In breaking news, l'Express reports that US intelligence agencies spied on French President Sarkozy's office earlier this year, allegedly using the Flame espionage kit. The US Government categorically denies the exploit.
Israel continues to undergo sustained cyber attack by Palestinian hackers and Anonymous members sympathetic to the Hamas cause in Gaza.
The Russian mob's long-anticipated High Roller wire fraud campaign is underway against European banking networks (mostly in Germany) and at least one unnamed major US bank. Exploit kit Gong Da bundles several Java attacks; expect the criminal offensive against Java to continue. A new Linux rootkit is discovered, but it appears to be low-end work. This weekend is traditionally US retail's biggest, from Black Friday to Cyber Monday, and both merchants and consumers are warned of cyber threats lurking in seasonal commerce.
Think your security officer's warnings about operational security, watching what you display, caution about postings, etc. are tiresome? Ask the lads at RAF Anglesey, who incautiously tacked their login credentials to a squadron wall, where they served as a background to PR photos of Prince William.
Bloomberg details $20B in US Intelligence Community contracts. SAIC wins a $433M task order for US CENTCOM enterprise IT services. Media content protection shop Kudleski Group enters the cyber market. Lockheed Martin wins continued G-Cloud work from the British government.
Observers try to sort out the implications of Europe's poignant "right to be forgotten."
Today's issue includes events affecting Canada, China, European Union, Finland, France, Germany, Ireland, Israel, Luxembourg, Pakistan, Palestinian Territories, Russia, Spain, Switzerland, United Kingdom, United Nations, United States..
The CyberWire goes on hiatus for the US Thanksgiving holiday. We'll resume normal publication on Monday. In the meantime, a happy Thanksgiving to all.
Cyber Attacks, Threats, and Vulnerabilities
Report: French officials accuse US of hacking Sarkozy's computers(The Hill) The United States used U.S.-Israeli spy software to hack into the French presidential office earlier this year, the French cyberwarfare agency has concluded, according to the newsmagazine l'Express. The magazine reported late Tuesday that the computers of several close advisers to then-president Nicolas Sarkozy including Chief of Staff Xavier Musca were compromised in May by a computer virus that bears the hallmarks of Flame, which was allegedly created by a U.S.-Israeli team to target Iran's nuclear program. Anonymous French officials pointed the finger at the United States
US government hacked into French presidential office, spied on senior officials, says news report(Quartz) Using the sophisticated Flame malware first developed to spy on and sabotage Iran's nuclear program, US spymasters were able to gain almost unlimited access to the computers of senior French officials in the last days of former president Nicholas Sarkozy's reign, alleges a story in French magazine l'Express. The impact of this alleged attack is unknown, but experts on the Flame malware--believed to be the most sophisticated cyberweapon ever developed--say that compromised computers could have been used to record conversations via infected PCs' microphones. Screenshots may also have been captured, and files could have been copied. According to France's intelligence agency, quoted in the story, the resulting data was then routed through multiple servers on all five continents in order to hide the ultimate destination of the stolen data
Israel comes under cyber-attack from multiple opponents(The H) Israel comes under cyber-attack from multiple opponents. The list shows the latest attacks by the group Zoom Source: zone-h 1337, H4x0rL1f3, ZombiE_KsA and Invectus are among the names used by attackers who yesterday (Monday) hacked the Israeli
opIsrael: Israel facing mass cyber attack over Gaza(E Hacking News) In protest of attacks taking place on Gaza, Hackers hit Israel with mass cyber attack that resulted in hundreds of websites being defaced or tangodown, as well as database being leaked. Anonymous has leaked documents of 5000 Israeli officials. Yesterday, Pakistani hackers deface several high profile Israel website including BBC, Bing, MSN, Skype, Intel, Live, coke
Anonymous: We Will Not Allow Israeli Propagandists to Undermine Our Efforts(Softpedia) Anonymous and non-Anonymous hacktivists from all over the world are currently busy launching attacks against Israels cyberspace. Israeli officials claimed that, so far, theyve been able to fend off all except one of the tens of millions of attacks. However, Anonymous representatives state that they will not allow Israeli propagandists to undermine [their] efforts
Gong Da Exploit Kit Bundling Numerous Java Attacks(Threatpost) Don't expect any relief from the current assault on Java. A new sandbox-escape exploit targeting a vulnerability in the Java Runtime Environment has been integrated into both the Black Hole and Gong Da exploit kits, setting the stage for additional attacks, researchers said
