We've followed a story since mid-June that's turned out to be no story at all. BAE told journalists of a sophisticated cyber attack on an unnamed hedge fund, and this was widely reported as a disturbing instance of a trend. We now understand why the fund couldn't be named: it didn't exist. BAE disclosed after an internal investigation that the episode was no genuine case study, but rather an exercise scenario.
Observers wonder why Russia hasn't hit Ukraine with a major cyber attack, speculating that caution is ascendant in the Kremlin. But while the sort of blunt instrument used against Estonian and Georgian infrastructure hasn't appeared, there remain many indicators of Russian cyber operations in connection with its Ukrainian ambitions. These suggest not caution, but sophistication.
FireEye has found some versatile Android malware: HijackRAT represents itself as "Google Service Framework," steals user information and banking credentials, establishes attacker remote access, and disables a range of antivirus apps.
Other malware observed morphing into new and more dangerous forms in the wild include KIVARS (64-bit malware) and Cridex (now appearing as "Geodo," with enhanced ability to spread itself). Miniduke is also back, probably in a more capable form, and probably still under control of state security services.
Restaurant chains in the northwestern US may have been exposed to point-of-sale breaches via ISS, a third-party vendor.
Controversy over Facebook's emotional contagion experiment continues.
The US SEC is investigating companies who've sustained cyber attacks. The SEC wants to see their safeguards and disclosure practices.
Today's issue includes events affecting Belgium, China, Czech Republic, Estonia, Georgia, Germany, Greece, India, Israel, Luxembourg, Netherlands, New Zealand, Pakistan, Palestinian Territories, Poland, Russia, Sweden, Ukraine, United Kingdom, United States..
The CyberWire will take tomorrow off in observance of US Independence Day. We'll resume normal publication Monday. We'd also like to remind readers that we'll be covering the SINET Innovation Summit in New York on July 17.
Why hasn't Russia unleashed a cyber attack on Ukraine?(CBS News) That the fragile cease-fire in Ukraine collapsed in the first dark hours of July should not surprise observers; Russia has pursued low-level cyber hostilities against Kiev nearly since the onset of the crisis, and certainly during the recent short-lived peace offensive. Nor should we be startled by reports that cyber warriors sought to sabotage May's presidential election in Ukraine with bogus vote tallies and came close to gifting far-right, pro-Moscow candidate Dmytro Yarosh with 37 percent when he really got less than 1 percent
Utilities Report Cyber Incidents to Energy Department(Wall Street Journal) Subsidiaries of ITC Holdings, Duke Energy and NRG Energy tell DOE of suspected cyberattacks. Utilities have reported cyber incidents to the Energy Department involving one of the largest power plants in the U.S. and high-voltage transmission systems in Michigan and Iowa
UPDATE 1-Finland says it was spied on for years(Reuters) Foreign governments conducted a cyber attack against the Finnish foreign ministry and were able to spy on it undetected for years, gaining access to sensitive materials, the ministry and the Finnish secret service said on Wednesday
Israel's Justice Minister Condemns 'Incitement' on Facebook(New York Times) Israel's justice minister denounced an Israeli Facebook campaign on Wednesday that called for soldiers to take "revenge" on the Palestinian community as tensions spiked in Jerusalem, where an Arab teenager was kidnapped and killed hours after the funerals for three Jewish teenagers abducted last month in the West Bank
KIVARS With Venom: Targeted Attacks Upgrade with 64-bit "Support"(TrendLabs Security Intelligence Blog) In announcing the release of the 64-bit version for Chrome last month, Google mentioned that one of the primary drivers of the move was that majority of Windows users are now using 64-bit operating systems. The adoption rate for 64-bit for Windows has been a tad slower than what Microsoft had initially predicted, but it has been steady, and it is evident in the availability of support by software developers. Unfortunately, however, we've been seeing the same adoption being implemented by attackers through 64-bit malware
Exploit switches off Microsoft EMET's protection features(Help Net Security) By leveraging and modifying a "semi-random public exploit" researchers have managed to deactivate all protection features of the latest version of Microsoft's Enhanced Mitigation Experience Toolkit and "get shell" on the target system and execute code
