Mandiant says it's identified individual members of the Chinese hacking group "Comment Crew." It has, moreover, fairly conclusively linked them to a People's Liberation Army cyber espionage organization, "Unit 61398," located in Shanghai. Comment Crew has been implicated in recent attacks on US media outlets.
Another Chinese botmaster has been identified: Zhang Changhe's profession is distributing malware, but he also runs Facebook scams on the side. (He was identified through his own uneasy conscience, which prompted him to confess violations of the Five Precepts of Buddhism in social media fora.)
Information gained from access to Telecom customers' email accounts may enable those who attacked the New Zealand carrier to sweep in victims from other Internet services.
Anonymous threatens the governments of Egypt, Australia, and the Netherlands. The hacktivist "collective" also goes after an investment bank for being a Stratfor client.
BlackBerry warns that TIFF-processing vulnerabilities can be used to compromise BlackBerry Enterprise Server. A malware campaign affects Bulgarian Facebook users. Fake invoices are used to distribute ransomware. IOActive Labs finds many unsecured Internet-connected devices networked with the US Emergency Alert System; expect more zombie apocalypse warnings.
Adobe moves forward with plans to patch Acrobat this week.
Absent extraordinary Congressional action, the US Federal budget will be automatically cut next week. The cyber industry convenes in San Francisco Monday for RSA (we'll follow the event in a special section of the CyberWire).
The United Kingdom and India announce a joint cyber task force. Pirate Bay complains to Finnish police about piracy.
Today's issue includes events affecting Australia, Bulgaria, Canada, China, European Union, Finland, France, India, Netherlands, New Zealand, Russia, Singapore, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Chinese Army Unit Is Seen As Tied To Hacking Against U.S.(New York Times) An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups known to many of its victims in the United States as Comment Crew or Shanghai Group to the doorstep of the military units headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area
Mandiant report on APT1 & China's cyber espionage units(Security Affairs) Early this month it was spread the news regarding a sophisticated cyber espionage campaign against principal media agencies in US, included NYT and Washington Post, the hackers have tried to compromise the email account of journalists to steal sensible information,. The campaign appeared very aggressive, the hackers have tried to infiltrate the network of the journal using 45 instances of targeted malware, as revealed by forensics analysis conducted by Mandiant security firm
Personal details of millions of Britons at risk of cyber attack(The Independent) Confidential information about millions of Britons stored on Indian computer systems could be open to cyber attack from terrorists, fraudsters and hostile nations such as China, the Government will admit today. In a tacit recognition of the potential
Telecom cyber attack could spread(Radio New Zealand) The Institute of IT Professionals says a cyber attack that has affected 87,000 Yahoo! Xtra customers at Telecom, could start targetting those from other providers. Yahoo! Xtra email customers had their passwords cancelled at the weekend
Most take advice to change email passwords(Radio New Zealand) Telecom says nearly all of its 87,000 customers affected by a cyber attack have changed their email passwords. The trouble began on 9 February when Yahoo! Xtra customers reported corrupting emails being inadvertently sent to their contacts
OpEgypt: Anonymous Threatens to Continue Attacking Government Sites Video(Softpedia) Anonymous hackers have issued a new statement for Operation Egypt (OpEgypt). The hackers threaten to keep attacking Egyptian government sites, including, but not limited to, the ones of the Ministry of Information, Cabinet of Ministers and the Ministry of Interior. Mr. Morsi does not seem to understand the consequences of his doings
Anonymous OpLastResort hacks investment firm, cites Stratfor ties(ZDNet) Anonymous Operation Last Resort has struck successfully again, leaking crucial files from an investment banking firm allegedly linked to intelligence firm Stratfor. The Anonymous Operation Last Resort campaign returned Monday to leak crucial files from an investment banking firm and a state. gov database "for Aaron Swartz."The OpLastResort Twitter account announced its hack, defacement and data exposure of an investment firm G.K. Baum, seen in Wikileaks email files as an alleged client of global intelligence company Stratfor
