Last week's distributed denial-of-service attack against Spamhaus has largely subsided. As large as the attack was, most Internet users found their experience little affected. A Guardian op-ed sniffs that the whole episode was a put-up job "spun by shoddy journalism," but this is surely wrong. Some coverage was unduly breathless, but the attack was significant for at least three reasons beyond its sheer size: 1) it exposed the extent to which DNS servers were unsecured, 2) it revealed deeper vulnerabilities in DNS, and 3) it suggested the difficulties legal systems encounter when faced with transnational exploits. (The market for DDoS defenses will also grow—IDC already forecasts 18.2% compound annual growth through 2017.)
A Rapid7 researcher finds vulnerabilities in Amazon Simple Storage Service (S3) buckets, due apparently to customer service misconfiguration. iMessage prank texts show the service's vulnerability to DDoS-like disruption. Islamist groups (al Qaeda Electronic Army and Hamas' Izz ad-Din al-Qassam Cyber Fighters, respectively) disrupt First National Bank Texas and American Express. An Indian hacker defaces a Pakistani election site.
Anonymous interposes itself into Korean tensions with attacks on North Korean websites. Attribution of the "cyber rampage" South Korea recently endured remains unclear, but Symantec believes the evidence points to centrally directed "hired guns," not hacktivists.
Sino-American tensions rise as US strictures against Chinese hardware begin to bite. The Chinese government also disputes British accusations of cyber espionage.
The Saudi government warns of "suitable measures" against services like Skype, What'sApp, and Viber if they don't comply with censorship laws.
Today's issue includes events affecting Australia, China, India, Japan, Republic of Korea, People's Democratic Republic of Korea, Pakistan, Palestinian Territories, Russia, Saudi Arabia, Taiwan, Tunisia, Turkey, United Kingdom, United States..
Biggest Cyber Attack in History. Cybersecurity Pioneer Narus Asks: 'Are You Safe?'(Technorati) It's funny how things work. Earlier this week I was interviewing the team at Narus. The company, an independent subsidiary of Boeing and more about digital, less about massive bodies of steel, is a pioneer in cybersecurity. Cybersecurity, the practices designed to protect networks, computers, programs and data from attack or damage. I was asking the company's president, John Trobough, "As a consumer, why should I care?" I mean, these big companies have money to throw at this kind of stuff, so I'm sure they've figured it out. Besides, what do I care if some chicken nugget-producing enterprise gets hacked? Or if some big bucks mobile company has a security breech when a clever employee outsources his work and watches cat videos instead? Some of those videos are pretty good. The very next day the world sustained what many touted as being the "biggest cyber attack in history"…On the whole, though, the global Internet as a whole was not impacted to the expected extent. You see, it's not necessarily a "massive," global cyber attack that we, as individuals should be concerned about. It's the potential smaller, personal ones. As a 2012 Norton Cybercrime report outlines, these consumer attacks are costing us
How a cyberwar was spun by shoddy journalism(Guardian) Journalistic scepticism was lacking when stories about a DDoS attack 'breaking' the internet surfaced. This is a real future risk. A veteran Reuters reporter related a piece of advice given by his editor: "It's not just what you print that makes you an authoritative and trusted source for news, but what you don't print." He wasn't talking about censorship, he was talking about what separates journalism from stenography and propaganda: sceptical scrutiny. The professionalism of the craft isn't simply learning to write or broadcast what other people tell you. Crucially it is the ability to delve, interrogate and challenge, and checking out stories you've discovered through your own curiosity, or robustly testing what other people tell you is true
Phishing Campaign Using Military, Illicit Attachments(Threatpost) Look out for email attachments offering better sex tips and news about newly developed Chinese stealth frigates, because they are loaded with malware, according to a Securelist report written by Kaspersky Lab expert, Ben Godwood
Bitcoin Exchange Mt. Gox Targeted by Cyber Attack(Fox Business) Just as Bitcoin explodes beyond the $1 billion mark thanks to Europe's debt crisis, the emerging virtual currency was dealt a setback this week after a key exchange was hit by a powerful cyber attack that caused delays. Coupled with other recent technical glitches, this week's distributed denial of service (DDoS) attack against Bitcoin exchange Mt. Gox cuts into one of the electronic currency's greatest selling points: its relative safety compared with deposits in Cyprus
