skip navigation

More signal. Less noise.

Daily briefing.

We thought this had already happened, but perhaps we missed a peace treaty: Anonymous "declares war" on the United States government.

Indonesian-Australian cyber-rioting brews up with multiple attacks on Australian sites even as Australia's PM seeks to mollify Indonesian resentment over surveillance.

A backdoor worm "Java.Tomdep," apparently designed to stage denial-of-service attacks, is found infecting machines running Apache Tomcat—attack servers are in Taiwan and Luxembourg.

The Internet Storm Center is following Renesys' warning of a large-scale man-in-the-middle campaign. (The fishy signal? Traffic between Ashburn, Virginia, and Washington, DC, being routed through Russia and Belarus.)

Banks are advised to beware of new financial malware, "i2Ninja," quietly being sold on the Russian blackmarket. One interesting feature: it uses the I2P darknet for command-and-control, thus avoiding the attention Mevade drew to itself by spiking Tor traffic.

Microsoft joins in recommending backup as the best defense against CryptoLocker; their warning also contains some useful insight into the dangerous ransomware.

BitSight rates security by industry: the financial sector is tops, tech scores rather low, and the energy sector has seen a significant drop-off over the past year. EY (the consultancy formerly known as Ernst & Young) says CIOs are taking cyber security more seriously (but other observers still see significant underinvestment).

Trend Micro wonders whether the days of unencrypted HTTP are drawing to an end.

China's newly revamped security apparat uses natural-language-tracking technology for domestic surveillance. Germany increases counterintelligence vigilance against its allies. Calls to sanction China for cyber espionage reappear in the US.

Notes.

Today's issue includes events affecting Australia, Bahrain, China, Czech Republic, Ethiopia, India, Indonesia, Iran, Republic of Korea, Libya, Luxembourg, Morocco, Pakistan, Russia, Syria, Taiwan, United Arab Emirates, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Declares Global Cyber War on U.S. Government against Hammond's Sentence and NSA Spying (Hack Read) The online hacktivist group Anonymous has released a video, according to which the group has declared global cyber war on the government of United States against injustice, NSA's spying and 10 year sentence of a cyber activist Jeremy Hammond…In the message, Anonymous has requested that: 'People who follow Anonymous, do not deface U.S government websites, do not occupy

Pakistani Hackers Hacks All India Radio Allahabad Website, Greets Iranian and Syrian Hackers (Hack Read) The official website of All India Radio Allahabad has been hacked and defaced by Pakistani Hacker going with the handle of BLACK H3ART. Hacker has left a deface page along with a message on All India Radio Allahabad website, talking about a warning and hailing Iranian and Syrian hackers

Hackers target AFP, Reserve Bank sites (The Australian) The websites of the Australian Federal Police and the Reserve Bank of Australia have been the victims of an apparent cyber attack, with Indonesian hackers claiming responsibility

New backdoor worm found attacking websites running Apache Tomcat (Ars Technica) Tomdep harnesses strength of servers to wage powerful denial-of-service attacks. Researchers have identified new self-replicating malware that infects computers running the Apache Tomcat Web server with a backdoor that can be used to attack other machines

Are large scale Man in The Middle attacks underway? (Internet Storm Center) Renesys is reporting two separate incidents where they observed traffic for 1500 IP blocks being diverted for extended periods of time. They observed the traffic redirection for more than 2 months over the last year. Does it seem unusual for internet traffic between Ashburn Virginia (63.218.44.78) and Washington DC (63.234.113.110) to go through Russia to Belarus? That is exactly what they observed. Once traffic flows through your routers there are countless opportunities to capture and modify the traffic with classic MiTM attacks. In my humble opinion we should put very little stock in the safety of SSL traffic as it flows through them. Attacks such as the SSL Crime attack, Oracle Padding attacks, Beast and others have shown SSL to be untrustworthy in circumstances such as this

Banks Should Beware i2Ninja Malware: Trusteer (American Banker) A low-profile strain of malware — recently discovered on a Russian cybercrime forum — could spell big trouble for bank customers and financial services companies alike, says computer security company Trusteer

i2Ninja Financial Malware Lurking on I2P Darknet (Threatpost) The Mevade botnet made news when it was found to be using the Tor anonymity network to communicate with its command and control infrastructure. Running C&C on Tor, however, turned out to be a fatal mistake when Tor usage spiked alerting administrators to the unusual activity

