skip navigation

More signal. Less noise.

Daily briefing.

Quartz takes it as a given that Chinese intelligence services are engaged in general and continuing cyber attacks on international targets. It notes that PLA hackers have turned up in a Trend Micro honeypot that simulated a rural Missouri water utility—nobody's idea of a high-payoff target. The conclusion Quartz draws is that China is making a long-term effort to gain control over foreign physical infrastructure.

Several probes of the financial sector are reported, including a new Android Trojan and a spoofed Bank of America email laden with malware. Banks seem to be coping with denial-of-service attacks, and analysts take a look at the Izz ad-Din al-Qassam Cyber Fighters, among the most prominent and determined DDOS attackers. Their operations bear the marks of state or quasi-state sponsorship, most probably by Iran, with Hamas running a distant second as a suspect.

Wi-Fi routers continue to present attractive attack surfaces. A cross-platform remote-access Trojan is now available on the black market. US Airways warns of a breach in frequent flier accounts.

More reports appear on the means used to breach TOR anonymity in recent law enforcement operations.

In market news, the US Department of Defense urges companies to invest heavily in industrial research and development. California and Maryland continue to lead the cyber job market.

In cyber law enforcement, Florida emerges as a hotbed of identity theft. Interpol identifies an attractive new field for criminal activity: carbon credit trading. In the US, the Drug Enforcement Agency is using cyber intelligence in its investigations.

Notes.

Today's issue includes events affecting China, European Union, Iran, Ireland, Republic of Korea, Palestinian Territories, United Nations, United States..

Dateline SINET Innovation Summit

NSA Mobility Program (NSA) The NSA Mobility Program was established in response to the substantial and justified urgency for delivering Mobility solutions that securely provide the rich user experience of commercial technology. As clients and partners accelerate towards agile and mobile communications, NSA's Information Assurance Directorate (IAD) has the responsibility for providing mobile capabilities that can evolve at the pace of today's commercial market, and balance security requirements with user experience

The National Counterintelligence Executive (Office of the National Counterintelligence Executive) As the premier counterintelligence and security agency in the US Government, the Office of the National Counterintelligence Executive will provide effective leadership and support to the counterintelligence and security activities of the US Intelligence Community, the US Government, and US private sector entities who are at risk of intelligence collection or attack by foreign adversaries

Transition to Practice (DHS) The Department of Homeland Security Science and Technology Directorate has White House support to assist in transitioning cyber security technologies developed through federally funded research and development (R&D) into broader utilization. The Transition to Practice (TTP) program was identified by the Federal Networking and Information Technology R&D (NITRD) program of the White House as one of a set of interrelated priorities for the United States Government (USG) – and established DHS as the lead for this interagency initiative

About the National Protection and Programs Directorate (DHS) NPPD's vision is a safe, secure, and resilient infrastructure where the American way of life can thrive. NPPD leads the national effort to protect and enhance the resilience of the nation's physical and cyber infrastructure

Cyber Attacks, Threats, and Vulnerabilities

If the Chinese army is trying to hack a Missouri water plant, what else is it infiltrating? (Quartz) The question of whether the Chinese military is on a hacking offensive has largely been answered--and, despite Chinese government protestations, it sure looks like a pretty big "yes." However, beyond the widely reported infiltration of foreign companies, the question of what else it's hacking remains hazy

Analysis: Who's Really Behind DDoS? (Bank Info Security) Now that Izz ad-Din al-Qassam Cyber Fighters has launched its fourth phase of distributed-denial-of-service attacks against U.S. banks, many observers are continuing to ask: Who's behind this group, and what are the real motives

Malicious Bank of America (BofA) ''Statement of Expenses' themed emails lead to client–side exploits and malware (Webroot Threat Blog) Bank of America (BofA) customers, watch what you click on! A currently ongoing malicious spam campaigns is attempting to entice BofA customers into clicking on the client-side exploit serving URLs found in legitimate looking 'Statement of Expenses' themed emails. Once users with outdated third-party applications and browser plugins click on the link, an infection is installed that automatically converts their PC's into zombies under the control of the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign

