Details of the large cyber espionage effort staged from India come into clearer focus. It appears to continue a long-standing campaign ("Hangover," going back to 2010) that began to come to light late last year when attacks against Norway's Telnor and others were exposed. Norman Shark sees the name of an Indian security company.
A cyber espionage campaign, ("Safe" not as erroneously published elsewhere, "SafeNet") is exploiting a patched Microsoft Office vulnerability.
China's Unit 61398 resumes attacks on US targets, now using new methods. Shaming and diplomacy having apparently failed, US policy makers mull their options.
The Syrian Electronic Army continues hijacking news organization accounts—the Telegraph and Financial Times both attract SEA's unwanted ministrations. 1923Turkz breach a Bangladeshi Air Force site, and Anonymous (which shows signs in Italy of eating itself) is a nest of goldbugs.
Remote code execution vulnerabilities appear in iOS apps. A form-grabbing rootkit hits the black market. Microsoft apparently knows more about Skype traffic than most users suspect. "Bulletproof hosters" receive scrutiny from Krebs and others—they've been key enablers of denial-of-service attacks.
The US Department of Homeland Security says its cyber personnel problems lie in recruiting, not retention. Vista Equity Partners will acquire Websense. Dell shutters its public cloud effort. Bloomberg continues to address customer privacy concerns, hiring former IBM CEO Palmisano for an investigation.
US Government plans to prevent "going dark" may backfire. Journalists react to prosecutorial targeting in leak and espionage cases.
Today's issue includes events affecting Australia, Bangladesh, Brazil, Chile, China, Costa Rica, India, Italy, Japan, Malaysia, Mongolia, New Zealand, Pakistan, Peru, Philippines, Romania, Russia, Syria, Turkey, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Pakistan Organisations Targeted By Massive Indian Cyber Operation(TechWeekEurope UK) A large, lengthy cyber attack allegedly carried out from within India has been uncovered, with most of the targets of the espionage operation based in Pakistan, where government bodies have been hit. Investigations into the attack infrastructure were
Attack on Telenor was part of large cyberespionage operation with Indian origins, report says(CSO) Security researchers uncovered an active large-scale cyberespionage operation of Indian origin that started several years ago. A recent intrusion on the computer network of Norwegian telecommunications company Telenor was the result of a large cyberespionage operation of Indian origin that for the past few years has targeted business, government and political organizations from different countries, according to researchers from security firm Norman Shark
Large cyber espionage emanating from India(Help Net Security) Norman Shark uncovered a large and sophisticated cyber-attack infrastructure that appears to have originated from India. The attacks, conducted by private threat actors over a period of three years and still ongoing, showed no evidence of state-sponsorship but the primary purpose of the global command-and-control network appears to be intelligence gathering from a combination of national security targets and private sector companies
Don't Fear the Hangover - Network Detection of Hangover Malware Samples(RSA FirstWatch) Today, Norman and Shadowserver released a paper that revealed a large attack infrastructure in which they detailed an ongoing campaign, running as far back as September 2010. This campaign, reportedly run out of India, used spear-phishing attacks and multiple strains of malware to breach targets of interest and extract data
Cyber espionage campaign uses professionally-made malware(Help Net Security) Trend Micro researchers have discovered a new, massive cyber espionage campaign that has been hitting as many as 71 victims each day, including government ministries, technology companies, academic research institutions, nongovernmental organizations and media outlets
Securo-boffins uncover new GLOBAL cyber-espionage operation(The Register) Government ministries, technology firms, media outlets, academic research institutions and non-governmental organisations have all fallen victim to an ongoing cyberespionage operation with tendrils all over the world, according to researchers. Infosec researchers have uncovered SafeNet in as many as 100 countries. SafeNet targets potential marks using spear-phishing emails featuring a malicious attachment that exploits a Microsoft Office vulnerability that was patched last year
Safe - Tools, Tactics and Techniques(Internet Storm Center) Trend Micro published a report last week on a spear-phishing emails campaign that contain a malicious attachment exploiting a Microsoft Office vulnerability (CVE-2012-0158). This paper identified specific targets: Government ministries, Technology companies, Media outlets, Academic research institutions, Nongovernmental organizations
Syrian Electronic Army hacks FT site and Twitter feeds(ITProPortal) The Financial Times is the latest publication to fall victim to hackers who align themselves with the regime of Syrian President Bashar-al-Assad. "Various FT blogs and social media accounts have been compromised by hackers and we are working to resolve the issue as quickly as possible," the @FTPressOffice Twitter account said
