Over the weekend Der Spiegel reported widespread US surveillance—"bugging"—of EU offices and interception of other US European allies' electronic traffic. The German Foreign Minister has summoned the US ambassador to demand an explanation, and European officials say the allegations will have far-reaching effects on trans-Atlantic relations (starting with pending trade agreements). Chinese reaction is, predictably, one of satisfied high dudgeon. Current and former US officials offer a range of tu quoque defenses (seconded, in the case of Chinese cyber espionage, by the UK) but there's little doubt that the diplomatic implications of PRISM and related allegations are serious and enduring.
Last week's attacks on Korean sites are still being sorted out. About 100,000 people's personal data were exposed in the breach of the Republic of Korea's presidential site. A profile of the Dark Seoul gang emerges. Universities in Brazil and the United States also suffer data breaches.
Several new exploits are demonstrated, including an HTTPS side-channel attack and a "keyjacking" hack. The Blackhole exploit kit sniffs around Pinterest, and Opera continues to suffer from its vulnerabilities. US-CERT discloses a cyber campaign unnamed actors conducted against US natural gas pipelines earlier this year.
US policymakers continue to grapple with fallout from the PRISM affair. The Senate wants to grill DNI Clapper (again) in the wake of press reports about surveillance programs. Former DCI Hayden calls for more openness about intelligence operations. Congress-watchers think PRISM has indefinitely delayed legislative action on cyber security. India rolls out its own surveillance program.
Today's issue includes events affecting Brazil, Canada, China, European Union, Germany, India, Iran, Republic of Korea, New Zealand, Russia, Singapore, Taiwan, Turkey, United Kingdom, United States..
The CyberWire will take a holiday this Thursday and Friday as its staff celebrates US Independence Day. We'll resume normal publication on Monday, July 8.
US reportedly bugged EU offices, computer networks(ABC Online) The allegations are based on a "top secret" document from the National Security Agency (NSA), dated September 2010, that was allegedly stolen by fugitive Edward Snowden. The document, which has been seen in part by Der Spiegel journalists, is said to
Attacks from America: NSA Spied on European Union Offices(Der Spiegel) America's NSA intelligence service allegedly targeted the European Union with its spying activities. According to SPIEGEL information, the US placed bugs in the EU representation in Washington and infiltrated its computer network. Cyber attacks were also perpetrated against Brussels in New York and Washington
Europeans Demand Answers Over Alleged US Bugging(SecurityWeek) The European Union angrily demanded answers from the United States on Sunday over allegations Washington had bugged its offices, the latest spying claim attributed to fugitive leaker Edward Snowden
European officials slam US over bugging report(Cyberwarzone) Senior European officials expressed concern Sunday at reports that U.S. intelligence agents bugged EU offices on both sides of the Atlantic, with some leftist lawmakers calling for concrete sanctions against Washington
Research sheds light on "Dark Seoul" sabotage gang(SC Magazine) Over the past four years a politically motivated group has targeted companies, mostly in South Korea, by planting trojans capable of wiping data, shuttering websites through distributed denial-of-service (DDoS) attacks and stealing sensitive corporate information
University of Neoliberal Arts & REDNET Institute Brasil Hacked, Accounts Leaked(Hack Read) The hackers from NullCrew are back in news with their latest attack, this time the crew has attacked the official website of University of Neoliberal Arts and a Brazilian based technology institute REDNET. The hack was announced by the hackers on their official Twitter account which shows 146 accounts from University of Neoliberal Arts and around 1000 accounts
HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft(Dark Reading) Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds. A new side channel vulnerability in HTTPS traffic could make it possible for targeted attackers to dig up secrets like session identifiers, CSRF tokens, OAuth tokens, and ViewState hidden fields without users ever being the wiser, say researchers who will explain how the attack could work at this year's Black Hat
How cybercriminals create and operate Android-based botnets(Webroot Threat Blog) On their way to acquire the latest and coolest Android game or application, end users with outdated situational awareness on the latest threats facing them often not only undermine the confidentiality and integrity of their devices, but also, can unknowingly expose critical business data to the cybercriminals who managed to infect their devices
