#opPetrol appears to have kicked off—Trend Micro reports "anomalous malicious activity"—but whether it will rise to, let alone beyond, the level of annoyance remains to be seen. Hack Read has extracted Anonymous' target list from PasteBin.
Elsewhere, China's NetTraveler (which has been using PRISM—more on which in a moment—as phishbait) surfaces in Kazakhstan.
LinkedIn suffered DNS problems late yesterday, with user data potentially compromised. Initially regarded as an attack, the episode now seems a probable case of human error.
Adobe's recent decision to move Creative Suite to a cloud-based subscription model has been rewarded with its first hack. German researchers find it's relatively easy to crack iOS mobile hotspot passwords, and AOL Auto frightens drivers with tales of terrorists' abilities to hack cars (but these vulnerabilities seem more matters of a priori possibility than imminent risk).
Poor USB security controls may expose 6M Medicare recipients' personal data.
The PRISM affair continues to develop not wholly to America's advantage. US tech companies face widespread international skepticism about security and privacy. Google is particularly concerned, facing regulatory pressure in Europe that antedates PRISM. PRISM isn't helping, and Google goes to the legal mat for more FISA transparency. Amazon, not named in leaked PRISM documents, promises a legal fight over future surveillance orders. Companies offering privacy-enhancing products appear the only winners in the matter.
US President Obama and his Attorney General receive a starchy reception over PRISM in their overseas trip, from German Chancellor Merkel and various EU officials.
Today's issue includes events affecting Bahrain, China, European Union, France, Germany, India, Israel, Japan, Kazakhstan, Kuwait, Oman, Saudi Arabia, South Africa, Tunisia, United Arab Emirates, United States..
Cyber Attacks, Threats, and Vulnerabilities
Trend Micro press release Over #OpPetrol Attacks(Cyberwarzone) Leading global security company Trend Micro Incorporated (TYO:4704) has documented anomalous malicious activity that indicates the hacktivist group Anonymous has launched its attacks on the oil industry
Anonymous' #OpPetrol: Leading into June 20(TrendLabs Security Intelligence Blog) Although an estimated 1,000 websites, 35,000 email credentials, and over 100,000 Facebook accounts have been claimed as compromised since the announcement of #OpPetrol last month, attacker participation and the overall sophistication of the attacks leading into June 20 appears to be limited. These defacements and disclosures are consistent with what has been seen in recent operations, where the attacks did not seem to get much traction
Anonymous #opPetrol target list has been released(Cyberwarzone) Just a few more hours and #opPetrol will be initiated by Anonymous spirits all around the world. It was unclear which companies were going to be attacked but one of the sources that will attack the companies in #opPetrol has shared a #opPetrol target list with Cyberwarzone
São Paulo's Americana municipality Websites Hacked against police brutality on protesters(Hack Read) A group of Brazilian hackers from HighTech Brazil HackTeam has hacked and defaced the official website of Americana municipality of São Paulo, Brazil along with 10 of its sub-domains against the police brutality on people protesting against increase of bus fares. The sites were hacked yesterday and left with a deface page, a Youtube video along with a message in Portuguese language
#OpIsrael: 87 Israeli Websites Hacked by CapoO_TunisiAnoO(Hack Read) CapoO_TunisiAnoO hacker from Tunisia who doesn't require any introduction has hacked and defaced 87 Israeli websites three days ago. As usual all 87 sites were left with a deface page along with a note and a YouTube video, warning Israel to stop the Palestinian occupation or else get ready for another #OpIsrael. However, according to the deface message: Hacked by CapoO_TunisiAnoO, OpIsrael -STORM ATTACK V
Kazakhstan suffers cyber attack(Transitions Online) Kazakh citizens are under cyber attack. The attack in question is delivered through phishing emails, and is thought to be driven by an advanced persistent threat (APT) organisation, via software called NetTraveler. The virus 'steals sensitive data from
Chinese hackers referencing PRISM to lure e-mail victims(Cyberwarzone) A cyber security professional named Brandon Dixon recently discovered an e-mail scam, apparently sent by the same group responsible for the "NetTraveler" attacks sourced to Chinese hackers, with an ingeniously newsy hook
