Late yesterday the Syrian Electronic Army (SEA) compromised the New York Times and Twitter. The attack, discovered when the SEA tweeted its success, was accomplished by taking over a reseller account at domain name provider Melbourne IT. Other outlets were also affected: the New York Times and Twitter are the two most prominent. This marks the second high-profile SEA hack of media outlets in less than a week.
Redirection and disruption aside, the attack is serious because of its potential for confidential source compromise (important to the Assad regime as it faces a pending UN Security Council resolution authorizing intervention in the Syrian Civil War) and man-in-the-middle exploitation. It's also worth remembering that an enterprise can be attacked through its web-hosting providers, domain name registrars, and DNS resolution providers.
G-20 participants are targeted for APT installation via a phishing campaign run by Calc Team and other groups associated with China's People's Liberation Army.
More malware evolution is seen as Drive, a version of the DirtJumper DDoS toolkit, gains capability to bypass mitigations. The mitigations are older and less capable, but the development is more evidence of a disturbing trend.
China slowly dribbles out information on its weekend DDoS incident. Nasdaq and NYSE blame each other for last week's flash freeze; the SEC investigates.
In industry news, IBM wins a contract to handle security data at Australian airports. Businesses look for confidential ways of sharing attack information.
LOVEINT abuse at NSA was apparently discovered largely through self-disclosure, not monitoring or auditing.
Today's issue includes events affecting Australia, Canada, China, European Union, Germany, India, Pakistan, Philippines, Russia, Syria, United States..
Cyber Attacks, Threats, and Vulnerabilities
Syrian Electronic Army Hacked Domain Name Servers of Twitter and New York Times(Fast Company) The Syrian Electronic Army has hacked into domain name servers belonging to Twitter, whilst attacking those belonging to both the New York Times and the Huffington Post's U.K. site. The attack, which happened around 6pm EST yesterday, altered contact details and DNS records--which would enable the hackers to send visitors to the compromised sites to anywhere on the web they wanted. The first anyone knew about it was when the SEA posted an image on its Twitter feed
Twitter, New York Times, other marquee sites hit by powerful cyber attack(InfoWorld) The Syrian Electronic Army is believed to have modified DNS records for many websites. Twitter, The New York Times, and other prominent websites were struck by a powerful cyberattack that continued affecting other websites into Tuesday evening, directing visitors to a site purportedly controlled by the Syrian Electronic Army (SEA). The attackers apparently struck an Australian IT services company, Melbourne IT, which provides domain name registration services. The pro-Syrian government SEA has recently conducted several high-profile attacks against media and other websites
NY Times DNS Compromised(Internet Storm Center) The website for the New York Times was taken offline today by way of an attack on their DNS. Shown below is the summary Dr. J whipped up
Twitter and New York Times clash with hackers for control of their sites(Ars Technica) For a good chunk of Tuesday, website administrators at Twitter, The New York Times, and other high-profile media outlets appeared to be locked in a high-stakes battle with self-proclaimed Syrian hackers for control of their Internet domains. Just as quickly as twitter.co.uk, nytimes.com, and other domains were returned to their rightful owners, Internet records showed they'd be seized all over again and made to point to a Russian Web host known to cater to purveyors of drive-by malware exploits and other online nasties
New York Times, Twitter sites still having problems following attack(Washington Post) The New York Times is still feeling the effects of a Tuesday afternoon attack on its Web site. The hack was claimed by a group known as the Syrian Electronic Army, which also took credit for a similar attack on social networking site Twitter. Tuesday's intrusions were the most sophisticated in a series of attacks on high-profile Western media organizations, including The Washington Post and the Associated Press. The hackers use the attacks to broadcast their support of Syrian President Bashar al-Assad, although they has never been found to have any official ties to his regime
Syrian Hack Of NYTimes.com Could Have Inflicted Much More Than Mere Embarrassment(Forbes) When hackers take down a website, their weapon of choice is often a less-than-subtle technique known as a denial of service attack, which merely overwhelms a site' servers with junk traffic. But the trick that the hacker group known as the Syrian Electronic Army pulled against the New York Times, Twitter, and the Huffington Post UK Tuesday seems to have been very different—and potentially far more invasive
The Three Providers Who Decide Whether You Will Be Hacked(SecurityWeek) The need for organizations to design and adhere to strong security policies in order to maintain the integrity of their systems is well understood. As long as all you have to worry about is your own internal infrastructure, creating the right policies and sticking to them is a great way to help reduce risk on your network. But there are some circumstances where it is necessary to outsource a mission-critical piece of infrastructure to a third party. Some services are simply not cost-effective to build and manage in-house to get the required level of performance and security. Other services can only be procured from a third party vendor. Herein lies the soft underbelly of security for many organizations
