skip navigation

More signal. Less noise.

Daily briefing.

Islamist attacks on US banks may have subsided, but observers expect the quiescence is temporary: cyber gangs are recruiting botmasters for a man-in-the-middle campaign aimed at fraudulent wire transfers, and online criminals actively cooperated in last week's attacks. This convergence of hacktivism and organized crime is likely to continue. Iran's government (which attributes its nationwide Internet slowdown to US and Israeli attacks) is also actively collaborating with al Qaeda online recruiters.

The University of California San Diego's darknet has observed the Sality botnet quietly scanning IPv4 addresses for vulnerable voice-over-IP servers. The chair of the House Intelligence Committee calls out China for ongoing cyber campaigns against defense think tanks; he also warns of coming Chinese attacks on the financial sector.

A bogus Angry Birds game carries a payload that can hijack Chrome and spam Tumblr. Skype users are subjected to widespread spearphishing. Team GhostShell's objective in exposing university records appears to be notoriety.

Microsoft will close seven vulnerabilities on Patch Tuesday next week (one of them is in MS Word).

Ponemon finds that business logic flaws remain popular targets for cyber attackers. The Cloud Security Alliance reports on the top mobile threats. The black market in software bugs grows (and with it grows cyber crime). US defense circles worry about the penetration of Chinese telecom companies into the US market.

NIST adopts new cryptographic standards, and HTTP Strict Transport Security protocol (HSTS) approaches general adoption. US Cyber Command's leadership and EU policy makers agree: creating "national Internets" would be a "disaster."


Today's issue includes events affecting .

As we observe Columbus Day, the CyberWire will not be published Monday. Normal publication will resume Tuesday. Enjoy the holiday weekend!

Cyber Attacks, Threats, and Vulnerabilities

Cybercrime Gang Recruiting Botmasters for Large-Scale MiTM Attacks on American Banks (Threatpost) A slew of major American banks, some already stressed by a stream of DDoS attacks carried out over the past 10 days, may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers

Serious Attackers Paired With Online Mob In Bank Attacks (Dark Reading) The denial-of-service attacks chalked up to crowd-sourced hacktivism had little impact, except to camouflage much more effective packet floods using compromised content-management servers. At first blush, the recent attacks against major U.S. financial institutions appear to be a text-book case of hacktivism: Under the name "Operation Ababil," a group of alleged Iranian protestors called for supporters to attack banks and Google's YouTube, citing the Internet giant's refusal to take down a movie that offended some Muslims. Yet, the resulting distributed denial-of-service attacks that caused disruptions at major banks -- including Bank of America, JPMorgan, Citigroup and Wells Fargo -- did not emanate from the widespread home computers of hacktivists but from hundreds -- or at most, thousands -- of servers running vulnerable content management software, say security experts familiar with the attacks

Iran linked to al-Qaeda's web jihadi crew by old-school phone line (The Register) An organisation that attempts to recruit Westerners to carry out terrorist attacks on their home soil was backed by the Iranian state, according to an unlikely source of information: leased telephone line records. Security researcher Michael Kemp found a list of the Middle East nation's leased lines that use the packet switching protocol X. 25, and claims that it included a line allocated to Ansar Al-Mujahideen - a popular hangout for Islamic militants."In the course of doing some research on X. 25 - the network that existed before there was the internet - I stumbled across a document detailing all the X. 25 network user addresses for the country of Iran," Kemp told El Reg

Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIP (Dark Reading) A large peer-to-peer botnet known for its resilience was spotted sniffing out potential victim voice-over-IP (VoIP) servers using an advanced stealth technique of camouflaging its efforts to recruit new bots. The Sality botnet, which was first discovered in 2003 and has been estimated to have hundreds of thousands or more infected machines in its zombie army, scanned IPv4 addresses in February 2011 via a covert scanning method that flew under the radar, according to new research from the University of California-San Diego and the University of Napoli in Italy. The researchers were able to observe the botnet's activity via UCSD's darknet, called the UCSD Network Telescope, which provides a passive traffic-monitoring system for studying malicious Internet activity

