South Korea goes on cyber alert as hackers mark Korean War anniversary with attacks on government sites. Anonymous Africa continues to ride the governments of Zimbabwe and Swaziland. In the US, the city of Waterville, Maine, suffers as a target of opportunity for hacktivists pushing intervention in Syria.
Data breaches in Florida and Texas expose personal information of, respectively, aspiring teachers and Houston municipal employees.
The Independent claims to have a "suppressed" police report showing widespread criminal private-sector hacking of unusual scope and ferocity.
Facebook's "dossier" problems are analyzed. The social network also sees fresh exploitation of its Graph Search functionality to scrape openly posted phone numbers. Added to what Dumpmon researchers found freely available on Twitter, this amounts to dismal testimony to a general carelessness prevailing in social media.
Pushdo botnet variants show increasingly stealthy command-and-control communication. Carberp malware source code is now for sale on the black market for $50k.
China uses PRISM as a pretext to whack Cisco as a security risk. Cisco has been a target of retaliatory protectionism since the US expressed concerns about Huawei. Other US tech firms struggle from beneath PRISM-related odium.
Former DCI and NSA Director Hayden gives Russia Today an interesting overview of the entire PRISM affair.
The US Senate considers strengthening intelligence oversight. PRISM leaker/whistleblower Snowden (who told Chinese journalists he joined Booz Allen to expose US espionage) remains on the wing amid Sino-Russian-American squabbles over extradition. Fresh leaks are expected; the Australian government in particular shows signs of nervousness.
Today's issue includes events affecting Australia, Canada, China, Ecuador, European Union, Iran, Democratic People's Republic of Korea, Republic of Korea, Russia, South Africa, Swaziland, Syria, Turkey, United Kingdom, United States, and Zimbabwe..
Cyber Attacks, Threats, and Vulnerabilities
Cyber attack hits South Korea websites(BBC News) "The government can confirm a cyber attack by unidentified hackers that shut down several sites including the Blue House," the Science Ministry said in a statement, referring to the presidential office. The website for the office for Government Policy
Technical Problems, Not Cyberattacks Caused Iranian Oil Network Outage(SecurityWeek) Over the weekend, an Iranian government agency boasted that they'd successfully blocked a cyberattack that had targeted the networks of the Oil Ministry and the National Iranian Oil Company (NIOC). After the proclamation was made early Saturday, the head of IT at the NIOC, Ahmad Tavallaei, posted to the Iranian Oil Ministry's website that a technical problem - not a cyberattack - was the cause of network problems, which eventually led to a temporary shutdown
City of Waterville Police website hacked, server rooted by Group HP Hack(HackRead) Making his name in cyber world, NeT-DeViL from Group HP Hack has came up with another high profile hack. This time the official server of City of Waterville has been hacked and defaced yesterday against the role of UN, US, UK and Iran's role in Syrian crises. The sites were left with a deface page along with a message and a Youtube video, showing wounded Syrian children. The deface message was expressed in
EMI Music India Website Hacked & Defaced by Turk Hack Army(HackRead) On 14th June 2013, the xXM3HM3TXx hacker from Turk Hack Army had hacked and defaced the official website EMI Music India (www.emimusic.in), known as a giant of music industry in India and all over the world. The hacker left a deface page along with a message on the hacked EMI website and greetings to the whole crew, yet the reason for attacking the site was not mentioned anywhere
Payroll company error prompts security breach concern(Houston Chronicle) Technical issues encountered by the city of Houston's payroll contractor could have potentially exposed personal information for nearly 5,000 local government workers, including more than 1,000 in the Houston Police Department
Media phone–hacking? Tip of the iceberg, says leaked police report(The Register) Thought the NotW was bad…check out the lawyers, insurers. A suppressed report from "Britain's FBI" has revealed that the rich, insurance companies, law firms and telecoms companies hired private investigators to run unlawful hacking and blagging campaigns of the type that brought down Rupert Murdoch's News of the World, according to The Independent
Hacker Scrapes Thousands Of Public Phone Numbers Using Facebook Graph Search(TechCrunch) A hacker has exploited Facebook's graph search to collect a database of thousands of phone numbers and Facebook users. Both parties agree that all the information was left public by users (even if the users themselves may still not realize it). But Facebook issued him a cease and desist after the hacker continued to scrape data and argued with Facebook that the availability of the information
