Hacktivists and cyber criminals threaten "OpUSA"—a denial-of-service attack on US financial and governmental targets—for May 7. If it follows the recent pattern of OpIsrael, expect a fizzle, but should some of the more capable hacking groups join, the attacks could be consequential. One interesting point wryly noted by Credit Union Times—the Pastebin posts announcing the threat appear to advise depositors to shift their money from big banks to credit unions. Whatever happens, enterprises would be prudent to dust off their mitigation plans.
Twitter has warned its users to expect more account hijacking, and Business Insider interviews someone who claims to have executed last week's AP hack.
Chinese (and, to a lesser extent, Russian) intrusion into QinetiQ North America's infrastructure continues to raise questions about the extent of the compromise—some observers describe the successful attack as, in effect, a backdoor into US Defense networks. Among the tools attackers used was the remote access Trojan (RAT) "lprinp.dll."
Widespread use of open-source components raises supply chain issues (the irreversible globalization of the supply chain is also a matter for concern) but developers say they lack time and resources to address them.
The Electronic Frontier Foundation rates companies on their effectiveness (and resolution) in protecting customers from government snooping: Twitter, Sonic, Dropbox, Google, LinkedIn, and SpiderOak get good marks.
Jane Holl Lute departs the US Department of Homeland Security, and in her valediction warns against handling cyber security like an intelligence program: reliability and integrity of personal identity are central.
Today's issue includes events affecting Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, China, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, People's Democratic Republic of Korea, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Russia, Saudi Arabia, Serbia, Singapore, South Africa, Switzerland, Syria, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Threat of the Week: May 7, Ready or Not(Credit Union Times) You remember Project Blitzkrieg, don't you? Probably you don't, actually, and that is because the late 2012 cyber-attack – said to be the brainchild of Russian criminals who intended to cripple and loot the top 30 U.S. banks – amounted to a whole lot of bluffing. If it happened at all, nobody much noticed
DHS: 'OpUSA' May Be More Bark Than Bite(Krebs on Security) The U.S. Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as "OpUSA" against websites of high-profile US government agencies, financial institutions, and commercial entities. But security experts remain undecided on whether this latest round of promised attacks will amount to anything more than a public nuisance
Meet The 18-Year-Old Syrian Who Says He Helped Hack The AP And Punk The Stock Market(Business Insider) Hackers calling themselves the Syrian Electronic Army (SEA) are causing serious trouble around the world. The pro-Assad group may have scored its biggest hit last week, after the Associated Press Twitter account was hacked and tweeted a false story about a bomb at the White House that briefly caused stocks to plunge. The SEA have claimed responsibility for the hack
Chinese hackers drain U.S. military secrets from defense contractor(VentureBeat) Chinese cyberspies stole a good majority of U.K.-based defense contractor QinetiQ's wealth of U.S. military research, according to Bloomberg. The theft happened over a three-year period in which QinetiQ seemed to make all the wrong moves…Furthermore, when future attacks were uncovered –such as one reported by NASA — the company continued to treat them as isolated events instead of as an organized attempt to steal what eventually would be secret military data on drones, robotics, and more…We have reached out to QinetiQ for comment on the report and will update this story upon hearing back
Defense contractor pwned for years by Chinese hackers(Ars Technica) Data from HBGary hack showed hackers pillaged QinetiQ since at least 2007. QinetiQ, a UK-based defense contractor, has its fingers all over some of the US Defense Department's most sensitive systems. The company's subsidiaries provide robots, diagnostic systems, intelligence systems for satellites, drones, and even "cyber-security" to the US Department of Defense. The parent company, which was created as a privatized spinoff of the British Defense Evaluation and Research Agency—what was the UK's equivalent of the US Defense Advanced Research Projects Agency—is often cited as the inspiration for James Bond's "Q." But for at least three years, QinetiQ was apparently unintentionally supplying its expertise to another customer: China…The hackers were able to exploit unpatched security flaws and other vulnerabilities across QNA to infiltrate multiple divisions of the company—including Cyveillance, the company's cybersecurity unit
