Team Ghostshell makes good on its threat to distribute records stolen from university databases. More than 120,000 people are affected. Among the universities hit are NYU, Princeton, Harvard, Michigan, Stanford, and Cornell.
This summer Google began warning users when it had evidence they were under "state-sponsored cyber attack." Three months later the company is surprised by the increase in attack indicators it's picking up. Middle Eastern governments appear to be overtaking China in frequency of attacks Google detects.
Trusteer reports the malicious Man-in-the-Browser utility is now more powerful and more widely available: it now recognizes fields in most browser forms and processes results in near real time. Anonymous hacks Swedish banks in retaliation for Swedish raids on dodgy Web operation PQR (which has now returned to the Internet). Iran claims it's under "heavy," sustained cyber attack. Last week's Islamist denial-of-service attacks on US banks have largely subsided; analysts comment on their strange mix of sophisticated planning and primitive approach.
The French government debunks claims of a Facebook privacy bug. Tulsa's CIO has been placed on administrative leave for raising a false alarm over planned, legitimate penetration testing of the city's networks. Investigation of a phishing campaign against White House military networks continues.
In industry news, CSC buys big data analytics shop 42Six, Lockheed Martin announces its team in a $4.6B DISA bid, and HP warns of tough times before a turnaround. Google plans major layoffs at Motorola.
The EU will soon conduct a pan-European cyber exercise focusing on a continent-wide DDoS campaign.
Today's issue includes events affecting .
Cyber Attacks, Threats, and Vulnerabilities
GhostShell university hack: By the numbers(ZDNet) Records stolen from university databases including the University of Michigan, New York University, Princeton and Harvard were made publicly available yesterday, after hacker group leader 'DeadMellox' tweeted a link to the release posted on Pastebin. The group claimed to have released just a fraction of what they managed to obtain in campaign "Project WestWind", but it still apparently amounted to 120,000 sets of data. Identity finder analyzed the SQL breach, and found that the 120,000 records -- now available publicly in a number of cyberlockers and mirror sites -- appear to be "authentic enough" to warrant university investigation
Hackers post data from dozens of breached college servers(CNet) A group of hackers claims to have stolen thousands of personal records by breaching the servers of more than 50 universities around the world, including Harvard, Stanford, Cornell, and Princeton. A group calling itself GhostShell posted to Pastebin more than 120,000 records from the breached servers, including thousands of names, usernames, passwords, addresses, and phone numbers of students and faculty. While most hacker activity is motivated by a desire to steal identities or pranksterism, GhostShell said the goal of its data dump was to focus public attention on the state of higher education
Middle East cyberattacks on Google users increasing(CNet) Here we go again. Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified. The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East
Man-in-the-Browser malware scam goes universal(CSO) Utility lets scammers cull, distribute credit card data in real time. The Man-in-the-Browser has had a makeover: He is now available as the Universal Man-in-the-Browser (uMitB). The latest utility for a well-established malware scam offers two major improvements, said security vendor Trusteer, whose CTO, Amit Klein, wrote about it in a blog post on Wednesday
Malicious spam campaign targets QuickBooks users(Help Net Security) Intuit-themed malicious spam campaigns pop up every couple of months or so, given that the company's tax preparation, accounting, financial management and billing software and services are extremely
Swedish c.bank website shut down in cyber attack(Reuters) Hackers shut down the website of Sweden's central bank on Wednesday and targeted two other official sites after activist group Anonymous was reported to have threatened it would launch a cyber attack in support of Internet
Defiant Pinoy hackers dare PNoy, expand cyberattacks(GMA Network) Filipino hacktivists have stepped up their protests against the Anti-Cybercrime Act, expanding their list of targets to include vital government websites even as they directly dared President Benigno Aquino III to shut them down. The hacktivist collective Anonymous posted on YouTube a video entitled, "Anonymous - Message to the President of the Philippines" in which it warned that the government will feel its wrath if the latter attempts to "shut down the message (and) chill our speech."You want to see Anonymous rise up? Try to shut down the message
Cyberattacks on banking websites subside -- for now(Computer World) The wave of cyberattacks against a half-dozen U.S. financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches. The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking. But customer-facing websites are just a small part of very complicated banking systems consisting of sometimes thousands of back-end applications that are being prodded by attackers, said Scott Hammack, CEO of Prolexic, a company based in Hollywood, Florida, which specializes in defending against distributed denial-of-service (DDOS) attacks