The race for resources(Internet Storm Center) A week ago one of our readers, Cedric, submitted a PHP web shell he found on a compromised server. PHP web shells are a pretty common thing – once attackers identify a vulnerability that allows them to upload such a PHP file (which is usually a RFI, Remote File Inclusion, vulnerability), they install it to make further activities easier. PHP web shells have gone a long way and are today very powerful. The attacker can use a PHP web shell to navigate through directories, upload and download files and do much, much more
Scam Sites Now Selling Instagram Followers(TrendLabs Security Intelligence Blog) Another scam site is offering to increase a user's Instagram followers. Unlike previous attacks, however, these sites require payment – with the amount depending on the number of followers you prefer
Latest Pushdo Variants Challenge Antimalware Solution(TrendLabs Security Intelligence Blog) Command-and-control (C&C) server communication is essential for botnet creators to control zombie computers (or bots). To hide this from security researchers, they often use rootkits and other "tricks". However, hiding the network traffic - specifically from monitoring outside an infected computer - is not an easy task, but is something that the botnet creators have improved through the years
Apple Phishing Scams on the Rise(Threatpost) Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information
Top five data breaches in 2013…so far(SC Magazine) Midway through 2013 we've sorted through the endless breaches that have already taken place, and have decided on what we believe are the top incidents in 2013 thus far. Don't forget to check out our "breaches" section for more information on the topic
Nearly 200,000 new malware samples appear daily(Help Net Security) Most companies greatly underestimate the number of new malicious programs appearing daily, and only six per cent recognize the true scale of the threat, according to B2B International and Kaspersky
Senate Spotlights Companies Working With Secret Data(Corporate Counsel) Following some high-profile leaks of classified data, the spotlight was shining last week on corporations hired to do secret intelligence work for the federal government. The scrutiny came from congressional hearings as well as from a new report on political contributions by private contractors
Expect security clearance delays(Air Force Times) Over the last decade, the government has fought tooth and nail -- largely successfully -- to speed up the security clearance process and encourage intelligence agencies to share more information with one another. But as Washington reels from the recent
Skype ditched peer-to-peer supernodes for scalability, not surveillance(ZDNet) Before Microsoft acquired Skype in 2011, the voice calling service was already ditching its "near impossible to wiretap" peer-to-peer model in favor of the cloud. Skype's principal architect explained in an email on Sunday why the company redesigned its backend infrastructure, which many have claimed made it easier for governments to wiretap calls
NSA Prism Spying Scandal: Tech Companies Struggle to Open Up(Bloomberg BusinessWeek) The phone calls began late in the morning, Silicon Valley time, on June 6. Representatives of nine leading U.S. technology companies received a flurry of calls and e-mails from reporters at the Guardian and the Washington Post, asking them to comment on explosive stories they would soon publish. Their reports, based on government documents leaked by former National Security Agency contractor Edward Snowden, alleged that the country's leading Internet firms were giving the NSA and the Federal Bureau of Investigation "direct access" to their servers and thus to the e-mails, photos, and other private information of hundreds of millions of users around the world. The papers gave the companies roughly two hours to respond, according to spokespeople for four of the businesses
Soltera to support SPAWAR info operations(UPI) Sotera Defense Solutions Inc. provides systems, solutions and services in support of the U.S. intelligence community, Department of Defense, Department of Homeland Security and federal law enforcement agencies. Recommended Stories. U.S. seeks to buy
Napatech, Procera to showcase 80 Gbps DPI at Cisco Live 2013(Telecompaper) Intelligent network adapter vendor, Napatech and global network intelligence company, Procera Networks have announced the companies will demonstrate an 80 Gbps Deep Packet Inspection (DPI) offering at Cisco Live 2013 in Orlando, Florida
