[ISN] ASIO chief urges business to look at IT security

From: InfoSec News (alerts@private)
Date: Fri May 23 2008 - 00:14:11 PDT


http://www.theage.com.au/news/security/asio-chief-urges-business-to-look-at-it-security/2008/05/22/1211182988498.html

The Age
May 22, 2008

Spy chief Paul O'Sullivan has urged business to assess its cyber 
security, saying individuals and nations are targeting the private 
sector in a bid to steal sensitive information.

"The widespread use of the internet in government and business presents 
opportunities for state agencies to gain covert access to information," 
Mr O'Sullivan told the Australia-Israel Chamber of Commerce in Sydney 
today.

"And a range of non-state actors - hackers, criminals and other foreign 
entities, acting independently or on behalf of groups, networks, or 
states - are engaged in nefarious cyber-activities, whether for profit, 
to cause damage, test for vulnerabilities or acquire sensitive 
information.

"Such actors are targeting business and government alike."

Mr O'Sullivan, the director-general of the Australian Security 
Intelligence Organisation (ASIO), warned the attacks were not always 
obvious.

He made particular mention of so-called trojan horse attacks where a 
seemingly innocuous piece of software is attached to an email and then 
makes its way into a computer network.

"The various IT-related devices - software, mobile phones, disks, 
thumb-drives, personal organisers, and so forth - all of which are now 
in common use - are also potential vectors for trojans.

"So it is important that you consider whether you have appropriate 
security policies covering their use, particularly as they can be easily 
inserted into your systems, sometimes quite innocuously - as gifts to 
staff, for example."

Mr O'Sullivan warned a trojan attack could potentially see large amounts 
of private information stolen from "virtually anywhere on the planet".

"A successful attack could see the loss of commercially-sensitive 
information (including) business strategies, intellectual property, 
sensitive client details, even company employee information."

ASIO runs a business liaison service and Mr O'Sullivan encouraged 
businesses to use it.

"Given the international profile of many of our major companies, we are 
also working closely with key overseas partners to pool and compare 
experiences and further refine judgments so that businesses are provided 
with consistent advice."

Mr O'Sullivan's warning comes a day after the business-government 
advisory group on national security met.

At that meeting Mr O'Sullivan provided a detailed national security 
update to leading business figures from high profile companies including 
Rio Tinto and Westfield.

Attorney-General Robert McClelland admitted earlier this year that 
classified government computer networks had been subjected to cyber 
attacks.

Copyright 2008. The Age Company Ltd


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Fri May 23 2008 - 00:35:03 PDT