Group behind attack on New York Times linked to G20 phishing attack(CSO) Multiple groups are leveraging the upcoming G20 summit to launch Spear Phishing attacks, including the group responsible for attacking the New York Times. Over the last two weeks, there has been a spike in the level of Phishing attacks using the upcoming G-20 summit as bait. One of the groups involved in these recent attacks is Calc Team (APT-12), best known for their attack on the New York Times earlier this year. Claudio Guarnieri, security researcher for Rapid7, has investigated these recent attacks, and discovered that in addition to APT-12, there are multiple intrusion groups taking advantage of the upcoming G-20 summit in St. Petersburg, Russia in order to compromise an untold number of victims. The involvement of Calc Team is noteworthy, as the group is believed to have strong ties to China's People's Liberation Army (PLA). Earlier this month, Calc Team seemed to return to the public after a period of inactivity following their attack on the New York Times
Eggheads turn Motorola feature phone into CITYWIDE GSM jammer(The Register) Innocent mobile turns bad…with good software. Berlin boffins have spotted a procedural flaw in the long-lived GSM protocol and created an exploit around it which can knock out a mobile network or even target an individual subscriber in the same city
Not–So–Cute FTP Attack(Fortinet Blog) Spear phishing attacks are increasing today and the FBI has even issued a warning to the public due to its ability to target multiple organizations. Such attacks are considered as a part of APTs (Advanced Persistent Threats), which attempt to gain a foothold in the network of an organization. Recently, my email inbox has received two spam emails with suspicious attachments. A screenshot of one of the emails can be seen below
Java 6 exploit found in the wild(The Inquirer) Security researchers are urging users of Oracle's Java 6 software to upgrade to Java 7 as soon as possible to avoid becoming the victims of active cyber attacks. F-secure senior analyst Timo Hirvonen warned about the exploit this weekend over Twitter, advising that he had found an exploit in the wild actively targeting an unpatched vulnerability in Java 6, named CVE-2013-2463
Kelihos botnet: What victims can expect(Help Net Security) Kelihos is a botnet which utilizes P2P communication to maintain its CnC Network. With all of the attention around Kelihos, it should be no surprise that 30/45 AV vendors are detecting the latest installer. I took some time to analyze recent threat reports that came through our malicious/suspicious files queue, to see if I could find anything to add. It didn't take long to find a now infamous iteration of this botnet installer in action. In particular, I found a file called "rasta01.exe"
Cybercrime service automates creation of fake scanned IDs, other identity verification documents(NetworkWorld) The service produces high-quality fake scans that can be used in fraud attacks to impersonate victims, Group-IB researchers said. A new Web-based service for cybercriminals automates the creation of fake scanned documents that can help fraudsters bypass the identity verification processes used by some banks, e-commerce businesses and other online services providers, according to researchers from Russian cybercrime investigations firm Group-IB
Who Wrote the Pincer Android Trojan?(Krebs on Security) Stories in this blog's Breadcrumbs series have sought to comb through clues that point to the possible location and identities of malware authors and purveyors. But from time to time those clues lead definitively back to an individual. In today's post, we'll talk with the author of the Pincer Trojan for Android — a 32–year–old programmer at a mobile app development firm in Russia
Department Of Energy Cyberattack: 5 Takeaways(InformationWeek) Exclusive: Outdated, unpatched system blamed for DOE breach, but agency said to be getting its cybersecurity house in order. Is the Department of Energy (DOE) serious about cybersecurity? It appears to be doing better than most federal agencies, despite two high-profile breaches this year. What follows is a second-day look at what's known about the latest breach, how it happened and what the agency might do to prevent future attacks. First, some background. The DOE warned employees in an emailed memo earlier this month that information pertaining to 14,000 current and former employees had been compromised in a "cyber incident that occurred at the end of July." Stolen information included personally identifying information (PII) in the form of names and social security numbers, according to a copy of the memo published by The Wall Street Journal
Chinese report massive DDOS attack(ITWire) The China Internet Network Information Centre (CNNIC - the acronym it prefers) is the government body responsible for Chinese domain names. It has published sketchy details of a DDOS (distributed denial of service) attack on the weekend
SEC reviews Nasdaq as rivals blame each other for outage(Reuters via Yahoo Finance) Regulators are questioning how robust Nasdaq OMX Group's systems are after last week's massive trading outage, while shrugging off a spat with NYSE Euronext as a distraction, a source familiar with the matter said on Tuesday
Nasdaq crash heightens fear of data meltdown(FierceBigData) "Whenever I meet people I ask them about the quality of their data," says Duncan Ross, director of data sciences at Teradata, which provides data warehousing systems for clients including Wal-Mart, Tesco and Apple in an article in The Guardian. "When they tell me that the quality is really good, I assume that they haven't actually looked at it"