Data fears after telco cyber hit(Hong Kong Standard) An overseas cyber attack on telco ComNet Phone may have compromised the personal information of its 2,500 customers. ComNet Phone provides online calls and IDD services. Its website could not be accessed last night as it was "under maintenance"
LinkedIn Outage Tied to DNS Issue(Threatpost) A site outage and redirection on LinkedIn's site Wednesday night blamed on a DNS problem has security experts and users worried that the networking site's DNS records may have been compromised, along with those of several other sites. But it appears the issue may have been caused by a simple mistake
Linkedin DNS Hijack(Internet Storm Center) LinkedIn had its DNS "hijacked". There are no details right now, but often this is the result of an attacker compromissing the account used to manage DNS servers.But so far, no details are available so this could be just a simple misconfiguration
Adobe's subscription-only Photoshop Creative Cloud already hacked(VentureBeat) While not specifically stated, I felt like one of the driving points behind Adobe's decision to transform its Creative Suite software bundle into a subscription-based online service (Creative Cloud) was an intention to curb the large number of people who would pirate apps like Photoshop, Illustrator, and InDesign
65+ websites compromised to deliver malvertising(Help Net Security) At least 65 different sites serving ads that ultimately led to malware have been spotted by Zscaler researchers. The massive malvertising campaign started with injected code into the ads served on
Toyota websites victim of cyberattacks(Cyberwarzone) Toyota Motor Corp. said on Wednesday June 19th. 2013, that some of its Japanese website content had been tampered with through a cyberattack that could have exposed visitors to a malicious program
Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots(Friedrich-Alexander-Universität Erlangen-Nürnberg) Passwords have to be secure and usable at the same time, a trade-off that is long known. There are many approaches to avoid this trade-off, e.g., to advice users on generating strong passwords and to reject user passwords that are weak. The same usability/security trade-off arises in scenarios where passwords are generated by machines but exchanged by humans, as is the case in pre-shared key (PSK) authentication. We investigate this trade-off by analyzing the PSK authentication method used by Apple iOS to set up a secure WPA2 connection when using an iPhone as a Wi-Fi mobile hotspot. We show that Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake
Poor USB security puts info for 6 million Medicare beneficiaries at risk(FierceHealthIT) A Medicare contractor's failure to adequately implement security controls over USB devices put sensitive information for more than six million Medicare beneficiaries at risk, according to a report published this month by the U.S. Department of Health & Human Services Office of Inspector General
Cyber attack readiness urged(Gulf Daily News) Very few Bahrain companies are equipped to deal with 'incidents' arising out of cyber attacks, an expert has warned. According to Protiviti Bahrain IT consulting head and director K Kalyanaraman, with the rise of cyber threats in the Middle
Why We Should Wash Our Hands of "Cyber-Hygiene"(Slate) Hygiene isn't the right metaphor for cybersecurity. Apparently the Internet is a very dirty thing--one that requires you to wash up after using it. At least that's the attitude of people calling for "cyber-hygiene." For example, Ben Hammersley, the editor at large of Wired UK, recently wrote in the Guardian
PRISM paranoia is officially Google's worst nightmare(VentureBeat) Reports of widespread government surveillance aren't a problem for just you- they're a nightmare for Google as well. Since the initial PRISM reports dropped earlier this month, Google and other tech companies have struggled to distance themselves from the
PRISM scandal highlights need for B2B marketers to address customer privacy(FierceCMO) The PRISM spying scandal has brought the privacy debate to the forefront for Americans as it shines a spotlight on the data collection practices of several big companies. It has been brought to America's attention that Google, along with Facebook, Apple, Microsoft and others, collects billions of pieces of consumer information--mainly for marketing and advertising purposes. And it has now been unveiled that the information gathered may end up in the hands of "Big Government."