Lawmaker cites new cyber threats to financial networks (Reuters) The head of the House of Representatives Intelligence Committee said on Thursday that significant new cyber threats to U.S. financial networks appeared to be emerging from an "unusual" source

Think Tanks Hit By China's Hackers (USA Today) Rep. Mike Rogers, R-Mich., told USA TODAY that the hacking is part of a campaign by China and other nations to obtain valuable information on a number of fronts, from policy deliberations and pending litigation to national defense and private product development

Faux Apps Found Hijacking Chrome, Spamming Tumblr (Threatpost) A flurry of fake, ad-laden Angry Birds lookalike games have flooded the Google Chrome Web store of late. The online marketplace where Google sells extensions and games for its Chrome browser has seen an influx of games mimicking "Bad Piggies," a new game Rovio Entertainment recently released that puts a twist on its ubiquitous Angry Birds game

Bogus Skype password change notifications lead to phishing (Help Net Security) Bogus emails supposedly sent by Skype are targeting users of the popular VoIP service, saying that their Skype password has been "successfully changed", Hoax-Slayer warns

AusPost Click and Send security glitch could affect consumer trust: IDC (CSO) While Australia Post has moved to reassure customers that their financial details were not compromised due to a security glitch with its online service Click and Send, a security expert said the incident could affect consumer confidence in the merchant. According to media reports, the glitch allowed users to see other customers' details by altering a shipping identification number that appeared in the URL of a transaction. Click and Send was designed for online postal documentation -- such as preparing items sold on auction site eBay for delivery

University hack: Not much dialogue, but lots of attention for hacker group (CSO) TeamGhostShell turns attention from China and 'Hellfire' to higher education. Perhaps stealing personal information from major universities is not the best way to start a serious dialogue on the problems of higher education. But the hacker group TeamGhostShell's recent dump of records hacked from 100 major universities throughout the world clearly got their attention -- and the security community's

Google Warns of Looming Cyber Attacks (Technorati) The threat of cyber warfare seems to be an ever increasing one. It seems however that the White House might have an unlikely ally. Earlier this summer search giant Google started warning users of its Gmail, Chrome web browser and search engine that state sponsored hackers may have tried to compromise their computer or Google account

Dont Panic Over Googles Latest State-sponsored Attack Warnings (Security Week) On Tuesday, Google started issuing warnings to a subset of GMail users, explaining that state-sponsored attackers may be attempting to compromise their accounts or computers. The warnings were foreshadowed by an interview Google did with the New York Times, where it was revealed that the search giant was seeing more attacks recently than previously anticipated. We aren't planning to share additional information, a Google spokesperson told SecurityWeek Wednesday

Iran Claims to Have Been Crippled by Cyber Attacks (eSecurity Planet) The government says the attacks have 'forced' it to 'limit the Internet.' Iranian officials are claiming that the country was recently hit by targeted attacks that affected Internet access nationwide

Security Patches, Mitigations, and Software Updates

Microsoft to Fix Critical Word Flaw in October Patch Tuesday (Threatpost) Microsoft will release seven bulletins in the October Patch Tuesday next week, fixing 20 total vulnerabilities in Windows, Office, Lync and SQL Server. Only one of the bulletins is rated critical, while the six others are rated important

Microsoft October Patch Pre-Announcement (Internet Storm Center) As usual, Microsoft released its pre-announcement for the upcoming Patch Tuesday. The summary looks pretty much like an average patch tuesday with 7 bulletins total

Cyber Trends

Attackers Still Enamored With Business Logic Flaws (Dark Reading) New Ponemon report finds most organizations hit by attacks exploiting these weaknesses in their applications

