Month: febbraio 2014

Brazil World Cup: hackers target official websites

World Cup

‘Fast, damaging and relatively simple’ techniques will be used to crash Fifa and sponsor’s sites, say activists


ONLINE activists in Brazil have said they plan to target this summer’s World Cup tournament with a series of digital attacks.

Websites belonging to Fifa, the Brazilian government and corporate sponsors and organisers will come under attack from a group linked to Anonymous, according to the BBC

In 2008, Anonymous was responsible for shutting down both Visa and MasterCard websites after the companies refused to process donations to Wikileaks.
Brazil’s overstretched digital networks, widespread reliance on pirated software and relatively low investment in online security make it an easy target, experts say.

“It’s not a question of whether the Cup will be targeted, but when,” said William Beer, a cyber security expert with the consultancy firm, Alvarez & Marsal.

One activist who calls himself Che Commodore told Reuters that he would launch “denial of service” attacks, which would block access to targeted websites. “It’s fast, damaging and relatively simple to carry out,” he said.

Another said the group is “already making plans” for an attack. He said: “I don’t think there is much they can do to stop us.”

But Brazilian authorities have said they will be ready to combat attacks.

The army’s head of cyber-command, General Jose Carlos dos Santos, told Reuters: “It would be reckless for any nation to say it’s 100 per cent prepared for a threat … but Brazil is prepared to respond to the most likely cyber-threats.” · 

For further concise, balanced comment and analysis on the week’s news, try The Week magazine. Subscribe today and get 6 issues completely free.

Read more:

How emails can be used to track your location and how to stop it

Join thousands of others, and sign up for Naked Security’s newsletter

Don’t show me this again

by Lisa Vaas on February 27, 2014 | 11 Comments

A new, free Google Chrome browser extension called Streak lets email senders using Google accounts see when recipients open email.

And, oh my, it also lets senders see who, exactly, opened the email, and where the recipient is located.

The extension, part of a customer relationship management (CRM) system that includes tools for sales, support and hiring, places email recipients on a map, with big red dots indicating their locations. It also gives users real-time location updates.


Streak is a bit creepy. But it’s not, of course, “changing the email game”, as has been somewhat breathlessly claimed.

Streak may well be in the business of giving marketers the ability to eyeball our whereabouts and our email-opening schedules, but it certainly didn’t invent email tracking – not by a long shot.

Email tracking is already used by individuals, email marketers, spammers and phishers to understand where people are, validate email addresses, verify that emails are actually read by recipients, find out if they were forwarded and discover if a given email has made it past spam filters.

The bad news is that if you’re thinking that you can just avoid installing Streak if you don’t want marketers, creeps, phishers and spammers to see when and where you opened your email, so sorry to tell you, but that’s just an irrational thought coming from la-la land.

You know that place, right? It’s the place where opt-in is the norm.

In the place where we all actually live, recipients don’t have to install anything for email tracking to work and nor will they know if their locations and email openings are being tracked.

It’s easy as pie – just sit back, open email as usual, and the email trackers will churn their wheels, no recipient involvement required.

Thankfully it’s not all bad news.

Gmail icon and green eyeBecause email is actually quite simple, there are only a very small number of techniques that systems like Streak can use to track you – and they’re easy for you to disrupt.

Emails are fundamentally inert (in the vernacular they are not executable) so they can’t make your computer run code.

For an email to pull off something like tracking it needs considerable cooperation from your email client and, since you control your email client, that puts you in the driving seat.

Somebody who wants to track you can do two things; they can either send an email with a read receipt, or they can send an email with an embedded image (sometimes referred to as a bug or beacon).

Read receipt requests are included in an email’s meta data (its headers). Because the meta data is passive it amounts to no more than a plea to your email software to please ask for a read receipt.

Different email clients don’t agree on what a read receipt header should look like so there’s no guarantee your read receipt will even be recognised as one.

If it is recognised then, overwhelmingly, email clients will prompt users and ask if they want to let the sender know that they’ve read the email. It’s not a great technique for email marketeers trying to keep your tracking secret.