Fake AV scammers impersonate Microsoft(Help Net Security) Cyber scammers continue to impersonate Microsoft and try to trick users into believing that their computer is serious need of an AV solution. Webroot researchers have spotted an active campaign
How porn links and Ben Bernanke snuck into Bitcoin's code(CNN Money) Here's a little-known quirk of cyber currency Bitcoin: There are coded messages hidden in the ledger that track bitcoin transactions. Most are innocuous, but this week, the discovery of a malicious transmission filled with porn links set the Bitcoin community abuzz
A primer on Bitcoin risks and threats(Help Net Security) Bitcoin is a digital currency whose creation and transfer is based on an open source cryptographic protocol. There are many benefits to using it (no transaction fees, anonymous payments, etc.), but
Google Glass hackers can see what you see, hear what you hear(Fox News) Thanks to a glaringly obvious security flaw in the futuristic Google Glass wearable computer, a hacker could within minutes take control of the device -- seeing what you look at, hearing what you hear, experiencing life through your senses
Phishing scams get more crafty(World Radio Switzerland) Cyber criminals are becoming more crafty according to the government's Reporting and Analysis Center for Information Assurance (MELANI). Criminals are adapting their phishing methods to keep up with banks' security measures. MELANI is warning people
Exploit Devs At Risk: The Nuclear Scientists Of The Next Decade?(Dark Reading) Will a nations exploit developers become the potential targets of state-sponsored assassinations in the future, much like the nuclear scientists of the past century? When news stories broke last month regarding the legitimacy of using lethal force against civilian hackers, I questioned what the future might hold for exploit devs and other members of the cybersupply chain who are facilitating state-funded, offensive cybercapabilities -- particularly when it comes to more belligerent regimes, such as Iran and North Korea. Are we inevitably set on a path where these individuals may be at the same level of risk that, say, Iranian nuclear researchers have been during the past few years
Most Common IT Security Attack? Not SQL Injection(eSecurity Planet) A new study from Whitehat finds SQL injection doesn't even make the top 10 of website security attacks. Jeremiah Grossman, founder and CTO of Whitehat Security, has seen a lot of different types of security attacks in his time. He knows the most common types of attacks aren't necessarily the ones that have
New report demonstrates that compliance can harm security(InfoSecurity) The Website Security Statistics Report demonstrates that security requires accountability, that 'best practices' is a difficult concept, and that 'what's needed is more secure software, not more security software'
Mobile tech inspires cyber crime(IT Web) The ever-evolving nature of mobile devices opens doors for would-be criminals, making BYOD policy the new business rule. The doors of opportunity are increasingly opening up to cyber criminals as mobile devices become more functional and ubiquitous – with the 400% increase in malware experienced from 2011 to 2012 being a distinct product of modern mobile technology
Column: The Dangers of Deep Packet Inspection(Maximum PC) Over the years, there's been talk on and off about a technology called Deep Packet Inspection, but apart from sounding like the title of sysadmin-themed porn, why should you care? Technically, DPI is what happens when an ISP looks past the headers
Serious website vulnerabilities continue to decrease(Help Net Security) A new WhiteHat Security report has correlated vulnerability data from tens of thousands of websites from more than 650 organizations, with software development lifecycle (SDLC) activity data obtained
The insecurity of the component lifecycle(Help Net Security) Open source component use continues to skyrocket with applications now more than 80 percent component-based, while at the same time organizations continue to struggle with establishing policy to secure
Saudi Arabia is a top target for cyber attacks(The National) Saudi Arabia is the most targeted country for cyber attacks in the Middle East, according to a new report. The kingdom ranks second globally, while the UAE is the fifth most targeted in the Middle East according to Symantec's Internet Security Threat Report 2013
Raytheon brings intelligence unit to Dulles(Washington Business Journal) The moves are part of a Raytheon consolidation to streamline operations that was announced in March. The company said then that its Intelligence and Information Systems unit would be combined its Dulles-based Raytheon Technical Services unit to create