Snowden's Employer Has Philanthropic Ties and Espionage Roots(The Nonprofit Quarterly) Writing for CorpWatch, Pratap Chatterjee raises a very different issue: the roles and agendas of military and intelligence contractors like Booz Allen Hamilton, which he says collectively account for 70 percent of the $52 billion U.S. intelligence
Facebook's Former Security Chief Now Works for the NSA(The Atlantic Wire) About a year after Facebook reportedly joined PRISM, Max Kelly, the social network's chief security officer left for a job at the National Security Agency, either a curious career move or one that makes complete sense. The Chief Security Officer at a tech company is primarily concerned with keeping its information inside the company. Now working for an agency that tries to gather as much information as it can, Kelly's new job is sort of a complete reversal
GAO bid protest on CIA cloud hinges greatly on solicitation ambiguity(FierceGovIT) The Government Accountability Office's protest decision directing the CIA to reopen a competition for a private cloud infrastructure after awarding a contract worth up to $600 million over 4 years with options for up to 5 more years hinges in great measure on ambiguity within the initial solicitation
Invertix, Near Infinity Complete Merger(GovConWire) Technology firms Invertix and Near Infinity have merged to become Altamira Technologies Corporation, led by President and CEO Art Hurtado. Hurtado said Tuesday that the rebranded company will "seek to deepen and align our core capabilities around emerging requirements in big data, cyber, analytics and mobility" for customers in spaces including national security and intelligence
Icahn makes a new proposal for Dell(FierceFinance) Carl Icahn appears to be on the defensive in the Dell buyout sweepstakes. None of his proposals so far have generated a lot of traction, prompting him to go public with yet another concept. In his latest effort to offer more shareholder value than Michael Dell's offer, he proposed that the company buy 1.1 billion shares of Dell at $14 each
In-Q-Tel Bets On 3 Hot Technologies(InformationWeek) In-Q-Tel, the investment arm of the U.S. intelligence community, has signed new technology development agreements with three companies that are producing leading-edge capabilities in the areas of artificial intelligence, flash storage technology and portable solar-generated power supplies
Palantir Now Fighting Human Traffickers, Instead of the U.S. Army(Foregin Policy) The sharp-elbowed, ultra-connected data mining firm Palantir may be best known around Washington these days for its war with Army over its intelligence software. But the company is also making inroads in Foggy Bottom, where it's using its terror-hunting tech to help State Department fight human traffickers. And it's getting assists from unlikely allies like Google and LexisNexis
One on one with Gabriel Weinberg, CEO at DuckDuckGo(FierceContentManagement) DuckDuckGo is a search engine with a twist. It pledges not to track your information, while providing some interesting search features. We interviewed DuckDuckGo CEO and founder Gabriel Weinberg, and we asked him about the search engine's privacy policies and its growing popularity
Mark Schultz to Become SAIC EVP, General Counsel(GovConWire) Mark Schultz, a former chief legal and risk officer and corporate secretary at MWH Global, has joined Science Applications International Corp. (NYSE: SAI) as general counsel for its technical services and information technology segment
General Dynamics IT group appoints SVP of intelligence group(Washington Business Journal) He previously served as vice president and general manager of General Dynamics Information Technology's National Intelligence sector, providing IT solutions and mission support to the intelligence market, while also managing internal operations
Tool for IT challenges and legal requests(Help Net Security) Kroll Ontrack announced Ontrack PowerControls 7.0. Complete with Microsoft Exchange Server 2013 and Microsoft SharePoint Server 2013 support as well as new functionality for preserving and exporting
Ultra–fast online backup from GFI Software(Help Net Security) GFI Software announced GFI MAX Backup, a service that enables all MSPs to add secure data backup to the services they can offer customers at a time when demand for secure online backup continues to rise
Apple comes up short on enterprise mobility management, says 151 Advisors(FierceMobileIT) At its developers' conference held last week, Apple failed to address enterprise mobility management concerns by not offering functionality that could help IT departments manage and secure their fleets of iPhones and iPads, judged Bill Rom, managing partner at consulting firm 151 Advisors
