The Korean Dark Seoul attacks remain baffling. Early clues pointing to China are now discounted, some attacks appear to have originated from within Seoul itself, and, while attribution is still elusive, analysts think it "increasingly likely" that the campaign is government-led. (Which government is unknown, but suspicion as always on the Korean Peninsula turns Northward.) General Dynamics offers some good news: it says much data wiped in the attack can be restored. South Korea worries about the North's apparent training of cyber operations teams, and considers establishing a cabinet-level cyberspace post.
Various Anonymous cells bedevil governments around the world. Charaf Anons defaces Chinese official sites. RedHack, Anonymous and Sector 404 claim to have hacked Israel's Mossad and compromised officers' identities. The compromise claim seems bogus, but OpIsrael prepares an attack surge for April 7. Israel shores up its defenses.
Indian media criticize their government's reliance on GMail and Yahoo accounts, which they claim are inherently vulnerable to compromise.
T-Mobile addresses a Wi-Fi vulnerability. Apple and Cisco struggle a bit with recent security upgrades.
Lockheed-Martin and Raytheon are both aggressively competing with telecommunications companies for financial and power grid cyber security market share. Cyber lobbying rises dramatically in Washington: lobbyist filings in 2012 were up 85% from 2011.
Shanghai Jiaotong's School of Information Security Engineering appears to be providing China's PLA with cyber attack R&D. NATO suggests Stuxnet was an arguably illegal "act of force" against Iran. A US Naval War College study argues for deadly force in retaliation against hackers.
Today's issue includes events affecting Algeria, Canada, China, Estonia, India, Iran, Israel, Republic of Korea, People's Democratic Republic of Korea, NATO, Philippines, Russia, Slovenia, United Kingdom, United States..
Cyber attack-probe(Global Post) Some of the malicious code that paralyzed network systems at South Korean banks and TV broadcasters originated from a local computer, Seoul's communications watchdog said Friday. Local TV broadcasters KBS, MBC and
South Korea Misidentifies Cyber Attack Source(Voice of America) South Korean investigators say they were mistaken when they said a cyber attack that paralyzed tens of thousands of computers at six companies this week originated in China. Seoul's Korea Communications Commission said Friday that an Internet Protocol
Cyberspace battleground: Is North Korea training cyber warriors?(India Today) Investigators have yet to pinpoint the culprit behind a synchronized cyber-attack in South Korea last week. But in Seoul, the focus remains fixed on North Korea, where South Korean security experts say Pyongyang has been training a team of computer
Data Can Be Recovered From South Korea Data-Wiping Attacks(Dark Reading) Researchers confirm data-destroying malware that hit South Korean media and banks doesn't completely erase data. Researchers from a unit of defense contractor General Dynamics today confirmed their suspicions that it is possible to recover data wiped from South Korean media and bank systems in a destructive targeted attack earlier this week
Trend Micro Deep Discovery Protects South Korean Customers From Attack(Syc-Con Media) Trend Micro Incorporated announced today that customers using its Deep Discovery advanced threat protection product were able to discover and react to the recent cyber-attack before damage could be done. These attacks paralyzed several major banking and media companies, leaving many South Koreans unable to withdraw money from ATMs and news broadcasting crews cut off from their resources
20 Chinese Government Sites Defaced by Anonymous Algeria Hacker Charaf Anons(Softpedia) Charaf Anons, the Anonymous Algeria hacker who defaced over 1,000 websites last week, has breached around 20 Chinese government websites and has replaced their index pages with his own defacement webpage. In addition to the Chinese sites, the hacker has also defaced a Vietnamese government website and the one belonging to an Iranian university. Around two dozen commercial websites from Australia, Italy, Korea, Taiwan, Brazil, the United Arab Emirates, Canada and Chile have suffered the same fate
Don't believe hack claims against Mossads website, expert says(Times Of Israel) In an unsettling announcement, the hacker group known as Anonymous and affiliates proclaimed over the weekend that they had broken into the Mossads servers and stolen the names and personal details of top IDF officials, politicians and, especially, Mossad agents. But those claims are inflated, to say the least, according to Middle East Internet expert Dr. Tal Pavel. Whatever they stole, it probably wasnt secure details of top Israeli brass, either from the army or the Mossad, Pavel told The Times of Israel
Expert: Details of Israeli Officials Not Compromised in Mossad Hack(Softpedia) On Saturday, we learned that hacktivists from RedHack, Anonymous and Sector 404 claimed to have taken down the official website of Israels Secret Intelligence Service (mossad. gov. il). They also claimed to have leaked the details of over 30,000 Israeli officials
Preparing major Israeli companies against Anonymous attacks on the 7th of April(i-HLS) Several pilots were started in Israel using the new BOT_TREK real-time botnet and cyber intelligence worldwide service. Several groups of hackers are planning a massive cyber-attack against Israel on the 7th of April and threatening to Erase Israel from the Internet. It seems that aggressive hacker teams will try to make this a reality by uniting under the name #oplsreal