Cyber attack: ECP website brought down by Indian hacker(The Express Tribune) The cyber attack on ECP's website was a hot topic on Saturday. People on various internet forums complained about not being able to access the site. The attack came at a time when the traffic on the website had increased ahead of general elections, due
Fake Link removal requests(Internet Storm Center) Over the last month we've had three requests to remove a particular link belonging to a specific security vendor. We're a nice enough bunch and if there's a good, honest reason to remove a link, we'll consider it. What make this interesting is that the requests weren't from the company or any of its staff and finally, the reason why the removal was requested. We did contacted the target company and let them know this was happening but as the third request has only just come in, it's worth bring to your attention. The emails looked like a reasonable, if somewhat odd, request as normally the more links back to your company's site, the better your ranking (a super simple explanation of search engines' ranking I know - but just go with it). As most web masters are super sensitive to Google rule changes, they may have automatically complied, thinking this was something new
Zero-Day Java Attacks Pose Risk for Businesses, Security Expert Says(Find the Edge) A cyber-security expert has emphasised the need for businesses to consider the effects a future cyber-attack on their system could have, in an article uploaded to Find the Edge today. Businesses will be vulnerable to viruses and other forms of cyber-attack if they fail to plan strategies to help minimise and respond to zero-day attacks on their systems, an IT expert has said. Adrian Spink, CEO at Company85, has used a new article on business website Find the Edge to explain why business leaders need to consider how exposed to these threats their organisations are
Anonymous declares war on North Korea, disables government websites(Examiner) An Anonymous hacktivist cell identified as Anonymous_Korea launched successful DDOS (distributed denial of service) attacks on multiple North Korean state websites on Saturday, March 30, only hours after the North Koreans issued an inflammatory statement declaring that they had entered into a "state of war" with South Korea
First National Bank Texas Hacked, Social Security details leaked for #OpBlackSummer(CyberWarNews) Today the First National Bank Texas has been hit by hackers who have leaked credentials and other information online. The attacks come from Al Qaeda electronic army and the Tunisian cyber army aka @TN_cyberarmy who have released it in the name of #Opblacksummer which is an operation that they are currently undertaking
Hamas organization behind recent cyber-attacks on financial institutions(Examiner) The recent cyber-attacks against US financial institutions that began last year appears to be the work of the Izz ad-Din al-Qassam group, often shortened to "Al-Qassam Brigades", the military wing of the Palestinian Islamist political organization, Hamas, according to an analysis done yesterday by Sean Gallagher of Ars Technica, an online publication devoted to technology
Hired guns suspected in South Korean cyberattacks(CSO) The people behind both attacks were just doing their job because of the backdoor file's directory path, Symantec believes. The people behind this month's destructive cyberattacks against three banks and two broadcasters in South Korea were likely employees or hired guns of a single organization, a security vendor analyzing the attack code says
Who was behind South Korean cyber-attacks?(al Jazeera) Cyber-attacks on government sites and major financial institutions have become an annual event in recent years. Lately there's been a deluge of reports on the origins of the recent cyber-attack on major South Korean websites, and many agree that North Korea may have had a hand in it. In fact, there are few original analyses and even fewer of those that touch on certain aspects, that up until recently, have not been discussed in mainstream media
How destructive 'cyber rampages' can disable thousands of computers(Examiner) "This attack is as much a cyber-rampage as it is a cyber attack," said research director Rob Rachwald, a research director at computer security firm, FireEye. He was referring to last week's massive cyber attack that disabled 32,000 computers in South Korea. According to a March 30 article in SecurityWeek, the term "cyber rampage" was also used by Zheng Bu, senior director of security research at FireEye