New Linux Rootkit Emerges(Threatpost) A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems, and while it has some interesting features, it does not appear to be the work of high-level programmer or be meant for use in targeted attacks
Researchers Remotely Control Smart Cards with Malware PoC(Threatpost) A Luxembourg-based group of researchers has generated a proof-of-concept that could give attackers the ability to remotely seize control of USB smart cards through Windows machines infected with a piece of malware they developed, according to a PCWorld
Vodafone MMS email spam spreads malware(Naked Security) Do you own a mobile phone? Is your mobile phone on the Vodafone cellphone network? If so, you could be a prime target for infection by a new malware attack that has been distributed widely via email across the internet
Beware of scammy 'Free $500 Target voucher' offers(Help Net Security) With Black Friday, Cyber Monday and the end-of-year holidays rapidly approaching and people's minds being turned towards shopping and gift-giving, scammy offers for luxury goods and free gift cards are
Hardcore malware: Stuxnet, Duqu, and Flame(Word Press) Stuxnet, Duqu, and Flame have gained notoriety as some of the most damaging and devious forms of malware. First appearing in 2010, 2011, and 2012 respectively, these three worms have caused fear in the information security industry and panic among the administrators of infected hosts. Before analyzing their workings and unique characteristics, here is a review of malware in general and a summary of some noteworthy examples of destructive viruses from years past
Stuxnet's Infection Of Chevron Shows Why 'Weaponized' Malware Is A Bad Idea(Techdirt) The Stuxnet worm that attacked an Iranian nuclear enrichment facility a couple of years ago was exceptional from several viewpoints. It is believed to have been the costliest development effort in malware history, involving dozens of engineers. It also made use of an unprecedented number of zero-day exploits in Microsoft Windows in order to operate
Olympics cyber attackers were amateurs(The Register) Twelve year old hacktivists and journalists with infected laptops were the biggest info security threats to the London 2012 Games - an event which in the end was notable for the absence of a major cyber attack, BT has revealed. The telco giant was in charge of supporting the official London2012. com site and the huge IP infrastructure which carried voice, cable TV, wireless and everything in between around the sites, according to BTs global head of secure customer advocacy, Phil Packman
Behind the Random NTP Bizarreness of Incorrect Year Being Set(Internet Storm Center) A few people have written in within the past 18 hours about their NTP server/clients getting set to the year 2000. The cause of this behavior is that an NTP server at the US Naval Observatory (pretty much the authoritative time source in the US) was rebooted and somehow reverted to the year 2000. This, then, propogated out for a limited time and downstream time sources also got this value. It's a transient problem and should already be rectified. Not much really to report except an error at the top of the food chain causing problems to the layers below. If you have a problem, just fix the year or resync your NTP server
Security Patches, Mitigations, and Software Updates
Mozilla Releases Firefox 17 with Click-to-Play, Updates Firefox for Android(Threatpost) FirefoxMozilla pushed out the latest build of its flagship browser, Firefox 17, today, adding a new click-to-play blocklisting feature that will help prevent users from running out-of-date or vulnerable versions of plug-ins or extensions. The update tweaks click-to-play in Firefox prompting users to either update or abandon old versions of software like Adobe's Reader and Flash and Microsoft Silverlight
The Business Of Commercial Exploit Development(Dark Reading) A closer look at the debate surrounding this market. Over the past 15 years of cybersecurity discussion, it's doubtful that you'll have failed to notice the biannual flare-ups concerning vulnerability disclosure. Whether it's due to the slow fuse of a software vendor silently patching a legacy vulnerability, or the lightning strike of a zero-day being dropped at a security conference, these brushfires rage with fury for a short period until the tinder and media gets exhausted…until the next time
Global Bankers Fear Bitcoin(uscyberlabs) Reading the European Central Bank report October 2012 Virtual Currency Schemes Were they plainly state that they are worried about Bitcoins. Linden dollars or Chinas Q-coin were different but they they scared the bankers when they translated to goods and service, the Q-coin was put down by China because they did not want an uncontrolled currency competing for the state coins. let me back up and explain itThe bottom line is The increase in the use of virtual money might lead to a decrease in the use of real money, thereby also reducing the cash needed to conduct the transactions generated by nominal income the other fear is On the one hand, they could have an impact on the velocity of money existing in the economy
