The CyberWire Daily Briefing for 10.12.2012
US Defense Secretary Panetta warns governments who sponsor cyber attacks of a strong US response, including cyber preemption. Current and former officials speaking on background identify the government Panetta means: Iran's. Specifically, the US believes it has evidence that Iran was behind August's attacks on Saudi and Qatari energy companies. As Panetta spoke a third US bank (Regions Financial, in Alabama) suffered a denial-of-service attack by the Izz ad-Din al-Qassam Cyber Fighters.
Remote administration tools (RATs) used by hackers are found to be buggy in ways that permit alert defenders to turn them against the attackers who deploy them. It turns out that this week's Google and Yahoo outages in Ireland were indeed a "security incident." Irish authorities are investigating. A Facebook outage in Europe yesterday, however, was a technical failure and not a hack. (Anonymous had claimed responsibility.)
Huawei dismisses US espionage accusations as "protectionism" (and a Dark Reading op-ed suggests some general security lessons drawn from the Huawei-ZTE imbroglio). The US Congress struggles to arrive at credible budget sequestration figures. The (ISC)2 Global Information Security Workforce Study predicts that companies and agencies will soon face a seller's information security labor market so severe it will threaten economic growth. Accumulo moves closer to the enterprise as Sqrrl partners with Apache Hadoop to bring the NSA-sponsored data storage software to market.
The University of Nebraska becomes the fourteenth institution to host a University Affiliated Research Center (UARC). The US Air Force and Marine Corps move to increase their cyber capabilities.
Cyber Attacks, Threats, and Vulnerabilities
Official: US Blames Iran Hackers For Cyberattacks (Yahoo.com) A former U.S. government official says American authorities firmly believe that Iranian hackers, likely supported by the Tehran government, were responsible for recent cyberattacks against oil and gas companies in the Persian Gulf and that they appeared to be in retaliation for the latest round of U.S. sanctions against the country
US Government Officials Say Iran Is Responsible for Attacks on Saudi Aramco (Softpedia) In an interesting turn of events, an unnamed former US government official has revealed that the country is appointing Iran-based hackers as being the ones behind the attacks on Saudi oil company Aramco and Qatars natural gas producer RasGas. Whats interesting about this statement is the fact that sources close to Saudi Aramcos investigation on the cyberattacks that hit the company back in August claimed that the culprits were traced back to Romania. Although no evidence has been provided to support these claims, the anonymous sources appeared to be certain about the fact that East European cybercriminals from Romania, to be more precise were behind the attacks
Panetta Warns Of Dire Threat Of Cyberattack On U.S. (New York Times) Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a cyber-Pearl Harbor and was increasingly vulnerable to foreign computer hackers who could dismantle the nations power grid, transportation system, financial networks and government
Private-Sector Cyberattack In Mideast Was Worst Ever (Washington Post) A computer virus that wiped crucial business data from tens of thousands of computers at Middle Eastern energy companies over the summer marked the most destructive cyberattack on the private sector to date, Defense Secretary Leon E. Panetta said Thursday night in a major speech intended to warn of the growing perils in cyberspace
U.S. Readies Cyberdefense (Wall Street Journal) Defense Secretary Leon Panetta said Thursday a series of recent electronic attacks that have been tied to Iran, both in the U.S. and abroad, herald a "significant escalation in the cyberthreat," and warned the U.S. would aggressively pursue the perpetrators, in what cybersecurity experts called a veiled warning to Tehran
Regions Financial Latest Victim in Cyber Attack Spree (Fox Business) Regions Financial became the third bank this week to experience issues with its online presence after being targeted by a group claiming to have ties to Islamic terrorism
Popular RATs Found Riddled With Bugs, Weak Crypto (Dark Reading) Research by former interns for Matasano Security exposes flaws in remote administration tools. RATs have bugs, too: New research shows that remote administration tools often used for spying and targeted attacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers
Facebook Currently Down For Some European Users, Anon Hacker Claims Responsibiilty [Update: Not A Hack] (TechCrunch) Facebook is down for many users in Europe, according to several TC tipsters and widespread reports on Twitter. Twitter user @AnonymousOwn3r is claiming responsibility, as he had done in the past for a major GoDaddy outage as well. Later, GoDaddy claimed that a technical problem on its own end was responsible, however, and the true cause of this current European
Security breach briefly hijacks connections to Google.ie and Yahoo.ie. (Ars Technica) Ireland's domain registry suspends some operations following security breach.
