CyberBunker's denial-of-service campaign against Spamhaus displays risks misconfigured open DNS servers pose. Inherent vulnerabilities of DNS (beyond misconfiguration) lead many observers to see the CyberBunker campaign as a harbinger of things to come. The volume of attack traffic is very large, dwarfing that achieved by the Izz ad-Din al-Qassam Cyber Fighters in their campaign against US banks (which resurfaces this week in Wells Fargo servers).
The perpetrators have been unusually open about their responsibility. In an interview with Russia Today (a surprising tribune of unfettered expression) CyberBunker calls Spamhaus a censorship organization, and says its denial-of-service attacks are a blow for Internet freedom. The campaign has been widely felt but of limited impact: congratulations to CloudFlare for mitigating it.
From Egypt comes news of a more primitive attack on the Internet: the Egyptian Coast Guard boards a fishing boat off Alexandria and snaps up three men trying to cut the SEA-ME-WE 4 undersea cable. SEA-ME-WE 4 runs from France to Malaysia, and links Europe, Asia, and North Africa.
More warnings of malicious Chinese hardware in the IT supply chain appear, and the US Congress does something about them. Their continuing budget resolution will restrict purchase of Chinese-manufactured IT devices and components. Before buying, Government organizations must vet such items in a formal cyber-espionage risk assessment by at least four agencies, including the FBI. Any purchases must be determined to be "in the national interest of the United States." Industry analysts name Lenovo and Apple (via Foxcon) as likely big losers.
Today's issue includes events affecting Algeria, Austria, Canada, China, Egypt, European Union, Republic of Korea, Netherlands, Russia, South Africa, Taiwan, Turkey, United Kingdom, United States..
The Largest DDoS Ever Hits the Internet(eSecurity Planet) On March 22, the largest DDoS attack yet seen in the history of the Internet hit the CloudFlare network. CloudFlare is a host for spam fighting SpamHaus.org, the target of the DDoS attack
Misconfigured, Open DNS Servers Used In Record-Breaking DDoS Attack(Dark Reading) This was not your typical hacktivist DDoS attack: a massive, 300 gigabits-per-second traffic attack against volunteer spam filtering organization Spamhaus spread yesterday to multiple Internet exchanges and ultimately slowed traffic for users mainly in Europe. Security experts say the attacks appear to be in retaliation for Spamhaus recently blacklisting CyberBunker--a notorious hosting provider based in The Netherlands that provides anonymous hosting--as a spam conduit. The attack, which as of this posting had subsided, at its peak today hit 300 Gbps, a massive leap from the previous record 100 Gbps-sized DDoS attacks seen only occasionally
The biggest cyber attack in the history of the Internet is happening right now(Quartz) At this very moment, the largest cyber attack ever declared is emanating from a decommissioned, nuclear-war proof NATO bunker with five foot-thick concrete walls and a reputation for harboring spammers and cybercriminals. It's all part of a dustup between CyberBunker—so named for the building just outside Kloetinge, in the Netherlands, that houses its servers—and the international non-profit Spamhaus
Spamhaus mafia tactics main threat to Internet freedom: CyberBunker explains largest cyber-attack(Russia Today) Spamhaus is a major censorship organization only pretending to fight spam, a CyberBunker spokesman said in an RT exclusive. Sven Olaf Kamphuis claimed that as a constant bully of Internet service providers Spamhaus has only itself to blame for the attack. In a Skype interview with RT, Kamphuis denied that CyberBunker was the organization behind the historical attack, pointing the finger at a large collective of internet providers around the globe called Stophaus
What caused the 'biggest ever' cyber attack?(Telegraph) Security expert Edd Hardy says not much can be done about the huge cyber attack which has slowed internet connections around the world. Millions of people were affected by the unprecedented 'denial of service attack' which was launched on Wednesday
Did the spam cyber fight really slow down the Internet?(CNet) The New York Times reported about spam-fighting nonprofit Spamhaus and a distributed-denial-of-service attack on the Dutch group's site that became the "largest computer attacks on the Internet" and caused a "widespread congestion and jamming crucial infrastructure around the world."Matthew Prince, the CEO of CloudFlare, the company enlisted to fight the attacks for Spamhaus, told CNET today that the attacks -- which ceased yesterday morning -- were so big, they caused outages for the London and Hong Kong Internet exchanges. These exchanges are the meeting point for multiple networks. Before the Times report, CloudFlare put out a blog post titled, "The DDoS that almost broke the Internet."But new reports, like one from VentureBeat, show that a check of different Internet monitoring services reveal that the disruption, while indeed large, did not actually cripple the Internet globally
