The week ends relatively quietly. The usual desultory cyber-rioting continues in South Asia as MaDleets TeaM vandalizes Pakistani government sites. A bit father east, Anonymous Cambodia ups its low game from denial-of-service attacks to leaking personal information. The most recent subjects of this unwelcome attention had their data exfiltrated from Cambodia's governmental Anti-Corruption Unit.
In Europe, Spiegel attributes Belgacom's undersea cable system hack to Britain's GCHQ, which was evidently interested in monitoring traffic in the Middle East. Separately, the Belgian Foreign Service reports it was targeted by a campaign seeking diplomatic and commercial intelligence.
The Council on Foreign Relations publishes an appreciation of Chinese state and state-linked cyber operations. It sees Chinese hackers not as "a monolithic group, but rather multiple actors with manifold motivations."
Those interested in malware obfuscation may wish to review notes about the Andromeda botnet's use of AutoIT scripts. The US FBI warns that the Beta Bot Trojan represents a continuing threat to payment systems and financial institutions.
A lockscreen hole has been found in iOS7. The bug potentially enables an attacker to access photo galleries.
The TDSS and Zero Access malware families have similar functionality but have generally been regarded as unrelated (indeed competing) toolkits. Trend Micro, however, has found them using the same domain generation algorithm module, which may indicate either convergence or common third-party users.
The US seeks to repair surveillance-frayed ties with Brazil as Brasilia pursues security-driven IT autarchy. Brookings offers an overview of national cyber security policy's complex interaction with international trade.
Today's issue includes events affecting Belgium, Brazil, Bulgaria, Cambodia, China, Democratic People's Republic of Korea, Republic of Korea, Pakistan, United Kingdom, United States..
Anonymous Hackers Leak Data from Cambodia's Anti–Corruption Unit(Softpedia) Anonymous Cambodia has moved on from launching distributed denial-of-service (DDOS) attacks against government websites to actually hacking them. A couple of days ago, they leaked personal and financial data allegedly belonging to government officials
Belgacom Attack: Britain's GCHQ Hacked Belgian Telecoms Firm(Der Spiegel) A cyber attack on Belgacom raised considerable attention last week. Documents leaked by Edward Snowden and seen by SPIEGEL indicate that Britain's GCHQ intelligence agency was responsible for the attack. Documents from the archive of whistleblower Edward Snowden indicate that Britain's GCHQ intelligence service was behind a cyber attack against Belgacom, a partly state-owned Belgian telecoms company
Belgian Foreign Service Reports Cyber Attack(Prensa Latina) The Belgian foreign service was target of a cyber attack, seeking for information about the diplomatic personnel and commercial activities of this country, reported the media of this capital today
Lynx, Mukden, Mooncakes, and Chinese Hackers(CFR) After a summer dominated by revelations of U.S. espionage and offensive cyber operations, Chinese hackers are back in the news. Three stories do a good job of illustrating that Chinese hackers are not a monolithic group, but rather multiple actors with manifold motivations
Andromeda botnet employs AutoIT scripts to hide malware(FierceITSecurity) The Andromeda botnet is using AutoIT scripts to hide malicious code and infect machines, according to McAfee researcher Umesh Wanve. AutoIT scripts are gaining in popularity among hackers. "Attackers are using AutoIt scripts to hide and install malicious payloads. This example [Andromeda] shows that AutoIT has easy and powerful APIs [application programming interfaces] for executing malicious code," Wanve explained in a blog
FBI Warning Users About Beta Bot Malware(Threatpost) The FBI began warning computer users about the Beta Bot Trojan this week, sounding the alarm about malware that has targeted a variety of online payment platforms and financial institutions over the few last months
CryptoLocker — a new ransomware variant(Emsisoft) Over the past few days Emsisoft's malware research team has received numerous reports of a new file encrypting ransomware strain. This new family of ransomware is commonly referred to as CryptoLocker or Trojan:Win32/Crilock.A. Like all file encrypting ransomware (also known as cryptomalware) the goal of the attacker is to encrypt important files on the victim's system in order to compel them to pay a ransom in return for their files
Arrays in requests, PHP and DedeCMS(Internet Storm Center) We received an interesting submission about a strange looking Apache web server log. While the log does not look malicious, after examining it carefully it certainly looks strange, as you can see below
