skip navigation

More signal. Less noise.

Daily briefing.

As the Red October network (apparently) rolls up its command-and-control infrastructure, researchers discuss details of the cyber espionage campaign's spearphishing tactics.

US banks continue to press for NSA help against Iranian-inspired (or directed) denial-of-service attacks. Asian financial analysts are prompted to despair: if US banks can't handle DDOS attacks, what hope is there for the rest of the world? (Meanwhile Russia's President Putin directs the FSB to provide cyber protection for Russian media organizations.)

Networked printers that use the industry-standard JetDirect Printer Job Language are found vulnerable to exploitation, a potentially serious matter since lowly printers can give an attacker access to their larger enterprise networks. Polish security researchers continue their dismantling of the Virut botnet. (Virut is an interesting black market case study—the botnet came with its own EULA.)

Facebook's Graph search and the social network's privacy policies generally continue to trouble security experts. Kim Dotcom's new Mega service is already shown to expose users to cyber risks. Huawei router vulnerabilities are demonstrated.

The US Department of Homeland Security reports that US critical infrastructure sustained nearly 200 attacks against industrial control systems in 2012. The New York Times reports that such SCADA exploits are likely to be initiated through spearphishing.

Tip-toeing around budget sequestration, the US Department of Defense is slow-rolling contract awards. Huawei fights espionage accusations as it enjoys profits and considers an IPO. RIM considers licensing its OS. Atari files for bankruptcy.

British universities prepare for a major cyber competition. India prepares a national cyber infrastructure.


Today's issue includes events affecting Canada, China, Cuba, European Union, India, Indonesia, Iran, New Zealand, Poland, Russia, Singapore, United Kingdom, United States, and Venezuela..

Cyber Attacks, Threats, and Vulnerabilities

Operation Red October Attackers Wielded Spear Phishing (InformationWeek) The Red October malware network is one of the most advanced online espionage operations that's ever been discovered. That's the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012."The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America," according to research published by the security firm. The attackers, who appear to speak Russian but to have also used some Chinese-made software, seem to have focused their efforts on stealing diplomatic and government information, as well as scientific research, from not just PCs and servers but also mobile devices

Banks Seeking Aid on Iranian Cyber Attacks (Spamfighter) The banking majors in the US are pushing the government to aid them in smashing a long-term Iranian campaign of cyber attacks against American financial institutions, as reported in on January 15, 2013. Though a huge amount has been spent in warding off these cyberattacks, they did not obtain much success in this prospect as they believe government involvement

Global Cyber Attacks Multiply Exponentially (Asia Sentinel) You could be forgiven for hitting the panic button if you discovered that firefighters had given up and sought divine intervention to control a blaze. Something like that would have been the case, however, when the security chiefs of some major US banks, generally considered the best in their business within the private sector, recently turned to the National Security Agency for help to protect their computer systems after a barrage of attacks on their web sites rendered them helpless

Exprespam Android Malware Steals Upwards to 75,000 Bits of Information (Threatpost) Early research from Symantec estimates that spammers behind a new type of Android malware may have already stolen "between 75,000 and 450,000 pieces of personal information" from Japanese users. While these numbers may be disparate it does suggest the malware, Android.Exprespam, has been successful since popping up a few weeks ago

Backdoor Trojan disguised as flight confirmation email hits German internet users (Naked Security) Backdoor Trojan disguised as flight confirmation email hits German internet users. German internet users should be on their guard today, after malware was widely spammed out posing as a flight confirmation from Lufthansa

Holes in common component could leave office printers open to attack (IT World) Forget "PC LOAD LETTER," a vulnerability in a standard component of modern office printers may make hardware from a wide range of vendors vulnerable to denial of service attacks and data theft, according to a researcher for security firm ViaForensics

Hackers Steal $40,000 from Vancouver Island Church (eSecurity Planet) The hackers appear to have gained access to the church's bank account through an employee's home computer

Polish knights slay Virut, the brazen virus army that has its own EULA (The Register) Security researchers have decapitated a spam-spewing network of hacked computers by pulling the plug on the central command-and-control servers. The compromised PCs were infected by the Virut virus and were being remotely controlled from these servers by miscreants. The takedown operation was coordinated by CERT Polska, the computer emergency response team in Poland

