skip navigation

More signal. Less noise.

Daily briefing.

The US General Services Administration (GSA) discloses that its System for Award Management (SAM) may have exposed vendor information (including personally identifying information). The problem was reported on March 8 and fixed on March 10. In somewhat more welcome news from the US Government, NIST reports the National Vulnerability Database is back online.

Various hacktivist groups cyber-riot across Asia and North Africa. The Syrian Electronic Army hacks Human Rights Watch; the Syrian Cyber Eagles deface the official Saudi tourism site. Anonymous promises to "erase Israel from the Internet." Algerian Anonymous hits international targets of opportunity for disinterestedly anarchistic reasons. The Philippines National Telecommunications Commission is breached, and Malaysian authorities sensibly put "patriotic hackers" on notice that cyber-rioting is a crime, whatever its motivation.

Norwegian telco Telenor discloses that it's been the victim of a "sophisticated cyber espionage campaign."

China's new premier denounces US accusations of cyber war. Chinese Internet censorship may be tightening, and official media begin a propaganda campaign against Western businesses (Apple prominent among them). This early-stage trade war so far amounts to media bad-mouthing and official slow-rolling of business opportunities.

Huawei's USB modems and update server are said to be vulnerable (the server is called a "massive malware vector"). Ramnit malware is back and more evasive. A new version of the Zeus Trojan hits the black market. Security blogger Brian Krebs undergoes a cyber attack and spoofed-911 SWAT.

Internet Governance suggests a demand-side restraint on the malware black market. A US Federal Court halts National Security Letters.


Today's issue includes events affecting Algeria, Australia, Austria, Canada, China, India, Iran, Israel, Republic of Korea, People's Democratic Republic of Korea, Malaysia, Mexico, Norway, Philippines, Russia, Saudi Arabia, Syria, Taiwan, United Kingdom, United States..

ITSEF 2013 begins tomorrow afternoon, and the CyberWire will publish a special preview edition in the morning.

Cyber Attacks, Threats, and Vulnerabilities

Cyber vulnerability in GSA's SAM portal exposes vendors' data (Federal News Radio) The General Services Administration's System for Award Management potentially exposed users' information, including some Social Security numbers and bank-account information, to the public because of a cybersecurity vulnerability. In an email to SAM users obtained by Federal News Radio, GSA's Amanda Fredriksen, the acting assistant commissioner for the Integrated Award Environment, told vendors the agency applied a software patch as soon as GSA discovered the problem. The agency stated on its Integrated Acquisition Environment (IAE) website that the vulnerability was reported on March 8 and fixed on March 10

National Vulnerability Database Recovers Following Website Hack (CRN) The National Vulnerability Database has been brought back online following an extended outage prompted by a successful infiltration of its website last week. The National Institute of Standards In Technology (NIST) followed standard protocol when it brought the site and related websites offline after detecting suspicious traffic attempting to communicate to remote servers. The agency found malware on two web servers, which was then traced to a software vulnerability, according to Gail Porter, director of the NIST public affairs office

Website and Twitter Accounts of Human Rights Watch Hacked by Syrian Electronic Army (Softpedia) Members of the Syrian Electronic Army have once again hijacked the website and social media accounts of an organization they accuse of spreading lies about the situation in Syria. On this occasion, the target is the Human Rights Watch (HRW), an independent organization that dedicates its efforts to defending human rights. According to the hackers, theyve targeted HRW after the organization published a story about Syria expanding the use of cluster munitions, a banned weapon

Syrian hacker group Defaced Saudi Commission for Tourism website (Cyberwarzone) Syrian Cyber Eagles breached the official website of the Saudi Commission for Tourism and Antiquities Report ehackingnews

Algerian Anonymous Operative Charaf Anons Takes Out 72 Government Web Sites (Security-FAQs) haraf Anons, of the hacker group Anonymous Algeria, has taken down some 72 web sites today. The majority of those sites 51 of them belong to the Chinese government. The remainder are government web sites which belong to other nations such as Iran, South Korea, Taiwan and Mexico

'Erase Israel from the Internet': Anonymous plots massive cyber-attack (OpEdNews) These discussions are not moderated. We rely on users to police themselves, and flag inappropriate comments and behavior. In accordance with our Guidelines and Policies, we reserve the right to remove any post at any time for any reason, and will