Bogus "free Bitcoin generator" offer leads to malware (Help Net Security) The rising popularity of Bitcoin hasn't gone unnoticed by online scammers, and according to ThreatTrack's Chris Boyd, they have started tricking users into completing online surveys with promises

Backup the best defense against (Cri)locked files (Microsoft Malware Protection Center) Crilock - also known as CryptoLocker - is one notorious ransomware that's been making the rounds since early September. Its primary payload is to target and encrypt your files, such as your pictures and Office documents. All of the file types that can be encrypted are listed in our Trojan:Win32/Crilock.A and Trojan:Win32/Crilock.B descriptions

GitHub bans weak passwords after brute-force attack results in compromised accounts (IT World) Some GitHub accounts had their passwords, access tokens and SSH keys reset

Who's The Boss Over Your JBoss Servers? (Dark Reading) If you haven't patched a 2011 vulnerability found in more than 21,000 servers connected online, then the answer could be the person who installed a crimeware webshell

Fake Windows tech support calls continue to plague consumers (ComputerWorld) More than a year after the U.S. Federal Trade Commission (FTC) heralded a major crackdown on fraudsters posing as Microsoft technical support personnel, consumers continue to receive calls from scammers

Is a pop–up ad from optimize–app.com a new type of attack? (ComputerWorld) Yesterday, while reading an article in Pulse on my iPad, I was interrupted by a pop-up ad (below), seemingly from optimize-app.com. The pop-up was modal, blocking all use of Pulse. I turned on airplane mode (just in case), clicked the OK button and the pop-up disappeared without trying to load another web page. A few minutes later, the pop-up re-appeared

iOS Point–of–Sale Devices Pose Security Risk (eSecurity Planet) New research considers security implications of mobile point-of-sale applications on Apple's iPhones and iPads

Address Changes: A Growing e–Commerce Fraud Tactic (Storefront Backtalk) Changes in customers' shipping addresses is one of the key ways that thieves are now getting away with online credit card fraud, financial experts say

Olympics was targeted by state-sponsored cyber attack, says LOCOG CIO (ComputerWorld) Six 'serious cyber incidents' during London 2012 Olympics

Stuxnet creators defined 21st century warfare (CSO) Creators cared more about pushing envelope in the realm of digital warfare, not causing destruction

Stuxnet's Earlier Version Much More Powerful And Dangerous, New Analysis Finds (Dark Reading) ICS/SCADA expert Ralph Langner analyzes how Stuxnet shifted from super-stealthy to simpler, and dispels common misconceptions about the infamous Stuxnet attack on Iran's nuclear facility — including the belief that only a nation-state could pull off a similar attack in the future

Dell: Business is Booming for Under–Web Markets (Threatpost) A complete bundle of personal information hackers require to steal identities is available on the underground for as little as $25

Phoenix woes continue after 'major' outage (CRN) Birstall datacentre falls over just ahead of big cloud services launch

Cyber Trends

Dempsey: 'We Are Vulnerable' to Cyber Attacks (Wall Street Journal) Military and private sector cooperation on cyber security is the ideal for General Martin Dempsey, chairman of the Joint Chiefs of Staff. He spoke with WSJ's John Bussey at Wall Street Journal CEO Council in Washington, D.C

How UK banks contain threats from cybercriminals (BBC) The UK's banks are regularly being caught out by cybercriminals, BBC research suggests

A look at security effectiveness by industry (Help Net Security) BitSight analyzed security ratings for over 70 Fortune 200 companies in four industries - energy, finance, retail and technology. The objective was to uncover quantifiable differences in security effectiveness and performance across industries from October 2012 through September 2013

CIOs upping security spending, accepting inevitability of breaches (FierceCIO) CIOs are growing more accepting of the idea that cyberattacks and data breaches will inevitably impact their organizations, and are investing more in IT security as a result

Serious Trust Issues Abound in the McAfee Labs Q3 Threats Report (McAfee Executive Perspectives) For IT security executives and security-responsible business executives, McAfee Labs' Q3 Threats Report poses an interesting set of developments that call into question what industry and non-industry leaders should take note of