Cloud Security Alliance outlines top mobile threats (Net-Security) The Cloud Security Alliance (CSA) Mobile Working Group released findings from a new survey that calls out the specific security concerns enterprise executives say are the real and looming threats as it relates to mobile device security in the enterprise environment. The new report, titled Top Mobile Threats, is a result of a survey of more than 200 enterprise participants representing 26 countries globally. The survey serves as an important first step in a larger effort to provide industry guidance on where enterprises should place their resources and focus when it comes to addressing mobile security threats

The Shadowy World Of Selling Software Bugs - And How It Makes Us All Less Safe (ReadWriteWeb) One of the first security researchers credited with selling an exploitable flaw was Charlie Miller, a former employee of the National Security Agency who now works for the consulting firm Accuvant. In 2005, Miller found a vulnerability in the Linux

Growing Chinese Telecoms Threaten US Security ( U.S. military leaders have listed cyber attacks as a top national threat with the Defense Department, FBI and National Security Agency trying to keep up with the rapidly maturing technological threats facing the government. The Defense Department

Banks Shift Focus On Cyber Security After Recent Attacks (Trefis) Imagine a situation where you have to make a payment but you cannot find your wallet. Thousands of people found themselves in a similar state late last week when they lost access to their banks' websites while trying to pay their bills that were due. All of these customers were the unfortunate victims of a planned and wide-spread cyber attack targeted at websites of six of the country's biggest banks, including Wells Fargo (NYSE:WFC), JPMorgan Chase (NYSE:JPM) and Bank of America (NYSE:BAC)

An Enemy Without Boundaries (USNI Proceedings) It is impossible to block every cyber attack, so strategy and policy should be focused on how to respond once that attack occurs


Microsoft buys PhoneFactor (H-online) Microsoft has acquired multi-factor authentication provider PhoneFactor to increase the variety of authentication options that are available to its cloud customers and applications. PhoneFactor offers multi-factor authentication processes using mobile devices and apps, which are designed to improve the security standards for log-in procedures. The name PhoneFactor describes the service's major design feature: mobile devices are the main authentication platform and, despite creating multi-stage log-in procedure, they are designed to avoid having a negative affect on the user friendliness of the process

Raytheon to highlight analytics and other intelligence technologies at GEOINT (Sacramento Bee) On Oct. 9, at 2:35 p.m., Dr. J.C. Smart, advanced analytics director at Raytheon's Intelligence and Information Systems business, will present, "The FOUR-Color Framework," which offers a unique, powerful approach for designing, implementing and

Army Signal chief visits CERDEC for a look ahead (US Army) Army leaders from its research and development, and requirements communities met here, Sept. 25, to strengthen existing ties and discuss opportunities to leverage one another for future support

ALLT, PKT to Ride Carriers' Tiered Broadband Plans, Says ThinkEquity (Barron's) ThinkEquity today has positive words for networking equipment makers Procera Networks (PKT) and Allot Communications (ALLT) can both benefit from the rise of "tiered" or metered data usage on broadband networks, selling "deep packet inspection

Contracts, etc. (GazetteNet) Recent federal contracts, deals and bankruptcy filings involving Maryland businesses include the following

Dayton's SCADA security innovation teams up with Air Force on cyber-attack security software (HiVelocity) Cyber security is a red-hot topic of worldwide concern with would-be cyber attackers representing a significant problem for virtually every major service we use. That's according to Peter Jenney, chief technology officer of Dayton's SCADA Security Innovation, Inc. (SSI), which develops software protection systems for Industrial Control System (ICS) equipment and Supervisory Control and Data Acquisition Systems (SCADA)

HP's Decline: Customers Get Fresh Helping of Uncertainty (Information Week) HP CEO Meg Whitman cites 'bloat' as barrier to turnaround, plans layoffs and slimmer product lines. One reality: customer trust runs low, even as cloud services gain traction