Philippines National Telecommunications Commission Defaced by Anonymous Hackers (Softpedia) The official website of the Philippines National Telecommunications Commission (ntc. gov. ph) has been breached and defaced by hackers of PrivateX and Anonymous Philippines. Currently, the site is restored, but according to The Hackers Post, the hacktivists published a message for the countrys president on the defacement page

Norwegian Telecoms Giant Telenor Targeted in Cyber Espionage Campaign (Softpedia) Norwegian telecommunications company Telenor is the latest major organization to report being hit by a sophisticated cyberattack. According to Views and News from Norway, cybercriminals might have stolen impressive quantities of information from the personal computers of Telenor executives. The companys representatives report that the breach has been detected quickly and additional steps have been taken to prevent future incidents

US cyber attack claims against other nations, hypocritical: Joe Iosbaker (Press TV) In my opinion, the US is once again guilty of hypocrisy when they make accusations of other nations engaging in cyber attacks." A political activist tells Press TV that the US is guilty of hypocrisy when accusing other countries for cyber warfare attacks as Washington continues to make viruses to use against their enemies

Prime Minister Denies Aiding Cyberattacks (Wall Street Journal) China's new Premier Li Keqiang gave the highest-level denial yet to U.S. accusations that the country supports cyberattacks, an issue that in recent months has become a key sticking point in Sino-U.S. relations

Cyber attack battlefield: the clash of victimhood ( The U.S. state department, U.S. market-controlled media, and private security firms have recently synchronized their efforts for a second cyber security offensive, accusing China of not only hacking U.S. banks, companies, and state institutions, but

China's new leadership is ratcheting up pressure on Western tech and media companies (Quartz) It may get increasingly difficult for Western media and technology firms to operate in China. That is because of a two-pronged campaign against Western media and the tech companies that make the devices on which the Chinese consume their news and entertainment. On March 15, Chinese state-run broadcaster CCTV aired a searingly critical documentary about Apple's customer service

Kaifu Lee Tracks How Many Of His Weibo Posts Have Been Deleted (TechCrunch) Former Google China head, Kaifu Lee, has been tracking how many times his Weibo posts on Tencent and Sina have been censored and deleted, and has helpfully made a graph of the past 8 months. The outspoken investor has had his tweets deleted most often in the recent weeks because he was discussing the story on the 13,000 dead pigs found in a Shanghai river, as well as a session in the Chinese

North Korea accuses US of cyber attack 'sabotage' (Asahi Shimbun) North Korea, usually blamed for hacking others, has accused the United States of staging cyber attacks against its Internet servers after reports of disruptions to its main news services, the latest twist from an increasingly bellicose North

Huawei USB modems vulnerable (The Register) Huawei has been accused of poor security practice by Russian researcher Nikita Tarakanov, who told Black Hat Europe last week that the vendor's 3G and 4G devices are vulnerable and its update server is a massive attack vector. The update server in the Netherlands that Tarakanov tested probably isn't the only one used by Huawei, but he found it was running on the hoary code of Windows IIS 6. 0 a relic from Windows Server 2003

Has HTTPS finally been cracked? Five researchers deal SSL/TLS a biggish blow (Naked Security) Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire. This time, they've done some severe damage. Paul Ducklin takes a detailed look

Security blogger Brian Krebs suffers simultaneous cyber attack, police raid (The Verge) Brian Krebs, an influential cyber security blogger previously with The Washington Post who now runs his own blog Krebs on Security, suffered a simultaneous denial of service (DDoS) attack on his website and a misdirected police raid on his house in

Ramnit Malware Back and Better at Avoiding Detection (Threatpost) The Ramnit malware family has been given a facelift with new anti-detection capabilities, a troubleshooting module, as well as enhanced encryption and malicious payloads. Tim Liu of the Microsoft Malware Protection Center said Ramnet resurfaced late last year and its keepers had stripped out all of its infection function and enhanced its botnet functionality

New ZeuS-based modular rootkit offered to cybercriminals (Help Net Security) Given the popularity of the Zeus crimeware, and the fact that its source code has been ultimately offered for sale at bargain basement prices, it's no wonder that every now and then malware based on

Hackers use Crown Casinos own security cameras to beat the house (Slashgear) An Australian casino called Crown Casino was hit by a group of high-tech hackers. The hackers co-opted the casinos own security cameras for the heist that saw them to make off with about $33 million. The hackers broke into the casinos surveillance camera network and used the cameras to gain an advantage during some high-stakes card games