"Secure" UK hotel booking site leaking customer data(Help Net Security) An infosec consultant looking to book a hotel via HotelHippo.com, owned by HotelStayUK, has ultimately discovered that the website is definitely not to be trusted with private and card information, even though it sports the "COMODO — Authentic & Secure" trust seal
Researcher Finds Flaws In Key Oracle Security Feature(Dark Reading) Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases
Security Patches, Mitigations, and Software Updates
Report: DDoS attacks down, gov't increasingly a target(SC Magazine) Distributed denial-of-service (DDoS) attack traffic declined in the first quarter of 2014 and China held on to the top spot as the country from which the most attack traffic originated, according to observations disclosed by Akamai in its "State of the Internet Report" for the first quarter of 2014
IT Concerns Over Ransomware Increasing(VAR Guy) Security training awareness provider KnowBe4 released the results of its June survey on ransomware, which found that more IT professionals are concerned with falling victim to attacks that could compromise their enterprise data, compared to a similar survey conducted in January
Stuxnet, just the beginning?(SC Magazine) As we rush into the Internet of Things, Mike Ellis suggests we remember Stuxnet, and how the data transferred between objects needs to be protected
Physical location of data will become increasingly irrelevant(Help Net Security) The physical location of data still matters, but will become increasingly irrelevant and will be replaced by a combination of legal location, political location and logical location in most organizations by 2020, according to a report from Gartner
Things get weird when objects get hooked up to the internet(Quartz) With the flood of new connected services and devices on the market, knowing how future users might hook them together or find unexpected new uses is a challenge, no matter what Silicon Valley's confident young bucks may tell us. A service called IFTTT is giving us an interesting peek into the practical, clever and slightly weird ways people want to use the Internet of Things (IoT)
NSA revamps processes to more quickly approve commercial technology(Federal News Radio) Federal officials say they've turned over a new leaf in a program that was originally intended to let agencies rapidly incorporate commercial hardware and software into national security systems, but so far has failed to keep up with the pace of commercial innovation
Lunarline to Focus Growth in Dayton Area(AP via Columbus CEO) A Virginia-based cyber security firm has started hiring local workers for a new office to open later this year at Miami Valley Research Park in Kettering, the company's top official said Tuesday
The Ultra-Simple App That Lets Anyone Encrypt Anything(Wired) Encryption is hard. When NSA leaker Edward Snowden wanted to communicate with journalist Glenn Greenwald via encrypted email, Greenwald couldn't figure out the venerable crypto program PGP even after Snowden made a 12-minute tutorial video
10 Free Crypto Apps To Help Protect Your Online Privacy(Hongkiat) Many of us have uploaded our lives onto the Internet, to the point that we cannot imagine living without it. We use online services that we entrust to keep our data secure and private. Unfortunately, many of us don't realize that it's not truly secure as they are subject to many third parties that can view its content, from the company providing the service to the government itself
The US military is already using Facebook to track your mood(Quartz) Critics have targeted a recent study on how emotions spread on the popular social network site Facebook, complaining that some 600,000 Facebook users did not know that they were taking part in an experiment. Somewhat more disturbing, the researchers deliberately manipulated users' feelings to measure an effect called emotional contagion
Hacker Movies We Love & Hate(Dark Reading) Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section
Research and Development
PMO asks for new tech to prevent 'cyber attack'(Deccan Chronicle) The Prime Minister's Office has asked the National Technical Research Organisation to develop a new and enhanced firewall technology to protect key government data, computers and sites from hackers and subversive elements
The Facebook Experiment: Gambling? In This Casino?(Re/code) Critics have spent the last few days castigating Facebook for a large-scale experiment conducted by researchers who wanted to learn the effects of tweaking the dosage of positive or negative comments on a user's News Feed. Would people who are exposed to more negative comments than the average delivered to them by the Facebook algorithm be more or less prone to positivity themselves?