You are much more likely to be tracked by embedded images.

A tracking email has to be written in HTML. This allows it to reference an image on a remote server owned by the sender (this part isn’t underhand, it’s just how HTML works).

When the email is opened, the email software loads the image from the remote server by sending it an HTTP request.

A spammer or marketeer sending a mass mailing can choose to give each email an image with a unique URL so they can tell which recipients have opened their emails.

Like all HTTP requests, the one sent by your email software will contain your IP address. Because IP addresses are allocated geographically, that’s tantamount to providing location data accurate to what city you’re in.

The HTTP request will also contain a user-agent header which provides a brief description of your browser and operating system.

So, from one embedded image systems like Streak can determine:

  • Who opened their email
  • What time the email was opened
  • Where it was opened
  • What sort of device it was opened on

The answer to protecting yourself from this kind of tracking is straightforward – don’t load the images.

You can do this by forcing all your email to render as plain text or by allowing it to render HTML without images.

Most email clients are well disposed to help you with this and will actually do the latter by default, giving you the option to download the images if you decide you want them.

The most notable exception to this is Gmail which loads remote content automatically unless you take back control of your images.

For your part you need only understand that loading images in emails means “tell the sender you’ve just opened their email and you’d like them to send you the rest of the message”.

So, if you don’t trust marketers and stalkers with your location and email-reading schedule, it’s time to take back remote content loading.

Below are instructions on how to switch off image loading in seven of the most popular email clients:

iOS Mail

  1. Click the Settings icon
  2. Click Mail, Contacts, and Calendars
  3. Toggle Load Remote Images to off.

Outlook (Desktop)

  1. Click the Tools menu
  2. Click Trust Center
  3. Click Automatic Download
  4. Check Don’t download pictures automatically in HTML e-mail messages or RSS items.

  1. Click on the Settings icon (cog)
  2. Click More Email settings
  3. Click Filters and Reporting under Junk Email
  4. Select Block attachments, pictures, and links for anyone not in my safe senders list.

Apple’s Mail

  1. Click Mail
  2. Click Preferences
  3. Click Viewing
  4. Uncheck Display remote images in HTML messages.

Yahoo Mail

  1. Click the Settings icon
  2. Click Settings
  3. Click Security
  4. Locate Show images in email
  5. Select Never by Default.


  1. Click the Settings icon
  2. Stay in the General tab
  3. Scroll down to the Images section
  4. Choose Ask before displaying external images
  5. Click Save Changes.

Android Gmail app

  1. Tap the menu button
  2. Tap Settings
  3. Tap on your email address
  4. Scroll to the bottom of the screen
  5. Tap Images
  6. Select Ask before showing.

Although this article is mostly about how emails you receive can leak information about you, it’s worth understanding that emails you send can too.

When you send an email, each server your message passes through will stamp the email with its IP address. The first IP address in that list is normally yours – the one that can be used to locate what city you’re in.

The only way we can think of to avoid this is to use a webmail service (and you have to use its web interface).

In our quick and dirty testing I found that Gmail, FastMail and Outlook will all keep your IP address secret but Yahoo, the perennial late comers to the security and privacy party, won’t.

Follow @LisaVaas
Follow @MarkStockley
Follow @NakedSecurity

Spiati attraverso le webcam 1,8 milioni di utenti Yahoo


L’agenzia di sorveglianza britannica Gchq (Government Communications Headquarters), con l’aiuto dell’americana Nsa, ha intercettato e immagazzinato le immagini prese dalle webcam di milioni di utenti del colosso americano Yahoo, in una operazione chiamata “Optic Nerve”. Lo rivelano documenti top-secret della talpa del Datagate, Edward Snowden, che sono stati pubblicati oggi dal sito del britannico Guardian.

Secondo la testata britannica si tratta di milionidi immagini fisse che, in una sorta di Grande Fratello, sono state carpite dalla Gchq nel corso delle chat fra ignari utenti di Yahoo, che non erano sospettati di aver compiuto alcun crimine. In soli sei mesi nel 2008, sono state spiate – anche durante momenti di intimità – 1,8 milioni di persone.