Toronto mobile firm reveals how it got CIA contract(ITWorld Canada) Interested in landing a lucrative business contract with the likes of the United States Central Intelligence Agency, the National Security Agency or the Federal Bureau of Investigation? Despite their cloak-and-dagger reputation, dealing with these
Budget tops list of concerns in annual CIO survey(FierceGovernmentIT) Budget is the top concern among federal chief information officers in an annual survey from TechAmerica and Grant Thorton, published May 2. Based on interviews with 41 federal CIOs, report authors say federal information technology leaders are concerned about budget constraints caused by the continuing resolution and sequestration, and inadequate budget authorities that impact how much control they have over IT programs
Obama taps fundraiser Pritzker for Commerce post(Fox News) President Obama on Thursday chose two old friends with business executive experience for top posts on his economic team, naming longtime fundraiser Penny Pritzker to the Commerce Department and adviser Michael Froman as U.S. Trade Representative
KKR holds talks with Petraeus over role(Financial Times) David Petraeus, the former CIA director, is in talks with KKR that may lead to a role for him at the private equity firm whose co-founder, Henry Kravis, has a longstanding relationship with the former US military commander
New Dell deal proposal seems likely(FierceFinance) How low will Dell's stock go? For the moment, the stock is hovering just below the $13.65 offer from Michael Dell and Silvery Lake, the only formal deal proposal on the table. But it's fair to say that the stock price could go a lot lower depending on how shareholders vote this summer. If shareholders ultimately nix the deal, the stock could plummet dramatically
Brian Krzanich Elected Intel CEO, Renee James Named President(GovConWire) Brian Krzanich, a 31-year veteran of Intel (NASDAQ: INTC) and current chief operating officer, has been elected to succeed the retiring Paul Otellini as CEO on May 16. Krzanich was a unanimous choice byBudget Year the board of directors and becomes the sixth chief executive in the company's history, Intel said Thursday
Products, Services, and Solutions
The Trouble With Identity's Late Arrival On Instagram(TechCrunch) BeTheDancer is Alex Greenburg's name and handle on Instagram. He's a good friend and a brilliant photographer, but because Instagram doesn't require real names, I had a lot trouble using the app's new tagging feature to point him out in my photos. Right now, Instagram's 100 million users are discovering that while pseudoanonymity can be fun, it's not very functional
Fast digital forensics sniff out accomplices(New Scientist) Software that rapidly analyses digital devices and builds a list of a suspect's known associates could be a powerful tool for solving crimes. When a suspect is apprehended, their computers, phones and other devices become important sources of evidence. But mining all that data – a typical case can involve several terabytes of information – takes time, and usually requires specially trained officers. Backlogs can delay investigations for weeks
Review: Codeproof for iOS(Help Net Security) Codeproof Technologie is a SaaS (Software-as-a-Service) provider from Redmond that offers a mobile device management (MDM) solution for Android and iOS devices. This review focuses on the company's
Secunia VIM v4.0(SC Magazine) Secunia VIM is a real-time vulnerability intelligence and management tool, providing organisations with the necessary information required to analyse vulnerabilities in their IT infrastructure, as well as track them from a centralised dashboard interface
A 40Gbps deep packet inspection(electronicsfeed.com) Napatech and Procera Networks, Inc. will debut a new 40 Gbps Deep Packet Inspection (DPI) platform. "As network speeds, and the sheer number of applications
How startup Enigma could change the big data game(FierceBigData) A new kind of big data startup launched this week that lives up to its name: Enigma. It is enigmatic to say the least, as it will be a vast data source open to everyone, most of whom don't have a clue what to do with it. But for those who do, it could be a game changer
Facebook puts account security in the hands of your friends(CNet) The next time you're locked of your Facebook account, one of your besties can loan you the key. Facebook today released a security feature called "Trusted Contacts" as an optional way for people to recover their passwords with the help of their closest friends. Thursday marks the global rollout of the redesigned feature, previously named Trusted Friends, which the company first started testing back in 2011
CIOs Must Manage the Risk of the Status Quo(CIO) One of a CIO's greatest risks is not moving fast enough, says columnist Adam Hartung. To avoid out-of-date thinking, ask futuristic questions like "What if in five years smartphones and tablets totally replace laptops?