Moving from Do Not Track to Can Not Track (Threatpost) The movement in the security and privacy communities to push the Do Not Track standard as an answer to the problem of pervasive online tracking by ad companies and other entities has resulted in the major browser vendors including DNT as an option for users, giving them a method for telling advertisers and Web sites their preferences on tracking. But DNT may well have outlived its usefulness and needs to be replaced by something that's more effective and efficient, security experts say

Data centers play fast and loose with reliability credentials (IT World) The Uptime Institute says some data centers are getting creative with their reliability claims

Marketplace

These Companies Build The Technology Used To Spy On You (Forbes) Privacy International has released a collection of 1,203 documents on the private surveillance sector, detailing mass surveillance technologies capable of covertly collecting millions of emails, text messages, and phone calls on citizens around the world. The documents mention two companies known for selling Internet monitoring technology and unpublished software vulnerabilities to the U.S. National Security Agency

DoD tasks innovation experts with stretching out technology dollars (Federal News Radio) The Pentagon has fewer dollars to invest in technology, but it's trying to make the best of a bad situation, officials say. Among the military's efforts to cope with declining dollars is a greater emphasis on making use of commercial technologies and using the process of innovation to improve the acquisition process itself

Lunarline Added to Inc. 5000 List (Hispanic Business) For the fourth year in a row, Lunarline, Inc. is named to the Inc. 500|5000 list ranking at No. 2393

Profit, Not Just Principle, Has Tech Firms Concerned With NSA (NPR) Along with the privacy advocates and the national security establishment, there is another set of players with strong views on NSA surveillance programs: U.S. tech companies

Worldwide Acquires Interest in Cyber Security Company (MarketWired) Worldwide Internet, Inc. (OTC Pink: WNTR) announced today that it has completed the acquisition of an interest in Encryption Solutions, Inc

Nokia's Finland HQ To Become A Microsoft Site Next Year, After Devices & Services Sale (TechCrunch) The wheel of fortune symbolism is clear: as Apple prepares to break ground on a new UFO-esque HQ, the former kingpin of mobile is quietly preparing to move out of its own headquarters — to make way for Microsoft. Nokia will be moving out of its current headquarters in Espoo, Finland, once the sale of its Devices & Services unit to Microsoft goes through in Q1 next year

Products, Services, and Solutions

Secure Dropbox data using a hardware security token (Help Net Security) Intrinsic-ID released Saturnus, an application that enables enterprises to protect digital assets stored and shared on Dropbox. With Saturnus, files are encrypted before they leave the device

FireEye Introduces New Cloud-Based Email Threat Prevention (ComputerWorld) FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, has announced the introduction of FireEye® Email Threat Prevention™, a new cloud-based email security platform. With no hardware or software to install, FireEye now offers a flexible deployment option to protect enterprise infrastructure from email-based attacks. FireEye Email Threat Prevention will be generally available in early December 2013

Apriorit Reversing and Research enabled Windows 7 — Android virtual OS runtime switching on a single device (OpenPR) Apriorit and Electronics and Telecommunications Research Institute (Korea) teamed on the ViMo project whose main goal was to satisfy the need for BYOD and provide users with fully isolated business and personal environments in order to protect corporate data and business processes from being compromised

ThreatTrack Security Introduces ThreatAnalyzer 5.0 (Dark Reading) ThreatAnalyzer detonates executable files and URLs in a monitored environment to analyze threats and determines the risks they pose to a network

Injazat and Thales collaborate to bring innovative cybersecurity services to the UAE (Albawaba Business) Injazat Data Systems and Thales are collaborating on an advanced and innovative Cybersecurity offering for UAE companies

Technologies, Techniques, and Standards

Electric industry responds to grid attack (FierceSmartGrid) Cyber and physical threats are constantly evolving and require quick action and flexibility that comes from constant vigilance and collaboration between government and industry. Reviewing the security response to the grid's critical components during a disruptive, coordinated attack on the grid in a simulated exercise helps the industry make the electric system more secure

Co–ops Join Industry Grid Drill (ECT.COOP) An industry-wide drill to simulate a cyber attack on North America's electric grid played out this month and dozens of electric cooperative staffers took part