DDoS attacks on major US banks are no Stuxnet here's why(Ars Technica) The attacks that recently disrupted website operations at Bank of America and at least five other major US banks used compromised Web servers to flood their targets with above-average amounts of Internet traffic, according to five experts from leading firms that worked to mitigate the attacks. The distributed denial-of-service (DDoS) attackswhich over the past two weeks also caused disruptions at JP Morgan Chase, Wells Fargo, US Bancorp, Citigroup, and PNC Bankwere waged by hundreds of compromised servers. Some were hijacked to run a relatively new attack tool known as "itsoknoproblembro." When combined, the above-average bandwidth possessed by each server created peak floods exceeding 60 gigabits per second
White House Hack Attack Under Investigation: Report(Newsroom America) National Security Agency officials are also involved. On Monday, White House spokesman Jay Carney acknowledged that attack, which he characterized as "spear phishing," which is a form of cyber attack utilizing emails that attempt to convince recipients
French privacy watchdog dismisses reports of Facebook bug(CSO) Users did not realize the messages they posted on friends' Walls were public, and their visibility to all was not a bug, CNIL found. An investigation by the French privacy watchdog has found no truth to worldwide press reports last week that a Facebook bug was exposing old private messages to public view. Users had not grasped the public nature of the personal messages they were posting, and the "bug" was in their understanding of Facebook's privacy settings, the French National Commission on Computing and Liberty (CNIL) said late Tuesday
What happened to Tulsa's CIO could happen to you(CSO) Tulsa CIO Tom Golliver is on paid administrative leave after the city's response to a data breach turned out to be a false alarm. What happened there could happen anywhere. Tulsa CIO Tom Golliver kind of reminds me of Chief Brody in the second JAWS movie. He sees what he thinks is a Great White, yells at everyone to get out of the water and fires away at what turns out to be a school of bluefish
UK at greatest risk of identity fraud in Europe(Help Net Security) The UK is at the greatest risk of identity fraud throughout Europe, according to new independent research. As National Identity Fraud Prevention Month starts, a taskforce of partners from the
App Whitelisting Could Offer Answer To Next-Gen Malware, Report Says(Dark Reading) Reducing attack surface is a solid alternative to antivirus for defending against zero-day malware, Forrester says. As malware continues to proliferate at a rate that overwhelms many signature-based antivirus tools, enterprises may want to take a new approach: limit the number of applications allowed
You're Nobody Without Your Mobile Device(Dark Reading) Will mobile biometrics be an IAM driver or nonstarter in the enterprise? The mobile device explosion within the enterprise has opened up countless new technology opportunities, but one that is just now starting to be explored is the idea of turning a mobile device into the ultimate biometric hardware
Hague issues warning about global cybercrime danger(BBC) It has never been easier to become a cybercriminal, Foreign Secretary William Hague is to warn an international conference in Budapest. He will tell delegates that cybercrime is "one of the greatest global and strategic challenges of our time."Mr Hague is highlighting the UK's determination to be a world leader in cyber security - it is spending 2m setting up a cybercrime centre. He also wants international hotlines set up to help tackle emergencies
Thousands of Lotus Notes applications complicates GSA cloud migration(Fierce Government IT) Streamlining of applications is often meant to be a major benefit of migration to the cloud, but the General Services Administration has allowed its offices in at least one case to replicate a duplicative Lotus environment in the cloud. Each GSA component has developed its own inventory of Lotus Notes applications for decommissioning or migration to the cloud, and the GSA office of the chief information officer didn't perform an analysis on those applications to look for duplication, says the GSA office of inspector general
The State of the Cybersecurity Workforce(FederalNewsRadio.com) Cybersecurity affects every agency, program and employee, and has become an even greater challenge to manage as global networks become more susceptible to risk
From The Smoke And Fire Dept: Huawei Denies (Again) It's Launching Its Own Mobile OS(TechCrunch) Last week saw a little skirmish in the mobile platform wars, when news broke that Huawei, which makes smartphones based on Google's Android OS, was working on an operating system of its own — first reported by Reuters and then picked up by others. Curious to hear from the horse's mouth, we got in touch. And it turns out that Huawei, in fact, has "no plans" to launch an OS any time soon
H-P falls 7% as Whitman points to tough year(MarketWatch) Shares of Hewlett-Packard Co. on Wednesday fell to their lowest level in a decade as Chief Executive Meg Whitman warned that it will take longer to turn around the beleaguered tech powerhouse
CSC Buys Big Data Analytics Firm 42Six(Govconwire) Computer Sciences Corp. (NYSE: CSC) has acquired a Maryland-based software developer that focuses on big data processing, analytics and advanced applications support for defense and intelligence customers. CSC did not disclose terms of its acquisition of 42Six Solutions in a release. "Data services and analytics capabilities are rapidly becoming essential elements of commercial and government
Lockheed Announces $4.6B DISA Info Grid Contract Team(Govconwire) The Lockheed Martin-led team on a potential $4.6 billion contract to run the Defense Department's global information grid includes Xerox subsidiary ACS, AT&T, BAE Systems, ManTech International and Serco's U.S. subsidiary. Lockheed made its announcement Wednesday on the heels of the Government Accountability Office's decision to uphold Lockheed's win of the potential seven-year contract
