The CyberWire Daily Briefing for 10.22.2012
Middle Eastern oil and gas companies continue to feel a cyber threat from Iran as that country allegedly kicks back against sanctions directed against its nuclear program. Iranian-connected Izz ad-Din al-Qassam Cyber Fighters continue their campaign against Western financial institutions: Ally Financial is the latest victim to report attacks. Finnish cyber company F-Secure accuses the US government of "hypocrisy" and threat inflation in its warnings of escalating state-sponsored cyber conflict.
Anonymous claims responsibility for an attack on HSBC. Researchers find thousands of popular Android apps expose users to man-in-the-middle attacks. TrustGo identifies a malicious Android app updater. Spammers show a newfound ability to spoof US government domains: GSA url-shorteners appear to be the source of the vulnerability. New Zealand's e-government initiatives are threatened by successful network intrusions and data breaches. The University of Michigan researchers warn that Maryland's online voter registration system is vulnerable to manipulation, but Maryland says it has the situation under control. Last week bogus British Airways e-tickets carried malware; this week KLM falls victim to a similar scam.
The FBI notes with concern the degree to which software designed for lawful intercept has found its way to criminals and hacktivists. Cyber security experts cast doubt upon the applicability of deterrence theory to cyber conflict. US Federal budget problems continue to worry security and IT firms; SIGNAL magazine advises small businesses on surviving sequestration.
Dark Reading discusses an overlooked source of cyber vulnerabilities: the IT policy exception. India and the EU increase their commitment to cyber law enforcement.
Today's issue includes events affecting European Union, Germany, Finland, India, Iran, Israel, New Zealand, Peru, Russia, Sweden, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Cyber war targets Middle East oil companies (Al-Arabiya) A senior U.S. administration official, who spoke on condition of anonymity, told AFP the cyber-attack on the Gulf oil giants was believed to be carried out by a "state actor" and acknowledged that Iran would be a prime suspect. U.S. officials have
Ally Financial Hit by Apparent Cyber Attack (eSecurity Planet) Following a series of recent denial of service attacks launched by the Izz ad-Din al-Qassam Cyber Fighters in response to the YouTube video "Innocence of Muslims," Ally Financial today stated that it was monitoring "unusual activity.""In a statement to CNET today, an Ally Financial spokeswoman confirmed that the company has witnessed some unusual activity across its site, but so far, no major issues have erupted," writes CNET News' Don Reisinger. "'Ally has seen some unusual traffic on our Web site, which we continue to monitor; however, we have not experienced the type of disruption that has been associated with the denial of service attacks,' the spokeswoman told CNET in an e-mailed statement. 'There has been no customer impact related to unusual activity and there is no indication of security concerns pertaining to customer information
Iran Attacks US Banks: Is Your Money Safe? (CNBC.com) Castro, who spent 44 years at the National Security Agency, says these "denial of service" attacks are "a significant nuisance" but not as serious as a loss of actual personal data. Related: Michael Chertoff: Cyberattacks Are The Biggest Risk Facing
US government cyber attack warnings are hypocritical, claims F-Secure chief (V3.co.uk) Renowned security expert Mikko Hypponen has publicly given the US government a tongue lashing by claiming its warnings on cyber attacks are hypocritical. The F-Secure security chief criticised the US Defense Secretary Leon Panetta for saying that the
HSBC websites come under cyber attack (Equities.com) HSBC websites across the world were shutdown for several hours on Thursday because of a large-scale cyber attack, but its regional office in Dubai declined to confirm the same kind of attack on its UAE site. HSBC websites worldwide faced a "denial of service"
Anonymous Hacker claims to have 20,000 debit card details from HSBC Cyberattack (The Hacker News) One of Anonymous hacker groups "FawkesSecurity" who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details. When HSBC said, "This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking," Anonymous tweeted on Friday. We also managed to log 20,000 debit card details