Web addresses put Indian govt at risk(ZDNet) Government's technology department lists Web-based GMail and Yahoo accounts as e-mail correspondence, which a security player believes can expose the Indian government to a significant security vulnerability. India's technology department uses Gmail and Yahoo to host official e-mail corespondence, which one IT security vendor believes can expose the government to significant security vulnerabilities. The Web site of the country's Department of Electronics and IT (DeitY), which lists the contact details of ministers and secretaries, reveals several e-mail addresses hosted on the popular, free Web-based e-mail services
Bitdefender Warns Internet Users on Fake Bank of America Campaigns(SPAMfighter News) Security firm, Bitdefender is alarming Internauts on the numerous scam e-mails dispersed by the Bank of America since a random hacker disclosed the details on the financial institute. According to one of the e-mails, titled "Online Banking Pass Code
Hackers Eavesdrop Using Legitimate Remote Control Software(InformationWeek) For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe. Remote administration tool users beware: An online espionage group that's been operating for the past decade has been surreptitiously accessing legitimate TeamViewer remote administration tools already installed on PCs to remotely eavesdrop on targets
How TeamSpy Turned Legitimate TeamViewer App Into Cyberespionage Tool(Dark Reading) Attackers abused TeamViewer's functionality as part of their effort to go undetected for years. The discovery of the so-called TeamSpy espionage campaign marks yet another example of malware sliding under the radar while pilfering data from sensitive systems. But perhaps the most striking element of the attack is its abuse of a legitimate remote access tool (RAT) to administer infected machines
How Your Webhosting Account is Getting Hacked(Internet Storm Center) If you're like me you actually have your own little website project hosted on one of the many inexpensive website hosting companies. Perhaps you've recommended one as a solution to a small business, or organization. You may also be aware that they are pretty attractive targets for professional computer criminals. Brian Krebs has a nice writeup of the value of your standard PC to a criminal here
Unintentional file-sharing a boon for hackers(Tribune Live) Thousands of computer users every moment could lose their most personal information -- tax returns, credit cards, and banking and investment accounts -- even though no one hacked or scammed them. They give it away, often unknowingly, and potentially expose not only themselves but family, friends and employers. People who go online to download music and movies on file-sharing or peer-to-peer networks often incorrectly configure default settings so that they end up sharing other files on their computer. Anyone else using those sharing networks at the same time can take whatever they find
Security Patches, Mitigations, and Software Updates
T-Mobile patches Wi-Fi eavesdrop vulnerability(The Register) Last week, T-Mobile scrambled to patch a vulnerability uncovered by two University of California Berkeley students that made its Wi-Fi calling feature susceptible to man-in-the-middle attacks. At issue in the students' research, published in full here (PDF), is the certificate implementation used in the feature. The now-patched bug in its Android feature used a certificate chain in which one certificate's name was the IP address of the server, and the second self-signed root certificate is not included in standard Certificate Authority (CA) distributions
Why two-factor authentication is a must(FierceCIO: TechWatch) Apple this week beefed up the security of its Apple (NASDAQ: AAPL) ID with the addition of two-factor authentication. You can read about it in Apple adds two-step verification to Apple ID. This is a move that ultimately benefits businesses, given how much the BYOD culture is making its way into the mainstream
Forcing us to educate users on cybersecurity won't work: Telstra(ZDNet) Trying to educate users on cybersecurity is like leading a horse to water, according to Telstra, and making such education a legal requirement isn't going to solve the problem. In a joint select committee on cybersafety (PDF) held on Friday, two Telstra representatives told the committee that laws forcing it to educate users on the perils of the online world would be useless. Telstra's director of corporate security and investigation and internet trust and safety, Darren Kane said that users currently have enough information about online risks, but that it sees the current education issue as one similar to "taking a horse to water"
Next cyber attack targets: Cars?(CNN International) Unlike a PC, where the biggest risk lies in losing data, a cyber attack on a car could result in the loss of life. Carmakers and suppliers say that this is currently a purely theoretical problem and there are no known cases of a cyber attack causing
The Blackstone and Icahn offers haven't seriously endangered Michael Dell's deal yet(Quartz) The special committee of Dell's board announced that the rival preliminary acquisition proposals it received from private equity firm Blackstone and activist investor Carl Icahn could reasonably lead to better offers, meaning the parties will now enter into negotiations. This isn't a surprise. But there is still a long way to go before the board can declare their offers, both of which have some issues, superior to the buyout scheme involving founder and CEO Michael Dell