Burger King downs Twitter account after attack(Reuters-Emirates 24/7) Several tweets carried the logo of McDonald's. Hackers breached the Twitter account of fast-food chain Burger King, posting the online equivalent of graffiti and sometimes making little sense. Burger King Worldwide Inc suspended its Twitter account about an hour after it learned of the attack at 12:24 p.m. EST on Monday, company spokesman Bryson Thornton said in an email
Facebook malware campaign targeting Bulgarian users(Help Net Security) "Being" on Facebook brings its own set of dangers, and among them is inadvertently downloading malware by clicking on links posted by your own "friends". Webroot warns about a malware campaign that
Facebook engineers compromised by Java zero-day(The H) Facebook logo Facebook has confirmed that systems used by its employees were compromised in an attack which used a Java plugin zero-day exploit. The company explained that it found a suspicious domain in its DNS logs in January and traced it an
Brace for MORE ZOMBIE ATTACK ALERT pranks, warns security bod(The Register) Vulnerabilities in America's TV emergency alert system - exploited last week by pranksters to put out fake warnings of a zombie apocalypse - remain widespread, it is claimed. And that's after station bosses remember to change the default passwords on their broadcast equipment. Mischievous miscreants managed to hack into a television station's emergency alert system in Montana to broadcast an on-air audio warning about the end of the world
Raytheon Can Track You Via Your Social Media Accounts(Mobile Magazine) Privacy has been at the center of social networking over the past couple of years. In fact, Facebook dedicates a great amount of time and money to protecting their users. But after a major hack to Twitter 2 weeks ago and one close call for Facebook just a couple of days ago, what you are about to read might push you over the edge to deactivation
Trust but verify: when CAs fall short(SecureList) We've recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem. First, only the very same CA that issued a certificate can later revoke it. Second, although web browsers implement several techniques to check the certificate's revocation status, errors in the procedure are rarely considered hard failures
Security Patches, Mitigations, and Software Updates
Cyber: Unclear and present danger(The Interpreter) There is widespread concern about strategic competition in cyberspace, including cyber espionage and cyber attack as an element of armed force. Cyber infrastructure is critical to the global economy. Yet it is badly secured, worse governed, and a place of interstate competition and potential conflict
RSA: What To Watch For And What Vaccinations To Get Before Rocking The Casbah(Dark Reading) Pro tip: It's not threats, it's not capabilities, it's integration. Spending on security and identity continues to progress and vendors, nothing if not observant, have tried their best to productize the gap between enterprise want and what currently exists. Shopping for rugs in Tangier feels sedate compared to walking the RSA showroom floor
Obama ramps up pressure on GOP to avert budget cuts(Los Angeles Times) With less than two weeks before across-the-board spending cuts begin taking effect, President Obama is cranking up pressure on congressional Republicans to agree to a Democratic plan that would temporarily block the deep reductions
Congress Leaves Town With Layoffs In Its Wake(Washington Times) Defense-related companies large and small are preparing to lay off thousands of employees as Congress takes a recess this week, so far unable to agree on how to undo automatic military spending cuts
SAIC Awarded Contract by Department of Defense(Sacramento Bee) Science Applications International Corporation (SAIC) (NYSE: SAI) announced today it was awarded a prime contract by the Department of Defense (DoD) to provide manufacturing, systems engineering and integration support services. The single-award, indefinite-delivery/indefinite-quantity (IDIQ) contract has a one-year base period of performance, four one-year options and a total contract value of $65 million, if all options are exercised. Work will be performed primarily in Columbia, Md
Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods(The Register) Despite the best attempts of security vendors, neither online stores nor the financial industry seem particularly keen to adopt DNSSEC tech - an anti-fraud mechanism that makes it difficult for fraudsters to spoof legitimate websites. DNSSEC (DNS Security Extensions) uses public-key encryption and authentication to guard against the domain name cache poisoning attack famously highlighted by security researcher Dan Kaminsky back in 2008. The technology works by building up a chain of trust