Blackhole Exploit Kit Campaign Takes Interest in Pinterest(TrenLabs Threat Encyclopedia) Pinterest has actively been used in different spam campaigns in the past - from basic phishing to complicated spam techniques incorporating salad words and invisible ink. Blackhole Exploit Kit (BHEK) spam campaigns have also been known to us for quite some time. BHEK spam campaigns are known to use popular brand names and websites to lure users
TSPY_FAREIT.ACU(TrendLabs Threat Encyclopedia) This malware guises as an Opera update. Cybercriminals behind this threat stole an outdated Opera digital certificate, which they used to sign this malware
Malwarebytes finds Malware Pretending to be Emulator of Xbox One(SpamfighterNews) Malwarebytes the security company says that its researchers have found one malware that pretends to be an emulator of the movie-game Xbox One, while dupes gamers keenly looking forward to the forthcoming online games console such that they'll download the malware
Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps(Threatpost) A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann. The vulnerabilities in the GNU ZRTPCPP library already have been addressed in a new version of the library and Silent Circle has implemented a fix, as well
Cyber Attacks Targeted Key Components of Natural Gas Pipeline Systems(SecurityWeek) Attackers Used Brute Force Attacks Against Internet-Facing Controls Systems at Gas Compressor Stations. In its latest monthly report designed to promote preparedness, information sharing, and collaboration across infrastructure sectors, The Department of Homeland Security's ICS-CERT publicly revealed information on a series of attacks that targeted gas compressor station operators earlier this year
Cisco issues IronPort patch(The Register) Vuln exposed systems to remote crash, takeover. Cisco has issued a patch for vulnerabilities that exposed its IronPort AsyncOS software for the Cisco e-mail security appliance to cover denial-of-service and command injection problems
Britain: Cyber-Attacks on 'Industrial Scale' Steal Business Secrets(IBTimes.co.uk) Though GCHQ has not attributed attacks to any specific foreign intelligence service, the United States previously implicated China in cyber-attacks against American businesses. China, Saudi threat. In a recent annual report to US Congress, The Pentagon
Cyber Threat is Real and Mobile(Mobile Enterprise) The company works with the U.S. Central Command and the Department of Homeland Security among other agencies. "The way we view cyber -- and it's disturbing to some -- but cyber is not tangible," he said. The U.S. military covers sea, air, land and
Complacent staff weak link in combating cyber criminals(Financial Times) Many companies - like the world's superpowers - are loathe to admit explicitly just how much data they have collected and would be embarrassed to own up to a cyber attack. Governments are working to encourage more disclosure to help to form a united
Is The Internet Worth It?(Washington Post) So much depends on the Internet that its vulnerability to sabotage invites doomsday visions of the breakdown of order and trust. In a report, the Defense Science Board, an advisory group to the Pentagon, acknowledged "staggering losses" of information involving weapons design and combat methods to hackers (not identified, but probably Chinese). In the future, hackers might disarm military units
5 Tech Trends that Explain the Evolution of Online Threats(Zeltser) Information security professionals need to keep an eye on the always-evolving cyber threat landscape. Accomplishing this involves understanding how changes in people's use of technology influence the opportunities and techniques pursued by criminals on-line. Below are 5 tech trends that have affected the evolution of threats
DHS Report: Energy Sector Now a Bigger Target for Cyber Attackers(Wall Street Journal) The energy sector is reporting an enormous increase in the number of attempted cyber attacks in 2013, according to a new report from the Department of Homeland Security. Some of the new attempted attacks have included the industrial control systems of
Abuse of mobile app permissions(Help Net Security) McAfee Labs found that under the camouflage of "free" apps, criminals are able to get consumers to agree to invasive permissions that allow scammers to deploy malware. The permissions in free apps
Most Internet users have fallen victim to malware(Help Net Security) The current state of cyber-security has left US Internet users anxious about hacks and password theft. Despite constant victimization, the majority are not using two-factor authentication and are left
Global Cyber Crowd Convenes in Maryland(DBED) Last month, 200 cybersecurity executives from the U.S., Canada and the U.K. gathered in Annapolis for Cross Tech, a two-day conference at which attendees discussed cyber solutions and showcased collaborations in information assurance between the private and public sectors. Cyber executives from Canada and the U.K. were also given the opportunity to present their technologies and companies to U.S. experts in hopes of developing international connections, partnerships and business opportunities