Anonymous 'gold bugs' to hack oil, national sites(Times Of Israel) Hacker group Anonymous has been pretty tight-lipped about its political beliefs with operations in the organizations name conducted against Western democracies, authoritarian countries like China, and Muslim countries like Egypt, Syria, and Iran. And, of course, Israel.But one thing has become clear in the lead-up to its next major hacking attack: Anonymous members are gold bugs, people who believe that the yellow metal is the proper method for the exchange of goods and services and advocate
Saudi Arabia's government websites hacked(CBR) Interior ministry website was also brought down for an hour. Several KSA government websites have faced 'coordinated and simultaneous' cyber attacks, from the overseas in recent days
Bangladesh Air Force Career website's database hacked by @1923Turkz(E Hacking News) A hacker has managed to gain access to the database server of the official career website of Bangladesh Air Force and leaked the accounts' login credentials. "Joinbangladeshairforce.mil.bd", serves as a portal for applying for Air Force, is reportedly breached by the hacker using the online name @1923Turkz. The SQL injection vulnerability in the website gave him the opportunity to break in.The database breach was announced in his twitter account along with the link to the accounts leak
Chinese hackers resume attacks on U.S. targets(CSO) Shame campaign by Obama administration fails to deter cyber bandits. For the last three months or so, the U.S. government and some of its defense contractors have engaged in a war of shame on China to pressure it to cool its cyber-attacks on U.S. targets. The campaign appeared to be yielding results, but it seems that Chinese hackers were only catching their breath. The notorious Unit 61398, also known as the "Comment Crew,"--an elite cyber unit linked by U.S. security firms to the China's People's Liberation Army (PLA)--has renewed its raids on U.S. entities using different techniques, the New York Times reported Sunday
Chinese Hackers Gained Access To U.S. Data Via Google(Washington Post) Chinese hackers who breached Google's servers several years ago gained access to a sensitive database with years' worth of information about U.S. surveillance targets, according to current and former government officials
Attacks from China: A survival guide(CSO) Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat
Opinion varies on action against Chinese cyberattacks(CSO) New cyberespionage attack by People's Liberation Army prompts calls for action such as sanctions, but experts are mixed on best response. Security experts agree that the U.S. government should take stronger action against Chinese cyberattacks, but exactly what those measures should be varies widely. The issue of cyberespionage on the part of China made headlines once again on Sunday, with The New York Times reporting that a cyberunit of China's People's Liberation Army resumed stealing data from U.S. companies and government agencies after a three-month hiatus
Island Nation's Web Domain Now Paradise for Spammers(TechNewsWorld) Security professionals were blindsided by this development -- a new domain that's become a haven for spammers. PW used to belong to Palau, a tiny island country in the Pacific Ocean. Now it's owned by someone else who's been selling it at discount prices. Antispam vendors are now working to update their filters, and the original registrar is assisting in their efforts
Jumcar. From Peru with a focus on Latin America(SecureList) "Jumcar" is the name we have given to a family of malicious code developed in Latin America - particularly in Peru - and which, according to our research, has been deploying attack maneuvers since March 2012
CVs and sensitive info soliciting email campaign impersonates NATO(Webroot) Want to join the North Atlantic Treaty Organization (NATO)? You may want to skip the CVs/personally identifiable information soliciting campaign that I'm about to profile in this post, as you'd be involuntarily sharing your information with what looks like an intelligence gathering operation
Form-grabbing rootkit sold on underground forums(Help Net Security) There seemingly no end to the automated tools that aspiring cyber crooks can buy on underground forums. The latest of these discovered by Webroot's Dancho Danchev is "Private Grabber", a commercial
Think your Skype messages get end-to-end encryption? Think again(Ars Technica) If you think the private messages you send over Skype are protected by end-to-end encryption, think again. The Microsoft-owned service regularly scans message contents for signs of fraud, and company managers may log the results indefinitely, Ars has confirmed. And this can only happen if Microsoft can convert the messages into human-readable form at will
Conversations with a Bulletproof Hoster(Krebs on Security) Criminal commerce on the Internet would mostly grind to a halt were it not for the protection offered by so-called "bulletproof hosting" providers - the online equivalent of offshore havens where shady dealings go ignored. Last month I had an opportunity to interview a provider of bulletproof services for one of the Web's most notorious cybercrime forums, and who appears to have been at least partly responsible for launching what's been called the largest cyber attack the Internet has ever seen
Governments should be nervous about Bitcoin, says Rushman(HedgeWeek) Professor Jon Rushman believes that in the long term cyber currencies like Bitcoin could see the end of central banks and foreign exchange and so it is understandable governments are nervous about it. The new virtual currency has become progressively