Researchers find trojanized banking app that exploits critical Android bug (Ars Technica) Google's smartphone app verification tool to the rescue. Researchers have unearthed another malicious app exploiting a critical vulnerability in Google's Android OS that allows attackers to inject malicious code into legitimate programs without invalidating their digital signature. The threat poses as an update for the official Android app available to customers of NH Nonghyup Bank, one of South Korea's biggest financial institutions, according to a blog post published Friday by researchers from antivirus provider Trend Micro

BGP spoofing — why nothing on the internet is actually secure (ZD Net) A skilled attacker with access to the right router can co-opt routes to destination IP address. When this happens, nothing on the internet is trustworthy. And there's no way to stop it

Anatomy of a cryptographic oracle — understanding (and mitigating) the BREACH attack (Naked Security) A whole lot has been talked, over the past week, about BREACH, a newly-documented attack against HTTPS. Paul Ducklin digs into the theory, shows how it works in practice, and suggests how to soften the blow

OpenX Ad Server Backdoor (Internet Storm Center) According to a post by Heise Security, a backdoor has been spotted in the popular open source ad software OpenX. Appearantly the backdoor has been present since at least November 2012. I tried to download the source to verify the information, but it appears the files have been removed

Cross–platform backdoor created with RAT available online (Help Net Security) For malware authors and attackers, the ideal malware is that which works on as many platforms as possible. As Java is used in a wide variety of computing platforms, it stands to reason that applications

Network Security: How Attackers Gain Access from Inside (CircleID) Most people -- mistakenly -- believe that they are perfectly safe behind a firewall, network address translation (NAT) device or proxy. The fact is quite the opposite: if you can get out of your network, someone else can get in. Attackers often seek to compromise the weakest link in a network and then use that access to attack the network from the inside, commonly known as a "pivot-and-attack."

Wi-Fi routers: More security risks than ever (C/NET) The research team that discovered significant security holes in more than a dozen home Wi-Fi routers adds more devices to that list at Defcon 21

US Airways Dividend Miles Accounts Compromised (eSecurity Planet) Frequent flier program members' names, addresses, e-mail addresses and answers to security questions were accessed. US Airways recently began notifying some members of its Dividend Miles frequent flyer program that a "small number" of Dividend Miles accounts were accessed by unauthorized users, who had obtained the accounts' user names and passwords through "means as yet unknown to us."

Tor Anonymity Cracked; FBI Porn Investigation Role Questioned (InformationWeek) Some security experts ask whether an FBI sting operation exploited a vulnerability in Firefox to disable the anonymity offered by the Tor network. Did an FBI sting operation exploit a vulnerability in Firefox to disable the anonymity offered by the Tor network, for the purposes of cataloging the Internet protocol (IP) addresses of visitors to sites that distribute child pornography? While details are still emerging, that's one thesis being advanced by information security experts, after Freedom Hosting — which offers anonymous Tor software services, but isn't affiliated with The Tor Project itself — went dark, sometime before midnight Sunday. The outage appeared to take numerous hidden Tor services offline, including the HackBB forums and the anonymous Tor Mail service

Researchers say Tor–targeted malware phoned home to NSA (Ars Technica) JavaScript attack had a hard-coded IP address that traced back to NSA address block. Malware planted on the servers of Freedom Hosting--the "hidden service" hosting provider on the Tor anonymized network brought down late last week--may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency

Cyber Trends

Black Hat: Lessons For SMBs From The Dark Side Of Security (Dark Reading) Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn. With presentations on a variety of vulnerability research, malware analysis and new attack techniques, the Black Hat Briefings tends to be a security conference for analysts and managers from large firms and security vendors

Lancope Survey: Enterprises in Denial Regarding Network Security (Dark Reading) Nearly two-thirds of surveyed organizations not aware of any recent security incidents