Major part of DCGS now open source(FierceGovIT) A recently created military software open source foundation received its first major chunk of code when Lockheed Martin donated in May middleware software used in the Distributed Common Ground System, a military data analysis tool the subject of mounting controversy
Google Mine Wants To Track Your Stuff(InformationWeek) Google reportedly is testing Google Mine, a Google+ offshoot that lets you share info about your real-world objects. Sounds more like a gold mine for Google
US-CERT Warns Of Default Password Risks(Dark Reading) Change default passwords to strong ones, use stronger authentication methods before putting network-connected system online, US-CERT recommends
DDoS attacks: What they are and how to protect yourself(Help Net Security) Ameen Pishdadi is the CTO at GigeNET. In this interview he discusses the various types of DDoS attacks, tells us who is at risk, tackles information gathering during attacks, lays out the lessons that
Creating a DDoS Mitigation Strategy(BankInfoSecurity.com) Creating a DDoS Mitigation Strategy. Listen To This Interview. In defending against distributed-denial-of-service attacks, enterprises must comprehend the motives of the cyber-assailant, Booz Allen Hamilton's Sedar Labarre says. "[Organizations] need
Connecting the Dots, Missing the Story(Slate) With Big Data, the government doesn't need to know the "why" behind anything. Could Big Data have prevented 9/11? Perhaps--Dick Cheney, for one, seems to think so. But let's consider another, far more provocative question: What if 9/11 happened today, in the era of Big Data, making it all but inevitable that all the 19 hijackers had extensive digital histories
CIA Unveils Redesigned Public Website(Central Intelligence Agency) The Central Intelligence Agency (CIA) today introduced a major redesign of its public website…to make it more accessible to users. The revamped website includes a wealth of new and updated information along with innovative features. As Director John O. Brennan noted, "The new and improved website reflects CIA's strong commitment to educating and informing the American people about the Agency's history, mission, and organization. I encourage the public to explore the website and learn more about an American institution dedicated to protecting our country's security"
Big Data Needs Creative Types, Too(InformationWeek) Teradata technologist sees a growing need for both left-brain and right-brain types in data-driven enterprises. We hear a lot about the shortage of data scientists, those hard-to-find professionals trained to analyze massive data sets, gain insights from them, and communicate that information to an organization's management team. These data gurus must be well-versed in multiple technical and business disciplines, including analytics, computer science, math, modeling and statistics. Oh, and people skills are good to have, too
Security Needs More Designers, Not Architects(Dark Reading) The better we design the user experience, the more we reduce our risk. A few years ago I somewhat egotistically wrote Mogull's Law in a blog post. It states, "The rate of user compliance with a security control is directly proportional to the pain of the control vs. the pain of noncompliance." A shorter version of saying this is, "Computer users will take the path of least resistance"
Medical ontology helps automate image-retrieval system(FierceHealthIT) How do you train a computer to effectively retrieve medical images? Researchers at Case Western Reserve University in Cleveland, Ohio claim some success as part of an effort to build a large-scale medical image retrieval system for consumers
Canadian academic urges greater digital diplomacy on Ottawa(FierceGovernmentIT) A Canadian academic is lamenting his country's lack of social presence in diplomacy, arguing in a paper that lack of Canadian diplomatic presence on social media channels such as Facebook and Twitter will condemn the country to "progressively fade in international affairs"
G8 governments sign Open Data Charter(FierceGovIT) During its summit in Northern Ireland, the G8 issued a declaration and signed an Open Data Charter on June 18, stating their intent to promote machine readable and publicly-available government data
CHIME, others want feds to take their time with health IT regulation(FierceHealthIT) The College of Healthcare Information Management Executives, the American Medical Informatics Association and a bevy of other healthcare information technology stakeholders want the federal government to tread carefully in its efforts to regulate the industry
Canada's long-delayed spam laws risk being quietly shelved(Naked Security) Anti-spam legislation in Canada should have been in force several years ago but it's unlikely that the laws will have any teeth for several more years, and they may even fall by the wayside. So Canadians, unless you want to be the weak link, pester your politicians to pull their collective fingers