Machine-Learning Project Sifts Through Big Security Data(Dark Reading) As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns. As an information-security consultant, Alexandre Pinto spent 12 years helping companies set up difficult-to-configure systems to cull security intelligence from logs and security events
Explore, analyze and visualize data in Hadoop(Help Net Security) Splunk announced the beta version of Hunk: Splunk Analytics for Hadoop, a new software product that integrates exploration, analysis and visualisation of data in Hadoop. Hunk drives improvements
Certifying Forensics for Information Security(eSecurity Planet) As threats and breaches continues to grow, there is a need for a new type of certified professional. In the fight to help secure and remediate modern security risks, there is need for a host of professionals with the certified skills to get the job done. But what happens when there is no certification
NIST Cybersecurity Framework(Internet Storm Center) The NIST has published a voluntary framework to reduce cyber risk to critical infrastructure as a result of a directive inside the President's execute order for improving critical infrastructure cybersecurity
Can you trust your online backup service?(Help Net Security) While having lots of digital storage space at your physical location may be cheap nowadays, it's also very useful to have offsite backups - not only in the event of a major natural disaster or theft
Google offers tips on Wi-Fi security(FierceCIO: TechWatch) In a new post titled "Securing your Wi-Fi network" on Google's official blog, technical program manager John Munoz offered a number on tips what home users can do to improve their Wi-Fi security. Though directed at consumers, these suggestions can also be useful to wireless networks deployed within businesses, especially for branch or remote offices that may employ a more simplistic infrastructure
Lotus F1 builds a secure, reliable network(Infosecurity Magazine) While the Lotus F1 Team prepares for the British Grand Prix at Silverstone this weekend, Infosecurity talked to its CIO about the network and security demands in a very unusual business
Password complexity rules more annoying, less effective than length ones(Ars Technica) Long-length rule results in harder-to-crack passwords than a short/complex one. Few Internet frustrations are so familiar as the password restriction. After creating a few (dozen) logins for all our Web presences, the use of symbols, mixed cases, and numbers seems less like a security measure and more like a torture device when it comes to remembering a complex password on a little-used site. But at least that variety of characters keeps you safe, right? As it turns out, there is some contrary research that supports both how frustrating these restrictions are and suggests it's possible that the positive effect of complexity rules on security may not be as great as long length requirements
Is It the Dawn of the Encryption App?(Mashable) Amidst prying eyes, a small but growing group of hackers and programmers is working on applications that use cryptography -- the science of creating techniques to hide data and render it readable only to intended recipients -- to fight surveillance and
Wi-Vi: Seeing through walls with Wi-Fi signals(Help Net Security) Two MIT researchers have created Wi-Vi, an experimental system that uses Wi-Fi signals to track moving objects - usually people - behind a wall and in closed rooms. The system works on the same
St. Philip's earns NSA designation for cyber-security curriculum(San Antonio Business Journal) National Security Agency and Department of Homeland Security officials upgraded St. Philip's College's cyber-security program as a National Center of Academic Excellence in Information Assurance. St. Philip's College offers both online and on-campus
Legislation, Policy, and Regulation
Joint Chiefs Chair Talks Security at Brookings(Threatpost) General Martin Dempsey, Chairman of the Joint Chiefs of Staff, made clear yesterday in a speech to the Brookings Institution that the military, government, and private sector each has a role to play in hardening the U.S. against cyberattacks
Hayden: Open spy programs to reassure US public(MiamiHerald.com) The former director of the CIA and National Security Agency says the government should release more information about its secretive surveillance programs to reassure Americans that their privacy rights are being protected. Michael Hayden
Spying on Allies(Lawfare) The emerging controversy about the USG spying on European allies brings to mind the ECHELON controversy a dozen years ago. (FAS has a page that collects information on ECHELON.) ECHELON was a signals intelligence collection program (or programs) by the USG and its anglophile allies. Its means and scope were always uncertain, but it involved large-scale collection, including in Europe. According to the European Parliament report on the topic, ECHELON had the global capacity "to intercept any telephone, fax, Internet or e-mail message sent by any individual and thus to inspect its contents"