Security researchers cripple Virut botnet (CSO) Attackers still control some domains used by the botnet, the researchers say

iPhone hackers hint at progress towards iOS 6 jailbreak (CSO) Two new vulnerabilities were apparently found in a day, according to one of the hackers

Facebook Graph Search leaves little privacy and no opting out (CSO) When Graph Search becomes widely available, so will all your random "likes," travels and friendings

Storify shows Facebook privacy more illusion than fact (CSO) Facebook passes the buck to users, but that is seen as an example of why privacy advocates want tougher restrictions on Facebook

Has MEGA Failed Already, Exposed, Site Unstable and Twitter hacked! (Cyberwarnews) Kim Dotcom announced his new file sharing service MEGA (https://mega. co. nz/) on this week and ever since it has been trouble for him it seems. With constant questions about its TOS and privacy as well as the site being flooded by users within its opening hours and now the twitter account has been breached

Video: Hacking Huawei VRP (Help Net Security) Huawei routers are no longer devices only seen in China. Entire countries run their Internet infrastructure exclusively on these products and established tier 1 ISPs make increasing use of them

Security Patches, Mitigations, and Software Updates

It's really important you update your Foxit PDF Reader, but unfortunately their website is down (Naked Security) There's something to be said for not going with the crowd, when it comes to securing your computer. But you best have your fingers crossed that your alternative providers' websites don't fall over when you need a security update

Cyber Trends

Critical Infrastructure Systems Seen as Vulnerable to Attack (New York Times) The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants. Attackers increasingly use so-called spearphishing attacks, in which they send employees targeted e-mails often from an e-mail address that matches the name of a colleague, supervisor or chief executivethat contains malicious code

DHS: Industrial control systems subject to 200 attacks in 2012 (Homeland Security Newswire) A DHS report released last week revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with 198 documented cyberattacks in 2012, and that many of these attacks were serious. Forty percent of those attacks were on energy firms, according to the Industrial Control Systems (ICS) and Cyber Emergency Response Team (CERT), which reviewed every incident. Water utilities came in second, with 15 percent of the attacks focused on them

Cyber risk is not translating into boardroom discussion (Infosecurity Magazine) It would be reasonable to assume from this that major companies' boardrooms are taking the cyber security threat seriously. Trustwave wanted to confirm this


Sequester Forces DOD To Slow Contracts (Politico) Every day at 5 p.m., when the Defense Department announces the days contracts, its not uncommon for the total sum to exceed $1 billion. But now, with the budget process upended on Capitol Hill, the Pentagon is trying to slow the rate at which money is leaving the building until it has a better sense of what to expect for this years funding

Huawei boosts profits by 33 percent despite US cyber-espionage allegations (IT Proportal) Huawei has revealed details about its 2012 fiscal year, announcing that it boosted its net profits by 33 per cent last year. Despite US security concerns over its products, the Chinese company raked in 15. 4 billion yuan

Huawei Again Mulling IPO As It Hits Back Against Accusations Of Espionage (TechCrunch) Huawei is considering an IPO after disclosing sales figures that may once again put it ahead of Ericsson AB in the race to become the world's biggest telecom equipment maker by revenue. Huawei CFO Cathy Meng said yesterday her company is open to a listing (link via Google Translate) after disclosing details of its 2012 performance.

ZTE predicts major losses for 2012 (Computer Weekly) Chinese telecoms company ZTE has predicted a nosedive in profits for 2012 following a rocky year. In 2011, ZTE recorded net profits of 2m yuan, but forecast the figure to drop by between 220% and 240% representing a loss ranging from 2.5m

Cybersalus, new cybersecurity firm, formed (UPI) A new U.S. company has been created to offer cybersecurity solutions and services to government and private industry. The enterprise is Cybersalus LLC. It is a service-disabled, veteran-owned small business formed through a partnership between John Kiehm, the chief executive officer and president of cybersecurity company SKC LLC, and McLane Advanced Technologies

RIM CEO says company is open to licensing new OS, stock jumps 10 percent (Ars Technica) A week before BlackBerry 10's launch, exec says firm undergoing major "review"

Atari's US operations file for bankruptcy protection (IT World) Iconic video game company Atari has filed for bankruptcy protection in the U.S. in an effort to separate operations from parent company Atari SA, which is based on France and has also filed for bankruptcy