NSA instigates security measures to hamper future whistleblowers(ZDNet) Former NSA contractor Edward J. Snowden, currently on the run, has set a precedent which may hamper future whistleblowers in the United States. Once the now-fugitive leaked details about surveillance on American citizens to the media, Snowden went on the run -- moving from Hong Kong to Russia over the weekend -- and is expected to attempt to reach Cuba. The U.S. government has revoked his passport and warned other countries not to help the former contractor on his international travels, predictably using political weight to try and bring the whistleblower to heel and back on American soil
Cheney : Lawmakers favored secrecy on surveillance(Boston Herald) Cheney said he was directly involved in setting up the program, run by the National Security Agency, or NSA, in the weeks after the 9/11 attacks. He said it has had "phenomenal results" in preventing terrorist attacks. Cheney did not specify which
Bill Seeks Limits On Call Data Collection(Washington Post) The chairman of the Senate Judiciary Committee on Monday renewed long-frustrated efforts to expand congressional oversight of government surveillance programs following disclosures about the intelligence community's collection of phone and Internet records
U.S. Senators to NSA: That FISA fact sheet isn't totally factual(Venture Beat) The National Security Agency is "misleading" those who read its FISA fact sheet, explaining what intelligence the NSA can collect and how it handles Americans' data, according to Senators Ron Wyden and Mark Udall. The two wrote a letter to NSA chief General Keith Alexander urging the agency to correct the "inaccuracy"
2013 Joint Strategic Plan on Intellectual Property Enforcement(White House) As President Obama has made clear, "[o]ur single greatest asset is the innovation and the ingenuity and creativity of the American people. It is essential to our prosperity and it will only become more so in this century." So it matters that we have the right approach to intellectual property enforcement; one that is forceful yet thoughtful, dedicated and effective, and that makes good and efficient use of our resources
Litigation, Investigation, and Law Enforcement
China, Russia Extradition Row Is Pure Realpolitik(Wall Street Journal) In any big game, it's important to always know the score. And now, in light of how China and Russia are handling the Edward Snowden affair, President Barack Obama knows this: There will be no personal favors in these relationships, only coldblooded calculations
The Age Of American Impotence(Wall Street Journal) Funny how Mr. Putin always seems to discover his inner civil libertarian when it's an opportunity to humiliate the United States
Whistle-Blow A Happy Tune (San Francisco Chronicle) Snowden is smart enough to have amassed huge amounts of U.S. intelligence but dumb enough to run to Hong Kong - then Moscow - to out himself as a whistle-blower. As of my deadline, his final destination is unclear. He's smart enough to have won a top-security clearance from a government dumb enough to give it to him
Portrait In Respect(Wall Street Journal) The Obama Administration wants the world to know that it cares very deeply about bringing self-admitted national-security leaker Edward Snowden back to the U.S. to stand trial. If only the world seemed to care as much about what the U.S. thinks
U.S. Is Worried About Security Of Documents Snowden Has(Washington Post) The ability of contractor-turned-fugitive Edward Snowden to evade arrest is raising new concerns among U.S. officials about the security of top-secret documents he is believed to have in his possession - and about the possibility that he could willingly share them with those who assist his escape
Hong Kong: Shadowy Envoy Encouraged Fugitive To Leave(Washington Post) The message was blunt and was delivered Friday night by a shadowy emissary who didn't identify himself but knew enough to locate Edward Snowden's secret caretaker: The 30-year-old American accused of leaking some of his country's most sensitive secrets should leave Hong Kong, the messenger said, and if he decided to depart the authorities would not interfere with his travel plans
Leaker's Flight Raises Tension Between U.S. And 3 Nations(New York Times) Frustrated Obama administration officials pressed Russia on Monday to turn over Edward J. Snowden, the national security contractor who disclosed surveillance programs, while warning China of consequences for letting him flee to Moscow
Snowden in Moscow: An Unexpected Windfall for Russian Spies(AFP via SecurityWeek) Former US intelligence contractor Edward Snowden's stop in Moscow is an unexpected windfall for the Russian secret services even if it risks worsening the already strained relations between the Kremlin and Washington