Security Patches, Mitigations, and Software Updates

Apple Fixes OS X Flaw That Allowed Java Apps to Run With Plugin Disabled (Threatpost) Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. OS X 10.8.3 fixes 21 total vulnerabilities, and also includes a new version of the malware removal tool for Apple machines

Cyber Trends

10 Web Threats That Could Harm Your Business (Dark Reading) Easily overlooked vulnerabilities can put your data and business at risk. SQL injections accounted for about 7% of Web attacks in 2011 and looked to be petering out, according to security services vendor Trustwave. Then last year those exploits jumped to 26% of Web attacks, hitting companies that could have easily protected themselves

Regulating the Market For Zero-Day Exploits: Look to the Demand Side (Internet Governance Report) A market has developed in which specialized firms discover new vulnerabilities in software and sell that knowledge for tens or hundreds of thousands of dollars. These vulnerabilities are known as "zero day exploits" because there is no advance knowledge of them before they are used. In this blog post, we recognize that this market may require some kind of action, but reject simplistic calls for "regulation" of suppliers. We recommend focusing on the demand side of the market

Special Report: What BYOD means for the future of enterprise Wi-Fi (FierceMobileIT) The flood of personal mobile devices into the enterprise is taxing the enterprise's Wi-Fi networks, which were not originally intended to handle the current volume of wireless traffic. We've consulted with a number of industry experts to find out how enterprises can keep up with the BYOD trend, while still keeping their Wi-Fi networks, costs and security in check


Stopgap Budget Retains Furloughs (Washington Post) The stopgap budget that Congress is likely to pass this week to fund the government through the rest of the fiscal year gives a few agencies flexibility to address spending priorities

AF Suspends Security Clearance Updates (Air Force Times) Budget cuts have forced the Air Force to suspend investigations into whether airmen with Top Secret clearances still meet the criteria to hold their security clearance

Let Us Out (Army Times) Soldiers say they are willing to raise their hands and volunteer to get out of the Army as part of the massive drawdown. If the Army would only let them

Cyber-Terrorism: Working The Zombie Apocalypse And Bank Heists Into A Portfolio (Seeking Alpha) Walking into a bank with a gun and the intent to rob it is usually a bad idea, for a number of reasons. Not only is there the obvious risk that you will be caught and incarcerated for a long time or killed in the process, but you also expose yourself as being, at best, charmingly old fashioned and "old school", or at worst, and perhaps more embarrassing- technologically antiquated

Lunarline CEO Waylon Krush Featured on Executive Leaders Radio Program (Sacramento Bee) Lunarline CEO, Waylon Krush, will be featured on the Executive Leader's Radio Program on Saturday, March 16th and Sunday, March 17th discussing the success of his cyber security company, as well as his South Dakota upbringing

Raytheon's Chairman and CEO honored with Atlantic Legal Foundation's Annual Award (Sacramento Bee) William H. Swanson, Chairman and CEO of Raytheon Company (NYSE: RTN), was honored Monday with the Atlantic Legal Foundation's Annual Award for 2012 -- for his "industry leadership in providing innovative technologies and solutions that contribute to our nation's security." Swanson accepted the award from Foundation Chairman Hayward D. Fisk in ceremonies held at the U.S. Chamber of Commerce Building, following an introduction by Jay B. Stephens, Raytheon's senior vice president, general counsel and secretary…Swanson thanked the Atlantic Legal Foundation for the prestigious honor, the 25th such annual award bestowed by the Foundation, and he praised the organization for its "consistent support of the principles of public policy that benefit industry and the private sector." Swanson, an early and respected business leader in support of science, technology, engineering and math education (STEM), urged businesses that may still be on the education sidelines in supporting STEM education to, "Put on your helmets and pads and join us on the field." It was, he said, "the right thing to do for business, and it's the right thing to do for our country"

Cyber-tech effort adds more companies (UPI) A U.S. cybersecurity technology incubator program has added new participants in the effort to commercialize technologies to combat cyberthreats. Joining the Cync program of Northrop Grumman and the University of Maryland, Baltimore County Research Park Corporation are iWebGate of Perth, Australia, DB Networks of San Diego, and Light Point Security of Baltimore