LulzSec strikes again and passwords Post 10 thousand users of Twitter (Anonymous News) The hacker thus showed how an application as a failure TweetGif provides for attackers steal social network data. LulzSec announced that stole nearly 10,000 accounts and passwords of users who used Twitter TweetGif, an application to share animated GIFs. The SQL database published on Pastebin that includes several of the affected data, such as user names, passwords, real names, locations, biographies, avatars, their latest tweets and secret tokens used to authenticate TweetGif to deliver that information to Twitter
Anonymous declares war on WikiLeaks in retaliation for "paywall" (Ars Technica) Overlay prevents access to leaked data unless you tweet, share, pay, or wait
Skype malware steals more than your money: User accounts from Facebook, Twitter, PayPal, and more (The Next Web) Earlier this week, we warned you about a new piece of malware that is spreading via Skype using the message lol is this your new profile pic? It tries steals to steal your money using both ransomware (restricts access to your computer and demands payment for it to be removed) and click fraud (imitation of a legitimate user clicking on an ad to generate revenue). Now weve learned that the malware does more than that: it targets your user accounts on various Web services and can also do so in many languages.
Poisoned links plague Microsoft's Bing search (CSO) Malware-embedded images are the greatest threat on all search engines
Experts: Banks Should Review Authentication Procedures to Prevent Trojan Attacks (Softpedia) According to a report released by the RSA, United States financial institutions should expect to become the targets of cyberattacks. The agency wasnt referring to the distributed denial-of-service (DDOS) attacks launched by hackers in protest against the Innocence of Muslims video, but the campaign called Project Blitzkrieg. Project Blitzkrieg is said to rely on a Trojan called Gozi Prinimalka to intercept wire transfers made by the banks customers with the purpose of emptying their accounts
Economic Espionage: How to Spot a Possible Insider Threat (Cyberwarzone) 13 billion lost protect Americas' trade secrets. This past February, five individuals and five companies were charged with economic espionage and theft of trade secrets for their roles in a long-running effort to obtain information for the benefit of companies controlled by the government of the Peoples Republic of China. According to the superseding indictment, the PRC government was after information on chloride-route titanium dioxide (TiO2) production capabilities
BYOD introduces gaping security holes for businesses (Infosecurity Magazine) To help remedy the issue, the Cloud Security Alliance (CSA) is tackling the bring-your-own device (BYOD) trend and full lifecycle security management for mobile devices with a new research report, Mobile Device Management: Key Components, V1.0
Security: Is Android Becoming the Windows of Mobile? (ADT Magazine) That data is buttressed by a study from the Cloud Security Alliance, a non-profit that tracks risks to cloud computing. CSA reported on the top threats to mobile computing, and mobile malware was No. 2 on its list, after lost, stolen or decommissioned
Cyber Trends
Who is attacking the financial world, and why? (Cyberwarzone) Between the 1880s and the 1930s, physical bank burglaries were a substantial problem. To counter these threats bank's employed vaults to protect their contents from theft, unauthorised use, fire, natural disasters, and other threats. Vaults were an integral part of the building, using armored walls and a tightly fashioned armoured door secured with a complex lock
Why Are Banks Vulnerable to Cyber Warfare? (Fox Business) Sourcefire chief technology officer Martin Roesch explains why banks aren't protecting themselves from cyber attacks
Cloud provider assurance: Trust but verify (Help Net Security) Can an organization trust an IT service provided through the cloud? A survey by KuppingerCole showed that "Cloud security issues (84.4%) and cloud privacy and compliance issues (84.9%) are the major
Marketplace
Interview: Huawei's Cyber Security Chief Slams U.S. 'Protectionism' (Forbes) In the world of telecommunications, Huawei has suddenly become a black sheep. Earlier this week a U.S. Congressional panel released a report urging American companies and federal contractors to avoid doing business with Huawei and ZTE, two of Chinas biggest telecom equipment firms. The reason: Beijing could use their products to spy on American citizens
House Dems: FY 2013 Defense Sequester $10B More than OMB Figures (Executivegov) Democrats on the House Appropriations Committee estimate the Defense Department will have to cut $60 billion from its fiscal year 2013 budget if sequestration takes effect
Fact Check: The defense cuts (Washington Post) "Security" spending included not just the Defense Department but also the Department of Homeland Security, Department of Veterans Affairs, foreign aid spending, intelligence and other areas. The goal was to allow some flexibility to avoid being locked
Illinois receives $1 million for emergency management (WREX-TV) The Illinois Emergency Management Agency received a $1 million grant from the U.S. Department of Homeland Security to help train first responders and local governments. A Cyber Security and Cyber Incident Awareness course will be
Security industry needs a healthy job market (Help Net Security) The information security industry is facing an inflationary spiral, which is both unsustainable and bad for the economy as the skills gap in information security continues to widen
