Hacktivism continues in Turkey, with the Finance Ministry the latest victim of a data breach.
The cyber black market continues to increase and diversify its inventory.
Industrial control systems receive considerable unwelcome attention lately. Honeypots show hackers looking for default credentials and other vulnerabilities, and experts advise enterprises to improve their vulnerability assessments. (SC Magazine names "SCADA sport fishing" its threat-of-the-month.)
Data breaches affect Indiana government (this one's due to a programming error) and a Boston teachers' union (another operator mistake). Ransomware and other cyber extortion capers hit European and North American targets.
The US Veterans Affairs IG finds "significant deficiencies" in the Department's cyber security. FierceGovernmentIT presents the Commerce Department's Economic Development Administration as a case study in hasty, ad hoc incident response gone awry.
IEEE Spectrum reports studies showing that physical proximity fosters innovation.
Allegations of NSA surveillance now extend to India, which is about as unhappy about them as the EU's been. There is surely, as a Bloomberg op-ed observes, a whiff of Captain Renault in the EU's reaction to the PRISM affair, but there's also no doubt the leaks have proven a major diplomatic embarrassment for the US. President Obama's observation that "many nations have intelligence agencies" (and what can one do but agree?) is unlikely to mollify allies or confound enemies.
Edward Snowden withdraws his request for asylum in Russia, and Wikileaks petitions seventeen governments to grant him refuge. Retired General Cartwright remains a subject of the Stuxnet leak investigation. Punjab suffers a Facebook crimewave.
Today's issue includes events affecting Australia, Austria, Bolivia, Brazil, Bulgaria, China, Cuba, European Union, Finland, France, Germany, India, Ireland, Italy, Netherlands, Nicaragua, Norway, Poland, Russia, Spain, Switzerland, Turkey, United Kingdom, United States, and Venezuela..
The CyberWire will take a holiday this Thursday and Friday as its staff celebrates US Independence Day. We'll resume normal publication on Monday, July 8.
Cyber Attacks, Threats, and Vulnerabilities
Turkish Finance Ministry Office Hacked, 2006-2010 Incoming & Outgoing Data Leaked by Anonymous(Hack Read) A supporter of Anonymous hacker going with the Twitter handle of @RunaGalande has claimed to hack and breach the official website of Turkish Finance Ministry Office, resulting in leaking for income and outgoing data online. Anonymous Turkey who contacted me on Twitter, revealed Turkish Finance Ministry Office hack few hours ago that shows 23 MB leaked data is in Turkish language which has been divided
Hackers Aggressively Scanning ICS, SCADA Default Credentials, Vulnerabilities(Threatpost) Honeypots and honeynets have long been used as enticements to lure hackers into a false network in order to study attacks. While long a favorite of many high-end enterprises and security researchers studying attacks against traditional IT infrastructures, a number of industrial control system honeypots have also been deployed
Threat of the month: SCADA "sport fishing"(SC Magazine) SCADA is not just a focus because of its often critical deployments, but also because performing vulnerability research on SCADA systems is easy, like 1990's stack buffer overflow type-of-easy
Using nmap scripts to enhance vulnerability asessment results(Internet Storm Center) SCADA environments are a big interest for me. As responsible of the information security of an utility company, I need to ensure that risks inside those platforms are minimized in a way thay any control I place does not interfiere at all with the protocol and system function. That is why running things like metasploit or nexpose could be really dangerous if they are not well parameterized, as it could block the control to the RTU and IED and potentially cause a disaster if a system variable goes beyond control
The Morning Download: Energy Companies Face More Cyberattacks(Wall Street Journal) U.S. energy companies are being subjected to a huge increase in the number of attempted cyberattacks, according to a new report from the Department of Homeland Security. There were 111 cyber incidents reported by the energy sector during the six
Ransomware & Cyber Extortion: Computers Under Siege(Kaspersky Lab Daily) Extortion, blackmail and ransom requests have always been cornerstones of criminal activity. In today's global internet economy, criminals are adapting their techniques by attempting to extort money from people using "Ransomware"