Recycling bins in the City of London tracked people's movements for over two months(Quartz) City of London staff knew for a week that recycling bins in the local authority were tracking the movements of passers-by, but didn't put a stop to it until news reports prompted a public outcry. London-based startup Media Metrica, which also goes by the name Renew, installed tracking devices in a dozen of its internet-connected bins, most of them along a busy street in the City of London. The devices, called Renew Orbs, recorded a unique ID on people's smartphones in order to track them. Few were aware of the scheme
Website programming error compromises personal information(SC Magazine) A programming error on the website belonging to PLS Financial Services — a Chicago-based consumer financial services retailer — allowed some visitors to access personal information of an undisclosed number of customers
BEL USA Acknowledges Security Breach(eSecurity Planet) Promotional products supplier BEL USA LLC, which does business at DiscountMugs.com and other sites, recently began notifying customers who placed an order either online or by phone between March 1, 2013 and July 15, 2013 that their personal information may have been accessed by unauthorized third parties when the site's server was breached
Security Patches, Mitigations, and Software Updates
iOS 7 patches 80 vulnerabilities(ZDNet) Holding off on upgrading to iOS 7 from iOS 6 may be a good idea for many reasons, but your iOS 6 device will have scores of unpatched vulnerabilities. It's not the flashiest improvement in iOS 7, but the new version fixes 80 security vulnerabilities that presumably remain in iOS 6
Latest IE 0–day insight: Background, severity and solutions(Help Net Security) This recently discovered Internet Explorer zero day vulnerability is bad. Users and administrators should take immediate action to mitigate the risk. Considering the timing, I personally expect to see an out of band patch from Microsoft
RSA Tells Its Developer Customers: Stop Using NSA-Linked Algorithm(Wired) Amidst all of the confusion and concern over an encryption algorithm that may contain an NSA backdoor, RSA Security released an advisory to developer customers today noting that the algorithm is the default in one of its toolkits and strongly advising them to stop using the algorithm
Biometrics' Unprecedented Public Integration(SIGNAL Magazine) Security vs. Privacy: Experts believe the conflict can be resolved in a way that improves the world. Biometrics is on the verge of becoming more pervasive than ever in everyday life, setting the stage for personal identifiers to take the place of other common security measures. The expansion mirrors increased usage in fields such as military operations, citizen enrollment and public safety
Imagining a Cyberattack on the Power Grid(New York Times) It's electrifying. Iran and Venezuela want to destroy the United States, so they conspire with a rogue Russian spy to launch a cyberattack on the North American power grid, beginning by electrocuting a lineman in North Dakota. Their main obstacle is a small-town sheriff in the state's badlands, Nate Osborne, a former Marine Corps lieutenant in Afghanistan whose titanium leg ultimately saves the day
Experts Worry About Long-Term Implications of NSA Revelations(Threatpost) With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA's collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what they can trust anymore
Tech Firms 'Grandstanding' Over U.S. National Security Agency, According To Verizon Communications Inc. (NYSE:VZ) Executive Report(Fiscal Insider) Verizon Communications Inc. (NYSE:VZ) senior executive has disclosed that many tech companies 'grandstanding' over U.S. National Security Agency activity to collect the customers data from the companies in order to conduct comprehensive domestic secret surveillance operations earlier this year. According to the senior executive of the Communications firm, John Stratton, the report previously leaked by Edward Snowden in public, so that U.S. spy agencies has collected the customer data without their consent and was used against them
Ballmer calls Google a 'monopoly' that authorities should control(The Verge) While Microsoft unveiled its new Bing logo and design this week, CEO Steve Ballmer opted to highlight his concerns over Google's business practices yesterday. During a presentation at Microsoft's financial analysts meeting, Ballmer discussed how Microsoft might generate money in consumer services. "Google does it," he noted. "They have this incredible, amazing, dare I say monopoly that we are the only person left on the planet trying to compete with." Asked by an analyst how Microsoft can attack Google's dominance in search and advertising, Ballmer explained "we're the only guys in the world trying," with the Bing search engine