New York Times Data Center Indictment Misses Big Picture(InformationWeek) A New York Times examination of increasing data center use and its environmental impact focuses on aging enterprise data centers. A more important issue: How much environmental benefit can we reap from today's modern cloud data centers
SAIC Awarded $433 Million Task Order By U.S. General Services Administration(Sacramento Bee) Company to Provide Enterprise Information Technology Services in Support of the U.S. Central Command. Science Applications International Corporation (SAIC) (NYSE: SAI) today announced it has been awarded a prime contract by the U.S. General Services Administration (GSA) to provide enterprise information technology (IT) support to the U.S. Central Command's (USCENTCOM) Directorate of Command, Control, Communications and Computers. The cost-plus award-fee (CPAF) task order has a one-year base period of performance, four one-year options, and a total contract value of $433 million, if all options are exercised. Work will be performed primarily in Tampa, Fla. The task order was awarded under the GSA Alliant Government-wide Acquisition Contract by the Federal Systems Integration and Management Center (FEDSIM)
Kudelski establishes new Cyber Security division(broadband tv news) (The Kudleski Group, best known for its media content protection, has launched a new Cyber Security division. Kudelski Security is centered around the privacy and confidentiality of data and analytics within a cloud dependent ecosystem. The portfolio includes monitoring the evolution of threats and keeping consumer data secured, while access to data becomes more dynamic and mobile, through new consumer devices like smartphones and tablets
WANdisco looks to gain Hadoop expertise through latest acquisition(Fierce Big Data) U.K. collaboration software company WANdisco completed its acquisition this week of Silicon Valley-based AltoStor, a company that helps create faster and more efficient software development. WANdisco will leverage AltoStor to launch its first big data-targeted solution in the first quarter of 2013. The AltoStor founders, Konstantin Shvachko and Jagane Sundar, are among the core Apache Hadoop creators, developers and on-going contributors
Dell Cloud Storing Hospital System's 233K Medical Images(New New Internet) Dell will provide two hospitals a system to help it manage the more than 233,000 medical images the hospitals generate per year, the company announced Monday. Centegra will store images long-term in Dell's cloud clinical archive and maintain five years' worth of images on-site for access…Dell said Centegra, an Illinois-based two-hospital system with several clinics, needed to consolidate existing picture archiving and communications systems for cardiology and radiology and wanted to add hardware to meet growing storage capacity demands
HP Vet Expanding Focus of Encryption Vendor Vormetric(eSecurity Planet) Former President of HP's Tipping Point takes the reins at encryption vendor Vormetric. HP is one of the world's largest IT vendors and home to many security technologies and professionals. It's no longer the home of Alan Kessler, though. Kessler, the former president of HP's Tipping Point
Next version of Microsoft SQL Server to feature in-memory tech(Fierce CIO: TechWatch) The next version of Microsoft's SQL Server will come with in-memory technology, says Microsoft (NASDAQ: MSFT) , just months after the launch of SQL Server 2012. Codenamed "Hekaton," the technology is currently being tested with a number of the company's customers. Software from competitors such as Oracle's (NASDAQ: ORCL) Exadata and SAP's HANA already come with in-memory support
7 Cheap Cloud Storage Options(InformationWeek) You have a multitude of cloud storage choices beyond Dropbox, for enterprise and personal use. But make sure you understand the differences
RSA enhances risk-based authentication solution(Help Net Security) RSA announced enhancements to the RSA Adaptive Authentication On Premise solution designed to help organizations in wide range of industries achieve the right balance of security against advanced threats
Don't measure everything, says DOE web manager(Fierce Government IT) It's possible with today's website analytics tools to gather a wealth of data and monitor every detail of user activity. "You don't need to measure everything. Figure out what measurements really matter to you and put a plan in place to measure them," said Trish Cozart, senior project leader for the National Renewable Energy Laboratory's technology deployment tools team, during a Nov. 1 DigitalGov University webinar