Got Attitude?(Dark Reading) Attack Attitude: Does China really not care about attribution? Following up on my last blog post on the Comment Crew (or APT1, to quote a Mandiantism) attack and related coverage, I wanted to dig a little deeper into the comment crews observed attitude towards the documented attack activity and what we might learn from that about their operating environment and overall sentiment towards OPSEC and attribution when engaging in attack activity. In the United States, the general perception both in and outside of the security industry, is that China based threat actors simply don't care about attribution. Given the outwardly brazen appearance of the many attacks thought to have originated from China, you could certainly be forgiven for making this assumption. While not entirely incorrect, I firmly believe that what is actually going on – is far more deeply nuanced than we are currently giving the Chinese credit for
'Funded hacktivism' or cyber-terrorists, AmEx attackers have big bankroll(Ars Technica) "Cyber-fighters of Izz ad-Din al-Qassam" launch wave of attacks on US banks. The "cyber-fighters of Izz ad-Din al-Qassam" took American Express down for two hours yesterday afternoon. On March 28, American Express' website went offline for at least two hours during a distributed denial of service attack. A group calling itself "the cyber-fighters of Izz ad-Din al-Qassam" claimed responsibility for the attack, which began at about 3:00pm Eastern Time
Did Russian cybercrooks hack ABC [Australian Broadcasting Corporation] in 2011?(News.com.au) THE ABC is investigating claims that one of its websites was hacked by Russian cybercriminals in 2011. Information security analyst Patrick Gray first published the claim on his blog, risky.biz, saying cybercrooks obtained information from an ABC database, including an encrypted staff password, around October 2011
How to Survive the Year of the Hack(The Atlantic Wire) After three months of headlines from China to the White House and every geek haven in between, this week introduced the world to the cyber attack that may or may not be slowing down the entire Internet, followed by the digital assault on American Express. Yes, 2013 is already the year there were too many hacking incidents to keep track of, but "hacking" has also become a kind of catch-all for nefarious things done on a computer, and it's becoming increasingly difficult to tell apart global headline from personal headache. That kind of vagueness has left average Internet users wondering whether they could be exposed to the same threats as major companies and government systems -- and has demonized "hackers" like Aaron Swartz, Matthew Keys, and Weev, who face(d) felonies and jail time for low level computer crimes. With more than a few different kinds of "hacks" dominating the news in just the last couple of weeks alone, it's about time somebody defined the hacking headlines once and for all
Advanced Persistent Threats: Not-So-Advanced Methods After All(Dark Reading) Cybercriminals are taking a more systematic approach with their attack techniques, new IBM report finds. Cybercriminals behind heavily funded hacking operations are not necessarily using highly sophisticated malware to gain access to sensitive data or to spy on employees, according to a study released this week by IBM
The digital arms trade(The Economist) IT IS a type of software sometimes described as "absolute power" or "God". Small wonder its sales are growing. Packets of computer code, known as "exploits", allow hackers to infiltrate or even control computers running software in which a design flaw, called a "vulnerability", has been discovered. Criminal and, to a lesser extent, terror groups purchase exploits on more than two dozen illicit online forums or through at least a dozen clandestine brokers, says Venkatramana Subrahmanian, a University of Maryland expert in these black markets. He likens the transactions to "selling a gun to a criminal"
Cyber Threat to US Firms in China - US Chamber of Commerce Report(New Tang Dynasty Television) The survey is in line with a report by US security company Mandiant, who reported that more than 100 US firms have been targeted by Chinese hackers. Mandiant concludes that the attacks emanate from the Chinese army and are aimed at gathering trade
NSA Director: Information-Sharing Critical To U.S. Cybersecurity(Dark Reading) NSA Director and U.S. Cyber Command chief Gen. Keith Alexander discusses challenges to protecting U.S. interests in cyberspace. Information-sharing and visibility into the threat landscape are vital for the public and private sectors to defend cyberspace, National Security Agency Director Gen. Keith B. Alexander told an audience at The Georgia Tech Cyber Security Symposium yesterday