Razorsight Names Chris Checco President, Chief Analytics Officer(Govconwire) Big data and analytics specialist Razorsight Corp. has added Chris Checco, former lead management scientist for Accenture Federal Services, to its executive ranks as president and chief analytics officer. Checco is charged with leading efforts to accelerate Razorsight's development of advanced analytics solutions for global communications providers, cable operators and mobile operators
Ipswitch releases WhatsUp Gold 16(Help Net Security) Ipswitch released WhatsUp Gold 16, which comes loaded with network, server and application monitoring, automated layer 2 discovery and mapping, wireless infrastructure management and hardware and soft
Review: Incapsula: Enterprise-grade website security(Help Net Security) Over the last few years, small to medium businesses has seen a huge increase in website attacks. Website owners are seeking for affordable and effective tools to protect their websites from hackers
Lockheed offers agencies a cloud storefront(GCN.com) The Solution as a Service (SolaS) hybrid cloud solution provides a modular suite of capabilities delivering command, control, brokerage and security across multiple clouds, according to Curt Aubley, vice president of NexGen Cyber Innovation
SMTP Dialects: How to Detect Bots Looking at SMTP Conversations(Infosec Island) It is somewhat surprising that, in 2012, we are still struggling fighting spam. In fact, any victory we score against botnets is just temporary, and the spam levels raise again after some time. As an example, the amount of spam received worldwide dropped dramatically when Microsoft shut down the Rustock botnet, but has been rising again since then
How to Protect against Denial of Service Attacks: Refresher(Infosec Island) With all of the information about DoS attacks in recent months, it is easy to blame banks and say that they didnt have the proper security controls in place to withstand this type of attack, but in reality things are not that simple. So, how does this happen? Is it preventable?
Government Agencies Get Creative In APT Battle(Dark Reading) Debora Plunkett, information assurance director at the National Security Agency (NSA), in a keynote address here today pointed to the recent breaches of major financial institutions as an example of how even the most security-conscious organizations
And the SHA-3 title goes to .....Keccak(Internet Storm Center) In response to a number of attacks on SHA , NIST started to look for the successor to SHA-2, figuring that it was likely that it to may fall. To date that hasn't occurred and SHA-512 still looks strong. The competition proceeded and was whittled down from 64 candidates over a number of rounds. Yesterday NIST annouced the winner of the SHA-3 competition, Keccak
Why agencies don't have to upgrade to a new crypto hash(GCN.com) "In current protocols there is not going to be any major push to move to SHA-3," said Tim Polk, manager of NIST's Computer Security Division's Cryptographic Technology Group. "SHA-2 is a very good algorithm. For existing protocols in use today, SHA-2
Cybersecurity Under the COPPA Cabana(Huffington Post) The proposed changes the administration are trying to make concern the third party buttons on websites, and the challenges brought up by tablets and smartphones -- trying to take these gaps in cybersecurity law and find a solution to closing those gaps
Hacktivist's Advocate: Meet the Lawyer Who Defends Anonymous(The Atlantic) As a lawyer not particularly immersed in the technology world, Jay Leiderman first became interested in the hacker collective Anonymous around December 2010. That was when Anonymous activists launched distributed denial of service attacks (DDoS) against Mastercard and PayPal, who stopped processing donations to WikiLeaks. Since then, he has represented a number of high-profile hackers, including Commander X, who is on the run from the FBI for a DDoS attack on a county website in Santa Cruz, California, to protest a ban on public sleeping, and Raynaldo Rivera, a suspected hacker from LulzSec who is accused of stealing information from Sony computer systems
Global action takes down tech support scam(The Register) Australian, US and Canadian authorities have jointly proclaimed a victory over scammers who call punters and offer unsolicited and unnecessary tech support. The scam has been running for years and involves a call from someone claiming to be an employee of Microsoft or another tech titan. If you answer, the caller explains that malware has been detected on your PC and helpfully offers to remove it
NY charges in US-Russia military electronics case(Wall Street Journal) Authorities in New York say they've charged 11 members of a Russian military procurement network, a Texas-based company and others with illegally exporting high-tech microelectronics from the United States to Russian military and
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Maryland 2012(Baltimore, Maryland, October 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding...
National Cyber Security Hall of Fame(Baltimore, Maryland, October 17, 2012) Baltimore welcomes the US cyber security community to honor the members of the National Cyber Security Hall of Fame innaugural class.
Cyber Security: A National Imperative(Washington, DC, October 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the...
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
E2 Innovate Conference & Expo(Santa Clara, California, November 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.