China and U.S. war over Snowden(Cyberwarzone) China rebuked the United States on Tuesday for accusing it of facilitating the flight of fugitive U.S. spy agency contractor Edward Snowden, and said suggestions that it had done so were "baseless and unacceptable"
U.S. Said to Explore Possible China Role in Snowden Leaks(Bloomberg) U.S. intelligence agencies are investigating whether Edward Snowden's leaks may be a Chinese intelligence operation or whether China might have used his concerns about U.S. surveillance practices to exploit him, according to four American officials
China Outsmarted US in Snowden Chess Game: Experts(Cyberwarzone) China interceded to allow Edward Snowden's dramatic flight from Hong Kong, calculating that infuriating the United States for now was necessary to prevent deeper corrosion to their relationship, analysts and media said Monday
What the PRISM Stories Tell Us About the Press(Volokh Conspiracy) If you don't share my fascination with the journalistic ethics of the Snowden reporters, you can skip this long piece. But both of the protagonists have now defended themselves, so I'm posting their messages, with commentary
Obama Has Charged More Under Espionage Act Than All Other Presidents Combined(Slate) The U.S. government charged former National Security Agency contractor Edward Snowden with three felonies, including two under the Espionage Act. He now becomes the eighth person to be charged under the Espionage Act under Obama, according to Firedoglake. That is more than double all previous presidents combined. Prior to Obama's administration only three people who leaked information had been charged under the 1917 statute that was never really intended for leakers. The arguments that Obama uses now to use that statute to go after those who reveal information were first brought up by Ronald Reagan's administration when it went after a Navy civilian analyst who leaked photographs to a British military magazine. But now the practice has become widespread
Did Edward Snowden Hand Over His Laptops to the Guardian or Another Media Outlet?(Slate) In a conference call with reporters on Monday, WikiLeaks founder Julian Assange stayed mostly quiet about Edward Snowden's travel plans. But while Assange refused to comment on Snowden's whereabouts ("he is in a safe place and his spirits are high"), he still managed to make news by implying that the NSA leaker may have turned over the four laptops he left Hawaii with to one or more media outlets. According to the Guardian, those laptops may contain access to "some of the US government's most highly-classified secrets"
South Africa government Knew British Agents were spying(Cyberwarzone) South Africa was well aware British agents were spying on foreign delegates during the 2009 G20 summit, but chose to deal with the matter privately to avoid being embarrassed, reports the Mail & Guardian (M&G)
Snowden on the run, leaks continue unabated(Help Net Security) The chase is on for whistleblower Edward Snowden and the U.S. government. After legally leaving Hong Kong for Moscow, and despite having his U.S. passport revoked, the former NSA sysadmin and analyst
Snowden leaks may embarrass Canberra(Brisbane Times) Australian officials said it was still unclear precisely what information Mr Snowden may have taken from the National Security Agency and his former employer, defence and intelligence consulting firm Booz Allen Hamilton. Despite this officials said
Contractor who cleared Snowden's background check under investigation, OPM IG says(FierceGovernment) The contractor the Office of Personnel Management uses to conduct security clearance checks may have committeed contract fraud, OPM Inspector General Patrick McFarland said in a June 20 Senate Homeland Security and Governmental Affairs subcommittee on efficiency and effectiveness of federal programs and the federal workforce hearing
Kim Case A Hard Nut To Crack(Washington Post) The seeds of a great mystery story hang over the case of Stephen Jin-Woo Kim, who has pleaded not guilty to charges that he leaked highly classified information about North Korea to Fox News reporter James Rosen four years ago
Google gets 35 days to wipe its WiSpy data(Naked Security) The UK's Information Commissioner's Office (ICO) is, once again, rattling its stick at Google, demanding that it delete the Street View car data that it's already told the company to delete - twice
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
Digital Forensics and Incident Response Summit(Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
cybergamut Technical Tuesday: Remote Digital Forensics(Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.