'Significant deficiencies' in VA cybersecurity(FierceGovIT) Significant deficiencies in configuration management and identity management pervaded Veterans Affairs Department information technology during the last fiscal year, says an audit commissioned by the department's office of inspector general
Economic Development Administration's year long comedy of incident response errors(FierceGovIT) The computer malware crisis that shook the Economic Development Administration to its virtual core--causing months of disruptions, the destruction of $175,000 worth of equipment and another $2.57 million in spending on contractors and temporary network infrastructure--was all based on a series of mistakes. There was no reason to disconnect the agency from its own information technology systems
EDA's journey into the cyber abyss(FierceGovIT) Gaze long into an abyss, and the abyss also gazes into you, is the easy way to sum up the Economic Development Administration 18 month long adventure of a botched malware incident response that came to a close only this past March--a time for which during parts the Commerce Department bureau shut itself off from the Internet, during which its workers "became reacquainted with their neighborhood post office and the beep-squeak-hiss of the fax spitting out paper," reported The Washington Post in a now unintentionally funny story
Exploiting the Twitter Underground for Fun and Profit(Threatpost) The underground economy on Twitter is still flourishing, and it appears to be a buyer's market for followers right now, with new research showing that the price for 1,000 followers has dropped nearly 50 percent in the last few months
Advanced Threats, Imagination and Perception(Dark Reading) Why some industries are staring down the barrel but still don't know it, putting others at risk. It's no secret that the tech, defense industrial base and a select few other industries (which we'll call tier one targets) have been heavily targeted by advanced threat actors in recent years. However there exists a group of less discussed or publicized industries, who have found themselves subjected to targeted, often sophisticated attacks, are creating exposure for many of their clients and are only left with one question – why us? I'm often asked by business executives from this collective, to help characterize why they are now under the microscope of an adversary from a nation where they have no business, nor competitors; they don't have source code, industrial research or other intellectual property to steal and their finances pale in comparison to those of their adversary. So what gives
Cyber Insights Blog Warns Firms Against Ignoring Growing Cyber Security Threat. Vir2us CEO Looks to Make Top Execs Cyber Security Savvy.(Digital Journal) Vir2us CEO, Ed Brinskele blogs about what government security experts are calling next-generation cyber security; a new and different approach to a rapidly growing problem that, according to the U.S. Government, is costing global business up to $1 trillion annually. According to Rebecca Brown, spokesperson for Vir2us, Mr. Brinskele was responsible for the U.S. National Institute of Standards and Technology (NIST) adopting new specifications for implementing next-generation cyber security for Smart Grid; a national project to overhaul the nation's aging power grid
Defense Contractors' Cyber Expertise Behind PRISM(Defense World) A string of U.S. and international defense contractors helped in developing the now infamous 'PRISM' and 'Boundless Informant' systems that spy's on American and international internet and telephone traffic. Defenseworld.net took a close look at the contractors which supplied equipment and expertise to the U.S. National Security Administration (NSA) to help develop the all-pervasive spying technology
DoD inks MDM, app store contract potentially costing $16M(FierceGovIT) The Defense Information Systems Agency has awarded a mobile device management and mobile application store contract that will serve as the foundation of the Defense Department's mobile implementation plan, announced the agency in a June 28 statement
CSA Goes CSI with Forensics, Incident Management Working Group(Talkin' Cloud) The Cloud Security Alliance has formed a new working group that will focus on examining incident handling and forensics in cloud environments. The new Incident Management and Forensics Working Group was formed to create a better understanding of the
AT&T Invests $80M in Three Foundry Centers(ExecutiveBiz) AT&T plans to invest $80 million in three foundry innovation centers as the company looks to help customers respond to challenges using technology, Washington Technology reported June 21