Unprecedented cyber attack won't slow down the Internet(Los Angeles Times) Since mid-March, a Dutch Internet hosting company has reportedly been waging the largest publicly known denial of service attack in history. But a McAfee security expert told The Times the attack probably won't slow down Internet transmission speeds
Cyberfight puts a drag on the Internet(CNet) A cyberwar is under way between two companies over a recent move made by one. Spam-fighting organization, Spamhaus, which works with e-mail providers around the globe to block spam from entering in-boxes, has been in a battle over the last week that has seen distributed denial of service (DDoS) attacks exceed by several times the typical attacks inflicted on organizations. Spamhaus hosts a blacklist made up of servers that, it believes, are designed to send spam around the world
Spamhaus DDoS Attacks Triple Size of Attacks on US Banks(Threatpost) So you thought the 100 Gbps distributed denial-of-service attacks against U.S. banks were big? Ongoing attacks against Spamhaus have three times the fury and have affected unrelated online services as collateral damage. Attackers from Dutch webhost Cyberbunker are turning on a firehose of bad traffic in retaliation for being blacklisted by spam blacklist providers Spamhaus
Forget about the Cyberbunker attack—here's how to take an entire continent offline(Quartz) At its peak, Cyberbunker clogged up a mind-boggling 300 gigabits per second of the Internet in what's being called the biggest cyber-attack in history. But what if you could switch off 1.28 terabits—four times as much bandwidth—with nothing more high-tech than an axe? That's what three men tried to do in an unsophisticated but effective form of sabotage in Egypt yesterday; their identities and motives are not yet known. Reuters reports the Egyptian coastguard intercepted a fishing boat off the coast of Alexandria and arrested three men trying to cut through the SEA-ME-WE 4 undersea cable. The cable is one of the main connections between Asia and Europe, running from France to Malaysia and linking Italy, north Africa, the middle east and south Asia. The men, whose pictures the navy uploaded on Facebook, are being interrogated by Egyptian authorities. (If you recognize them, send an email to firstname.lastname@example.org.
Sensitive Enterprise Data Exposed in Amazon S3 Public Buckets(Threatpost) With companies flocking to cloud services such as Amazon Simple Storage Service (S3) to store and serve static content on the cheap, naturally they're making simple mistakes in doing so—and naturally, a savvy attacker is able to cash in
HealthCare for Women server breached by hackers(South Coast Today) A computer server for SouthCoast medical provider HealthCare for Women was hacked in January, potentially exposing summaries of patient visits occurring from June 2012 to January 2013. Patient names, addresses, telephone numbers and dates of birth could also have been accessed. HealthCare for Women specializes in gynecology and obstetrics and has practices in New Bedford, Dartmouth and Mattapoisett
Oregon Health and Science University Admits Security Breach(eSecurity Planet) 4,022 patients' personal data may have been exposed. Late last week, Oregon Health & Science University (OHSU) began mailing letters to 4,022 patients informing them that an unencrypted laptop containing their personal data was stolen from an OHSU physician's vacation rental in Hawaii in late February
Dump Memory Grabber Malware Steals Card Data from ATMs and POS Systems(Softpedia) Researchers from Russian security firm Group-IB have identified a piece of malware thats designed to steal payment card information from the ATMs and the point-of-sale (POS) systems it infects. Dubbed Dump Memory Grabber, the malicious element has already swiped the details of cards issued by major US banks such as Citibank, Capital One and JP Morgan Chase, SecurityWeek reports. Group-IB has told SecurityWeek that the malware can steal Track 1 and Track 2 information account number, cardholder name and expiration data which is basically the information thats needed to clone cards
iPhone is less secure than Android, security company SourceFire reveals(The Full Signal) The iPhone has shown to have more security vulnerabilities than Android or BlackBerry, a SourceFire study has shown. The iPhone may be more vulnerable to security attacks and hacks than Android and other smartphones, according to SourceFire, which released a "25 Years of Vulnerabilities" study in March. Because of the iPhone's popularity and Apple's strict App Store guidelines, hackers and cyber criminals are more motivated to penetrate Apple's security and iOS's loopholes
Spicing up phishing attacks(Naked Security) Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm. In this post I am going to take a quick look at one of the techniques used in some phishing attacks we have seen in recent months