Social networks: Can robots violate user privacy?(Help Net Security) High–Tech Bridge decided to conduct a simple technical experiment to verify how the 50 largest social networks, web services and free emails systems respect — or indeed abuse — the privacy of their users
Large breach expected from an analytics provider in next 12 months(FierceBigData) "One thing that's almost guaranteed to happen in the next year is we're going to see one of the large providers of analytics services--whether security, log data or something else--get breached," said H.D. Moore, chief research officer at Rapid7, at the UNITED Security Conference according to an article in Dark Reading. "It's just the law of averages at this point. There's enough folks offering services who don't necessarily know what they're doing that we're going to see a big breach"
Security Patches, Mitigations, and Software Updates
The Internet of Everything: What Could Possibly Go Wrong?(Trend Micro Simply Security) The exciting thing about being in the technology industry is that every few years there's a new area of huge innovation that seems to upset the established order, create previously unconceivable possibilities, and change life for the better
US cloud providers feel impact of NSA snooping(FierceITSecurity) In this column, I have examined the impact of the National Security Agency's massive surveillance program on the privacy and due process rights of U.S. citizens. But there is another side to NSA snooping: U.S. cloud providers appear to be losing business to their European counterparts as a result of the suspicion generated by the scandal
Cylance Extends Advanced Threat Prevention Commitment Into Canada(CEN) Cylance, Inc., a global cyber security technology and services company applying science to security to prevent advanced threats, today announced its expansion into the Canadian market with the addition of Jonathan Raymond as Canadian Sales Director. Expanding North American presence with local company representatives continues Cylance growth in people, security intelligence and customer commitment
IBM lands spook data–sharing standard at Oz airports(The Register) Airline passenger data and 'other relevant material' checked in 'real time'. The Australian Customs and Border Protection Service (ACBPS) has gone live with IBM-delivered passenger analytics which it says will help identify risky passengers before they enter Australia
Products, Services, and Solutions
Ex–CSOs Team, Offer Free Security Help(Dark Reading) Former enterprise CSOs from Anheuser-Busch, State Farm Insurance, Deutsche Bank, and other firms form a new team at Websense that assists and mentors other CSOs — gratis
SSLI SDK for security solution providers(Help Net Security) With an increasing level of Web traffic rapidly moving to the encrypted HTTPS protocol, Bloxx is now offering its Secure Sockets Layer Intercept (SSLI) Software Development Kit (SDK) for security
Check Point rolls out new R77 Software Blade Release(CSO) The threats we face have changed significantly over the years, and the very concept of a "network perimeter" is almost nothing more than a quaint memory at this point, but through it all Check Point has been an established leader in network security
Trend Micro's 'Trend Ready' Cloud Security Verification Program Gains Momentum(MarketWatch) As global companies continue to transition to the public cloud, cyber security remains paramount. To address this challenge, Trend Micro's (tyo:4704) "Trend Ready for Cloud Service Providers" program was established in 2012 as a testing ground to verify compatibility of the Trend Micro's security solutions with well-known global cloud providers. A first-of-its kind initiative for cloud infrastructure providers, it helps alleviate concerns regarding the ability to add security to cloud deployments. To date, more than 20 leading cloud service providers, including Amazon Web Services, HP Cloud Services and Dell have been certified
HyTrust enforces two-person approval for VMware security(InforWorld) Following up on customer feedback from U.S. intelligence agencies, VMware security systems provider HyTrust has updated its virtual security appliance so actions taken by administrators can be delayed until external approval for that action is granted. Such precautions are increasingly necessary because today's virtual environments pose "a concentration of risk," said Eric Chiu, president and cofounder of HyTrust
Technologies, Techniques, and Standards
Confidential Submission To The Antivirus Cloud(Dark Reading) Would a government intelligence agency want your antivirus telemetry? Host-based antivirus solutions have continued to shift much of their pre-emptive detection technology into the cloud -- reducing the burden on the beleaguered desktop operating system and promoting a global perspective of the threat. But in the wake of governmental Internet monitoring programs, more questions than answers are arising about who sees what, and precisely what do they do with this raw but likely confidential information
Shielding targeted applications(Help Net Security) When we discuss exploit prevention, we often talk about 'targeted applications.' This term refers to end-user applications which can be exploited by hackers for malicious purposes. There are a few requirements that define these applications
4 HIPAA compliance challenges facing covered entities(FierceHealthIT) Many technical, administrative and legal hurdles remain for covered entities and business associates working to meet compliance standards by next month under the HIPAA omnibus final rule, according to a viewpoint published this week in the Journal of the American Medical Association