Kaspersky Aims To Be 'Big Boy' Of Enterprise Security World(CSO) Maxim Mitrokhin, Director-Operations, Kaspersky Lab, APAC, talks about the company's aspirations for the Indian market. Maxim Mitrokhin, Director-Operations, Kaspersky Lab, APAC, talks about the company's aspirations for the Indian market
Raytheon, Lockheed hunt for security gig(Fort Wayne Journal Gazette) Lockheed Martin and Raytheon are vying with telecommunications companies to defend banks and power grids from computer attacks, in a program that gives them access to classified U.S. government data on cyber threats. President Obama's Feb. 12 cybersecurity executive order authorized the Department of Homeland Security to let new companies get the government intelligence
Cybersecurity Lobby Surges as Congress Considers New Laws(Bloomberg) The determination by Congress and President Barack Obama's administration to protect networks of critical U.S. industries from hackers and cyberspies is creating an explosive growth opportunity -- for lobbyists. There were 513 filings by consultants and companies to press Congress on cybersecurity by the end of 2012, up 85 percent from 2011 and almost three times as many as in 2010, according to U.S. Senate filings
Amazon-CIA Deal Would Fit Intel Community Strategy(InformationWeek) Reported deal for Amazon to help develop CIA's private cloud infrastructure squares with intelligence community strategy to work with public cloud vendors. A report that the CIA has turned to Amazon to build and manage a private cloud computing environment for the agency is consistent with the IT strategy outlined by intelligence officials over the past two years. The CIA declined comment on the report by government tech trade publication FCW that the Central Intelligence Agency has agreed to a multi-year deal with Amazon to help the CIA build a private cloud computing infrastructure, nor did Amazon respond to InformationWeek by publication time
Jim Ousley Retiring As Savvis CEO(GoveConWire) Jim Ousley will be retire as CEO of CenturyLink's Savvis subsidiary on April 1 and Jeff Von Deylen will assume Ousley's role as senior leader of CenturyLink's data hosting segment, comprising primarily of Savvis operations. Von Deylen, who joined Savvis in 2003 as chief financial officer and board member, will report to CEO Glen Post
Service encrypts files stored on Dropbox(ZDNet) DigitalQuick lets users add 256-bit AES encryption to entire Dropbox folders or to specific files stored within them, and helps small companies manage editing privileges. The diversity of opinion about whether or not small businesses should use cloud storage services like Dropbox to share or archive sensitive or confidential company information is wide and fierce. But the fact is, some of the smallest organizations are going to do it anyway
Monitoring The Nomads In Your Network(Dark Reading) As more employees bring their own devices into the network, tracking the nomadic technology can be difficult. From basic to sophisticated, options abound, say experts
How to Detect a Zero-Day Threat(Seculert) The term "zero-day threat" may sound like the title of a blockbuster movie, but for organizations victimized by such threats, the story has anything but a happy ending. On the contrary, it's typically a tale characterized by lost revenues, severely damaged reputations, and sometimes even costly litigation, regulatory fines and harsh court sanctions
Design and Innovation
Scenes From Penn State's Startup Week Hackathon(TechCrunch) For the past week or so I've been at hanging out at Penn State University for its second annual Startup Week, an educational get-together of startup founders and entrepreneurs spearheaded by Weebly CEO (and Penn State alum) David Rusenko. The idea is simple enough: to give students some crucial insight into what it means to be a startup founder, and hopefully inspire some to take a chance on an
Filipino Accelerator IdeaSpace Picks Country's Top 20 Tech Startups(TechCrunch) Many of the brighter ideas coming out of tech startups in the Philippines are health-related, with a heavy slant on mobile technologies. Filipino incubator, IdeaSpace just whittled a list of 700 entries from startups down to just 20. These 20 will eventually be halved further. IdeaSpace is offering 10 slots to startups to get six months incubation support and funding of up to $120,000
Research and Development
NSA Critiques Public Key Cryptography(Cryptome) Revelation of the early public key cryptography work of James Ellis, Malcolm Williamson and Cliff Cocks at GCHQ occurred in 1997, eleven years after this secret 1986 review cites them. Whitfield Diffie, one of the inventors or PKC, commented in 1999 on the British precursors
PLA and Shanghai Jiaotong linked on cyber-war papers(South China Morning Post) Academics at a top university have collaborated for years on technical research papers with a PLA unit accused of being at the heart of the alleged cyber-war against Western commercial targets. In reviewing the links between the PLA and Shanghai Jiaotong, whose students include former president Jiang Zemin, the head of the nation's top carmaker and the former executive of its most popular internal portal, at least three papers on cyber-warfare were found on a document-sharing web site that were co-authored by university faculty members and PLA researchers. The papers, on network security and attack detection, state on their title pages they were written by Unit 61398 researchers and professors at Shanghai Jiaotong's School of Information Security Engineering (Sise)