Trend Micro Opens New Global Operations Headquarters(SecurityWeek) Security software maker Trend Micro officially announced the grand opening of its Global Operations Headquarters in Irving/Las Colinas, Texas this week. Located just outside of Dallas, the new location will house operations for the company's threat research, finance, legal, customer support, commercial sales and marketing, and human resources business units
Acronis advances secure BYOD with mobilEcho(Help Net Security) Acronis launched mobilEcho 4.5, a mobile file management (MFM) solution that now includes in-app editing tools for Microsoft Office documents and military-grade, certified encryption
DeviceLock now prevents data leakage from Macs(Help Net Security) DeviceLock announced DeviceLock Endpoint DLP Suite 7.3 that delivers essential device control capabilities for corporate endpoints with OS X Lion and OS X Mountain Lion operating systems
Microsoft Adopts Open Specs For Threat Intel-Sharing(Dark Reading) Microsoft will be one of the first companies to adopt emerging open protocols for intelligence threat-sharing — as part of its new intel–sharing forum for incident responders. The software giant in July announced its Microsoft Active Protections Program (MAPP) for Responders program for incident responders, such as CERTs, government entities, and private companies, that includes its own intel–sharing mechanism. The company this week said its platform will be based on the Structured Threat Information eXpression (STIX) open specification led by Mitre for expressing and specifying threat information, as well as the Trusted Automated eXchange of Indicator Information (TAXII), a Department of Homeland Security-led protocol for transporting the information
Joint Information Environment Is Under Way(SIGNAL Magazine) The military's plan to create a single, secure information-sharing environment for all the services finally is taking shape. After much talk and planning, the U.S. Defense Department's Joint Information Environment (JIE) now is being built with its first component reaching initial operational capability this summer
Can Companies Fight Against Targeted Attacks?(Security Intelligence Blog) There are various reasons why targeted attacks can happen to almost any company. One of the biggest reasons is theft of a company's proprietary information. There are many types of confidential data that could be valuable. Intellectual property is often the first thing that comes to mind. There are also other, less obvious items of value that can be acquired: for example financial information, employee and customer personal information, information related to pending sales, financial deals, and legal actions. However, companies can also be targeted for reasons having nothing to do with their products or information
Defending against web–based malware: Spot the smoke, don't wait for fire(Naked Security) Fire sprinklers and clearly marked escape routes are a great way to save lives in the event of fire. But smoke alarms save both life and property, and they do so at a much earlier stage. It's much the same with cyberattacks: malware rarely gets into your network without signs of smoke beforehand
NSA on Wrong Side of Proactive Security Measures(Threatpost) The National Security Agency, as it turns out, is just as reactive when it comes to information security as 99 percent of the enterprises out there. America's top spy agency gives out too much privileged access to employees and contractors, allows removable storage devices in sensitive areas, and has no system of checks and balances with regard to those employees with privileged access. And only when the stuff hits the fan, as it has with Edward Snowden, does it amp up its security
Air Force Research Lab puts money up for tools to stop future Snowdens(Ars Technica) AFRL modifies cyber research program to find ways to catch "insider threat." Whistleblowers have demonstrated how vulnerable military and intelligence networks are to trusted insiders over the past few years, much to the embarrassment of the organizations charged with defending those networks. To prevent future Edward Snowdens and Chelsea (formerly Bradley) Mannings from adding insult to injury, the Air Force Research Lab (AFRL) recently added a new request to its ongoing cybersecurity research program that seeks technology to shut down the insider threat
The devil and the details(The Economist) Quantum cryptography has yet to deliver a truly unbreakable way of sending messages. Quantum entanglement may change that. Recent revelations of online snooping on an epic scale, by government agencies which may well have been breaking the law, have prompted some users of the internet to ask who you can trust with sensitive data these days. According to Artur Ekert, an Oxford academic who moonlights as director of the Centre for Quantum Technologies (CQT) in Singapore, one possibility is a defunct Irish physicist called John Stewart Bell