Android apps get SSL wrong, expose personal data (The Register) More than 1,000 out of a sample of 13,000 Android applications analysed by German researchers contained serious flaws in their SSL implementations. In this paper (PDF), the researchers from Leibniz University in Hannover and Philipps University of Marburg found that 17 percent of the SSL-using apps in their sample suffered from implementations that potentially made them vulnerable to man-in-the-middle MITM attacks. They state that they were able to capture credentials from American Express, Diners Club PayPal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary e-mail accounts, and IBM Sametime
Popular Android apps under security scrutiny (ZDNet) You know that latest free app you downloaded? SSL flaws could leave you vulnerable to data theft. Research has shown that thousands of popular apps in the Google Play store may leave sensitive information exposed
Multi-platform attack site discovered via fake Lookout Android app (Help Net Security) Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. What piqued their interest was the fact
Spammers find way to link .gov domains to scams (ZDNet) For almost a week, scammers have figured out a way to make their phishing campaigns appear to come from legitimate . gov addresses. The US General Services Administration (GSA) administers a URL shortener so that US government, military, and other official links can be shortened
Potential Phish for Regular Webmail Accounts (Internet Storm Center) I was looking through my spam folder today and saw an interesting phish. The phishing email is looking for email account information. Nothing new about that, except this one seemed to have a broad target range. Normally, these types of phishes are sent to .edu addresses not those outside of academia. From the email headers, this one was sent to the Handlers email which is a .org. A non-technical user, like many of my relatives, would probably respond to this. I could see this being successful against regular webmail users of Gmail, Hotmail, etc. especially if the verbiage was changed slightly. It could also be targeting those who may be enrolled in online universities. I was wondering if anyone else has seen this type of phish toward their non .edu webmail accounts
Steam Gaming Platform Vulnerable to Remote Exploits; 50 Million at Risk (Threatpost) More than 50 million users of the Steam gaming and media distribution platform are at risk for remote compromise because of weaknesses in the platform's URL protocol handler, a pair of researchers at ReVuln wrote in a paper released this week
Security breaches threaten NZ e-government (ZDNet) The security breach at New Zealand's Ministry of Social Development last week, first reported by a blogger who was tipped off by a political activist, added to the earlier humiliations over data breaches at the government's accident insurance department. Naturally, investigations have been ordered into how it occurred, in an attempt to prevent such a thing from happening again. Certainly, when the New Zealand government is pushing e-government in a big way, it is paramount that the public, who will be expected to use and perhaps be pushed into using these new e-services, have confidence in them
Maryland's online voter registration files are vulnerable to attack, researchers say (Washington Post) A voting rights group and some of the nation's leading researchers on election technology are urging Maryland voters to check the accuracy of their online voter registration files after warning that the data had been left vulnerable to tampering
The Hackers Army attack on FBI.gov failed? or did they succeed to attack an honeypot with 250+ plain users? (Cyberwarzone) So we just released a copy of the article on the FBI hack where more then 250 accounts were leaked on the internet by the Hackers Army. I was curious and i checked out the list. It looks like the list is a fake release by the hackers army or they just hacked an honeypot
Malware an Increasing Problem for Medical Devices (eSecurity Planet) According to MIT Technology Review's David Talbot, partipants in a recent National Institute of Standards and Technology (NIST) panel discussion warned that computerized hospital equipment is "increasingly vulnerable to malware infections.""In an August report, the Government Accountability Office warned that computerized medical devices could be vulnerable to hacking and asked the FDA to address the issue," writes FierceHealthIT's Susan D. Hall. "That warning was focused on implanted defibrillators and insulin pumps, though those problems represent 'a drop in the bucket' to the thousands of other network-connected devices that are vulnerable, according to Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst
Statement from Punto.pe about recent breach that effects 90,000 clients' details (Cyberwarnews) Following yesterdays large leak of tens of thousands of client details from a peru based (. PE) domain and blog service website the company PUNTO has now released a statement. In the statement they explain that the hackers @LulzSecPeru had not gained access to the clients current access keys and had updated all users passwords as soon as they found out about the breach