Kim Dotcom talks security and privacy at Mega launch (TechWorld) Founder of Megaupload Kim Dotcom relaunched his empire yesterday with Mega. co. nz, and celebrated with a glitzy launch event at his mansion outside of Auckland. The event featured a performance by local musician Tiki Taane and his father, as well as a dramatisation of an armed offenders squad raid

What makes a good information security professional? (Help Net Security) Information security is a very competitive industry, and one of the very few that kept doing fine even during the recession. It's also a dynamic field that promises a lot of fascinating work, so it's

Products, Services, and Solutions

Firefox OS To Make Hardware Debut With Keon And Peak Developer Preview Smartphones (TechCrunch) Mozilla's Firefox OS, the mobile operating system from the company that makes the Firefox browser build entirely on open web standards, will have its first hardware soon thanks to a developer preview smartphone device, created by Spanish open hardware phone platform manufacturer Geeksphone, in partnership with Telefonica. Two models, the Peak and the Keon, will offer developers different hardware

Western Digital acquires Arkeia to boost SMB storage offering (IT World) Western Digital has acquired data protection company Arkeia Software as it looks to address growing storage demands among small and medium-size companies

Hortonworks releases a Hadoop sandbox (IT World) Those who want to try the much-hyped Hadoop but haven't got a cluster or two to spare can now test the data processing platform on their desktops, thanks to a new release from Hadoop distributor Hortonworks

PowerDNS 3.2 expands DNSSEC support (Help Net Security) The PowerDNS Authoritative Server enables authoritative DNS service from all major databases, including but not limited to

Technologies, Techniques, and Standards

How To Conduct An Effective IT Security Risk Assessment (Dark Reading) Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it

Tech Insight: 5 Approaches to Decaffeinating Java Exploits (Dark Reading) Most enterprises are stuck with Java whether they like it or not, but there are ways reduce the effectiveness of recent and future zero-day exploits

4 Steps For Proactive Cybersecurity (InformationWeek) In our dive into the theory behind offensive cybersecurity, Gadi Evron summarized the legal and ethical problems of fighting back against an attacker. There are also some purely tactical problems: How do you know you're not blasting some grandmother in Akron whose PC is a zombie? Are you prepared to come under the glare of organized criminals

A taxonomy for the National Cybersecurity Doctrine (CSO) Dan Lohrmann recently blogged in another forum about a call for a US cybersecurity doctrine. Having written on a related topic and participated in other national framework initiatives before, this piece further expounds upon the question of doctrine. Or, more precisely, the question should be framed as implicating deeper and prerequisite considerations about an emerging field

Security, DoS attacks and magic tricks (Finextra) Its pretty frightening when I hear my colleagues who specialise in security services describe the kind of things that hackers get up to maybe because I think that Im pretty clever (38 years in IT, etc) but then something simple catches me out. For example, on the Eurostar back from Paris last week an email popped up in my Blackberry from Visa, telling me that my card security had been breached and I should contact them immediately. I remembered using my card in a ticket machine on the metro, so I very quickly clicked on the link to get things sorted out fast and saw that they wanted confirmation of my details

Design and Innovation

Spy Bases: 9 Secretive HQs of the World's Intelligence Agencies (Wired Danger Room) Some of the world's intelligence agencies reside in buildings that can appear starkly utilitarian, clean and futuristic, or even frightening and alienating. But they all build their headquarters to invoke their sense of secrecy

Peter Thiel Talks The Future Of Education, The Need For Innovation And Why Facebook Won At DLD (TechCrunch) PayPal co-founder, early Facebook investor and Founders Fund partner Peter Thiel today took the stage at the DLD conference in Munich for a very wide-ranging discussion about the future of philanthropy, education, how we can sustain growth in the developed world and why Facebook won out over MySpace.