Strayer University Launches Graduate Degree Program in Cybersecurity(Fort Mill Times) Strayer University, a leading postsecondary adult education institution, today announced the launch of a new graduate degree program in cybersecurity. The new Master of Science in Information Assurance (MSIA) will prepare graduates to critically analyze security vulnerabilities and safeguard networks of all sizes from cyberattacks
Students prepare for in Cyber Defense hacker competition(Iowa State Daily) Professional hackers from across the nation will be in Ames this weekend, putting 215 IoSU students to the test. Saturday will mark the annual Cyber Defense Competition, which will be hosted from 8 a.m. to 5 p.m. in Coover Hall
Legislation, Policy, and Regulation
Cybersecurity and Trade: National Policies, Global and Local Consequences(Brookings) In 2009, the Centre for Economic Policy Research published a 100-page collection of essays on the rise of trade barriers and "murky protectionism" following the financial crisis. The word "technology" appears only once in that report. Information technology has often been seen as a huge success story in global trade, but its rapid diffusion has introduced new risks. Modern economies, developed and developing, are increasingly reliant on their IT-supported infrastructure for almost every aspect of daily life. Yet, as the headlines attest, this infrastructure is less than perfectly secure, and the rapidly evolving threat landscape exposes the dependent societies to dramatic risks. The interdependence of systems and institutions means that a security failure can have dire consequences
Could Brazil Actually Keep The NSA Out Of Its Internet Traffic?(Mint Press News) Revelations that the U.S. intelligence agency spied on huge volumes of Brazilian web usage have led the country's president to propose drastic changes. For the White House, the recent bout of trouble the administration finds itself in with Brazil represents the ever-expanding rebuke coming from friends and foes alike. After revelations that the National Security Agency has been covertly eavesdropping on international communiqués originating from or terminating in the United States, a growing number of nations have demanded accountability and an end to American control of global communications
US, Brazil in 'Difficult' Bid to Rebuild Trust(SecurityWeek) Spying allegations and a delayed state visit have breached once–strong ties between the United States and Brazil, and only time will rebuild trust, analysts said Wednesday. "This is a very unfortunate incident," said Riordan Roett, director of the Latin American studies program at Johns Hopkins University
DHS leadership nominees favorably received at Senate hearing(FierceHomelandSecurity) The nominees for head of the National Protection and Programs Directorate and general counsel at the Homeland Security Department testified before a supportive Senate Homeland Security and Governmental Affairs Committee Sept. 18
Litigation, Investigation, and Law Enforcement
Facebook "Likes" can no longer get US employees fired(Naked Security) Happy day, USA: When we click "Like" on Facebook, we are now constitutionally protected from getting fired! If you're thinking, "Well, duh, wasn't I already?", join the club. In fact, at least one court had hitherto decreed that the First Amendment to the US Constitution, which (more or less) ensures the right to free speech, didn't apply to Facebook Likes
China just detained a teen for having 500 retweets(Quartz) As of last week, posting a message that the Chinese government deems inaccurate on social media platforms can get you three years in the slammer, provided it gets 500 retweets (or their equivalent) or 5,000 views. At least, that's what the law said (link in Chinese). But would the new policy, part of the Chinese government's draconian crackdown on "online rumors," be enforced
"Reverse–Engineering Chinese Censorship"(Harvard Magazine) In a talk at the School of Engineering and Applied Sciences on September 12, Gary King, Weatherhead University Professor and director of the Institute for Quantitative Social Science, spoke about what he called the "largest selective suppression of human expression in history": the Chinese government's censorship of social media
Guantánamo tech chief says computer system safe enough for 9/11 trial(Miami Herald) The man in charge of the war court computers system on this base testified Thursday that despite a series of file disappearances, the Pentagon's computer system is safe enough to protect alleged 9/11 mastermind Khalid Sheik Mohammed's attorney–client privilege in the death–penalty trial