Are The Days Of Unencrypted HTTP Numbered? (TrendLabs Security Intelligence Blog) Throughout all of 2013, there have been numerous revelations about how the NSA conducts mass surveillance on the Internet. These have sent the Internet Engineering community reeling. Protocols that have been in use for decades and based heavily on intrinsic trust have had that trust violated

How to build a website security programme (ComputerWeekly) The key to improving a web security programme is having a comprehensive metrics programme in place — a system capable of performing ongoing measurement of the security posture of production systems, exactly where the proverbial rubber meets the road

Employee Social Media Posts, iCloud Use, Government Leaks — Your Questions Answered (Cyveillance Blog) We've received some great feedback and questions from our recent webinar on "The Impact of Social Media on Information Security," and wanted to share responses to them with a broader audience. In this webinar, we discussed how social media websites and other user-generated content platforms can easily enable employees to leak sensitive information and data and some advice for security professionals on how they can deal with this

Internet Territories: Introducing IP Infection Maps (Umbrella Security Labs) When it comes to network security research, we usually find ourselves looking at wide IP address sets. Often, we're interested in understanding the distribution of the IP addresses we are looking at in terms of geolocation as well as IP prefixes/ranges

Best practices for businesses to secure their IT infrastructure (Help Net Security) 'Tis the season for reflecting on another year's success, kicking off 2014 planning and preparing for…security attacks

Detect and respond: How organizations are fighting off targeted attacks faster (ComputerWorld) It doesn't matter how high, deep, or long the IT walls are that security pros build around their networks, it seems attackers find ways to fly over, dig under, or drill through. The most recent Verizon Data Breach Investigations Report found that more than 50 percent of all breaches were caused by some form of hacking — and it took months to years for more than two thirds of successful breaches to be detected

Design and Innovation

Twitter Tests Cleaner Web Client Design With More Prominent Logo And Tweet Composer (TechCrunch) Twitter is testing a new website design, which opts for a lighter, flat design that seems at least partly inspired by its shift to similar design trends on mobile. The screens below were sent in by Boris Bošiak, founder of Czech startup Reservio, who is apparently part of a small pool of users being seeded with the new design

Research and Development

Patent Issued for Methods and Apparatus for Information Assurance in a Multiple Level Security (MLS) Combat System (Hispanic Business) A patent by the inventors Hodges, Rother V. (Wakefield, RI); Luvara, Patrick A. (East Greenwich, RI), filed on September 23, 2009, was published online on November 12, 2013, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents

Academia

Google encourages teens to contribute to open source projects (Help Net Security) For the fourth year in a row, Google has organized its Code-in contest for pre-university students to contribute to open source projects

Lockheed Martin Sponsors Cool Careers in Cybersecurity for Girls Workshop at University of Maryland (Washington Exec) University of Maryland College Park will welcome more than 350 middle school students at the Cool Careers in Cybersecurity for Girls Workshop sponsored by Lockheed Martin, in partnership with the Maryland Cybersecurity Center and the National CyberWatch Center

Lockheed, LifeJourney strike partnership to bolster Cyber and STEM awareness (Baltimore Business Journal) Lockheed Martin has struck a partnership with a Baltimore-based company that works to foster interest among area high school students in careers in science, technology, engineering and math (STEM)

Legislation, Policy, and Regulation

FSB's Olympic Spying (The Moscow Times) As the date for the Olympic Games in Sochi draws closer, Russia's siloviki are becoming more active in terms of collecting data from Russians and foreigners. Although they can at least partially justify their decision to register every Russian who comes to Sochi during the Olympics with the desire to prevent terrorist attacks, the decree that Prime Minister Dmitry Medvedev signed Nov. 8 has no relationship whatsoever to that goal

Chinese cyber spying may justify sanctions: US panel (AFP via Yahoo! News) A US panel raised the specter of sanctions against China, warning Congress that Beijing has not curbed its rampant spying on American interests, a major national security concern

Spying on President Susilo Bambang Yudhoyono's wife a step too far by ASD (Sydney Morning Herald) As Edward Snowden's trove of secrets from the US National Security Agency seeped out into the media, the revelations about America's and Australia's electronic espionage from Jakarta and their other embassies drew a reflexive response in Indonesian elite circles