Older and Wiser…Up to a Point(IEEE Spectrum) "Tech is a young person's game." "You can't teach old dogs new tricks." "A child could solve this problem--someone send for a child." Prejudice against older programmers is wrong, but new research suggests it's also inaccurate. A dandy natural experiment to test the technical chops of the old against the young has been conducted—or discovered—by two computer scientists at North Carolina State University, in Raleigh. Professor Emerson Murphy-Hill and Ph.D. student Patrick Morrison went to Stack Overflow, a Web site where programmers answer questions and get rated by the audience. It turned out that ratings rose with contributors' age, at least into the 40s (beyond that the data were sparse). The range of topics handled also rose with range (though, strangely, after dipping in the period from 15 to 30). Finally, the old were at least as well versed as the young in the newer technologies
Intel's high-performance, low-power secret: the Haswell SoC(Ars Technica) See you later, Sandy Bridge. Say hello to tablet-like power characteristics. In the semiconductor world, integration is omnipresent, driven by Moore's Law. Integration reduces power and cost while increasing performance. The latest realization of this trend is the System-on-a-Chip (SoC) approach pervasive among PCs, tablets, and smartphones. And the latest SoC is Haswell. Haswell is the first new family of SoCs from Intel to target the 22nm FinFET process, which uses a non-planar transistor that wraps around the gate on three sides. While Ivy Bridge was the first family of 22nm products, it was not fully optimized for the 22nm process. The CPU was a shrink of the 32nm Sandy Bridge rather than a new design
OU Student's Film Examines Internet Privacy, Security(WOUB) When Jeremy Zerechak was called to relieve the first rotation of Operation Iraqi Freedom in 2004, he took a leave of absence from his film studies at Penn State University, packed his duffle bag with video equipment, and arrived for training at the United States Army base of Fort Dix, N.J., with the intention of "capturing as much content as possible"…It was at a Los Angeles festival screening when Zerechak heard the call of his second film. He met a patron who had worked as an intrusion protection specialist for the Federal Reserve. After picking the man's brain over the course of the festival, Zerechak returned to Pittsburgh "almost convinced" he had found a new project: detailing the intricacies of privacy and security in the age of information technology. In his preliminary research, he uncovered an expansive story that was largely untold in the mainstream media. And when the media did touch on it, Zerechak said, it was subject to gross inaccuracies and hyperbole
The hollow promise of a big-data education revolution(FierceBigData) One of the more hollow promises of big data is the one promising to revolutionize education, if by "revolutionize" those making the claim mean "swiftly improve." I wholeheartedly think big data will revolutionize many things. I just don't think education is one of them. I am not an education expert and this is not an education column. But claims like this are what make people scoff at big data
Ewing's Voice: Cyberattacks Hinder Relationships(My High School Journalism) The attacks from this building were tracked to the military headquarters of China, according to an in-depth study released by the American computer security firm Mandiant. The building is home to the headquarters of the People's Liberation Army's, also
Lute: 'We Cannot Run Cyber Like an Intelligence Program'(Nextgov) Today, the Department of Homeland Security loses one of its top voices as Deputy Secretary Jane Holl Lute departs the agency after four years. In addition to her experience in homeland security, Lute has a long history of public service in national
Florida Supreme Court Deepens Lower Court Split on Searching a Cell Phone Incident to Arrest(Volokh Conspiracy) I recently mentioned my new short essay, Foreword: Accounting for Technological Change, 36 Harv. J. L. & Pub. Pol'y 403 (2013), about how the Supreme Court should resolve the lower court division on the Fourth Amendment rule for searching a cell phone incident to arrest. In light of that, I thought I would flag this morning's decision by the Florida Supreme Court deepening the lower court division. In the new case, Smallwood v. State, the court ruled that the police can routinely seize a cell phone incident to arrest, but they generally need a warrant to search it absent a demonstrated risk that evidence on the phone could be destroyed after it had been seized
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
(ISC)² CyberSecureGov(Crystal City, Virginia, USA, May 7 - 8, 2013) Join (ISC)² for an exciting two days as they explore the prevailing factors working against US Government IT Security practitioners and managers, how existing technical and personnel resources are faring...
Interop Las Vegas(Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...
ITWeb Security Summit 2013(Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers...
The Computer Forensics Show(New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity...
ASIS 23rd New York City Security Conference and Expo(New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges...
Software Engineering Institute Invitational Hiring Event(Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on...
Baltimore Tech-Security Conference(Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
CyberSecurity UAE Summit 2013(Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising...
GovSec(Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...
Thriving in the Post-Sequestration GovCon Era(McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each...
Second Maryland Cybersecurity Center Symposium (MC2)(College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote...
FOSE(Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers...
7th Annual INSA IC Industry Day(Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is...
Hack Miami(Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...
CEIC 2013(Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.
IEEE Symposium on Security and Privacy(San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...
U.S. Department of State Mobile Computing Forum(Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services...
International Workshop on Cyber Crime (IWCC)(San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...
Web 2.0 Security and Privacy(San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...
Maryland/DC Celebration of International Trade(Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...
IEEE-Cyber 2013(Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT(Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...
Cyber Security for the Chemical Industry(Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...
DGI Cyber Security Conference & Expo(Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.