Issue 48, March 2014
bulletCyber Security
bulletInnovation: Blippex - A Search Engine Made by the People, For the People
bulletOnline Game "Jacob and the Cybermights" Teaches Children about Safe Media Use
bulletInterview with Arne Schönbohm, President of the Cyber Security Council Germany
bulletAbusix - The Network and Email Abuse Handling Specialist
bullet"Appicaptor" - App Security Testing Tool
Cyber Security

Cybercrime, a rapidly growing and increasingly sophisticated security threat targeting critical public and private infrastructures, is now outpacing traditional crime. It threatens the security of our markets, bank accounts, trade secrets, and personal privacy. Many CEOs and public officials in industries that rely heavily on safe and dependable information technology such as energy, healthcare, and logistics are underestimating the severe and omnipresent nature of the threat. From identity theft and copyright infringement to data espionage and sabotage, cybercrimes are wreaking havoc on a domestic and an international level. 

 

The scope of damage from this malicious activity ranges from the loss of intellectual property and confidential business information to the additional cost of securing networks, insurance, and recovery from cyber-attacks, not to mention the reputational damage caused to the hacked institution. The financial losses are significant. According to a study by Corporate Trust, the harm caused by industrial espionage to German companies totals approximately €4.2 billion per year. Since 2009, organized criminal gangs have earned more money with cybercrimes than with drugs, according to studies. FBI Director Robert Mueller acknowledged this sobering reality just last year, stating that cyber threats will soon equal or surpass the threat of terrorism

 

The intent and level of sophistication of cyber criminals varies immensely - from cyber stalking to cyber terrorism. Spammers, for example, send unsolicited mass emails offering discount pharmaceuticals or foreign brides frequently as a way to disguise a scam or hoax. Phishers, on the other hand, impersonate banks or companies in emails to try to redirect individuals to phony websites to gather personal information. Special interest groups, conversely, use malware for political ends rather than for financial gain. The Stuxnet computer worm that attacked Iranian nuclear facilities in 2010, for instance, was believed to have been created by foreign government agencies. Other groups, such as "script kiddies," hack as a means of gaining attention; these amateur hackers use pre-existing computer codes to target weakly secured computer systems to show off to their computer-enthusiast peers.

       

 

article2Innovation: Blippex - A Search Engine Made by the People, For the People  
 
The new Berlin-based startup Blippex is giving Google a run for its money by taking a radically different approach to search engine optimization. Launched in July 2013 by Gerald Bäck and Max Kossatz, Blippex provides access to a secure and anonymous crowdsourced web browser. Unlike Google, Blippex doesn't rank searches by how many other pages on the web link to it. Instead, the startup's algorithm known as DwellRank determines relevance based on how long users spend on a site and how many times Blippex users have visited it. By replacing PageRank with DwellRank, Blippex strives to make online search about people and their interests rather than about links between machines.
 
Although Blippex constructs its search results based on user data, it does so in a way that cannot be traced to the individual. The plugin that users install strips personal information, only saving three data points: the URL, current time, and time a user spends on a page. In this realm of truly anonymized data, Google cannot compete, as the success of its advertising business has been built on personalizing search results and ads. 
 
Blippex's obsession with privacy is a key selling point in today's day and age of growing concerns about online security. Marketing itself as "the world's most user-ignorant search engine," its founders are constantly thinking about how to make Blippex know even less about its users. If the company does not have a piece of data about a user, then it can never be stolen from Blippex by hackers or subpoenaed by a government. 
 
To emphasize this commitment to safeguarding privacy practices, Blippex's founders have made their browser extension open source. The plugin is currently available on GitHub, a web-based hosting service for collaborative code review and management of software development projects. As part of Blippex's transparency efforts, the startup also intends to open source its search algorithm, starting with the inclusion of their scoring details in a public API, short for application programming interface. 

 

Source & Image: © Blippex

  

  

 

Source: Deutscher Kinderschutzbund Landesverband Bayern e.V. (DKSB LVB)

 

What is cyberbullying? How can I prevent unauthorized access to my smartphone? What constitutes a safe password? These are questions that children and young adults encounter when using the Internet. To increase digital literacy among youth, the German Association for the Protection of Children (Deutscher Kinderschutzbund Landesverband Bayern e.V., DKSB LVB) joined forces with DIGITAL TREASURE ENTERTAINMENT (DTE) to design the online game "Jacob and the Cybermights."

Jacob, who just arrived at a new school, gets involved in an exciting adventure: a classmate's Facebook page has been hacked, and now mean lies about the student are being spread all around school. Together with his new friends Helena and Markus, Jacob begins to search for the cyber villain, interpreting clues and solving tricky riddles along the way. During the twists and turns of this investigation, Jacob and his friends learn valuable lessons in cyber security, ranging from identity theft and the usage of pseudonyms to copyright issues and computer viruses.

 

Released in May 2013, this game for kids 10 and up can be played online, via download, or on a mobile app. By using the adventures of Jacob and Helena, DKSB-LVB hopes to show the benefits as well as the limitations and risks of the Internet to a large number of children.