Hackers stole £1.3 million from Barclays Bank using KVM device(Graham Cluley) Police have arrested eight men in connection with an audacious scheme which succeeded in stealing £1.3 million from Barclays Bank. The heist was said to have taken place at a branch of Barclays Bank in Swiss Cottage, North London, back in April, after a hardware device was attached to a branch computer
Cisco Officials Accused of Role in Falun Gong Monitoring(Bloomberg) Chinese and U.S. citizens accusing Cisco Systems Inc. (CSCO) of conspiring with China's government to monitor and torture members of Falun Gong now argue officials at the company's headquarters in San Jose, California, were directly involved with human rights abuses. Cisco's main office helped design the surveillance and internal security network known as "Golden Shield," according to an amended lawsuit filed yesterday in federal court in San Jose
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
IT Forum Expo/Black Hat Regional Summit(, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...
Strange Loop(, January 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and...
CISO Executive Summit(Atlanta, Georgia, USA, September 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...
cybergamut Technical Tuesday: Malware Analysis for the Masses(Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...
2013 Cyber Security Summit(New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be...
4th Annual Cybersecurity Summit(Washington, DC, USA, September 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote...
Information Security Conference(Charleston, West Virginia, USA, October 2, 2013) On October 2, the WVOT Office of Information Security and Controls, will be sponsoring a no-charge information and cyber security awareness event at the Charleston Civic Center. The agenda will offer...
The Monktoberfest(Portland, Maine, USA, October 4, 2013) Our speakers will explore how social trends can change the way we build and use technology, and how technology in turn can change the way we socialize.
Suits and Spooks NYC 2013(New York, New York, October 5, 2013) Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state...
Forensics and Incident Response Summit EU(Prague, Czech Republic, October 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to...
CyberMaryland 2013(Baltimore, Maryland, USA, October 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for...
2013 Maryland Cyber Challenge(Baltimore, Maryland, USA, October 8 - 9, 2013) Held in conjunction with Cyber Maryland and intended to let students and young professionals showcase their cybersecurity skills, Maryland Cyber Challenge offers competition in three divisions: high school,...
AFCEA Hill AFB Technology & Cyber Security Expo(Ogden, Utah, USA, October 9, 2013) The purpose of this first-time event is to allow base personnel the opportunity to learn about the latest computer security trends, network with peers, share remediation strategies and to view and demo...
VizSec 2013(Atlanta, Georgia, USA, October 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.
Hack-in-the-Box Security Conference 2013(Kuala Lumpur, Malaysia, October 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer...
USDA Cyber Security Symposium and Expo 2013(Washington, DC, USA, October 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit...
SNW Fall 2013(Long Beach, California, USA, October 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and...
Hexis Exchange(Athens, Greece, October 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such...
Cybersecurity Symposium: "Protect. Defend. Educate."(Linthicum, Maryland, USA, October 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers,...
Nuclear Regulatory Commission Cyber Security Conference & Expo(Rockville, Maryland, USA, October 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have...
13th Industrial Control Systems Cyber Security Conference(Atlanta, Georgia, USA, October 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security...
Cloud Connect(Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully...
Cyber Security Seminar and IT Expo at Peterson AFB(Colorado Springs, Colorado, USA, October 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest...
Joint Federal Cyber Summit 2013(Washington, DC, USA, October 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished...
2013 ACT–IAC Executive Leadership Conference(Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for...
SAP NS2: National Security Solutions Summit(Falls Church, Virginia, USA, October 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S.
Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary,...
NSA Hawaii — Cyber Security, Intelligence & IT Day(Honolulu, Hawai'i, USA, October 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.