Il programma, che recuperava fotografie tramite le webcam ogni cinque minuti, aggiunge sempre il quotidiano, era attivo ancora nel 2012. Interpellato dal Guardian, Yahoo ha negato di conoscere il sistema di spionaggio, e ha accusato le agenzie di sorveglianza di una nuova violazione delle privacy dei suoi utenti.

British Airways e-ticket malware attack launched via email

BY  POSTED 25 FEB 2014 – 02:02PM


If you have received an unexpected email, claiming to come from British Airways, about an upcoming flight that you haven’t booked – please be on your guard.

Online criminals are attempting to infect innocent users’ computers with a variant of the maliciousWin32/Spy.Zbot.AAU trojan, by disguising their attack as an e-ticket from the airline.

To maximise the potential number of victims, the attackers have spammed out messages widely from compromised computers.

Malware spread via bogus British Airways email

Here’s an example of what part of a typical malicious email spread in this spammed-out campaign looks like:

From: British Airways []
Subject: Your Order #70391830 / 25 feb 2014

Dear Customer,

This is a confirmation that your order has been successfully processed.

Booking reference: 9C1PWF
DEPARTURE DATE & TIME / FEB 28, 2014, 11:30 AM

The flight number and the seat number can be located in the lower part of the ticket.

An electronic copy of the ticket can be downloaded from our website :

For more information regarding your order, contact us by visiting :

Of course, although the email claims to come from British Airways – it is nothing of the sort.

In a classic example of social engineering, criminals are hoping that email recipients will worry that their credit card has been fraudulently used to purchase an air ticket, and click on links inside the email to find out more.

However, if users download the supposed e-ticket and launch its contents, they will be infecting themselves with a trojan horse that can spy on their computer activity and give malicious hackers third-party access to their data.

ESET antivirus products detect the malware as a variant of Win32/Spy.Zbot.AAU.

ESET intercepting malware spread via bogus British Airways email

Users of other anti-virus products would be wise to check that their systems are updated, and protected against the threat.

In this case, the malware has been spread via malicious links after cybercriminals forged email headers to make their messages look like they really came from British Airways’s customer service department. But it’s equally possible for attackers to spread their malware via email attachments, or for other disguises to be deployed if those behind the spam blitz believe that they have a greater chance of success.

Remember to always be suspicious of clicking on links in unsolicited emails, and the social engineering tricks that are frequently used to lure computer users into making unwise decisions.

Author Graham Cluley, We Live Security

Putin’s Difficult Decision: Ukraine Remains a Danger for Russia

An Analysis by Uwe Klußmann

Russian President Vladimir Putin has been put in a tight spot by the events in Ukraine.Zoom


Russian President Vladimir Putin has been put in a tight spot by the events in Ukraine.

The situation in Ukraine remains volatile — and presents Russian President Vladimir Putin with a difficult conundrum. Should Ukrainian nationalists continue to gain power, pressure will grow on the Kremlin to take action.

For a brief moment, Russian President Vladimir Putin seemed relaxed, content and proud. During a meeting with the champions from the Russian Olympic team in Sochi, he praised their “triumphal” results: 13 gold medals, 11 silver and 9 bronze. The athletes, Putin said, embodied Russian dignity.



The successful games mean a lot for the self-confidence of a country that was on the brink of disintegration just a decade and a half ago. At the time, just a few hundred kilometers from Sochi, armed separatists in Chechnya had created a gangster republic.

Successors to those rebels are still carrying out attacks in the North Caucasus. But an enormous security effort managed to keep the games in Sochi safe and prevent terrorist attacks. The two-week event was as peaceful as could be and on Sunday, it came to a satisfactory close, with a giant bear blowing out the Olympic torch.

But the torch of instability which is currently being borne aloft in Ukraine is not one that the Russian bear can extinguish.

Last Thursday, Putin spoke at the Kremlin at an event held prior to Defender of the Fatherland Day. His focus was global security, but he didn’t explicitly mention Ukraine. Russia, he said, “must not only be vigilant, but also prepared for all developments.” Many of his listeners, no doubt, thought of Kiev.