DoD steps up contractor performance assessments(FierceGovernment) The Defense Department has completed significantly more contractor performance assessments in recent years, in terms of both number and percentage, a report from the Government Accountability Office says
Cloud security managers are in demand(SC Magazine) Companies are increasingly incorporating cloud technologies to enhance business in the global market. This has increased demand for cloud security engineers to manage the advanced network security architecture
Visual Tools Track Cyber Attacks In Real Time(TechWeekEurope UK) The image on the screen (see below) shows a cyber-attack in progress, but it doesn't look like the rows of reports that you usually expect to see as event data flows from intrusion prevention systems, next-generation firewalls and security reporting
EventTracker Launches Log Manager(Digital Journal) EventTracker, a leading provider of comprehensive SIEM solutions, announced today the general availability of EventTracker Log Manager, a robust log management solution designed to provide significant business value through proactive monitoring and real-time alerting for network and system administrators
Hacking The Human Side Of The Insider Threat(Dark Reading) The details on how a young systems administrator for an NSA contractor was able to access and walk away with highly classified program information from the super-secretive agency may never be fully revealed, but the Edward Snowden case has spurred debate over how best to catch a rogue insider before he incurs any damage
Teaching a computer to play Memory advances security(Help Net Security) Computer science researchers have programmed a computer to play the game Concentration (also known as Memory). The work could help improve computer security – and improve our understanding of how the
Study Confirms Quantum Computers are Actually Quantum(Slashdot) How do you confirm uncertainty? Who knows what's going on in there? Confirming anything whose defining characteristic is uncertainty is obviously difficult, even when the confirmation involves whether a computer sold two years ago works the way it's supposed to. Confirming that the first quantum computer developed and sold for commercial use uses specific quantum phenomena to perform calculations is a pretty complicated matter—especially when one of the phenomena in question is finding the simplest solution to a problem based on changes in probability
Obama: Many nations have intelligence agencies(USA TODAY) All that said, Obama said his team would speak with European counterparts about news reports that the National Security Agency has bugged European Union offices in Washington, New York and Brussels. Obama pointed out that he is "the end user of this
Cyber Command Suffers Second Defeat, Dump It(Cryptome) Cyber Command suffered its second defeat with the win of Edward Snowden. The first defeat was won by Bradley Manning. This suggests Cybercom deserves dissolution and a better command instituted, or, best, nothing like it
US to Pressure China on Intellectual Property Cyber-Theft(IBTimes.co.uk) The meeting comes after the Department of Homeland Security issued a report to US businesses warning them of cyber-theft being committed by hackers based in both China and Saudi Arabia. The US is also in the midst of a scandal involving cyber-security
Outrage In Europe Grows Over Spying Disclosures(New York Times) Damage from the disclosures of United States spying on its European and Asian allies spread on Monday, threatening negotiations on a free trade agreement, hurting President Obamas standing in Europe and raising basic questions of trust among nations that have been on friendly terms for generations
Echoes Of Echelon In Charges Of NSA Spying In Europe(Wall Street Journal) It isn't the first time the U.S. has found itself in the center of a storm about spying on allies. The allegations that the National Security Agency spied on European Union institutions and friendly countries in continental Europe and further afield echo a furor of more than a decade ago
Europe's Faux Outrage on NSA Spying(Bloomberg) Captain Renault of the European Union is apparently shocked, shocked to find out that the U.S. has been spying on the EU's official communications. Some EU officials have called for suspending talks on a trans-Atlantic trade and investment partnership because, as Elmar Brok, chairman of the European Parliament's Foreign Affairs Committee, put it, "How are you supposed to negotiate when you have to worry that your negotiating positions were intercepted?