ITA security categorization and controls deficient, finds OIG (Fierce Government IT) The International Trade Administration cannot properly secure its information technology systems because it has not assessed how the systems work, or their risk profiles, according to a Sept. 27 Commerce Department office of inspector general report. The agency has not comprehensively reviewed the critical business information on its systems. As a result, the agency does not know all of its information technology assets and has not assigned systems with low, moderate or high secutiry categories

Government efforts to leverage big data (Fierce Government IT) Much can be learned from agencies that are harnessing the value of big data, according to a report published Oct. 3 by the TechAmerica Foundation. The report analyzes agency early adopters to make recommendations for big data use in government. Report authors say agencies should identify two to four key business or mission requirements that big data can help address, and use that information to craft big data use cases. They should also take inventory of data assets available within the agency and at other agencies that could help implement use cases, say report authors

Products, Services, and Solutions

Wombat Launches Simulated Attack Service To Reduce Use Of Rogue USBs (Dark Reading) SaaS product enables security officers to assess and train employees not to use removable memory devices of unknown origin

Trend Micro Worry-Free Business Security Services 5 released (Help Net Security) Trend Micro released Trend Micro Worry-Free Business Security Services 5 incorporates new features that address the ways small businesses and managed service providers are changing. It has a web-based

SCAP scanning and CyberScope reporting (Help Net Security) nCircle announced the debut of IP360 Federal, featuring a Security Content Automation Protocol (SCAP) 1.2 draft compliant scanner. SCAP combines a number of open standards and is designed to enable

Authentication-as-a-Service designed for service providers (Help Net Security) SafeNet announced SafeNet Authentication Service, a new cloud-based authentication service designed and engineered specifically for the service provider environment and allows service providers

Protection against DDoS and targeted attacks (Help Net Security) Corero Network Security announced its First Line of Defense solution, which blocks L3-L7 DDoS and advanced targeted server attacks. Cyber criminals/terrorists have reached a level of complexity

Oracle Solaris 11.1 released (Help Net Security) Oracle announced Oracle Solaris 11.1, delivering over 300 new performance and feature enhancements. Oracle Solaris 11 is the first cloud OS that allows customers to build large-scale enterprise-class

Oracle Open World: 6 Rants and Raves (InformationWeek) Oracle's cloud vision and announcements on key features deserve praise, but we need to see more substance behind the promises and more reality in the claims

HP Details Software Defined Networks Strategy (InformationWeek) HP announces new switch support for OpenFlow, a forthcoming SDN controller, and set of SDN-related applications

Technologies, Techniques, and Standards

What Star Wars Teaches Us About BYOD and IT Security (eSecurity Planet) At the SecTor security conference, the head of Security Engineering for Check Point explains how modern IT risks such as APTs and BYOD relate to the mythology of Star Wars. For the last 35 years, Star Wars has been the cornerstone of mainstream and geek cultural awareness. While Star Wars is a piece of dramatic fiction, many have found inspiration and solace in

Ask The Experts: Workstation Malware (Infosec Island) This time around we had a question from a reader (thanks for the question!):My organization is very concerned about malware on desktop machines. We run anti-virus on all user systems but have difficulty keeping them clean and are still having outbreaks. What else can we do to keep infected machines from hurting us?

Cybersecurity center offers practical tips for Cybersecurity Awareness Month (Indiana University) REN-ISAC, the University Information Policy Office and the University Information Security Office. It has been designated by the National Security Agency as a National Center for Academic Excellence in both Information Assurance Education and Research

HSTS approved as proposed standard (Help Net Security) The Internet Engineering Steering Group (IESG) has approved the HTTP Strict Transport Security protocol (HSTS) as a proposed standard, which means that we can look forward to it being ratified in the

Secure crypto-algorithm wins gold-standard status (New Scientist) The algorithms chosen by NIST are seen as the gold standard for cryptography. Its previous competition, concluded in 2000, chose the Advanced Encryption Standard, now used by everyone from Skype to the US National Security Agency. NIST kicked off this