E.U. Angry Over Spying Allegations(Washington Post) European leaders reacted with fury Sunday to allegations in a German newsmagazine that the United States had conducted a wide-ranging effort to monitor European Union diplomatic offices and computer networks, with some saying that they expected such surveillance from enemies, not their closest economic partner
EU Warns Trade Deal Under Threat Over US Bugging Claims(SecurityWeek) A long-awaited trade deal between the European Union and the United States could be in jeopardy over allegations that Washington bugged EU offices, European Justice Commissioner Viviane Reding warned on Sunday
Snowden's Leaks Cloud U.S. Plan to Curb Chinese Hacking(Bloomberg) The Obama administration's strategy for confronting China over the theft of commercial technology has been battered by Edward Snowden's disclosures of U.S. spying, leaving officials rushing to salvage a plan they crafted in secret over the past two years
Why Obama Was Never Going To Be A Civil Liberties Champion(TechCrunch) Barack Obama was never going to be a champion of civil liberties; he leads a very old and quickly growing strain of the Democratic party that prioritizes the collective good over individual rights. This coercively inclusive worldview feels that every business, government agency, country, and citizen has an obligation to contribute to the greater good
How a 30-year-old lawyer exposed NSA mass surveillance of Americans--in 1975(Ars Technica) Project SHAMROCK allowed the NSA to intercept telegrams sent by US citizens.US intelligence agencies have sprung so many leaks over the last few years--black sites, rendition, drone strikes, secret fiber taps, dragnet phone record surveillance, Internet metadata collection, PRISM, etc, etc--that it can be difficult to remember just how truly difficult operations like the NSA have been to penetrate historically. Critics today charge that the US surveillance state has become a self-perpetuating, insular leviathan that essentially makes its own rules under minimal oversight. Back in 1975, however, the situation was likely even worse. The NSA literally "never before had an oversight relationship with the Congress." Creating that relationship fell to an unlikely man: 30 year old lawyer L. Britt Snider, who knew almost nothing about foreign intelligence
The NSA's early years: Exposed!(Salon) "One of the gravest crises in the history of American cryptanalysis," writes historian Colin Burke, led directly to the 1949 mergingof the SIS and OP-20-G
US spy device 'tested on NZ public'(Cyberwarzone) A high-tech United States surveillance tool which sweeps up all communications without a warrant was sent to New Zealand for testing on the public, according to an espionage expert. The tool was called ThinThread and it worked by automatically intercepting phone, email and internet information
India's new surveillance network will make the NSA green with envy(Quartz) India doesn't seem to worry that the surveillance scandal recently rocking the US might perturb its own citizens. The country is going ahead with an ambitious program that will let it monitor any one of its 900 million telecom subscribers and 120 million internet users
SAF beefs up capabilities to quash cyber threats(AsiaOne) Although more details of the Cyber Defence Operations Hub were not revealed, Mr David Siah, Trend Micro Singapore's country manager, said today's cyber attacks extend beyond delivering malware, to establishing lasting footholds inside networks
Litigation, Investigation, and Law Enforcement
Encryption Has Foiled Wiretaps for First Time Ever, Feds Say(Wired) Encryption for the first time is thwarting government surveillance efforts through court-approved wiretaps, U.S. officials said today. The disclosure, buried in a report by the U.S. agency that oversees federal courts, also showed that authorities armed with wiretap orders are
Snowden In Limbo As Options Narrow(Wall Street Journal) As Edward Snowden entered his second week of limbo in Moscow's airport on Sunday, his decision to go to Russia is looking riskier than it first appeared, and may have left him in a worse situation than if he had stayed in Hong Kong
Snowden's Fate Is Up To Russia, Ecuador Says(New York Times) President Rafael Correa said Sunday that while there were weighty arguments for granting asylum to the fugitive American intelligence leaker Edward J. Snowden, it was up to Russia to decide what happens to him
Job Title Key To Inner Access Held By Leaker(New York Times) Intelligence officials refer to Edward J. Snowden's job as a National Security Agency contractor as ''systems administrator'' -- a bland name for the specialists who keep the computers humming. But his last job before leaking classified documents about N.S.A. surveillance, he told the news organization The Guardian, was actually ''infrastructure analyst''