‘Our Common Forefathers’

On several occasions in the past year, Putin has made clear just how important Russia’s neighbor is to Moscow. At a conference held in Kiev in July 2013, he held a speech focusing on “Orthodox-Slavic values.” He paid tribute to “our common forefathers,” who, by choosing to adopt Orthodoxy, “made a choice for the entire holy Rus.” He mentioned the 17th century unification of Ukraine and Russia.

Putin also spoke of the cultural and economic advances Ukraine made within the czardom and as part of the Soviet Union. No mention was made of the victims of Soviet collectivization: his statements were more focused on the future. The two countries’ “shared past” should be the “foundation for the creation of new integral ties.” His appeal to Ukraine, Russia’s “partner, friend and brother,” was clear: The country should not become a partner to the European Union, it should instead join the customs union with Russia, Kazakhstan and Belarus.

At a September 2013 meeting of the Valdai International Discussion Club, which brings together leading Russia experts from around the globe each year, he went even further. Speaking of Russians and Ukrainians, he said: “We are one people.” He said the two countries not only had a shared history, mentality and culture but also similar languages.

But the now deposed Ukrainian President Viktor Yanukovych treated Russia like a bride who begins looking for a better match at her own engagement party. And it has become clear that Putin’s approach to Ukraine has suffered from the same strategic failing that accelerated the collapse of the Soviet Union: Moscow has made a habit of supporting straw-men in neighboring countries — corrupt leaders that are ultimately toppled by their own people.

The picture currently being painted by Ukraine experts at the Kremlin is a dark one. Oleksandr Turchinov, the interim Ukrainian president, is considered in Moscow to be a pragmatist, one who seeks a businesslike relationship with Russia. But experts in the Russian capital believe that Ukraine’s new political leadership will have difficulties in stabilizing the situation, partially because, in addition to the deep divide running through the country, it is also on the brink of bankruptcy. Russian-speaking provinces in Ukraine’s eastern half are worried about the right-wing extremist, Russo-phobic nationalists, whose support is rising rapidly. They already are well represented on the streets of Kiev.

A Difficult Decision

The situation in Kiev reminds historically aware Russians of the revolutionary chaos in 1917-1918, an episode expertly immortalized by author Mikhail Bulgakov in his novel “The White Guard.”



The further the Ukrainian state crumbles and the greater the separation becomes between Kiev and eastern and southern Ukraine — particularly the Crimean Peninsula — the more intense will be the need among Ukraine’s huge Russian population for protection from the “Russian brother” to the east.

Putin and his foreign policy advisors are well aware that these developments increase the risk of a confrontation between Russia and the West. But they are also aware that the current, relatively moderate leadership in Kiev could — should it display incompetence or, worse, corruption — easily become the victim of the next revolutionary wave. That wave could very well propel the well-organized ultra-nationalists to power. Their leader, Dmitry Yarosh, received a louder ovation on Independence Square on Saturday than did Yulia Tymoshenko. Moscow noticed.

Russia’s Black Sea fleet is located in the Crimean city of Sevastopol, with its majority Russian population. Nobody in Russia would ever forgive Putin were he to allow this city, the fleet and the families of the navy personnel stationed there to fall into the hands of Ukrainian nationalists. The Russian president could soon be faced with the most difficult decision of his life.


Fewer Soldiers, More Robots: Pentagon Budgets For The Future

Secretary of Defense Chuck Hagel has proposed the smallest United States military since 1940. It’s also the most technologically advanced.


 Posted 02.25.2014 at 11:28 am 




U-2 Reconnaissance Aircraft 
The U-2 is a venerable workhorse spyplane of the Cold War. But the Global Hawk drone can fly for three times as long. 
U.S. Air Force photo by Master Sgt. Rose Reynolds, via Wikimedia Commons

The last time the U.S. Army was smaller than 450,000 troops, it was 1940 and the United States had yet to join World War II. Announced yesterday, Secretary of Defense Chuck Hagel’s proposed budget would shrink the American military to the smallest it has been since right before the deadliest war in history. Yet this is not a return to the pre-war state of unreadiness. While the military Hagel proposes might be smaller than the one that precedes it, it will also remain the most technologically advanced military in history.