Sprint, Seeking OK on Merger, Agrees To Shun Huawei Gear(CIO Today) Although a House investigation concluded there were "credible reports" of Huawei's illegal behavior, there is no conclusive evidence that either Huawei or ZTE are installing telecom equipment with hidden codes to transmit information back to China. But with the recent back-and-forthing between the U.S. and China over cyber-security, the issue remains. Sprint and Softbank, the company planning to acquire the third-largest U.S. carrier, are committed to meeting national security concerns to make their merger a reality. The companies made it clear to Washington that they will no longer purchase or use equipment the Chinese telecom giant manufactures
Huawei Network Security Becomes Issue in Sprint Softbank Merger(eWeek) An agreement between U.S. law enforcement and wireless companies to drop Huawei from list of acceptable telecom vendors may look like paranoia, until you look a little deeper. To say that government officials in Washington are paranoid about Chinese spies would be incorrect. After all, as the saying goes, it's not paranoia if they really are out to get you. This is very much the situation in Washington, and it explains a lot about why a number of government agencies and members of Congress are insisting that Softbank and Sprint not use equipment from Chinese manufacturer Huawei when their merger goes through
U.S., China cyber battle intensifies (Politico) The United States and China appear locked in a cybersecurity war — of mostly words — that's beginning to escalate. Both the White House and Capitol Hill now explicitly criticize Beijing for failing to subdue the hackers and spies thought to reside within the country's borders. And there are real punishments on the horizon, as the U.S. government eyes trade penalties and other restrictions on China and its top technology firms
China 'resolutely opposes' U.S. curbs on IT imports: state media(Reuters) China expressed "resolute opposition" and "strong dissatisfaction" with a new U.S. cyber-espionage rule limiting imports of Chinese-made information technology products, state media reported on Saturday. The remarks underscore growing tension between the world's top two economies after the United States accused China of backing a string of hacking attacks on U.S. companies and government agencies
How to narrow the cyber talent gap(Federal Times) A recent flurry of reports underscores the cyber threats facing our nation, ranging from malicious hacking to state-sponsored cyber economic espionage and worse. In response, the president recently issued an executive order designed to protect our critical cyber infrastructure -- all those cyber-dependent things we take for granted, like our power grid, transportation system and water supply. It also briefly mentions what may be the most crucial element of our cyber infrastructure: human capital. That mention must now be translated into action
YarcData Selected by QinetiQ North America to Deliver Actionable Intelligence Through Graph Analytics(MarketWatch) uRiKA Big Data Appliance Enables Rapid Discovery Across Large Data Sets. YarcData, a Cray CRAY +3.29% company dedicated to providing "Big Data" graph-analytic solutions to enterprises, today announced a strategic partnership with QinetiQ North America (QNA), a leading defense solutions and advanced technology provider that delivers outstanding, cost-effective products and services to an international clientele of government and commercial customers. The partnership focuses on delivering the YarcData uRiKA Big Data appliance to QNA customers to improve the speed and effectiveness of discovering actionable intelligence through graph analytics
Panda Refreshes Console With Management(Channelnomics) In a market increasingly overrun by new and legacy cloud players, Panda Security is attempting to give its partners a leg up as competitors close in
Password denied: when will Apple get serious about security?(The Verge) It's time for some real talk about how data is kept and accessed. Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. "It's the kind of server misconfiguration you see on the internet ten times a week," one might say. "And it's not as if your iTunes password even gets you to real money. This is why Apple added two-step verification." Or, "Apple saw the hole and shut it down before most users even knew it was there. This is how things are supposed to work." No. It isn't
Internet Evidence Finder Adds Mac OS X File System Support and Timeline Feature(Forensic Focus) With a strong commitment to helping thousands of its customers in the world's top law enforcement, military, government and corporate organizations recover data from a broad range of Internet-related communications, Magnet Forensics (formerly JADsoftware) has launched v6.0 of its industry-leading forensic software