DHS must improve cybersecurity professional recruitment, career path (Fierce Government IT) The Homeland Security Department must make far-reaching improvements to its recruitment and retention of cybersecurity professionals, a department-commissioned task force says
US representative's cyber-attack warning doesn't daunt Port Angeles on Wi-Fi (Peninsula Daily) U.S. Rep. Norm Dicks' warning that the U.S. is vulnerable to a cyber attack left those involved in building Port Angeles' first-of-its-kind citywide Wi-Fi system no more worried Thursday than before Dicks made his comments Wednesday
Products, Services, and Solutions
Windows 8: New Business-friendly Security Features (eSecurity Planet) Windows 8 is packed with new security features that should appeal to both end users and system administrators. Windows 8 includes numerous new security features and enhancements to help keep your business more secure. From booting, network authentication, to Web browsing—there are security improvements for
New Election System Promises to Help Catch Voting-Machine Problems (Wired Threat Level) A new election system being used in next month's presidential elections in Florida promises to give election officials the ability to independently and swiftly audit the performance of their optical-scan voting machines
Voter database security is a myth (Help Net Security) Some of us spend days and months of indecision, hours in front of the TV watching campaign commercials and presidential debates, researching on the Net, mulling the options with family and friends
Linux Foundation to offer signed solution for UEFI Secure Boot conundrum (Ars Technica) The small piece of code will be able to pass control to any operating system
NetScout Announces U.S. Federal Government Certifications (Benzinga) NetScout Systems, Inc. today announced that the nGenius Service Assurance Solution has been certified by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD) Unified Capabilities Approved Products List (UC APL), and approved by the National Information Assurance Partner (NIAP)
NSA's Big Data Platform Faces Enterprise Test (InformationWeek) Accumulo, the data storage software developed by the National Security Agency, has taken another step toward the enterprise market. Sqrrl, the startup launched by former NSA technologists to commercialize Accumulo, has teamed up with Apache Hadoop
MerlinCryption and Sky Catcher Solutions Join Forces to Create Unsurpassed Cyber Security Solutions (Broadcast Newsroom) Blending state-of-the-art technology and pioneering expertise, Sky Catcher Solutions and MerlinCryption work together to provide breakthrough solutions in dataprotection, authentication, and mobile security. The resulting cyber security technology provides the innovative solutions required to protect critical infrastructures and meet the current IT security needs of both private and public industries
Technologies, Techniques, and Standards
Finding Against Chinese Firms Has Lessons for Security Professionals Beyond Mere Avoidance (Dark Reading) Sometimes the biggest threats to data security hide in plain sight.As has been widely reported this week, the U.S. House of Representatives issued a report that recommends that Chinese firms Huawei and ZTE should be barred from the U.S. market because their products could be used to undermine domestic cyber security. But what are the implications for day-to-day security for the rest of us
Bolster SMB Security Practices, Budgets Through Risk Management (Dark Reading) Simplification of risk quantification, smart partnering and automation all play a role in helping SMBs take advantage of IT risk management benefits
Cyber Security Awareness Month - Day 12 PCI DSS (Internet Storm Center) Today I'll provide an overview of what is often the elephant in the room. The Payment Card Industry Data Security Standard (PCI DSS). Unlike ISO 27001 where shades of grey are acceptable, in PCI DSS things are very much black and white, with some wiggle room although limited and realistically only if you can convince the QSA that what you are doing is ok. It boils down to you either comply with a requirement, or you don't. There is no "kind of"
Economic Espionage: How to Spot a Possible Insider Threat (Cyberwarzone) 13 billion lost protect Americas' trade secrets. This past February, five individuals and five companies were charged with economic espionage and theft of trade secrets for their roles in a long-running effort to obtain information for the benefit of companies controlled by the government of the Peoples Republic of China. According to the superseding indictment, the PRC government was after information on chloride-route titanium dioxide (TiO2) production capabilities
So much outrage, so little time (CSO) I asked my Twitter friends, "Of all the missteps you see daily in infosec, what outrages you the most and why?" Here's how y'all responded
Norman AS "Inside Network Security" Video Series Continues with Focus on Need to Protect Both Networks and Industrial Control Systems (Heraldonline.com) Second Interview with Joe Weiss of Applied Control Systems Series Notes Threats to Networks Also Threaten Systems and Vice Versa
Splitting your password may prevent your information getting hacked (Examiner.com) The new technology is based on a technique referred to as "Split Value Cryptographic Authentication". It's a new cryptographic technique designed to protect bulk information on credentials - that might include your information some entity may have
Why next-generation infrastructures need smarter silicon (PC Advisor) Given the explosive growth in data traffic, Moore's Law is not enough to keep pace with demand for higher network speeds. A smarter silicon and software approach is needed. Among the best ways to accelerate the performance of mobile and data center networks is to combine general-purpose processors with smart silicon accelerator engines that significantly streamline the way bits are prioritized and moved to optimize network performance and cloud-based services