The proposed budget reflects several major changes since the start of 1940. Three of them in particular stand out: technology has improved, manpower is less important, and weapons are smarter. All of these mean a military that can do more, with fewer people, while remaining flexible for the future.

Improved Technology

For one key example, let’s look at spy planes. The U-2 (pictured above) first flew in 1955, and was America’s chief high-altitude spy plane for the entire Cold War. Giant film test patterns, made to calibrate the spy plane’s original film cameras, still dot the American landscape, artifacts of time before satellite surveillance. U-2s cruise at 70,000 feet, and can do so for well over 10 hours. The chief constraint on a U-2 isn’t the plane itself, but the need for an onboard pilot, who must be awake and seated for the entirety of that exhausting flight.

Hagel’s budget wants to replace the venerable U-2 with the modern Global Hawk, a high altitude surveillance drone used in the recent wars in Iraq and Afghanistan. Because the Global Hawk’s remote pilots are on the ground, they can swap out mid-flight, making sure a fresh and alert crew is always in charge of the aircraft. This is something that simply wasn’t possible when the U-2 first started flying 59 years ago.

In his remarks about the budget yesterday, Hagel directly addressed the U-2/Global Hawk debate, and said that the Air Force will

retire the 50-year-old U-2 in favor of the unmanned Global Hawk system. This decision was a close call, as DoD had previously recommended retaining the U-2 over the Global Hawk because of cost issues. But over the last several years, DoD has been able to reduce the Global Hawk’s operating costs. With its greater range and endurance, the Global Hawk makes a better high-altitude reconnaissance platform for the future.

Reduced Manpower

The Littoral Combat Ship, a new modular naval vessel that can do some light combat, anti-submarine, or mine-sweeping jobs usually assigned to frigates or destroyers, was designed to have a crew of 40. While recent revisions have that number going as high as 88, that’s still less than half the typical 200-person crew of a frigate performing the same role. The new budget keeps the LCS program in place, though at only 32 ships, instead of the 52 expected.

Another example is the new Zumwalt destroyer. Typically, a destroyer has a crew of more than 300; the Zumwalt can sail with a crew of 154. That’s the same ship for half the manpower. The Ashleigh-Burke class of destroyer, which was designed in the 1980s and first deployed in 1991, simply predates the automation technology that lets the Zumwalt function with half the crew.

And that’s just the Navy. In January, Army General Robert Cone outlined future battalions that are75 percent human, 25 percent robot.


The Zumwalt In Maine 

Smarter Weapons

In military circles, probably the most controversial budgetary suggestion is canceling the A-10 Warthog. The A-10 is the kind of plane troops in the field see the most; built around a specific (and terrifying) gun, it flies low and supports troops on the ground in battles. Familiar as it is, the A-10’s role in Iraq and Afghanistan was almost a career afterthought. Hagel explains:

The “Warthog” is a venerable platform, and this was a tough decision. But the A-10 is a 40-year-old single-purpose airplane originally designed to kill enemy tanks on a Cold War battlefield. It cannot survive or operate effectively where there are more advanced aircraft or air defenses. And as we saw in Iraq and Afghanistan, the advent of precision munitions means that many more types of aircraft can now provide effective close air support, from B-1 bombers to remotely piloted aircraft. And these aircraft can execute more than one mission.

For the kind of wars the United States actually fights, it makes sense to have versatile planes that can carry specialized weaponry. The Predator drone, for example, was originally a scout plane. With the addition of Hellfire anti-tank missiles slung underneath its wings, predator drones became light bombers, capable of supporting troops in the field. They were also adapted into one of many tools used for targeted killing campaigns


A-10 Warthog In Flight 
An A-10 Warthog in flight over the Mediterranean 
USAF via Wikimedia Commons

Freaking Lasers

Left unmentioned in Hagel’s remarks was the freaking laser truck the Army is currently developing, and the laser weapon the Navy is putting on a ship. The HEL-MD laser truck shot down drones and mortar rounds in the New Mexico desert last December. While lasers are pricey to develop, they are incredibly cheap to fire, costing about $1 per shot. This makes them a very good tool for shooting down small projectiles and incoming attacks. These technologies are still new, but their very existence was the stuff of literal fantasy in 1940.