Cyber Security Awareness Month - Day 4: Crypto Standards (Internet Storm Center) Yesterday's announcement of a SHA-3 "winner" gives me a great intro to talk about yet another important security related standard as part of our cyber security awareness month theme. Crypto standards have been critical to develop secure systems for a couple of reasons

Research and Development

Multi-photon cryptography could tighten data security ( To protect this wealth, organizations use cryptography, or coded messages, to secure information from "technology robbers." This group of hackers and malware creators increasingly is becoming more sophisticated at breaking encrypted information


Building Tomorrow's Cyber Defenders (Virginia Connection Newspapers) Pleased with the successful business partnership between the company and the school, Ozdogan said, "I want to recognize Northrop Grumman Information Systems for their cyber academy's gift of time, talents and expertise as instructors for the

Raytheon Promotes National Cyber Security Awareness Month with Diamond Sponsorship of CyberPatriot Competition (Defence Professionals) Raytheon Company announced it will be a Diamond Sponsor of the Air Force Association's (AFA) CyberPatriot National High School Cyber Defense Competition. The sponsorship is part of Raytheon's broader efforts to raise awareness of cybersecurity issues and promote cyber resiliency as a critical component of our nation's defense and security

Legislation, Policy, and Regulation

An open internet is the only way to support security and prosperity for all, says UK FS Hague (DiploNews) Foreign Secretary William Hague was in Hungary today attending the Budapest Conference on Cyberspace. In his speech the Foreign Secretary:made it clear that we need to preserve and expand the multiple benefits of the internet;emphasised the importance of the internet in promoting freedom of speech, prosperity and innovation;called for an international consensus to address some of the more negative aspects of the internet including cybercrime and state-sponsored cyber attacks. The Foreign Secretary announced that the Government will be investing 2m a year in a new Centre for Global Cyber-Security Capacity Building in the United Kingdom

The benefits of the Internet go far beyond its direct economic benefits, says EU HR Ashton (DiploNews) Speech by EU High Representative Catherine Ashton on Cyber security: an open, free and secure InternetI am grateful to our Hungarian hosts for organising this Cyberspace conference. It is really important that we maintain the momentum from the meeting in London last year and that cyberdiplomacy continues to move forward. Everyone who was engaged in London - governments, private companies and civil society share a common goal of looking for a way to ensure a free, safe and secure use of cyberspace

Cyber crimes: India yet to sign treaty with other nations (Zee News) Observing that laws both at national and international level were still struggling to catch up with cyber activities worldwide, a CBI judge on Friday said India is yet to sign a treaty with other countries to extradite accused involved in cyber crimes."Till date, we do not have a single treaty with any other country to extradite a cyber criminal to be brought to India", CBI Special Judge, New Delhi, Talwant Singh said at a seminar. Elaborating, he said Indian Penal Code is applicable for a crime committed in India. "Our Cyber law simply says that if there is an incident in India and whether it was committed from any other country, he (the accused) is still a criminal in the eyes of the (Indian) law", he said

New cybersecurity threat could revive legislation ( Keith Alexander, the director of the National Security Agency and the commander of U.S. Cyber Command, spoke to the same business audience earlier in the day. He didn't discuss the specific upswing in threat activity that Rogers referenced, but he said

'Countries building own internet network to be disastrous' (Hindu Business Line) "Any country that builds and operates its own internet devices and infrastructure, I think, is on a road to disaster," General Keith Alexander, Commander of US Cyber Command, told a meeting of US Chamber of Commerce yesterday, explaining that such

US Should Lead Cybersecurity Efforts, NSA Director Says (Department of Defense) Keith Alexander, who also heads U.S. Cyber Command and the Central Security Service, discussed the costs and consequences of cybersecurity issues on commerce during his keynote address at the summit. Well-known, seemingly invulnerable companies