Obama Meets Intelligence Review Group(SecurityWeek) President Barack Obama Tuesday met members of a review board set up to consider the reach of secret US snooping programs exposed by leaker Edward Snowden, sparking a privacy furor. Obama set up the board amid rising public disquiet over the sweeping and covert telephone and Internet spying operations which have sprouted as part of Washington's technological war on terror. The president has said he welcomes public debate on the issue, though critics say that he only moved to engage on the secret programs once the National Security Agency (NSA) operations were blown by Snowden. The group is made up of former US counter-terrorism analyst Richard Clarke, the ex-acting head of the CIA Michael Morrell, former Obama aide Cass Sunstein, Peter Swire, a former White House privacy official and Obama supporter turned critic and University of Chicago law professor Geoffrey Stone
Transparency at NSA is a delicate balance(Washington Post (letter)) Ruth Marcus concluded her Aug. 23 op-ed column, " More NSA deceptions ," by alluding to "hopeful signs" of change, but she cautioned that "they do not erase the ugly history." When the high-level review panel conducts its investigation of the National Security Agency, I sincerely hope there will be recognition of the dedication and extraordinary achievements of the thousands of people who have spent their careers in its employ
Napolitano: U.S. Risks 'Major' Cyber-Attack in the Future(Bloomberg) The U.S. will face a cyber-attack in the future that will cause major disruption in the economy, the outgoing Homeland Security Department chief said. "Our country will, at some point, face a major cyber-event that will have a serious effect on our lives, our economy, and the everyday functioning of our society," Janet Napolitano, President Barack Obama's top homeland security official since 2009, said in remarks prepared for her farewell speech today
New Zealand bans software patents(ZDNet) New Zealand has finally passed a new Patents Bill that will effectively outlaw software patents after five years of debate, delay and intense lobbying from multinational software vendors
Litigation, Investigation, and Law Enforcement
The Scariest Thing About NSA Analysts Spying On Their Lovers Is How They Were Caught(Business Insider) Last week Siobhan Gorman of The Wall Street Journalreported that National Security Agency analysts have occasionally used vast surveillance tools to spy on love interests. NSA Chief Compliance Officer John DeLong told reporters that willful violations of spying rules — dubbed "LOVEINT" — happened on "very rare" occasions, adding that he didn't have exact numbers because most of the violations were self-reported
Leaker's Security Check Faulted(Wall Street Journal) The most recent background check of former National Security Agency contractor Edward Snowden was so inadequate that too few people were interviewed and potential concerns weren't pursued, according to a federal review following his leak of some of the nation's most closely guarded secrets
CREW suit seeks rationale disclosure(Politico) A leading watchdog group wants President Barack Obama's administration to hand over the secret legal rationales behind its policies -- including the National Security Agency's electronic surveillance programs and the administration's controversial drone program
Anonymous Hacker Claims FBI Directed LulzSec Hacks(InformationWeek) Admitted hacker Jeremy Hammond alleges FBI used informer Sabu to persuade LulzSec and Anonymous to hack into foreign governments' networks. Sentencing for former LulzSec leader Hector Xavier Monsegur, better known as Sabu, has again been delayed. Monsegur was scheduled to be sentenced Friday morning in New York federal court. But in a letter to the court, the U.S. attorney general's office requested that Monsegur's sentencing be delayed "in light of the defendant's ongoing cooperation with the government." His sentencing has now been rescheduled for Oct. 25
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
TechCrunch Disrupt San Francisco(San Francisco, California, September 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September...
SANS CyberCon Fall 2013(Online, September 9 - 14, 2013) With sequestration still in place, organizations are finding themselves with training budgets, but drastically reduced travel budgets. This one-of-a-kind online training event brings SANS' top instructors...
15th Annual AT&T Cyber Security Conference(New York, New York, USA, September 10, 2013) The AT&T Cyber Security Conference is an annual day-long conference offered by the AT&T Chief Security Office. Combining the expertise of its security experts, the scale and reliability of its global IP...
International Common Criteria Conference(Orlando, Florida, USA, September 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC...
GrrCon(Grand Rapids, Michigan, USA, September 12 - 13, 2013) Says IT World, "Another hacker conference, this time in Michigan. The schedule looks to be bawdy, brash and anything but dull, with hackers promising to "pwn" you before you leave town. There are also...
cybergamut Technical Tuesday: Malware Analysis for the Masses(Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...
Shaping the Future of Cybersecurity Education Workshop(Gaithersburg, Maryland, USA, September 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National...
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
Strange Loop(, January 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and...
ISSA Cyber Security Forum at Ft Belvoir(Fort Belvoir, Virginia, USA, September 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber...
CISO Executive Summit(Atlanta, Georgia, USA, September 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...
2013 Cyber Security Summit(New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be...
4th Annual Cybersecurity Summit(Washington, DC, USA, September 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.