For cyber-terrorists: 'There's no firewall for stupidity'(KOMO News) The former head of security of Microsoft now consults foreign governments and Fortune 500 companies a with former Department of Homeland Security Secretary Tom Ridge on global cyber threats. "If you could actually look around the country and made a
Digital strongboxes won't solve whistleblower problem for journalists(CSO) Strongbox preserves anonymity at the price of authenticity. Following the news last week that the Department of Justice had secretly obtained records of phone calls made by the Associated Press in an attempt to find an information leak, the New Yorker magazine launched an online scheme to receive sensitive documents and preserve the identity of their sources. The service, called Strongbox, is based on a project developed by Kevin Poulsen, a Black Hat hacker turned magazine editor, and Aaron Swartz, who took his own life in January after an aggressive prosecution of his digital activities by the DOJ
Behind the scenes: Privacy and data-mining(SC Magazine) Every contemporary consumer knows it: There's a fine balance between the convenience that comes with seamless online access and the privacy one can expect to retain in a networked world
Over 45% of IT pros snitch on their colleagues(Help Net Security) Forty five percent of IT workers admit they would snitch you up to the boss if you decide to break corporate rules or access company information that you shouldn't on the network or Internet
The imperative for device management is key to the DOD's mobility plan(Defense Systems) In the wake of a scathing internal Defense Department review of the Armys commercial mobile device use, pressure is mounting on the Defense Information Systems Agency to find solid footing for mobile device management that will allow military personnel secure access to defense applications and data over government-issued devices
Common Ground: The U.S. Army's Col. Charles Wells on Integrating Intel(DefenseNews) Col. Charles Wells is the program manager for the Army's Distributed Common Ground System, the service's effort to integrate all streams of intelligence. There has been controversy in the past, driven by a link-analysis software company, Palantir, which was reportedly favored by some Army units. Capitol Hill even weighed in on Palantir's behalf
Let the NDAA fight begin - Deprogramming the reprogramming request(Politico) Sexual assault, BRAC and sequestration are set to dominate the discussion as the House Armed Services Committee this week kicks off its annual defense authorization bill process. On Wednesday, the subcommittees on strategic forces, intelligence, seapower and personnel are scheduled to hold their markups. On Thursday, the subcommittees on readiness and tactical air and land forces are scheduled to hold theirs…Cybersecurity: Texas Rep. Mac Thornberry, the leader of the emerging threats panel that oversees much of the committee's cyber work, specifically said his focus early would be money and manpower. Thornberry explained the "main issues are going to revolve around funding," particularly as U.S. Cyber Command under Gen. Keith Alexander works to recruit new offensive and defensive cyber teams
Commerce CISO: Cybersecurity is about more than technology(FierceGovIT) With the goal of building a cadre of highly-skilled cyber security experts, the Commerce Department tripled role-based training completion in three years and implemented an award-winning personally-identifiable information training program department wide
DHS cyber has problems with hiring, not retention, says Stempfley(FierceGovIT) The Homeland Security Department doesn't have a cybersecurity personnel turnover problem so much as a hiring problem, said Roberta Stempfley, acting assistant secretary of the office of cybersecurity and communications, during a May 16 House hearing
Cassidian wins UK Parliament security contract(CBR) As per the deal, Cassidian will provide ICT services for an initial period of three years. EAD's security and defense unit Cassidian has secured a contract from the British Parliament to provide ICT (information communication technology) security services to protect the ICT environment from cyber attack
Could Silver Lake walk away from Dell deal?(FierceFinance) Most in the industry believe that the dismal state of Dell's earnings strengthens Michael Dell's hand when it comes to the leveraged buyout offer he and Silver Lake have on the table. The deal for $13.65 looks richer and richer as the company's operating prospects tumble
Dell Kills Project To Build Out Public Cloud, Sends Layoff Notices(TechCrunch) Dell has decided not to build out its public cloud and will instead rely on partners such as Joyent to provide infrastructure services. A source close to the matter said layoff notices at the company went out on Friday. The group had more than 300 people in it. It is not known who was laid off or offered other jobs in the company. A spokesperson said Dell would not comment about personnel issues
Websense Signs Definitive Agreement To Be Acquired By Vista Equity Partners(Dark Reading) Websense, Inc. (NASDAQ: WBSN) a global leader in protecting organizations from the latest cyber-attacks and data theft, today announced that it has entered into a definitive agreement to be acquired by Vista Equity Partners ("Vista"), a leading private equity firm focused on investments in software, data and technology-enabled businesses