Resilient Security Requires Creativity and Intelligence(Threatpost) Try to dampen your innate cynicism for one second, forget the source of this next comment, and absorb it: "We need resilient defenses." Dr. Steve King uttered those words at a small security event in Boston last week. Four simple words you've heard before that today make so much sense
Create and implement a vulnerability management program(Word Press) If you, as an information security professional, are tasked with maintaining the cyber defenses of an information system (IS), this is a responsibility that you cannot carry out in a haphazard manner. Given the complexity of modern computer networks, a standardized approach to IT security is necessary to ensure that all facets of the IS are protected to the utmost. As with network connectivity troubleshooting, it is simply better to follow a plan of defined steps rather than attempt to achieve your goal in an unorganized way
Tips for safe online shopping(Help Net Security) Veracode released a new infographic, "Identity Theft: Staying Safe in an Online World," that provides practical tips for keeping personal information safe when shopping online this holiday season
YARN: Answer To Hadoop's Shortcomings?(InformationWeek) YARN framework may not be ready for prime time, but it could bring Hadoop to the next level, says Pervasive Software's chief technologist
Big Data Classes for CXOs(InformationWeek) Teaching C-suite executives the fundamentals of big data, a topic once confined to the rarefied world of computer scientists, is becoming a growth industry
Design and Innovation
Why Culture Matters: Supercell's Calculated Path To The Top Of The App Store(TechCrunch) "There was this moment in the industry when people thought that games were a science, not a form of art," said Ilkka Paananen, the CEO of red-hot Finnish gaming startup Supercell. "But inevitably, games are a form of art," he said. "They have to be supported by strong analytics, but you have to lead with creativity." With Zynga's moment passed, a new generation of gaming startups like
Quantum Cryptography Conquers Noise Problem(Scientific American) Quantum cryptography could keep messages ultra-secure -- if the right detector can be developed. It's hard to stand out from the crowd -- particularly if you are a single photon in a sea of millions in an optical fiber
Quantum Cryptography At The End Of Your Road(Scientific American) In April of this year I wrote about how quantum cryptography (more properly called Quantum Key Distribution or QKD) was leaving the laboratory bench and is balanced on the cusp of entering into real-world use. At the time, many thought I was talking
Unhackable telecom networks a step closer(The Age) "The requirement of separate fibres has greatly restricted the applications of quantum cryptography in the past, as unused fibres are not always available for sending the single photons, and even when they are, can be prohibitively expensive"
Your boss may already know you're about to quit(Fierce Big Data) There seem to be winners and losers on both sides of many big data questions. For example: On one hand, big data can help reduce employee turnover for a business. On the other it may "out you" as a likely seeker of greener pastures. Venture Beat previewed a new study yesterday by Evolv and the Center for Human Resources at the Wharton School of the University of Pennsylvania showing big data can be used to predict when employees may be about to quit
Fujitsu develops stream aggregation technology for processing data(Fierce Big Data) As the amount of data available for analysis increases and computation times lengthen, it becomes more difficult for an operation to manage updates. Improving the frequency of updates when aggregation times are lengthened has proved a challenge, but Fujitsu Laboratories has developed stream aggregation technology it believes can solve the problem without redoing computations or re-reading a variety of data types that change over time
Students Hack Their Way to Victory in Brooklyn(Sacramento Bee) Downtown Brooklyn last week transformed into ground zero for the world's largest student hacking contest and other cyber security games, all part of the ninth annual Polytechnic Institute of the New York University (NYU-Poly) Cyber Security Week (CSAW). The hundreds of finalists who converged on the NYU-Poly campus had bested 10,000 competitors in preliminary rounds of seven different challenges designed to encourage a new generation of cyber security experts capable of answering what President Barack Obama has called a national security crisis."By attracting a record number of students to the CSAW games this year, we were pleased to open opportunities for more students than ever to increase their cyber security knowledge and build the strong networks of the peers and professionals that they will need in this fast-changing field," said Nasir Memon, NYU-Poly professor of computer science and engineering and CSAW's founder. "It also gives me great pride to witness the leadership that NYU-Poly's cyber security students and alumni exhibit as they developed and organized the CSAW challenges into world-recognized events."Hundreds of faculty and professionals act as mentors, help fashion the challenges and judge the CSAW challenges