SINET's ITSEF Sets The Stage For Security Innovation (IT Trends & Analysis) The RSA 2013 Conference has come and gone, and security news has dominated the last couple of weeks - Sepaton adds encryption to purpose-built backup appliance; EMC redesigns Data Protection Advisor; SpiderOak releases open-source zero-knowledge application framework - but next week a smaller, more intimate but also significant security event will be held just down the road at Stanford University. The 7th Annual SINET (Security Innovation Network) IT Security Entrepreneurs' Forum (ITSEF), which is intended to advance cybersecurity innovation through public-private collaboration, will run from March 19-21

Products, Services, and Solutions

Good Riddance, Google Reader (TechCrunch) Google Reader turned into a zombie a long time ago and it's good that Google finally killed it. For years, Google Reader has been sitting on Google's servers without any appreciable updates. Sure, it got a bit of a facelift in 2011, but it only lost functionality since Google decided to rip out its social features in an effort to drive people to Google+. Its core features hadn't

Bit9 adds threat indicator to detect advanced attacks (SC Magazine) Bit9 has added new detection and forensic capabilities to its platform to leverage endpoint and server sensor technologies. The additions allow for a continuous recording of all activity on endpoints and servers to be made, which can help identify attack patterns, according to Bit9. New additions allow an organisation to install a single agent on an endpoint or server to provide advanced threat detection, protection and forensics simultaneously, as well providing enterprise-wide information without polling or scanning, it added

Android malware analysis tool (Help Net Security) Bluebox Labs announced Dexter, a free tool to help researchers and enterprise security teams analyze applications for malware and vulnerabilities. The Dexter platform provides software architecture information presented through a web-based user interface

Galaxy S4 is first Samsung smartphone with KNOX enterprise security technology (FierceMobileIT) The Galaxy S4 is the first Samsung smartphone to come with KNOX security technology, which is designed for enterprise use

Technologies, Techniques, and Standards

Assessing Risk In Your Enterprise Compliance Initiative (Dark Reading) Measuring risk is an important part of many compliance projects. Here are some tips to help you do it right

Managing the Local Admin Password Headache (Dark Reading) Forcing and managing unique passwords on Windows systems in an enterprise network can be challenging but many tools are out there to help

Heading Off Advanced Social Engineering Attacks (Dark Reading) An inside look at how social engineering attacks are developed -- and how you can protect your organization. During the last few years, security researchers have uncovered malware that could have been developed only by incredibly well-resourced and skilled programmers. But creating an advanced program such as Stuxnet is only one phase of an attack

Research and Development

Quantum computer gets an undo button (Ars Technica) Researchers restore the quantum state after initial measurement wipes it out. Quantum mechanics is, mathematically, quite simple. But it has implications that require people to think differently about the world. One particularly hard-to-grasp idea is that, on the surface, some knowledge precludes obtaining other knowledge. This is a consequence of how we obtain it. In an innovative experiment, researchers from Austria have demonstrated how to recover that lost information. Before you get the wrong impression, though, this is completely in agreement with the rules of quantum mechanics—it is simply a very clever way of playing with quantum states


South Korea's 'Top Gun' high school cyber warriors train for battle against North (Raw Story) The South Korean military set up the special cyber command in early 2010 and, in partnership with Korea University, established a cyber warfare school in 2012 that admits 30 students every year. On the surface at least, South and North Korea -- which

Carnegie Mellon, National Security Agency seek high school hackers (KGO ABC 7) Bored with classes? Carnegie Mellon University and one of the government's top spy agencies want to teach high school students about computer hacking. "Toaster Wars" is a national online contest scheduled to run from April 26 to May 6. The goal is to train the nation's next generation of cyber warriors in offensive and defensive strategies

Legislation, Policy, and Regulation

International experts to debate how nations can tackle cyber threats ( Fears over digital threats to Canada's critical infrastructure -- concerns that may be misplaced -- are fuelling an arms race that experts believe countries need to better control, especially after the discovery of a powerful online surveillance tool on a Canadian commercial server

Territorial Army plans to recruit IT security pros (ComputerworldUK) "As the Army adapts to a new size and structure, there are more opportunities than ever and the TA is actively looking to recruit information assurance

Make Way for the Lone Cyber Ranger and Online Vigilantism (Nextgov) Some policymakers have urged taking a cautious approach to cyber offense activities, including House Intelligence Committee Chairman Mike Rogers, R-Mich., who recently said, "If you're going to punch your neighbor in the nose, best to hit the weight