Bitdefender Tops AV-Test Latest Android Security Review(PC Magazine) Earlier this week, AV-Test released the latest results in its continuing look at Android security. Only three apps failed to get certified, and the average detection rate of all the apps jumped up to 96 percent. Despite the close competition
NSA spinoff Sqrrl debuts commercially with tech to set big data free(BizJournals) Cambridge startup Sqrrl on Wednesday announced the full commercial debut of its database software for powering big-data applications. Founded last year, Sqrrl offers an enterprise version of Apache Accumulo, which lets businesses apply controls to sensitive pieces of data so that the rest of the data doesn't have to be locked up
Technologies, Techniques, and Standards
9 reasons your sys admin hates you(IT World) Sys admins are the lifelines between your keyboard and productivity, so the last thing you want to do is get on their bad side. By avoiding these 9 faux pas, you can help keep your sys admin happy and your systems humming along
Cryptography and the Message for Liberty(Daily Reckoning) But we do have it, thanks to a series of simultaneous discoveries of the logic of public-key cryptography in the 1970s. (From Wikipedia, I'm amazed to learn that William Stanley Jevons, economist of the late 19th-century marginal revolution in
Inside Out vs. Outside In(Kaspersky Blog) When we think of information security, we tend to think of external hackers and cyber-criminals fighting their way inside an organisation's network to steal its information. Clearswift commissioned some research that takes a holistic view of information security incidents and found that 83% of organisations surveyed said they had experienced a security breach in the last 12 months. However, contrary to where the security spend is focused, 58% of all incidents originated from inside the organization rather than from shadowy, malevolent outsiders - the culprits being employees, ex-employees and trusted partners: people like you and me
Beware Of HTML5 Development Risks(Dark Reading) Local storage, native resource rights, and third-party code all add greater functionality and higher risk to HTML5 applications. As HTML5 continues to experience a groundswell of acceptance within the developer community, organizations must think seriously about how key changes in this latest standard will require them to shift their application security paradigms for Web and mobile apps. Designed to help developers more closely mimic native application through browser-based apps, HTML5 includes a number of useful features that pose as double-edged swords from a security perspective
Security ROI: 5 Practices Analyzed(InformationWeek) Traditionally, enterprise data security has relied on a "fortress defense" approach: keep all assets within a corporate castle and build towering walls to keep out the enemy. However, with an evolving threat landscape that includes targeted attacks, social engineering and spear phishing, the model leaves plenty of vulnerable attack points
PRISM: A Security Big Data Success Story(TripWire) If we put aside policy and politics around the PRISM news, this is actually a story of a successful application of a "Big Data" approach to security analytics
Research and Development
Computing: The quantum company(Nature) D-Wave is pioneering a novel way of making quantum computers -- but it is also courting controversy. "I've been doing combative stuff since I was born," says Geordie Rose, leaning back in a chair in his small, windowless office in Burnaby, Canada, as he describes how he has spent most of his life making things difficult for himself. Until his early 20s, that meant an obsession with wrestling -- the sport that, he claims, provides the least reward for the most work. More recently, says Rose, now 41, "that's been D-Wave in a nutshell: an unbearable amount of pain and very little recognition"
Legislation, Policy, and Regulation
The effect of PRISM on Europe's General Data Protection Regulation(Infosecurity Magazine) PRISM is the US surveillance program that allows the NSA to gain access to the accounts of major US cloud services providers, including the accounts of non-US citizens. The GDPR is the proposed data protection law for the EU. The two are, on the surface, incompatible
Gov't surveillance & the loss of trust(New York Post) Amid all the heated cross-currents of debate about the National Security Agency's massive surveillance program, there is a growing distrust of the Obama administration that makes weighing the costs and benefits of the NSA program itself hard to assess