Bloomberg hires former IBM chief Palmisiano to conduct data privacy probe(Finextra) The review follows revelations last week that Bloomberg journalists had snooped on clients by monitoring page views and log-ins by traders using its desktop data terminals.In a statement, Bloomberg says that Palmisano will immediately probe the company's current practices and policies for client data and end user information, including a review of access issues. He will be assisted by the law firm Hogan Lovells and consulting practice Promontory Financial Group in his investigation
Bit9, FireEye, Palo Alto Networks team to hit zero-day malware(Network World) Network World - Bit9 has teamed with FireEye and Palo Alto Networks, which each have sandboxing technologies, in order to share information related to zero-day attack code. FireEye and Palo Alto Networks, with its next-generation firewall, each have
Top two-factor authentication tools(CSO) Relying on a simple user ID and password is fraught with peril. That's where two-factor authentication services come into play. We tested 8 two-factor schemes that use soft tokens, which could mean using a smartphone app, SMS text message, or telephony to provide the extra authentication step. The vendors are: Celestix, Microsoft, RSA, SafeNet, SecureAuth, Symantec, TextPower, and Vasco
SAP unveils mobile enterprise apps with consumer feel(FierceMobileIT) Enterprise software giant SAP has unveiled consumer-style apps for the mobile enterprise under the Fiori name. Fiori is a collection of apps that offer a consumer type of user experience for SAP enterprise software for tablets and smartphones, as well as PCs
Protecting Industrial Control Systems from Electronic Threats(Momentum Press) Aimed at both the novice and expert in IT security and industrial control systems (ICS), this book will help readers gain a better understanding of protecting ICSs from electronic threats. Cyber security is getting much more attention and "SCADA security" (Supervisory Control and Data Acquisition) is a particularly important part of this field, as are Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Intelligent Electronic Devices (IEDs), and all the other, field controllers, sensors, drives, and emission controls that make up the "intelligence" of modern industrial buildings and facilities
EventTracker Unveils Enterprise v7.4(Virtual Strategy) EventTracker, a leading provider of comprehensive SIEM solutions today announced the general availability of EventTracker Enterprise v7.4 security information and event management (SIEM) solution. This latest release incorporates new collaboration features such as an Electronic Logbook that records incidents, reports, and changes with valuable context, as well as the ability to flag interesting incidents, reports, configuration assessment or change audits that enable IT teams to escalate efficiently
Technologies, Techniques, and Standards
Even SMBs Should Look To Log Management For Security(Dark Reading) A firewall, patch procedure, anti-malware and, possibly, an IDS are a good start. But to detect breaches, small and medium businesses should focus on logging activity and looking out for suspicious behavior
ACMA database keeps finger on Australia's malware pulse(CSO) Australian ISPs and universities are sending more than 10,000 emails a day to warn customers their systems appear to be infected by malware - but as few as one in five is ever read by its recipient, statistics from the Australian Communications and Media Authority's (ACMA's) Australian Internet Security Initiative (AISI) show
Strategies For Improving Web Application Security(Dark Reading) Web applications are the most frequent targets for online hackers -- partly because they are your enterprise's most visible points of entry and partly because they are notoriously fraught with vulnerabilities. At the same time, most enterprises must maintain a Web presence in order to do business, so there's little choice about facing the risk.Being proactive about Web application security should be a top IT priority: When a Web application is taken out, money is lost
Individuals can be identified despite IP address sharing, BT says(Out-law) The internet service provider (ISP) has announced that it is currently piloting technology called Carrier-Grade Network Address Translation (CGNAT) that will see as many as nine different customers share the same IP address.BT said it is trialling CGNAT in a bid to make the most efficient use of existing "IPv4 internet address", which are currently "running out", before new "IPv6 addresses become widely adopted". Doing so will enable fixed-line internet customers to stay connected, it said
Why don't risk management programs work?(CSO) When the moderator of a panel discussion at the recent RSA conference asked the audience how many thought their risk management programs were successful, only a handful raised their hands. So Network World Editor in Chief John Dix asked two of the experts on that panel to hash out in an email exchange why these programs don't tend to work
Maryland professors weigh up cyber risks(Financial Times) Their research has received funding from the National Security Agency in the US and the Department of Homeland Security awarded the pair a $666,000 grant at the end of last year. According to Prof Gordon, this support stems from federal government
Digital Government Strategy: The final countdown(FierceGovernmentIT) Thursday, May 23 marks the one-year anniversary of the Obama administration's unveiling of the Digital Government Strategy, and with that milestone comes an array of deliverables that are due under the strategy