Cyber Security Students Can Help US Prepare for Cyber Attacks(U.S. News University) However, efforts are underway to beef up the nation's cyber security talent pool, as Reuters reports, the National Security Agency has already chosen four American colleges that would serve as Centers of Academic Excellence in Cyber Operation
Legislation, Policy, and Regulation
Take Two Aspirin And Steal My Data(Dark Reading) HIPAA and information security aren't suggestions. They're the law. When I am in a doctor's office, either as a patient or along with a family member, I can't help but think about HIPAA compliance and information security. It's my chance to be a secret shopper or, in this case, a covert observer of the operating environment of another organization
Lofgren heads to reddit for help with bill language(Fierce Government IT) Rep. Zoe Lofgren (D-Calif.) is turning to online community and aggregator reddit to crowdsource a legislative proposal that would dictate how domain name seizures are handled in the cases of alleged copyright infringement, libel and obscenity. The legislation aims to "build due process requirements" into domain name seizures by requiring the government to provide notice and give the accused a chance to defend themselves prior to the seizing or redirecting of the domain name
Pakistan cybercrime bill faces delay, consensus not reached(ZDNet) Plans to turn country cybercrime ordinance into law delayed as stakeholders could not agree on critical clauses, with one camp reportedly concerned about its reduced powers. Pakistan cybercrime bill faces delay after a parliamentary meeting failed to arrive at a consensus on critical clauses in the draft crafted by legal and industry experts. The process may take a longer time as two key stakeholders, Pakistan's Federal Investigation Agency (FIA), and Pakistan Software Houses Association (P@SHA), could not reach a consensus on critical clauses, sources told The Express Tribune on Tuesday
AT&T iPad hacker plans to appeal felony conviction(Computer World) A man who exposed a major privacy weakness that divulged email addresses of iPad users on AT&T's network plans to appeal his conviction on two felony charges. Andrew Auernheimer, also known as "weev," used an automated scripting tool called the "iPad 3G Account Slurper" to pull the names and email addresses of 120,000 iPad 3G owners from AT&T's servers in June 2010. The company had linked the Integrated Circuit Card ID (ICC-ID), a serial number on the SIM card of an iPad with cellular connectivity, with the user's email address
Megaupload Assisted FBI vs NinjaVideo, But Evidence Then Used Against Them(TorrentFreak) In 2010, individuals from the now-defunct NinjaVideo site stored copyright-infringing videos on the servers of Megaupload. These subsequently came to the attention of the FBI who were conducting an investigation into NinjaVideo and its operators. As a result Megaupload was served with a criminal search warrant requiring it to hand over information to the authorities, but in a cruel twist Megauploads cooperation and a desire not to destroy evidence is now being used as evidence against it
Who owns your Facebook, Twitter account after you die?(Emirates 24/7) Digital inheritance gains popularity among those who wish to pass on their online footprint to their loved ones when they are no more. Have you ever wondered what will happen to your Facebook, Twitter and email accounts after you pass away? Who should your passwords be handed over to in your absence? Or should they lie in limbo? Or should there be a service in place to tie up an individual's online life after their lifeline is switched off
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
IRISSCERT Cyber Crime Conference(Dublin, Ireland, November 22, 2012) The IRISSCERT Cyber Crime Conference will be held this year on Thursday the 22nd of November 2012 in the D4Berkley Court Hotel, in Ballsbridge Dublin. This is an all day conference which focuses on providing...
Digital Security Summit(Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
tmforum Management World Americas(Orlando, Florida, USA, December 3 - 6, 2012) Management World Americas is the only conference covering end-to-end management of digital services and the challenges of running any service provider business. In addition to a full Cable Summit and Executive...
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
SANS Cyber Defense Initiative(Washington, DC, December 7 - 16, 2012) Specialized courses covering the latest in cyber attacks, including how they work and how to stop them. The event will also feature the Netwars Tournament of Champions.
2012 European Community SCADA and Process Control Summit(Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.