US Needs Offensive Weapons In Cyberwar: General (Agence France-Presse) The United States needs to develop offensive weapons in cyberspace as part of its effort to protect the nation from cyber attacks, a senior military official said Thursday

Litigation, Investigation, and Law Enforcement

Megaupload server seizures finally run into mega-due-process (Ars Technica) No date is set, but judge orders a hearing to discuss users getting their files back

US agencies seize 686 websites accused of selling fake drugs (Computer World) Two U.S. agencies have seized 686 websites accused of selling counterfeit and illegal medicines as part of an international crackdown on online sales of fake drugs.U.S. Immigration and Customs Enforcement's (ICE) Homeland Security Investigations division, along with the U.S. Department of Justice, seized the websites in the past week, ICE said in a press release. The U.S. operation, nicknamed Bitter Pill, was part of an Interpol operation aimed at disrupting organized crime networks allegedly behind illegal online drug sales

Cyber crooks should make you very nervous (Nextgov) Federal undercover agents are resorting to show and tell to combat a growing menacecriminal hackers. The Justice Department has been making headlines by publicizing prosecutions, disclosing investigative techniques and revealing findings before clinching guilty verdicts. Sure, calling attention to charges and arrests could discourage digital invaders

Wireless surveillance: Bringing the Fourth Amendment to the 21st century (FOXNews) When Congressman Edward Markey discovered that the cellphone information of more than 1. 3 million people was handed over to U.S. law enforcement last year, often without a judges consent, he felt something had to be done. Markey (D-Mass.), the senior member of the House Energy and Commerce Committee, says the information prompted him to draft legislation to, "Update the Fourth Amendment for the 21st century."Representative Markey recently introduced the "Wireless Surveillance Act of 2012," calling for regulation law enforcement says is unnecessary and could challenge how they perform their duties

Exclusive: Army turned down Afghanistan-bound troops' preferred anti-IED system (CNN) The Palantir technology was developed outside of the military procurement system; the software ties together intelligence data to improve information for

Supreme Court to hear arguments on FISA Amendments Act standing suit (Fierce Government IT) The Supreme Court is set to hear oral arguments Oct. 29 on a case filed by journalists and human rights organizations seeking to gain standing to challenge the FISA Amendments Act

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Center for Applied Cybersecurity Research Security Summit (, January 1, 1970) Indiana University holds its ninth annual conference on information security and policy.

Europe Ramps Up Cyber Attack Testing With Second Simulated Pan-Europe DDoS (, January 1, 1970) 300 IT security professionals from across Europe are locking horns in a simulated cyber war exercise taking place today which -- if it was a real attack -- would be capable of disrupting services for millions...

EU and banks stage DDoS cyber-attack exercise (, January 1, 1970) EU and banks stage DDoS cyber-attack exercise. DDoS attack graphic The cyber-attack test focuses on an organisation's handling of a DDoS attack.

National Cyber Security Hall of Fame Inaugural Award Ceremony (Baltimore, Maryland, USA, October 17, 2012) Created to honor those who've created the cyber security industry, the National Cyber Security Hall of Fame celebrates its inaugural class this month.

Upcoming Events

Cyber Maryland 2012 (Baltimore, Maryland, October 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding...

National Cyber Security Hall of Fame (Baltimore, Maryland, October 17, 2012) Baltimore welcomes the US cyber security community to honor the members of the National Cyber Security Hall of Fame innaugural class.

National Cyber Security Hall of Fame Inaugural Award Ceremony (Baltimore, Maryland, USA, October 17, 2012) Created to honor those who've created the cyber security industry, the National Cyber Security Hall of Fame celebrates its inaugural class this month.

Cyber Security: A National Imperative (Washington, DC, October 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the...

TechExpo Cyber Security Careers (Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.

E2 Innovate Conference & Expo (Santa Clara, California, November 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.

Anatomy of an Attack (New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.

ZeroNights (Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.