Economic espionage threatens openness in science and technology(FierceGovernment) Efforts to protect scientific and technological advancements from espionage should focus on defining the line between basic research and the development of applied technology, a member of the U.S.-China Economic and Security Review Commission told a House panel May 16
Avoiding Delays in Sharing Threat Data(BankInfoSecurity) The House passed the Cyber Intelligence Sharing and Protection Act earlier this spring, and there's chatter that the Senate Intelligence Committee will draft its own version of that bill [see House Handily Passes CISPA]. President Obama, in an
'Going dark' remedy could boomerang to undermine national security(FierceHomelandSecurity) A federal attempt to ensure that Internet communications and services can be wiretapped could undermine national security by making the U.S. government's own communications less secure and by causing hardened communication tools to proliferate among a receptive audience that includes bad guys, says a May 17 paper from privacy advocates and cybersecurity researchers
Cyberattacks call for legislation and open debate(Washington Post) The shadowy world of cybercrime was exposed in the recent federal indictment of eight men accused of manipulating computer networks and ATMs to steal $45 million over seven months. The heist combined sophisticated hacking with street-level hustle. In New York City alone, thieves struck 2,904 cash machines over 10 hours on a single day in February
American engineer's death suicide or cyber-espionage?(CBS) The death of an American computer engineer, Shane Todd, in Singapore has created quite a stir. His parents contend he was murdered, but authorities say it was suicide. The mystery seems to have links to the dark world of cyber-spying and could possibly involve China. Rick and Mary Todd traveled from Montana to Singapore to prove that their son was actually the victim of a web of international cyber-espionage
Reporter Deemed "Co-Conspirator" in Leak Case(Secrecy News) In a startling expansion of the Obama Administration's war on leaks, a federal agent sought and received a warrant in 2010 to search the email account of Fox News correspondent James Rosen on grounds that there was probable cause the reporter had violated the Espionage Act by soliciting classified information from a State Department official
Obama administration mistakes journalism for espionage(Washington Post) The Obama administration has no business rummaging through journalists phone records, perusing their e-mails and tracking their movements in an attempt to keep them from gathering news. This heavy-handed business isnt chilling, its just plain cold.It also may well be unconstitutional. In my reading, the First Amendment prohibition against abridging the freedom ... of the press should rule out secretly obtaining two months worth of the personal and professional phone records of Associated Press
DAP complains to MCMC over blockade on its websites, videos, FB, social media networks(Malaysia Chronicle) DAP is lodging an official complaint to MCMC today on the Internet blockade to DAP sites, videos hosted on youtube.com, DAP's facebook accounts, DAP MP's blogs and news portals. On 2nd May 2013, MCMC released a statement reported in the mass media stating, "Preliminary investigations indicate no such restrictions by ISPs as alleged by certain quarters". This is in response to an earlier report by Malaysiakini to MCMC
Police arrest Anonymous suspects in Italy(CSO) Italian police arrested four suspected hackers Friday, accusing them of having taken control of the Italian branch of the Anonymous network. The alleged hackers, aged between 20 and 34, were placed under house arrest near the northern cities of Bologna, Turin and Venice, and in the southern town of Lecce
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CEIC 2013(Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.
IEEE Symposium on Security and Privacy(San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...
Maryland/DC Celebration of International Trade(Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...
U.S. Department of State Mobile Computing Forum(Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services...
International Workshop on Cyber Crime (IWCC)(San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...
Web 2.0 Security and Privacy(San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...
IEEE-Cyber 2013(Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT(Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...
Cyber Security for the Chemical Industry(Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...
DGI Cyber Security Conference & Expo(Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...
Diversity Careers in Cybersecurity Symposium(Baltimore, Maryland, USA, May 30 - June 2, 2013) The 2013 Diversity Careers in Cybersecurity Symposium creates opportunities for networking and learning. We invite top executives to give presentations on topics ranging from leadership best practices...
Recent Advances in Reverse Engineering (RARE)(San Francisco, California, USA, June 1 - 2, 2013) The goal of the rare conference is to provide a venue where people interested in the analysis of binary programs can speak to one another directly, and to form a common language outside of their respective...
Consumerization of IT in the Enterprise Conference and Expo(San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.