Your data privacy assured in Canadian clouds(Calgary Herald) A recent article in the Ottawa Citizen suggested that American spies can snoop through Canadians' computer data - including that of political organizations and without warrants - if the data resides within popular U.S. cloud computing services
Products, Services, and Solutions
10 Commandments Of Application Security(Dark Reading) While application security cascades into just about every facet of IT security today, many enterprises have a difficult time implementing sustainable application security programs that offer measurable benefits to the business. A general disconnect between security goals and the profit motives of development teams can cause insurmountable conflict between infosec teams and developers, with line of business leaders all too ready to side with money-making dev teams nine times out of 10
Bot-Trek Group-IB software: Botnet intelligence collector tool(Cyberwarzone) Group-IB, Russia's leading computer security company, has announced Bot-Trek(TM), a comprehensive tool that gathers compromised data and intelligence from botnets and makes it available to the original Intellectual Property owners via a SaaS solution. Botnets is an exploding problem. They are used to steal private data, send spam, provide anonymous services for crimes, and perform DDoS-attacks
Samsung addresses the world's surprisingly huge demand for cheap smartphones(Quartz) Sometime this year or next, a remarkable thing will happen: Driven largely by the purchasing power of the world's growing middle class, more people will buy a smartphone than a regular "dumb" cellular phone. In the last quarter of 2012, the numbers were already close: people bought 264.4 million non-smartphones, which the industry calls "feature phones." In the same quarter, they bought 207.7 million smartphones. The gap is closing, reports Gartner, with sales of feature phones down 19% since 2011, and sales of smartphones up 38% in the same period
Businesses Move Security to the Cloud(BizTech Magazine) That's why The Sak Brand Group uses Panda Security's Panda Cloud Office Protection. "We run a lean operation," says Roger Micone, systems administrator for
Technologies, Techniques, and Standards
Software Security - Why Aren't the Enterprise Developers Listening?(infosec island) While there are plenty of enterprises out there that have figured out a formula for making software security work for them, for every one organization that 'gets it' there are many times more organizations that are struggling with software security year over year, quarter over quarter, day after day. Why? There are plenty of reasons we can blame these vast failures on ... immature tools, cookie-cutter processes, poor sentiment from the enterprise leadership ... blah blah blah ... bottom line is it's 2013 and companies big and small are still struggling with poor code quality, a negative dynamic between developer and security person, and other assorted issues
Notes for surviving NERC CIP(Energy Central) When new regulations come into play, such as NERCs Critical Infrastructure Protection (NERC CIP) requirements a few years ago, its fairly normal for everyone involved to, basically, freak out a little. The power industry definitely did: There were laments and, Id dare say, crying in some circumstances. But, the regulators would argue that its all for a good cause
Police enlist war tech in crime fight(Washington Post) Wartime technology used by soldiers in Iraq and Afghanistan is increasingly making its way to U.S. cities and towns, changing the way police investigate crimes by focusing not where crimes have happened but where they most likely will happen next. One of the latest technologies, called "geospatial predictive analytics," has helped police chase copper thieves in Virginia and a strangler in Philadelphia -- and enabled officers to deploy police smartly across the Washington region during the mysterious shootings of military installations in 2010
Rose State students find opportunities with cyber security(Newsok) Joyce Schwartz worked in retail and other hourly jobs for 30 years before deciding it was time to try for a college degree. She didn't know much about computers, only what she needed for her job. But despite her lack of expertise, Schwartz thought she'd try her hand at cyber security
Ohio State's national-security major attracts undergraduates(Columbus Dispatch) Marzalik and D'Angelo say that, as juniors, they already have job offers from the National Security Agency. A similar boom happened in the first years of the Cold War with international-studies and diplomatic programs, Recco said. International studies
Legislation, Policy, and Regulation