Information security system attempts to protect UT from cyber-attack(Daily Texan Online) Concerns about sensitive personal and business information in cyberspace are growing and colleges and universities are no exception. Mandiant, an American cybersecurity firm, released a detailed report in late February exposing a multi-year espionage campaign by one of the largest Advanced Persistent Threat groups. The group hacked 141 companies from the United States, stealing many terabytes of compressed data
Learning: Cybersecurity center at Brookdale to serve as national model(Asbury Park Press) It wasn't just James Bond-esque. The cybersecurity competition at Brookdale Community College Saturday actually included a clip of Daniel Craig as 007 with Dame Judi Dench at his side as the pair worked under near impossible conditions to avert an act of cyber terrorism. The fate of the free world rested with them
South Korea mulls cybersecurity secretary post(ZDNet) The proposed cybersecurity secretary position will help coordinate actions from multiple agencies and speed up response time. The South Korean government is considering creating a cybersecurity secretary post within the presidential office to handle any cyberattacks on key national bodies. This follows last week's online attack that crippled the networks of two major banks and three broadcasters
Hackers could be fair game for deadly force, cyberwar experts say(CSO) New report details cyberwar rules, puts hackers in crosshairs. Deadly force against organized hackers could be justified under international law, according to a document released Thursday by a panel of legal and cyber warfare experts. Use of lethal force on those behind a cyberattack on a nation would be legal if the virtual attack meets criteria similar to those currently accepted for real-world warfare, said Michael N. Schmitt, chairman of the International Law Department at the U.S. Naval War College in Newport, Rhode Island
U.S.-Israeli Cyberattack On Iran Was 'Act Of Force,' NATO Says(Washington Times) The 2009 cyberattack by the U.S. and Israel that crippled Iran's nuclear program by sabotaging industrial equipment constituted "an act of force" and was likely illegal under international law, according to a manual commissioned by NATO's cyberwarfare center in Estonia
Leahy and others introduce bipartisan legislation to expand cyber National Guard(Vermont Digger) U.S. Senators Kirsten Gillibrand, a member of the Senate Armed Services Committee, David Vitter, Chris Coons, Roy Blunt, Mary Landrieu, Patrick Leahy, Mark Warner and Patty Murray today introduced the Cyber Warriors Act of 2013. This legislation would, for the first time, establish Cyber and Computer Network Incident Response Teams (CCNIRT), known as Cyber Guards, as part of the National Guard, significantly expanding the limited cyber mission being performed by the National Guard
Cybersecurity: The lobbyist's dream?(ZDNet) Is President Obama's view on cybersecurity producing the desired effect? Congress and the Obama Administration have been vehement in what they want to see in terms of cybersecurity defense, but cybercrime appears to be producing growth in unexpected areas. According to Bloomberg, recent attempts to bring light to the issue of cybersecurity have resulted in exploding growth in political lobbying. By the end of 2012, 513 filings by consultants and companies were made to try and press Congress on the issue, which is up 85 percent from 2011 according to Senate filings
Fixing the Worst Law in Technology(New Yorker) On the opening day of this year's South by Southwest festival, in Austin, an audience gathered in a giant conference hall to remember the life and tragic suicide of Aaron Swartz. Tim Berners-Lee, the inventor of the World Wide Web, spoke of Swartz's curious and restless mind. Swartz's girlfriend Taren Stinebrickner-Kauffman described him as a man who was constantly asking whether what he was doing was the most important thing that he could be doing. (A quality extensively documented by Larissa MacFarquhar in her Profile of Swartz.) The proceedings were yet another reminder that Swartz's suicide was heartbreaking beyond belief, and that something must be done about the law that he was aggressively prosecuted under, the Computer Fraud and Abuse Act
Litigation, Investigation, and Law Enforcement
Three Hackers Jailed for Theft of Carbon Credits (eSecurity Planet) Three men have been jailed in the UK for hacking into the Web sites of carbon credit registries, banks, brokerages and financial services companies in an attempt to steal almost 8 million euros worth of carbon credits between June and November of 2011
Five cuffed for stealing 2M euros via e-banking hacks(Help Net Security) Five people were arrested last week when the Slovenian police conducted a series of house searches following an investigation into an gang that was emptying business bank accounts with the help of malware. According to the Slovenian national Computer Emergency Response Team (SI-CERT), it all started last year, when several small companies notified the CERT and the police about their unexplained losses. The investigation revealed that the companies' accounting personnel were targeted with emails pretending to come from a bank or tax authority, warning about a late payment or a bogus change in laws that would affect the companies
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Software Engineering Institute Invitational Career Fair(Pittsburgh, Pennsylvania, USA, April 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing...
CEIC 2013(Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
HITBSecConf2013(Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...
SANS Northern Virginia 2013(Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.