Ideas are more valuable than execution (LinkedIn) An interviewer asked me what two lessons she would take away from my book, Mind Over Matter. It's quite difficult to summarize a 340-page book in two lessons, but here's what I said: There is no such thing as a natural resource. Ideas have always and everywhere been more valuable than the physical act of carrying them out

New York is now a better place to start your tech company than San Francisco (Quartz) Why would anyone ever start a company in New York City when talent, capital, and network all favor Silicon Valley? This argument has persisted for a long time but let's look at this from a pure financial and economic perspective for the first-time entrepreneur. If you achieve an exit you can expect a value nearly 40 times greater in the Valley than if you started your company in New York. Take all of the 2012 exits with reported numbers listed in CrunchBase (excludes the biotechnology and pharmaceutical industries)


Report: 'Connected learning' needed to address inequities in education (Fierce Government IT) There is a disconnect between classroom learning and the everyday lives and interests of many young people, alienating them from their schooling, according to a report from the Connected Learning Research Network.Although the Internet and digital technology has the potential to even the playing field in education, a growing learning divide in public education disproportionately impacts African American and Latino youth, the report finds

Student claims code flaw spotting got him expelled from college (The Register) A Canadian computer science student is claiming he was expelled after identifying a gaping security hole in administrative software his college was using. Ahmed Al-Khabaz, a 20 year-old student at Dawson College in Montreal, told the National Post that he and a friend had been developing a mobile app for students to access their records when they found a hole in Omnivox software the college used. The hole allowed free access to personal information the college held on students, such as social insurance number, home address and phone number and class schedules

City of London School wins National Cipher Challenge (Computer Weekly) A team from City of London School has triumphed over 724 other UK schools to win the 11th National Cipher Challenge. A total of 1,600 teams took part in the competition held towards the end of 2012, up from 200 teams in previous years. The national code-breaking competition is organised by Southampton University, with support from the government intelligence agency GCHQ and commercial partners

Cyber Security Challenge UK announces first University Challenge (Computer Weekly) Four leading UK universities for Computer Science are taking part in a unique code-breaking competition as part of this years Cyber Security Challenge UK. The computer science departments at the University of Bristol, University of Birmingham, University College London and Edinburgh Napier University have accepted the challenge to develop their own cipher or puzzle, based on encrypted messages. The cipher will be released to other participating universities and challenge candidates to break in a four-week virtual tournament, starting 21 January

Legislation, Policy, and Regulation

Cuba opens one lane of Internet superhighway—inbound (Ars Technica) Downloads via Venezuela, uploads via satellite

India developing national cybersecurity architecture (ZDNet) India is in the midst of developing and implementing a national cybersecurity architecture that is aimed at preventing sabotage and espionage of its core IT systems and networks. In a report Monday, the Economic Times said that the system will protect critical information infrastructure and networks by monitoring activities, while designated government agencies will offer certification to vendors and service providers to provide additional safety measures."It will also involve capacity and authority for operations in cyberspace," said Shivshankar Menon, national security advisor for India, in the report

Giving teeth to cyber security (Asia One) A law passed this week gives the Government powers to take pre-emptive steps to prevent potentially crippling cyber attacks on essential services. The new Computer Misuse and Cybersecurity Act grants power to the Home Affairs Minister to order, say, telcos and banks to disclose information to the Government long before a cyber attack hits Singapore. Before this change, the minister could issue a directive only when the attack on Singapore was imminent.

President Putin orders FSB to protect media sites from cyber attack (RT) The Russian President has told the country's federal security service to set up a system that would detect, counter and prevent computer attacks on state information resources. The order defines official resources as information systems and networks

Proposed EU cyber security law will require proactive network security (Help Net Security) Last week, the European Commission proposed new legislation to require major tech firms like Google and Facebook to report any security breaches to local cyber crime authorities or risk sanctions like

Litigation, Investigation, and Law Enforcement

iPad Hack Statement Of Responsibility (TechCrunch) Editor's note: Andrew Auernheimer, also known by his pseudonym weev, is an American grey hat hacker and self-described Internet troll. Follow him on Twitter @rabite. In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end. If you incremented this number, you saw the next iPad 3G user email address. I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker

GitHub blocked in China, 'ticket snatching' plugins seen as possible cause (IT World) China's censors have started blocking access to software collaboration site GitHub, and Internet observers are speculating the government's efforts to regulate the nation's online train ticketing system are to blame

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybergamut Technical Tuesday: Finding Splunk Before Splunk Finds You (Columbia, Maryland, USA, January 22, 2013) Rob Frazier of Whiteboard Federal Technologies will present his talk "Finding Splunk Before Splunk Finds You". Certification letters will be available for PMI PMP PDU' and CISSP CPEs as well as other technical...

TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, January 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but...

Data Privacy Day (Various locations, January 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy...

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...

North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, February 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along...

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The...

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.