HEL-MD Army Laser Truck 
This truck fires lasers. No, really. Lasers. 
U.S. Army Photo

The budget proposal is so far just that–Congress has ultimate say over spending, and Secretary Hagel’s next step is presenting this budget to Congress next week. Already, some congresspeople are readying to fight against cuts to beloved programs like the A-10. If this budget passes, it will give the U.S. a military that makes more sense for the future: fewer humans, and more autonomous ships, flying robots, and lasers.

Aumentano le frodi su carte di credito.
Va in fumo 1 euro ogni 2.635 spesi

Le transazioni su internet aumentano l’incidenza delle truffe sul totale delle transazioni: le carte utilizzate online vedono “sparire nel nulla” 1 euro ogni mille spesi, mentre per i bancomat c’è maggior sicurezza. Francia, Regno Unito e Lussemburgo i Paesi meno affidabili


MILANO – Internet mette a repentaglio la sicurezza delle transazioni via carta di credito, tanto che per la prima volta dal 2008, nel 2012 sono cresciute le frodi su carte di credito e carte di debito per. A denunciarlo è il terzo rapporto della Banca Centrale Europea su questo tema all’interno dell’area Sepa (Single Euro Payments Area). Il valore totale delle frodi è aumentato del 14,8% nel 2012 rispetto al 2011, raggiungendo la somma di 1,33 miliardi di euro. In pratica, ogni 2.635 euro di spesa effettuata con carte di pagamento, un euro è stato frodato.

L’Eurotower chiede alle compagnie che si occupano dei pagamenti un maggiore sforzo per accrescere la sicurezza delle transazioni, proprio perché gli acquisti online continuano a crescere a un ritmo sostenuto. Nel raffronto tra il 2012 e il 2011, quell’euro andato in fumo per colpa dei comportamenti truffaldini, rappresenta un incremento dallo 0,036% allo 0,038% sul totale dei 3.500 miliardi di euro di transazioni. Si tratta quindi di valori minimi se confrontati con la massa di denaro che circola, ma ciò non esime gli attori di questo mercato dal trovare soluzioni sempre più efficienti. “Questi dati dimostrano che dobbiamo restare vigili

contro le frodi attraverso le carte di pagamento”, ha commentato il vice presidente della Bce Victor Constancio, aggiungendo: “Ma d’altra parte è rassicurante vedere che i livelli di truffa sono inferiori all’interno del circuito Sepa, di quanto non lo siano al di fuori, grazie a standard di sicurezza più elevati”. Nel complesso, nel raffronto con il 2008 il valore totali delle frodi è sceso del 9,3% mentre il valore delle transazioni è salito del 17%.


Quanto alla tipologia di frodi, nel 2012 il 60% di queste è avvenuto nelle modalità di pagamento che la Bce definisce “card-not-present” (Cnp), cioè quelli smaterializzati via telefono o internet, mentre un quarto si è verificato ai pos e un sesto agli sportelli automatici atm. La quota di frodi Cnp è aumentata moltissimo, del 21%, tra il 2011 e il 2012, ma la Bce precisa che questo andamento si lega proprio all’esplosione di questa tipologia di pagamenti: tra il 2008 e il 2012 sono cresciuti a botte del 15-20% annuo. Basta pensare che per le carte di credito e quelle di debito ad addebito ritardato, tipicamente utilizzate su internet, la Bce annota che 1 euro ogni 1.000 è andato in transazioni fraudolente; invece per i tipici “bancomat” di debito – utilizzati soprattutto per pagare direttamente nei negozi o per prelevare contanti – il rapporto è di 1 euro ogni 5.400 spesi. A Francia, Gran Bretagna e Lussemburgo, infine, la palma poco ambita di Paesi con la maggiore incidenza delle frodi sul totale delle transazioni.