Cyber Threats Can Lurk in DoD Electronics, Software Purchases(Defense News) When Scott Borg began warning a decade ago of the various ways adversaries could infiltrate electronic supply chains, the danger was largely theoretical. He suggested that an adversary might embed malicious programs in microcircuitry, and then spy on or sabotage weapons and other electronic equipment. When my colleagues and I first talked about these things, the actual evidence we could point to was slender and patchy, said Borg, director of the nonprofit U.S. Cyber Consequences Unit
Security Patches, Mitigations, and Software Updates
Several Cisco IOS DOS Issues Resolved(Internet Storm Center) Thanks Jim, for forwarding a whole raft of Cisco Alerts on DOS issues affecting various features within IOS. The alerts can be found here
Researcher Helps Nokia Fix XSS, CSRF Vulnerabilities, Rewarded with Lumia Phone(Softpedia) Pakistani security researcher Rafay Baloch has identified several security holes on various websites operated by Nokia. The company has addressed the vulnerabilities and has rewarded the expert's work with a Nokia Lumia 820 smartphone. The security holes identified by the researcher include an iFrame injection and a couple of cross-site scripting (XSS) issues on the PrimePlaces subdomain
Web Application Attacks Dominate(Dark Reading) But cloud no less secure than the enterprise, new attack data shows. You know that age-old question of whether the cloud is a more secure bet or not? New attack data shows it's basically a toss-up
Too Scared To Scan(Dark Reading) Fear of business disruption and downtime often leaves enterprises hesitant to scan the critical applications that hackers are most likely to target in their quest for exploitable vulnerabilities
Cybersecurity and the Threat to Networked Business(Forbes) Beware the dark side of networked business. There is substantial risk of meaningful disruption to operations for any organization whose business model relies on an information network to connect its employees, partners and customers. The public networks we use daily are foundational to networked business
DISA Lays Groundwork for Commercial Cloud Computing Contract(SIGNAL) One of the U.S. Defense Department's top information technology officials says work is beginning on a multiaward contract for commercial cloud computing services, but the official says he has no timeline or total value for the business
DHS IT programs see funding boost in continuing resolution(FierceGovernmentIT) Funding for Homeland Security Department information technology programs fare well under the continuing resolution (H.R. 933) signed into law by President Obama March 26. The law funds the government through the end of fiscal year 2013, and maintains $85 billion in automatic budget cuts under sequestration
Congress' cybersecurity crackdown on China could put Apple in the crossfire(Quartz) Last week, Congress quietly passed a bill that will make it much more difficult for the US government to buy computer equipment from Chinese companies, amid a spate of cyberattacks linked to Beijing. But the unintended consequences could ensnare Apple's iPhone and other devices sold by US firms that are assembled in China. A continuing budget resolution that is awaiting President Obama's signature bans several federal agencies, including NASA and the Justice and Commerce Departments, from purchasing any "information technology system" that was "produced, manufactured or assembled" by entities "owned, directed, or subsidized by the People's Republic of China," unless the agency's chief and the FBI determine whether there is a cybersecurity threat and conclude that the purchase is in the US national interest. The clause was first spotted by Stewart A. Baker, a lawyer and former Homeland Security official, who writes the Skating on Stilts blog
New U.S. Cyber-Security Law May Hinder Lenovo's Sales Growth(TechCrunch) The provision came to attention via a blog post by lawyer Stewart A. Baker, a former Assistant Secretary in the U.S. Department of Homeland Security under George W. Bush. Baker wrote that the sanctions "[demonstrate] remarkable bipartisan angst about
Nir Zuk's Palo Alto Networks Is Blowing Up Internet Security(Forbes) "They don't like me," says Nir Zuk of his old bosses. As one of the earliest employees at Check Point Software Technologies in the 1990s he wrote parts of the world's first commercial firewall. He later built essential chunks of the firewall sold by Juniper Networks. But at both companies, Zuk (pronounced "zook") ended up quitting in a huff–and, in one case, walking away from millions of dollars in unvested stock options. Why? The Israeli engineer felt his best ideas were being blocked by incompetence and office politics. All he ever wanted, he insists, was to build new things
Products, Services, and Solutions
Did Tencent just build a way around the Great Firewall of China?(Quartz) Tencent, China's largest tech company, just launched a multilingual version of its chat platform QQ on Facebook. QQ is the Chinese equivalent of Yahoo Messenger, circa 2003—only it has 800 million active users. And the version of QQ that Tencent made for Facebook isn't much different: Its core function is pretty much the same as Facebook's own chat function