UK, India sets up joint cybercrime task force(ZDNet) The collaboration will give additional assurance to the U.K. as it looks to protect its citizens' personal banking and mobile phone data, much of which are currently stored on Indian servers. India and the United Kingdom will be looking to seal an agreement Tuesday to establish a joint task force to combat online crimes. In a Reuters report Tuesday, Prime Ministers David Cameron and Manmohan Singh are expected to agree on plans to create the new unit in a move that the U.K. hopes will help it safeguard the personal banking and mobile phone data of millions of its citizens
Cybercom Commander Calls Cybersecurity Order First Step(Albany Tribune) The cybersecurity policy President Barack Obama announced during his annual State of the Union address is a step toward protecting the nation's critical infrastructure, the commander of U.S. Cyber Command said this week
Litigation, Investigation, and Law Enforcement
We can't block YouTube, Egypt's telecomms authority tells the court(Infosecurity-Magazine) At the time, the judge suggested that it was a ruling on a case brought several months earlier, but gave no further details. The video, a 13-minute clip billed as a film trailer, has caused huge outrage among Muslims. It depicts Mohammad as a fool and sexual deviant
PayPal suspends personal payments in Singapore(Finextra) PayPal has been forced to suspend personal payments in Singapore by regulators, according to TechCrunch. Citing an e-mail sent out to members, TechCrunch says that the transfer of money between personal accounts will not be allowed from 20 February. Users will still be able to make commercial payments for goods and services and receive personal payments from people outside of Singapore
ICO dishes 150,000 fine after nursing body loses unencrypted DVDs(TechWorld) The ICO has handed out an unusually severe 150,000 fine to the Nursing and Midwifery Council for losing unencrypted DVDs full of sensitive data that were being transported to a misconduct hearing. The three DVDs of highly sensitive witness videos of children were supposed to be delivered to a Cardiff hotel for a nurses 'fitness to practise hearing on 7 October 2011, but when it arrived the package was found to be empty.
Dutch Court Fines MP for Hacking into Medical Laboratory(Softpedia) Henk Krol, a Dutch Member of Parliament (MP) and the leader of the 50plus political party, has hacked into the systems of the Diagnostics for You medical laboratory in an attempt to prove that the organization was vulnerable. Despite the fact that his intentions were good, a court has ordered him to pay a $750 (1,000 EUR) fine because of the way he handled the issue. According to ITWorld, Krol used a password provided to him by an individual who overheard the information from one of the laboratorys employees
After ban, Kai-Fu Lee invites 30M to follow him on Twitter(CNet) Former Google China chief gets kicked off China-based microblogging sites after complaining about state controls over the Internet. An outspoken opponent of censorship in China, Kai-Fu Lee has responded to a ban from social networks in his homeland by inviting his 30 million followers to follow him on Twitter
FBI Files Unlock History Behind Clandestine Cellphone Tracking Tool(Slate) It was described recently by one rights group as a "secretive new surveillance tool." But documents just released by the FBI suggest that a clandestine cellphone tracking device known as the "Stingray" has been deployed across the United States for almost two decades--despite questions over its legality. Stingrays, as I've reported here before, are portable surveillance gadgets that can trick phones within a specific area into hopping onto a fake network. The feds call them "cell-site simulators" or "digital analyzers," and they are sometimes also described as "IMSI catchers." The FBI says it uses them to target criminals and help track the movements of suspects in real time, not to intercept communications. But because Stingrays by design collaterally gather data from innocent bystanders' phones and can interrupt phone users' service, critics say they may violate a federal communications law
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
RSA USA 2013(San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013(Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...
NRO Winter Way Forward Conference(Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
Business Insurance Risk Management Summit(New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...
CanSecWest 2013(Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit(Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...
AFCEA Belvoir Industry Days 2013(National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
HITBSecConf2013(Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
Interop Las Vegas(Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...
Consumerization of IT in the Enterprise Conference and Expo(San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.