Employee missteps among top causes of data theft (Kaspersky Lab) Employee error is one of the main causes of internal IT security incidents which lead to the leakage of confidential corporate data, according to the findings of the Global Corporate IT Security Risks 2013 survey conducted by B2B International in collaboration with Kaspersky Lab this past spring

Marketplace

Cyber Security Expert Barrett Lyon Brings Defense.net Out Of Stealth To Battle A New Wave Of DDoS Attacks (TechCrunch) Cyber security expert and serial entrepreneur Barrett Lyon has a new startup coming out of stealth today. The company, named Defense.net, specializes in mitigating DDoS attacks — something Lyon knows a little something about. And it has raised $9.5 million from Bessemer Venture Partners to go after that market

DISA turns on first Joint IT node (Nextgov) The Defense Information Systems Agency turned on the first node in its new, global Joint Information Environment at a regional Enterprise Operations Center in Stuttgart, Germany, last week

Energy lab's wireless system secure enough for classified data (GCN) The Energy Department's Savannah River National Laboratory has developed prototype hardware for secure transmission of classified data that has been approved by the National Security Agency

GE and Jerusalem Venture Partners Invest In ThetaRay (Pulse 2.0) ThetaRay is an Israeli startup company that is working on preventing Advanced Persistent Threats (APT) and Zero Day Attacks. General Electric has joined

California and Metro Washington D.C. — Top Destinations for Cyber Security Talent (Dark Reading) Semper Secure, a public-private partnership focused on increasing the number and quality of cyber security professionals, today announced the results of its Cyber Security Census. Based on a survey of 500 cyber security professionals from 40 different industries across 43 states, the District of Columbia, and Puerto Rico, and underwritten by Northrop Grumman, NetApp, and MeriTalk's Cyber Security Exchange, the census reveals what motivates today's cyber security professionals as well as how to train and recruit the next generation. According to the report, cyber security professionals earn on average $116,000 annually, but are driven by more than a paycheck - they want to work for an employer with a reputation for honor and integrity

CACI Gets $425M Intelligence Contracts (Zacks) CACI International Inc (CACI - Analyst Report) recently won $425-million worth of previously unannounced contracts to deliver information solutions and services to national-level intelligence organizations protecting the U.S. security

Department of Homeland Security Awards Denim Group with Research Grant to Better Protect The Critical Infrastructure by Improving Software Vulnerability Management (PRWeb) Denim Group, the leading secure software development company, today announced that it was awarded a Phase 1 Small Business Innovation Research (SBIR) grant of $100,000 by the Department of Homeland Security to improve the accuracy and comprehensiveness of software vulnerability analysis activities. This will enable security analysts and software developers to fix software applications, a key exposure point into systems of all kinds, faster and more easily than ever before

DoD To Industry: Invest In R&D (DefenseNews.com) The Pentagons acquisition chief is calling for defense companies to maintain self-funded research-and-development initiatives, particularly as US Defense Department investment in these technology programs declines

NSA revelations could cost US lead in cloud computing (Business Journal) A survey conducted in June and July by the Cloud Security Alliance found that 10 percent of foreign cloud industry participants had cancelled a project with a

Products, Services, and Solutions

Guardtime and MTSI Announce Strategic Alliance to Deliver KSI (MarketWatch) The partnership couples the unprecedented information assurance capabilities of Guardtime's KSI technology along with MTSI's role as a neutral systems

Collaborative threat intelligence platform from ThreatConnect (Help Net Security) ThreatConnect launched the ThreatConnect Platform, a combination of analytical tools that assist in finding and analyzing threat indicators and community-based sharing features that enable

Technologies, Techniques, and Standards

Detect the undetectable: Start with event logs (Detect the undetectable: Start with event logsInfoWorld) Security event monitoring systems are often plagued by signal-to-noise problems. Here's how to ensure they produce meaningful alerts

How to Check if Your Website is Part of the StealRat Botnet (TrendLabs Security Intelligence Blog) For a few months now, we have been actively monitoring a spambot named StealRat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable CMS software such as WordPress, Joomla and Drupal