Indonesia suspends cooperation on people smuggling as Tony Abbott expresses 'deep and sincere' regret over spy reports (Australian Broadcasting Corporation) Indonesian president Susilo Bambang Yudhoyono says all military and intelligence cooperation with Australia is on hold until he gets a proper explanation as to why Australian spies tried to tap his phone

US NSA chief on India visit today (Times of India) General Keith Alexander, director of US' now infamous National Security Agency (NSA), will be on a quiet trip to India on Thursday, where he will meet national security adviser (NSA) Shivshankar Menon and other senior officials in the national security establishment. Both American and Indian officials are tight-lipped about the visit, so it is not immediately clear the trip's purpose

German intelligence agency to step up counterintelligence —official (Reuters via Chicago Tribune) Germany's domestic intelligence agency is planning to expand its counterintelligence operations to include friendly countries following revelations about the United States' extensive spying program, a senior German security official said

US and UK struck secret deal to allow NSA to 'unmask' Britons' personal data (The Guardian) The phone, internet and email records of UK citizens not suspected of any wrongdoing have been analysed and stored by America's National Security Agency under a secret deal that was approved by British intelligence officials, according to documents from the whistleblower Edward Snowden

Senators want to use Defense bill to force NSA disclosures (The Hill) Three Democratic senators are pushing an amendment to the Defense authorization bill that would require more disclosures about the National Security Agency's surveillance programs

NDAA cloud interoperability language doesn't pertain to intelligence community, says White House (FierceGovIT) The White House says it interprets proposed legislative language regarding Defense Department supervision of cloud computing solutions for intelligence analysis as not "intending to supersede" an ongoing intelligence community unified cloud architecture effort

Reform the NSA to stop future Snowdens (ZDNet) An agency like the NSA can't operate if all its work is going to be exposed to the world. Whatever reforms we make to their practices, the NSA must tighten their internal security first

How Will Fraud Impact U.S. Bitcoin Regulation? (Storefront Backtalk) U.S. regulators this week tackled the tough issue of regulating virtual currencies such as Bitcoin. The Senate Committee on Homeland Security and Government Affairs heard from Justice Department officials, who say they need help regulating digital currencies as well as Bitcoin proponents, who say the government should stay out

Central government cyberspies step up surveillance of ethnic groups with new language–tracking technology (South China Morning Post) Sophisticated new system allows tracking of messages in language of all mainland's ethnic groups

U.S. Army to Track Employees' Web Activity to Thwart Future Snowdens (Mashable) The U.S. Army plans to monitor the online behavior of its employees with tracking software that will be woven into Army Network 2020, an in-house computer network set to launch in seven years

Litigation, Investigation, and Law Enforcement

AFP remain in Indonesia amid cyber–attack (Sydney Morning Herald) Australian Federal Police Commissioner Tony Negus has refused to comment on whether officers serving in Indonesia will be withdrawn amid the country's ongoing diplomatic row with Australia

Brilliant But Evil: Gaming Company Fined $1 Million For Secretly Using Players' Computers To Mine Bitcoin (Forbes) Back in April, an online gamer noticed that his computer seemed to be working harder than it should be given what he had running on it. When he checked his logs, he realized that his computer, much to his surprise, had joined a Bitcoin mining pool in the Czech Republic and was helping someone to mine the cryptocurrency. The activity was being conducted by a client he had downloaded from E-Sports Entertainment Association

[Special report] The truth of Cyber Command's political interference (The Hankyoreh) Cyber Command has claimed that online messages were employees' personal activity, not official operation

Feds Charge Cybercriminals as 21st Century Racketeers (Wired) Until it closed two years ago, Carder.su was an online cybercrime forum used by some 7,900 fraudsters around the world. The site was allegedly headed by a Russian named Roman Zolotarev, and it boasted a slew of high-end vendors and

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

New Resources to Grow Cyber Security Companies in Maryland (Rockville, Maryland, USA, November 25, 2013) Learn about new resources available locally to grow your cybersecurity company, including the Maryland Cybersecurity Investment Incentive Tax Credit and the Montgomery County Supplemental Incentive Program...

Cyber Education Symposium (Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways...

APPSEC USA (New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...

Oil and Gas Cyber Security 2013 (London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...

IT Forum Expo/Black Hat Regional Summit (, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...

DefCamp 2013 (Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...

SINET Showcase: THE SINET 16 (Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.