Italy – The Presidency of Council of Ministers has published the “National Strategic Framework for cyberspace security” document.

The Italian Government has published his cyber strategy, the Presidency of Council of Ministers has issued the “National Strategic Framework for cyberspace security”, it is an important document that for the first time reveals the cyber strategy for the next biennium.

The document propose in a first part an overview of the  evolving trends of the cyber threat making reference to the vulnerabilities of the National ICT Infrastructures, in the second chapter it exposes tools and procedures to improve national cyber defence capabilities.

The “National Strategic Framework for cyberspace security document” enumerates the principal threats from cybercrime to cyber espionage and cyber terrorism, fromhacktivism to cyber sabotage, concluding with cyber warfare, it highlight to improve the security of every “ICT node” and networks within the cyberspace that is hostingand processing an ever-increasing wealth of data of strategic importance for the development of the State.

Depending on the actors involved and the goals pursued, it is possible to distinguish four kinds of threats: 

• Cybercrime: all malicious activities with a criminal intent carried out in cyberspace, such as swindles or internet fraud, identity theft, stealing of data or of intellectual property;
• Cyber espionage: improper acquisition of confidential or classified data, not necessarily of economic or commercial value;
• Cyber terrorism: ideologically motivated exploitations of systems’ vulnerabilities with the intent of influencing a state or an international organization;
• Cyber warfare: activities and operations carried out in the cyber domain with the purpose of achieving an operational advantage of military significance.

The “National Strategic Framework for cyberspace security” document has been written with the intent to define roles and responsibilities of public and private actors, including those subjects operating outside the national territory.

The National Strategic Framework for cyberspace security 2

The second chapter identifies the following six strategic guidelines to enhance the country’s preparedness, resilience and reaction capabilities:

  • the enhancement of the technical, operational and analytic expertise of all institutions concerned with cybersecurity;
  • the strengthening of the cyber protection of ICT networks and computer systems supporting our critical and strategic infrastructure;
  • the facilitation of public-private partnerships;
  • the promotion of a Culture of Security and of cyber hygiene; the improvement of our skills to effectively contrast online criminal activities;
  • the full support to international cooperation initiatives in the field ofcybersecurity.

To achieve the above guideline the Italian Government has identified eleven operational guidelines, the following points are detailed in the second part of the strategy of the “National Strategic Framework for cyberspace security” document:

  1. Enhance the expertise of the intelligence community.
  2. Identify the Network and Information Security (NIS) Authority that will engage at the European level
  3. Develop a widely shared cyber taxonomy and promote a common understanding of cybersecurity terms and concepts.
  4. Foster Italy’s participation in international initiatives to enhance cybersecurity.
  5. Attaining the full operational capability of the National Computer Emergency Response Team.
  6. Legislative and compliance with international obligations.
  7. Compliance with standards and security protocols.
  8. Support for the industrial and technological development.
  9. Strategic communication.
  10. Allocation of adequate human, financial, technological and logistic resources to the strategic sectors of the Public Administration
  11. Implementation of a national system of information risk management.

The National Strategic Framework for cyberspace security 

I personally consider the National Strategic Framework for cyberspace security document as a first step of a long and tortuous journey, cyber security is a national need and requires the involvement of all of us. The next step is to make reading and understanding of this document accessible to all.

Pierluigi Paganini

The World’s Biggest Cyber Crime Fighter

Eugene Kaspersky is the poster child of cyber security. Let’s face it, the man is huge. In Russia, he has a fan club while some of his peers (like John McAfee) have entanglements with foreign governments. I have a T-shirt his groupies made for him and his company, Kaspersky Lab. On it, his headshot is pixilated by the words Anti-Virus in green lettering. Groupies, here, is no understatement. The same adoration for “Kasper” follows into his offices in Moscow. His staff, most in their early thirties and twenties, is amazed by him.