NSA Checks, Balances Out Of Whack(Miami Herald) Disclosures about National Security Agency cyber-spying on millions of Americans vividly illustrate how the federal governments check-and-balance system is out of balance
NSA Tests IT Access Control Restrictions(InformationWeek) Could two-person access requirements and better automation prevent future leaks? The National Security Agency (NSA) is studying new information security policies and technology to help the agency prevent future leaks
What Prism Knows: 8 Metadata Facts(InformationWeek) Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques. One of the biggest worries triggered by Edward Snowden's National Security Agency (NSA) leaks concerns the scale of data being collected by the intelligence agency
Intelligence community defends surveillance programs(FierceGovIT) Intelligence community and Justice Department officials took to a rare open hearing of the House Intelligence Committee to defend surveillance programs, with National Security Agency head Gen. Keith Alexander stating that intercepted information has helped prevent more than 50 potential terrorist attacks across the globe since Sept. 11, 2001
IG: DHS Needs Cybersecurity Strategic Plan(GovInfoSecurity) The Department of Homeland Security lacks a strategic plan for implementing long-term goals to help agencies comply with the Federal Information Security Management Act, according to the department's inspector general
Equip forces with cyber warfare tools(Cyberwarzone) Noting that cyber attacks could cause destruction on an unprecedented scale, former President A P J Abdul Kalam on Thursday stressed on the need to equip future officers of armed forces to envisage and combat technology-driven warfare
Litigation, Investigation, and Law Enforcement
Rand Paul: James Clapper was lying(CNN) President Barack Obama's director of national intelligence was flat-out lying when he told lawmakers in March the government wasn't collecting data on millions of Americans, Sen. Rand Paul asserted Tuesday
Greenwald: NSA chief 'misleading'(Politico) Guardian reporter Glenn Greenwald disputed National Security Agency Director Keith Alexander's statement that the NSA's surveillance programs have stopped more than 50 terrorist plots, calling his comment "misleading." "It's not that they're lying
2 Senators: Phone Data Didn't Help Fight Terror(Washington Post) The National Security Agency's massive collection of Americans' phone records has "played little or no role" in the disruption of dozens of terrorist plots, contrary to Obama administration assertions, said two U.S. senators who have access to classified information
Merkel Challenges Obama on Surveillance(New York Times) Challenged personally by Chancellor Angela Merkel of Germany about American intelligence programs that monitor foreigners' communications without individualized court orders, President Obama said Wednesday that German terrorist threats
Obama Says Surveillance Helped In Case In Germany(New York Times) Pressed personally by Chancellor Angela Merkel of Germany about the United States surveillance of foreigners phone and e-mail traffic, President Obama said Wednesday that terrorist threats in her country were among those foiled by such intelligence operations worldwide a contention that Ms. Merkel seemed to confirm
Hiding behind judicial robes in the battle over national security(Fox News) In the most unlikely of outcomes, everyone's favorite crutch in the controversy over the National Security Agency's eavesdropping programs has become the Foreign Intelligence Surveillance Court (FISC). Sitting in a steel vault at the top of the Justice
Privacy officials from six nations want answers about Google Glass(Naked Security) The privacy officials of six countries and the European Commission have a host of questions about Google Glass, wouldn't mind getting their hands on the devices, and are wondering why, exactly, Google hasn't rung most of them up to hash out the privacy issues
Why Is Google Pushing Back So Hard Against the Feds?(Slashdot) Google has asked the Foreign Intelligence Surveillance Court, the federal court that oversees surveillance warrants, to loosen its gag order on how often the federal government requests user data from tech companies
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris(Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
Digital Forensics and Incident Response Summit(Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
cybergamut Technical Tuesday: Remote Digital Forensics(Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.