Research and Development
Quantum Cryptography Secures the Electrical Grid(Design News) Renewable energy sources are slowly building their presence in the nation's electric grid system. The grid readily supplies the energy demand of the country, which is now projected to rise 30 percent by 2035. The increasing availability of renewable energy reserves hopes to balance out the rise in demand while providing an environmentally friendly form of sustenance. However, the intricacy of renewable energy requires sophisticated methods of grid operation for both energy management and security applications
If online students aren't engaged, blame their teacher(Quartz) A very wise old online professor, Bill Pelz, once told me that the lecture is the most efficient way to pass important concepts and theories from the professor's notepad to the student's iPad without going through either brain
Competition Seeks Next Generation of Cybersecurity Experts(Mashable) Think of it as an American Idol in which the contestants aren't fighting for record deals but rather a pathway to joining the next generation of American offensive and defensive cybersecurity experts. Meet Cyber Aces, a series of experimental state competitions that use a videogame to target participants with the right skills -- a mixture of a deep understanding of networking, operating systems and systems administration -- to receive a $25,000 scholarship for National Security Agency-level cybersecurity training. Many participants are high school and college-aged, but entrants also include Ph.D. recipients and military veterans
Legislation, Policy, and Regulation
UK battles to defeat cyber crime(The Independent) Hackers costs the economy 27bn pounds a year, but companies are fighting back. A team of 10 computing experts must tackle half a billion possible cyber attacks made on their employer, a large multinational, every day. They are overrun. A system developed by Detica, a unit of BAE Systems with a 300m pound turnover, helps them prioritise the 81 most significant threats that day. There are 17 suspicious-looking emails, inviting staff to an "exclusive event" or to look at a contact list. Another, from one Fraser Anderson, reached five staff members. Two opened the email that was ostensibly describing a conference in Seattle
China opposes and combats cyber attacks(Financial Times) Sir, The report "Security services and business join forces in fight against cyber crime" (March 27), by your defence and diplomatic editor James Blitz, accuses the Chinese government of sponsoring cyber attacks on the UK. We are genuinely disappointed and seriously concerned about the report as the accusations in it do not square with facts by any measure
Bolster cyber-attack defenses(The Japan Times) There is the view that its cyber-attack capability is larger than South Korea's. North Korea has been deeply isolated in the international community -- with United Nations-initiated economic sanctions slapped on it because of its nuclear weapon and
S. Korea, US step up cyber warfare partnership(ZDNet) S. Korea, US step up cyber warfare partnership. Summary: The two governments will work on a draft deterrence strategy to fend off unexpected attacks, and South Korea will also increase personnel for its Cyber Command unit
Government Fights for Use of Spy Tool That Spoofs Cell Towers(Wired Threat Level) The government's use of a secret spy tool was on trial on Thursday in a showdown between an accused identity thief and more than a dozen federal lawyers and law enforcement agents who were fighting to ensure that evidence obtained
Pakistani man arrested for military espionage in Germany(Pakistan Today) A Pakistani man working in a German technology research centre was arrested on Friday and detained on suspicion of military espionage, Germanys state prosecutor said. The 28-year-old employee was registered as a student at the centre where he worked in the northwestern city of Bremen. Named only as Umar R, the man is suspected of "attempting to procure information about sophisticated military technologies" since October, a statement from the prosecutor said
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
HITBSecConf2013(Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...
SANS Northern Virginia 2013(Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Software Engineering Institute Invitational Career Fair(Pittsburgh, Pennsylvania, USA, April 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing...
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.