5 tips for effective disaster recovery (Help Net Security) David Mount, technical director at NetIQ, has highlighted 5 tips that will help businesses implement effective disaster recovery plans for their all important IT assets. Am I backing up everything
Research and Development
Making Sense of Big Data from Supercomputers (SIGNAL) Big data can mean big problems for the people trying to derive usable information from a large number of sources. Since coming into existence in March, the Scalable Data Management, Analysis and Visualization Institute has made strides to resolve this issue for programs running on supercomputers
Academia
Military contract could make NU a national player (Omaha World-Herald) The National Security Agency has two such agreements with universities, and NASA and the Missile Defense Agency each have one. Penn State University is the only other Big 10 school with a UARC. If history is a guide, the five-year agreement between the
Legislation, Policy, and Regulation
Text of Speech by Defense US Secretary Leon Panetta (DefenseNews.com) Cyber Command has the capacity to conduct a full range of missions in cyberspace. It is also working to develop a common, real-time understanding of the threats in cyberspace. That threat picture could be quickly shared with DoD's geographic and
Air Force leaders tout cyber capabilities (FCW.com) Keith Alexander, Cyber Command commander and NSA director "terms it as the largest theft of intellectual capital in history. We can't wait for zero-days to hit; we have to be able to see across the network," Wilson said. "We're beginning to integrate
USMC Emphasizing Special Ops And Cyber (Aerospace Daily & Defense Report) While the U.S. Marine Corps is drawing down its force levels to reflect the nations pullback from overseas military operations, the service also is shifting focus to more covert or cyber-based operations, Navy Secretary Ray Mabus says
Is it time for a 'lemon law' for insecure technology? (CSO) A reader makes an interesting suggestion about how to handle the software and hardware responsible for many of our security problems
Security, Intelligence Workers Get Whistleblower Protection (Washington Post) President Obama has done what Congress has not extend whistleblower protections to national security and intelligence employees
The BAE fiasco shows just how much we need America (Telegraph) If there is one lesson to learn from the spectacular collapse of the proposed merger between BAE Systems and EADS, it is that we jeopardise our special defence and intelligence-sharing relationship with the United States at our peril. The primary
Litigation, Investigation, and Law Enforcement
Officials say Chinese spies have targeted every sector of the US economy (NBCNews) "This is stealing American wealth. It's stealing American jobs. It's stealing American competitive advantage," General Michael Hayden, former head of the Central Intelligence Agency and the National Security Agency, said in an interview with NBC News
FBI surveillance under investigation by DOJ OIG (Fierce Government IT) FBI surveillance of people in the United States is under investigation by the Justice Department office of inspector general. In a September report, the OIG says it's reviewing compliance with the FISA Amendments Act of 2008's requirement to minimize the collection and retention of information about people in the United States. It is also reviewing the number of disseminated FBI intelligence reports the contain a reference to someone in the United States, as well as the number of surveillance targets later determined to be in the United States. The OIG has also begun to review the FBI's use of pen register and trap-and-trace authority under FISA
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
SANS Cyber Defense Initiative (Washington, DC, Dec 7 - 16, 2012) Specialized courses covering the latest in cyber attacks, including how they work and how to stop them. The event will also feature the Netwars Tournament of Champions.
Upcoming Events
Cyber Maryland 2012 (Baltimore, Maryland, Oct 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding networking. CyberMaryland 2012 is for technology companies, business leaders, students, emerging professionals, policy makers, elected officials, business services and entrepreneurs in public and private enterprise."
National Cyber Security Hall of Fame (Baltimore, Maryland, Oct 17, 2012) Baltimore welcomes the US cyber security community to honor the members of the National Cyber Security Hall of Fame innaugural class.
National Cyber Security Hall of Fame Inaugural Award Ceremony (Baltimore, Maryland, USA, Oct 17, 2012) Created to honor those who've created the cyber security industry, the National Cyber Security Hall of Fame celebrates its inaugural class this month.
Cyber Security: A National Imperative (Washington, DC, Oct 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the National Press Club.
TechExpo Cyber Security Careers (Columbia, Maryland, Nov 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
E2 Innovate Conference & Expo (Santa Clara, California, Nov 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.
Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
IRISSCERT Cyber Crime Conference (Dublin, Ireland, Nov 22, 2012) The IRISSCERT Cyber Crime Conference will be held this year on Thursday the 22nd of November 2012 in the D4Berkley Court Hotel, in Ballsbridge Dublin. This is an all day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and throughout the world and what they can do to help deal with those threats.