Trust the PKI or it's anarchy on the Internet (ZD Net) When Microsoft automatically updates your Windows trusted root certificates, are they inserting secret backdoors for the NSA to spy on you? No, but even if they were, you'd still have to trust them

Cloud security certification in the works following NSA revelations (FierceEnterpriseCommunications) According to a report in CloudPro, "The Cloud Security Alliance (CSA) is addressing cloud customer concerns about data security by tying up with the British

Research and Development

Spy agencies want low–energy system to solve 'interesting problems' (ComoputerWorld) Government intelligence chief seeks help in building superconductor computer that could ease the path to exascale

Smartphones could evolve into password killers (CSO) But much depends on the development of highly reliable biometric technolog

Academia

University Program Trains Data Analysts, Gathers Intelligence for U.S. Agencies (Information Management) A partnership between Auburn University and Intelligent Software Solutions is adding a novel wrinkle to the old adage of learning by doing. In this case, Auburn students will hone real-world data analytics skills by gathering military intelligence for the U.S. government

Student Security Competitions Help Lock Down Careers (Campus Technology) To woo young people to the field of cyber security, local, regional, and global competitions give students a chance to test their knowledge and skills in front of the experts

Legislation, Policy, and Regulation

Intelligence does little to boost image of NSA's database (Washington Times) Even if the weekend's intelligence warnings about the threat of terrorist attacks in the Middle East came from electronic eavesdropping abroad by the National Security Agency, that would not ease congressional opposition to the NSA's mass collection of domestic phone records, lawmakers from both parties said Monday

N.J. Lawmakers Introduce SMART Grid Study Act (Renew Grid) A bipartisan group of U.S. representatives in New Jersey has introduced to Congress the Saving More American Resources Today (SMART) Grid Study Act of 2013, legislation that calls for assessing ways to protect the nation's grid from natural disasters and other threats

China reportedly blocks access to Chinese language Wall Street Journal websiite (ITProPortal) China has blocked access to the Wall Street Journal, adding the renowned newspaper's website to a list that reads like a who's who of the US-based international new outlets

Black Hat 2013: Industry Response to General Alexander's Keynote (Infosecurity Magazine) The Black Hat 2013 keynote, presented by General Alexander, director of the NSA, was potentially the most highly-anticipated talks I've been to in my seven years in this industry. I'm not being overly-dramatic when I say you could literally feel the tension in the room as Black Hat's delegates waited -most cynical and some hopeful - for the General to take to the stage

Litigation, Investigation, and Law Enforcement

Interpol warns of criminal focus on $176 billion carbon market (RTCC) Crime agency says lack of oversight and transparency threaten the environmental integrity of carbon markets

Florida becoming a center for identity theft (Consumer Affairs) The crime of identity theft isn't new. What's new is its increasing frequency and the fact that it tends to be clustered in certain cities and certain states

McAfee CTO to Lead Cybersecurity at Homeland Security (Wall Street Journal) The U.S. Department of Homeland Security is set to tap a top executive at computer security giant McAfee, a unit of Intel, as the next official to head its cybersecurity division, several people familiar with the matter said

Looking For Balance In Handling Leakers (Washington Post) Can something positive come out of the concern over government intelligence operations, the leaks exposing them, and the investigations of the leakers

IRS Told to Do More to Curb 'Epidemic' of Identity Theft Fraud (Government Executive) Tax fraud by identity thieves is on the rise, and the Internal Revenue Service should respond by beefing up enforcement and do more to make victims whole, a House panel was told on Friday

Exclusive: U.S. directs agents to cover up program used to investigate Americans (Reuters) A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...

AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...

AIAA Aviation 2013 (Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...

Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...

A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

Resilience Week 201 (San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...

Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...

National SCADA Conference (Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...

First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, August 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications...

SANS Thailand 201 (Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.

2013 Cyber Security Division Transition to Practice (TTP) Technology Demonstration for Investors, Integrators, and IT Companies (I3) — West (San Jose, California, USA, August 22, 2013) This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories and have the potential to strengthen and organization's cybersecurity...

Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.

Human Cyber Forensics Forum (Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.