Edward Snowden: The Geek Turned Deep Throat(SecurityWeek) Hunted as a US traitor and at the center of a diplomatic row, Edward Snowden got off to a less spectacular start in life: he is a self-confessed geek and high school dropout. Snowden, 30, came out of nowhere to trigger one of the biggest intelligence leaks in American history, triggering a furious standoff with Russia as he evades capture from a Moscow airport transit area
Who Helped Snowden Steal State Secrets?(Wall Street Journal) The preparations began before he took the job that landed him at the NSA. In March 2013, when Edward Snowden sought a job with Booz Allen Hamilton at a National Security Agency facility in Hawaii, he signed the requisite classified-information agreements and would have been made well aware of the law regarding communications intelligence
SCHEER: U.S. intelligence has many traitors(Rapid City Journal) What a disgrace. The U.S. government, cheered on by much of the media, launches an international manhunt to capture a young American whose crime is that he dared challenge the excess of state power
NSA Leak Vindicates AT&T Whistleblower(Wired) Today's revelations that the National Security Agency collected bulk data on the email traffic of millions of Americans provides startling evidence for the first time to support a whistleblower's longstanding claims that AT&T was forwarding global internet traffic to the
Secret US spy court lets Microsoft, Google reveal their petitions(The Register) We'll see their pleas to be ungagged, no actual gags will be dropped. America's most secret court will allow Google and Microsoft to reveal details of their legal battle to lift a gag order preventing them from disclosing how much data they give to spooks
GI's Trial In WikiLeaks Case Enters 5th Week(NewsOK.com) Prosecutors at the court-martial of an Army private at Fort Meade remain focused on the more than 250,000 State Department diplomatic cables he gave to the anti-secrecy group WikiLeaks
Man Disseminating Ghost RAT now under Custody of Taiwan's CIB(SPAMfighter News) According to researchers from Trend Micro, the Criminal Investigation Bureau of Taiwan recently detained a man thought to have been associated with cyber-assaults which utilized Ghost the infamous Remote Access Tool (RAT). Trend Micro, while helping
FBI Paid Off Wikileaks Insider To Be An Informant: Imagine If It Was The NY Times(TechDirt) People like to debate whether or not Wikileaks is or is not a "media property," but I can't see any definition of a media property under which Wikileaks would not fall. Yes, it publishes leaked documents, but so do many other media properties. Yes, it has a strong ideological viewpoint, but so do many other media properties. So it's rather stunning to read about the fact that a Wikileaks insider apparently spent some time as a paid informant for the FBI, handing over a variety of internet information on things happening within Wikileaks. Imagine if this was the NY Times or the Wall Street Journal, and it came out that an employee was getting paid by the FBI to reveal what those newspapers were working on. People would be up in arms, just like they were over the DOJ's spying on AP reporters and a Fox News reporter. Except, this wasn't just spying on a reporter, this was flat out paying off an insider to share internal information. That's incredible
Candid emails at S&P surface in case(FierceFinance) If recent history has shown anything when it comes to putting executives on trial, it's that email evidence isn't necessarily rock solid. These days, if prosecutors were to go to their supervisors with plans to go to trial with mainly email evidence, they might not get the green light
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
QUESTnet 2013 Conference(Gold Coast, Queensland, Australia, July 2 - 5, 2013) Queensland Education, Science and Technology Network (QUESTnet) is the Queensland regional component of the Australian Academic and Research Network (AARNet). The QUESTnet conference is an annual event...
Digital Forensics and Incident Response Summit(Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
cybergamut Technical Tuesday: Remote Digital Forensics(Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...
Remote Digital Forensics(Columbia, Maryland, Sioux Falls, July 16, 2013) Incident response, packaging, and mailing is a lengthy process averaging many days to get media into a forensics examiner workstation in Maryland. The current process primarily uses stand alone workstations.
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
EAGB Summer Quarterly Webinar(Webinar, July 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore:...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
AFCEA Global Intelligence Forum(Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.