US warns of rising threat of cyber attacks to national and economic security (The Hill) There is a popular misconception that the U.S. government is the main target of cyber attacks. While the Department of Homeland Security is forced to deal with a barrage of attacks on a daily basis, every organization is a target. Approximately 90

Cyberthreats getting worse, House intelligence officials warn (CNN) The highest-ranking officials on the House intelligence committee continued to warn Sunday of the increasing cybersecurity threat to the U.S. economy and national security

Details Revealed on Secret U.S. 'Ragtime' Domestic Surveillance Program (Slate) Earlier this week, the Supreme Court ruled that Americans didn't have standing to challenge secret surveillance conducted by the National Security Agency. Now, new details about the eavesdropping have surfaced--which will likely fuel fresh concerns about the scale and accountability of the agency's spy programs. A book published earlier this month, Deep State: Inside the Government Secrecy Industry, contains revelations about the NSA's snooping efforts, based on information gleaned from NSA sources. According to a detailed summary by Shane Harris at the Washingtonian yesterday, the book discloses that a codename for a controversial NSA surveillance program is "Ragtime"--and that as many as 50 companies have apparently participated, by providing data as part of a domestic collection initiative

Litigation, Investigation, and Law Enforcement

Man who conned a country - Police hunt for dubious cyber hero they posed with (Telegraph India) A 35-year-old man, claimed to be among the countrys few ethical hackers and one who helped police of several states, including Jharkhand and Bihar, crack cyber crime, actually seems to have taken governments, media and police for a ride. Deepak Kumar, a native of Bihars Arwal district, has used his public relation skills, impressive CV that says he is an IIT alumnus and cleverly posed pictures with top police officers to con several individuals and institutions of big money

NSC: Cyber war is a crime (The Star) Waging cyber war, even if done in the name of Malaysia, is still a crime. National Security Council (NSC) secretary Datuk Mohamed Thajudeen Abdul Wahab (pic) said that Malaysia outlawed cyber attacks and that anyone caught doing so, would be punished. In Malaysia, cyber hacking is a criminal offense against the laws of the country, irrespective of whether the it has been committed by citizens or by foreigners, he said

Court rules FBI access to private data unconstitutional (Computer Weekly) A US court has ruled that national security letters (NSLs) to obtain citizens private data and slap a gagging order on recipients are a breach of the constitutions first amendment. Judge Susan Illston ordered the US government to stop issuing NSLs under the US Patriot Act, in what the Guardian describes as a dramatic setback for the Federal Bureau of Investigation (FBI). NSLs, which prevent recipients from talking about them in public, have been an increasingly important part of the US government's approach to counter-terrorism, the paper said

Reuters journalist who allegedly conspired with Anonymous hackers is suspended (Naked Security) A Reuters journalist has been indicted by a US federal grand jury for allegedly handing over the login credentials of his former employer, Los Angeles Times parent company Tribune Co., to Anonymous hackers

Business as Usual at DOJ: Threatening Guy with Prison Over an Altered L.A. Times Headline (Reason) Sometimes folks do stupid things to former employers out of spite. These actions can be quite harmful, but often they're just embarrassing. Former Tribune employee Matthew Keys' actions fell on the embarrassing side. He gave his username and password to a member of Anonymous, who then changed the headline of a story on the Los Angeles Times website

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Department of Homeland Security 6th Annual Industry Day (Washington, DC, USA, March 18, 2013) The Department of Homeland Security (DHS) will be hosting its 6th Annual Industry Day to provide advanced acquisition planning information to industry. DHS Industry Day will consist of two sessions, the...

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...

SINET IT Security Entrepreneurs' Forum (ITSEF) 2013 Underscores Growing Importance of Public-Private Cybersecurity Collaboration (Palo Alto, California, USA, March 19 - 20, 2013) 7th annual collaborative event set for March 19-20 at Stanford University. The Security Innovation NetworkTM(SINET), an organization focused on the advancement of cybersecurity innovation through public-private...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

SANS Cyber Threat Intelligence Summit (Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

Emerging Science and Technologies - Securing the Nation through Discovery and Innovation (Washington, DC, USA, April 4, 2013) Join Nextgov and INSA on April 4th and hear from key leadership at IARPA, DIA, and the Applied Research Laboratory, Penn State University who will address: the challenges to our nation's future as the...

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The...

HITBSecConf2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...

Hack in the Box 2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.