DoD subcontractor whistleblowers now protected(FierceGovernment) Starting July 1, Defense Department subcontractors will be covered under a protection provision that became law through the fiscal 2013 national defense authorization act
Litigation, Investigation, and Law Enforcement
Reports: Retired general target of leaks probe(Stamford Advocate) A former vice chairman of the Joint Chiefs of Staff is under investigation for allegedly leaking classified information about a covert cyberattack on Iran's nuclear facilities, according to media reports
Plug These Leaks(Washington Post) The best solution for both Mr. Snowden and the Obama administration would be his surrender to U.S. authorities, followed by a plea negotiation. It's hard to believe that the results would leave the 30-year-old contractor worse off than living in permanent exile in an unfree country. Sadly, the supposed friends of this naive hacker are likely advising him otherwise
Snowden damaged security of US: Bush(Business Standard) "I think he damaged the security of the country," Bush said on Snowden, the 30-year-old former technical contractor and Central Intelligence Agency (CIA) employee who worked for Booz Allen Hamilton, a contractor for the US National Security Agency (NSA)
Snowden Is No Daniel Ellsberg(Washington Post) I pleaded last month for an end to the breathless comparisons between Edward Snowden and Daniel Ellsberg. News that the present-day intelligence leaker has asked Russia for asylum should put those comparisons to rest. Sure, Snowden made the same request of other nations. But flirting with Moscow is a credibility killer
Reddit to thwart the NSA's tracking plans with a gift exchange? Yup.(Venture Beat) Reddit's gift exchange service has come up with a rather unique way of derailing the NSA's over-reaching efforts to collect data on U.S. citizens. One of the ways the NSA is doing this is by tracking a large list of flagged keywords that are pretty common to everyday conversation. Sites like Motherboard.tv's "Hello, NSA" takes that list of terms and automatically generates a phrase using a few of them that you can then post all over the Internet. The purpose is to basically skew all of the NSA's efforts by going out of your way to mention these terms — thus making them less unique to terrorism (I mean, if they really were unique to terrorism in the first place.
The NSA's Mini-Coverups Are Out There(The Atlantic Wire) When President Obama referred to Edward Snowden as a "hacker," it might have been meant as an insult, but it was accurate. While National Security Agency officials have been referring to Snowden as a "systems administrator" -- which makes him sound like an unimportant office drone, an "IT guy," as many have called him -- he was actually an "infrastructure analyst," he told The Guardian. That means he was a kind of hacker, but he wasn't hacking the NSA, The New York Times's Scott Shane and David E. Sanger explain. He was hacking the world for the NSA. It's one of the many ways NSA and Obama administration officials have shaded the truth in the wake of Snowden's revelations. Here are some other little untruths, and at least one whopper
Kremlin: Snowden gives up on plan to stay in Russia(CNN) Edward Snowden has abandoned his effort to seek asylum in Russia after President Vladimir Putin warned that he would have to stop leaking information about U.S. surveillance programs if he wanted to stay, a Russian official said Tuesday
Prosecutors: Al-Qaeda Studied WikiLeaks Records(Washington Post) Al-Qaeda leaders reveled in WikiLeaks' publication of reams of classified U.S. documents, urging members to study them before devising ways to attack the United States, according to evidence presented by the prosecution Monday in the court-martial of an Army private who leaked the material
N.Y. Webmaster Arrested for Cyber Attack on Former Employer(eSecurity Planet) Google, Verizon and Optimum Online provided customer data in support of the FBI's investigation. Christopher Gardner, a British citizen living in New York, was recently arrested by the FBI and charged with breaching his former employer, the newspaper publisher Dan's Papers, and disabling the company's Web site
Anonymous Hacker Dr. Evil caught and charged(Cyberwarzone) Michael Mancil Brown, who allegedly called himself "Dr. Evil" on the internet, has been charged with six counts of extortion and six counts of wire fraud for attempting to extract $1 million in Bitcoins from Mitt Romney
Facebook abuse tops cyber crime chart in Indian Punjab(Hack Read) In the state of Punjab, India, 170 cyber-crime complaints have been made in total and the state has topped the chart of such crimes. The latest complaint was made by a local resident man who uses Facebook and the compliant was his son and wife is threatening him through this online platform. The platform has been believed to be medium which helps people bringing closer, but it is turning out to be opposite
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
QUESTnet 2013 Conference(Gold Coast, Queensland, Australia, July 2 - 5, 2013) Queensland Education, Science and Technology Network (QUESTnet) is the Queensland regional component of the Australian Academic and Research Network (AARNet). The QUESTnet conference is an annual event...
Digital Forensics and Incident Response Summit(Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
cybergamut Technical Tuesday: Remote Digital Forensics(Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...
Remote Digital Forensics(Columbia, Maryland, Sioux Falls, July 16, 2013) Incident response, packaging, and mailing is a lengthy process averaging many days to get media into a forensics examiner workstation in Maryland. The current process primarily uses stand alone workstations.
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
EAGB Summer Quarterly Webinar(Webinar, July 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore:...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.