“When he comes home to the Moscow office, it’s like daddy’s home,” says Anton Shingarev, 27, Kaspersky’s chief of staff. He was wrapping up an event in Rome on Dec. 13 with internet security types of the same age. Kaspersky was outside smoking on a veranda, circumvented by men chatting in Russian. “Everybody wants his time. Everyone wants to be with him.” Shingarev shakes his head. It’s a gesture that says, “unbelievable.”

For many of his colleagues, Eugene Kaspersky can walk on water.  Especially when it’s frozen. Photo by Anton Shingarev.

For many of his colleagues, Eugene Kaspersky can walk on water. Especially when it’s frozen. Photo by Anton Shingarev.

Take every American stereotype you have of a Russian man and stick it in a meat grinder. If Moscow is gray and 10 below, 48-year-old Kaspersky is sunny and 75. In Cancun in February 2012, Kasperksy’s in a Hawaiian shirt at the Ritz Carlton mingling with pretty Russian women half his age and dancing around, never alone. It’s like no one can let this playful kid out of sight. At Davos recently (he’s a regular), the man’s cracking jokes about malware gangs and warning about cyber warfare. In Tokyo, he’s climbing Mount Fuji and pigging out on Sushi.

* * *

On his desk in the company’s new $300 million digs along a man-made lake a half hour out of Moscow sits a model of Richard Branson’s Virgin Galactic. Are you boldly going where no one in cyber security has gone before, Eugene? Yes, he says on a cold July afternoon. “Branson gave me that. I’m kind of a Virgin Galactic investor. I don’t know when we’re launching, but I’m going from cyber space to outer space,” he says.

A couple of yachts are berthed at a marina within eyeshot. They’re not his. He points across the lake. It’s the damn coldest summer day I’ve ever experienced. His house is there. “I like this office,” he tells me. “When the lake is frozen, I walk across it to work.”

Walking on water. Russian cosmonaut. The “cult” of Kaspersky is an easy one to fall into. Still, Kaspersky has put his name on the line. While his personality is legend, his product has to stand on its own.

Kaspersky: from cyber space to outer space. On his desk, a model of one of the Virgin Galactic space craft that will take people out into Earth's orbit

Kaspersky: from cyber space to outer space. On his desk, a model of one of the Virgin Galactic space craft that will take people out into Earth’s orbit. On the other side sits a 1985 Olivetti M24 computer, similar to the model he used in 1987-1989 when he discovered a Cascade virus. He’s been hooked on malware ever since.

In 10 years, Kaspersky has become one of the top three brands in internet security. Symantec SYMC +0.1%, owners of Norton Antivirus, fired its CEO Enrique Salem last year. John McAfee, the bad boy of IT security, is now elated to have his name off the product and said his old McAfee anti-virus program “has reached a point of almost universal consumer hatred.”

This is not a sentence Kaspersky would ever say.

“He is the face of that company and he definitely likes it,” says Peter Firstbrook, a vice president at Gartner Research. In January, Gartner named Kaspersky a “Leader” in endpoint security protection for the third consecutive year. This isn’t some giant firm either. In U.S. consumer security, Kaspersky has around 9% market share.

“There’s a difference between his company and market leader Symantec. I think it’s youth and energy,” says Firstbrook. “You walk into Symantec’s office and it’s all 50 year olds. The other thing is that Symantec and McAfee have grown by acquisitions. They haven’t invented anything in years. Kaspersky Lab techs take the time to rewrite programs and even make new ones from nothing.”

I’m not a techie, and don’t always understand the lingo. But Firstbrook does. He mentions how Kaspersky has added application controls like whitelisting. Within a year’s time, they’ve built partnerships with Microsoft MSFT +0.64% and Adobe.

“Smart people know Kaspersky has good software,” he says. “I think they are the best at catching malware. They’re consistently in the top half.”

There’s this room in Kaspersky Lab they call the war room. One tech is seated behind a circular table of computers. There are screens in front of him, and screens overhead. It’s all black and green scrolling text and numbers like the opening credits to the Matrix.