBSITE

Guarding Professionals Ltd is a Facilities Management Company which provides integrated security solutions and cleaning services to businesses nationwide. Our security services include manned/static guarding, store detectives, mystery shoppers, covert work and bringing cutting edge technology to the market place. Our current range of products includes remote monitoring systems – the new and smarter way to monitor CCTV to secure assets and business and biometric access control systems for organisations such as offices and cash rooms. Our products can be integrated into any existing access control systems whether it be doors, turnstiles, parking gates, or other barriers or CCTV. We can also configure our products to manage time and attendance and inventory tracking.

The company has achieved Approved Contractor Status (ACS), ISO 9001,  ISO14001 and SafeContractor is registered