The only thing Facebook got to understand with its experiment is how Facebook works(Quartz) Facebook has always "manipulated" the results shown in its users' News Feeds by filtering and personalizing for relevance. But this weekend, the social giant seemed to cross a line, when it announced that it engineered emotional responses two years ago in an "emotional contagion" experiment, published in the Proceedings of the National Academy of Sciences (PNAS)
Legislation, Policy, and Regulation
Saudi Arabia Takes a Hardline Stance as Militants Make Gains(Defense News) Saudi Arabia's appointment of its deputy defense minister as the new intelligence chief on Tuesday — days after sacking him — and the appointment of former spy chief Prince Bandar bin Sultan as a special envoy marks a return to hardliner politics by the kingdom as militants approach its borders
India seeks US assurance that NSA spying will stop(Bangalore Mirror) A visit to India by US Senator John McCain on Wednesday was overshadowed by a row over reports that the National Security Agency (NSA) was authorised to spy on Prime Minister Narendra Modi's party in 2010
US hopes NSA surveillance on BJP not to impact bilateral ties(Economic Times) The United States has hoped its National Security Agency surveillance on the BJP, revelation of which has highly been objected by New Delhi, would not have an adverse impact on the bilateral relationship between the two countries
Lew: U.S. will broach cybersecurity issues at upcoming Beijing meeting(Inside Cybersecurity) The United States will raise thorny cybersecurity issues with Chinese officials at the Strategic and Economic Dialogue in Beijing next week, Treasury Secretary Jacob Lew said, and the Obama administration remains hopeful that China will seize the opportunity to re-engage on cyber policy
Ex-Intelligence Chief McConnell Fears Major Cyber Attack(Techonomy) Former National Intelligence Director Adm. Mike McConnell (now at Booz Allen Hamilton) notes in this interview at Techonomy's recent Data Security Lab that our democracy has traditionally made decisions and developed legislation in reaction to events. That is unwise now, though, he says, if we wait until a major cyber event before imposing regulations to demand good cyber practices from business. Sadly, though, he suspects that we won't act until such an event happens
Litigation, Investigation, and Law Enforcement
Hacked Companies Face SEC Scrutiny Over Disclosure(Bloomberg) The U.S. Securities and Exchange Commission has opened investigations of multiple companies in recent months examining whether they properly handled and disclosed a growing number of cyberattacks
Was Microsoft Takedown 'Draconian?'(BankInfoSecurity) Microsoft on June 30 launched a botnet-focused takedown effort that did't just temporarily block small-scale campaigns tied to two pieces of malware, but also resulted in an estimated 4 million legitimate site names being disrupted
Microsoft Insists That No-IP 'Outage' Was Due To A 'Technical Error' Rather Than Gross Abuse Of Legal Process(TechDirt) Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company's fraud and abuse team would have cut off those malware providers
Rising Use of Encryption Foiled the Cops a Record 9 Times in 2013(Wired) The spread of usable encryption tools hasn't exactly made law enforcement wiretaps obsolete. But in a handful of cases over the past year—and more than ever before—it did shut down cops' attempts to eavesdrop on criminal suspects, the latest sign of a slow but steady increase in encryption's adoption by police targets over the last decade
Is Google trying to sabotage the "right to be forgotten"?(Quartz) British journalists are in a tizzy this morning. It started yesterday, when James Ball of the Guardian wrote a gently seething comment piece about notices his paper received from Google, warning it that six articles would no longer be listed on the search engine's European sites. This was followed by a post from the BBC's economics editor, Robert Peston, who complained that Google had removed "this example of my journalism"
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
INSCOM Cyber Day(Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.