Social media use is part of everyday life for most children and teens today. Even Article 17 of the UN Convention on the Rights of the Child cites the government's role in protecting this right to reliable, relatable, and safe information online.

The online game was realized through the support of the Stiftung MedienKompetenz Forum Südwest, the EU Initiative Klicksafe, and Microsoft Germany. To learn more about the game, please visit www.jakob-und-die-cybermights.de (German only).

 

For more information on DKSB LVB, please click here

 

Image: © DIGITAL TREASURE ENTERTAINMENT (DTE)

 



 

Arne Schönbohm, President of the Cyber Security Council Germany e.V., is a well-regarded security expert and consultant to key industry players and various political decision makers at the state and federal level.


In his interview with GCRI, Mr. Schönbohm describes the main tasks and goals of his Council, as well as the greatest dangers facing individuals today with regards to cyber security. He outlines the most common types of cybercrimes and how these have changed over the history of the Internet. He also discusses the kinds of Internet protection the average household user should have, as well as the delicate balance between freedom and security that society must seek to achieve. To read the full interview, click here.


Mr. Schönbohm began his career by studying International Management in Dortmund, London, and Taipei. From 1995 to 2008, he worked in a variety of capacities at EADS, the European Aeronautics Defense and Space group, most recently serving as Vice President of Commercial and Defense Solutions. Since December 2008, he has been CEO of BSS BuCET Shared Services AG, a Berlin-based management consulting firm that focuses on strategy, sales, and business development in the security sector for leaders of critical infrastructures.


An advisor to the public and private sector, Mr. Schönbohm has made frequent appearances in the German media, including Zeit Online, SAT.1, Deutsche Welle, Handelsblatt, Wirtschaftswoche, Welt Online, ARD, and ZDF. Mr. Schönbohm is also a member of the Cyber Security Coordination Group and author of diverse publications, including his recent book, "Germany's Security - Cyber Crime and Cyber War."  

 

Image: © Christoph Vohler

 

 
article5Abusix - The Network and Email Abuse Handling Specialist

Internet abuse is getting worse every day, with more spam, bigger bot networks, and more frequent cyber attacks than ever before. Countless spam filters, firewall systems, and anti-virus software are available, each promising to protect PCs and networks better than its competitors. However, these solutions are reactive; they only rate limit and filter pre-existing attacks. While necessary, these technologies will never fully address the issue of Internet abuse as they are not designed to attack abuse directly at its source. Shutting down and cleaning up compromised and abusive systems as quickly as possible is the only way to effectively tackle the issue, according to Tobias Knecht, CEO of Abusix, Inc. 

 

Abusix, Inc. is a Silicon-Valley and Karlsruhe, Germany-based provider of automated network abuse identification and rapid resolution products. The startup takes an innovative approach to cyber security, offering highly-scalable security with great market potential. Abusix provides network operators detailed information about the sources and extent of abusive behavior distributed throughout their networks. This relevant data and these helpful tools aid operators in cleaning their networks and protecting them from abusive systems in the future. 


One unique feature called spamfeedme provides customized, real-time clean spamfeeds and honeypot attack information designed to train and tune security vendors' products, like spam filters. Companies can also use this data, for example, to monitor whether someone is abusing a domain or brand name. This product offers deep insight into an organization's current network health, as well as brand and domain protection monitoring with custom spamfeeds based on keywords.


Abusix is a program participant in the German Silicon Valley Accelerator (GSVA), and just last month secured seven-figure funding from the Munich-based venture capital firm Target Partners. Abusix is also a member of the Center for Innovation and Entrepreneurship at the Karlsruhe Institute of Technology (CIE-KIT).

 

Source & Image: © Abusix, Inc.

 

 
article6"Appicaptor" - App Security Testing Tool 

Mobile device use not only provides great opportunities for enterprises, but it also poses significant risks. Every app that employees install on their company tablet or smartphone represents a potential security threat. Apps are typically developed within a very short period of time, many by developers who lack sufficient IT security knowledge. As a result, security functions often contain vulnerabilities or implementation errors. To make matters worse, parts of software code are frequently recycled from one developer's app to another's for the sake of efficiency, which can lead to the propagation of errors. Online app stores may check for malware, but specific app security features and correct implementation are not subject to verification. 

 

With this scenario in mind, researchers at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt developed "Appicaptor," a test framework that provides enterprises the ability to automatically check the security quality of apps. The service offered with it enables companies to check whether the connection between apps and servers is protected or if the implementation of SSL encryption is correct. Furthermore, Appicaptor can analyze whether apps are compliant with a company's individual IT security policy. It also offers businesses individual test reports for every app and operating system. "Our Appicaptor framework consists of different analytic methods and tools," said Dr. Jens Heider, Head of the Testlab Mobile Security Department at Fraunhofer SIT. "It can analyze apps working on both Android and iOS-based smartphones, so it's able to work regardless of platform. It can also be built on to suit special requirements." 

 

Funding for this project was provided by the State of Hessen and the EC's European Regional Development Fund

 

Source & Image: © Fraunhofer Institute for Secure Information Technology SIT

   

MOSCOW        NEW DELHI       NEW YORK       SAO PÃULO       TOKYO