Machine learning a growing force against online fraud(GCN) A group of ex-Google employees has started a company that wants to expand the use of big data to spot fraud a blight that costs taxpayers over $125 billion a year, and affects public-sector agencies involved in payments, collections and benefits before it occurs. San Francisco-based Sift Science says it has developed an algorithm that uses machine-learning techniques to stay ahead of new fraud tactics as they are introduced into its customers networks. Many anti-fraud technologies follow a set number, maybe 175 to 225 rules, against which to measure user behavior, Sift Science co-founder Brandon Ballinger told GigaOm
Technologies, Techniques, and Standards
Which IPS is 'The Best'?(Internet Storm Center) I recently had the privilege of advising on a SANS Gold Paper (GCIA) for Michael Dyrmose, titled "Beating the IPS". In the paper, Micheal uses basic IPS evasion techniques to test the capabilities of many of the "major vendor" IPS Systems. To be as fair as possible, Michael targeted the MS08-067 vulnerability, the security flaw that Conficker took advantage of - every IPS on the planet should be able to handle that, right
The Sourcefire VRT Community ruleset is live!(Snort.org Blog) As I discussed last week in my blog post concerning the recent VRT Rule license changes, the community ruleset, something we've been planning here in the VRT is finally live
The Five-Step Privilege Management Checklist for Financial Organizations(infosec island) Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations. Taking this into consideration, it's crucial that banking and financial firms take a close look at how administrator rights are allocated on company-owned machines. This is problematic, given that unmanaged administrator rights can open the door to malware attacks that exploit elevated privileges, ultimately exposing sensitive financial data that can result in staggering, and frankly, unquantifiable damage
Maude warns on EU cyber security plans(Financial Times) Britain has raised concern over European Commission plans to force companies to declare publicly whenever there has been a breach in their cyber security systems, fearing it may undermine the UKs commitment to voluntary collaboration. Unveiling a new push to boost collaboration against cyber attacks between the security services and business, Francis Maude, minister for the Cabinet Office, said Britains policy of urging companies to inform each other voluntarily when they face a cyber attack was better than compulsion
US Congress restricts government purchase of Chinese computer equipment, citing cyber-espionage concerns(The Verge) The latest US appropriations bill, signed into law just this week, includes a provision that is likely to further raise tensions between the country and China. The provision requires the Department of Justice, Department of Commerce, NASA, and the NSF to perform a formal assessment of risk of cyber-espionage before purchasing computer systems and other IT equipment. There is a clause in the bill that states that the assessment must specifically analyze with the assistance of the FBI any "such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized" by the People's Republic of China to determine if the purchase is "in the national interest of the United States." Stewart A. Baker first wrote about the provision on his blog yesterday, and Reuters published a report on the restriction earlier today
Cybersecurity Meets the WTO(Volokh Conspiracy) The continuing resolution that I wrote about yesterday could have a big impact on the federal government's procurement of IT equipment from Chinese companies. As described in an earlier post, the resolution includes a provision that bars purchases of an "information technology system" that was "produced, manufactured or assembled" by entities "owned, directed, or subsidized by the People's Republic of China" unless the head of the purchasing agency consults with the FBI and determines that the purchase is "in the national interest of the United States"
Litigation, Investigation, and Law Enforcement
Twitter shuts five items in satisfying Russia's request(Russia Behind the Headlines) Twitter's management has blocked access to five items in the microblogging social networking service this month at the request of the Russian Federal Service for Supervision in the Sphere of Telecommunications, Information Technologies and Mass Communications (Roskomnadzor), Roskomnadzor said
GPS tracking back in federal court(FierceGovernmentIT) The subject of whether law enforcement tracking through a GPS device attached to automobiles requires a warrant is back in federal court, with the Third Circuit Court of Appeals considering whether to uphold a lower court's decision to toss out evidence gathered through a tracking device placed without a warrant
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
HITBSecConf2013(Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...
SANS Northern Virginia 2013(Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Software Engineering Institute Invitational Career Fair(Pittsburgh, Pennsylvania, USA, April 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing...
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.