Britain is target of up to 1,000 cyber attacks every hour (Telegraph) Hackers and foreign spies are bombarding government departments and businesses around the clock in what has become one of the greatest challenges of modern times. As well as targeting state or trade secrets, the cyber criminals and anarchists also try to disrupt infrastructure and communications, and even satellite systems. William Hague, the Foreign Secretary, told The Daily Telegraph that not an hour goes by when a system in the UK is not being attacked
Russian opposition "election" hit by cyber attack: organizers (Chicago Tribune) An online election to choose a "shadow parliament" opposed to Russia's President Vladimir Putin was disrupted on Saturday by a cyber attack, activists said. "Today we already know that there are some problems with the server, there
Dubai Police hunt man who linked '999' to phone of UAE female star (Emirates 24/7) Police operators said they had received thousands of calls asking to speak to Shamma. It was an abnormal day for the Dubai emergency police operations. In just one day, they were flooded with thousands of phone calls on the emergency number 999 asking to speak to the famous UAE female singer Shamma Hamdan
King County steps up cyber security after hackers hit city (Federal Way Mirror) The council's proclamation is in conjunction with the U.S. Department of Homeland Security and the National Cyber Security Alliance's declaration of October as National Cyber Security Awareness Month. Outside of its own internal efforts to increase
Fake KLM e-tickets lead to malware (Help Net Security) If you have recently booked a flight with KLM, please be careful when reviewing emails that appear to have been sent from the airline carrier, as rather legitimate-looking fake KLM emails are
FBI warns commercial spyware has made jump to Android (CSO) Agency says mobile version of spyware that was sold to law enforcement and governments is a worrying trend
US Cyber Experts: Deterrence Not Enough (DefenseNews.com) "One theory of deterrence is not going to be applicable to the spectrum of potential bad actors in cyberspace," said Roger Cressey, a senior vice president at Booz Allen Hamilton. However, Cressey said deterrence can be useful. "Where people go off the
Mahdi, Shamoon finder Seculert says cloud is future of security (ITProPortal) Israeli security firm Seculert says cloud-based intelligence systems are the key to modern security, as ITProPortal talked to company bosses this week. The Seculert chiefs were speaking ahead of the firm's…The likes of BP, Bank of America, Morgan
Cybersecurity business, jobs expected to grow through 2016 (Baltimore Sun) Martin O'Malley and other Maryland leaders tout the state's prominence in the national cybersecurity industry, thanks in part to the presence of the National Security Agency at Fort Meade. The Army base in Anne Arundel County is also home to the US
6 IT Trends Tight Budgets Won't Kill (InformationWeek) IT budgets will grow more slowly in 2013, but these elements of IT transformation will continue, CEB's survey and analysis shows
Report: Sequestration to Reduce Predicted Federal IT Spending to $77B by 2018 (ExecuitveGov) According to an annual industry forecast, federal agencies will spend less on information technology in the next five years than what was originally forecast last year, Federal Times reports. TechAmerica Foundation, predicts that by 2018, IT spending will reach $77.2 billion when they originally predicted that IT spending by 2017 in civilian and defense agencies would reach $85.7 billion
Small Business Strategies That Mitigate Sequestration (SIGNAL) Sequestration, the U.S. government's across-the-board deficit reduction mandate, is programmed to go into effect on January 2, 2013, despite universal warnings about the consequences of this action. But there are steps contractors can take to mitigate the impact of sequestration
Infonetics Research: Mobile Momentum Drives Deep Packet Inspection Market (MarketWatch) Market research firm Infonetics Research released excerpts from its latest Service Provider Deep Packet Inspection Products report, which tracks standalone deep packet inspection (DPI) vendors and solutions for
Accenture Awarded $25M C4I Engineering Support Contract from the Navy (The New New Internet) Accenture Federal Services has been awarded a $25 million contract by the U.S. Navy department as part of an indefinite delivery/indefinite quantity contract for command, control, communications, computers and intelligence systems engineering support, according to Accenture
Fulcrum IT Eyes Healthcare, HR Portfolio Expansion Through Corbin Buy (Govconwire) Fulcrum IT has acquired technology engineering services provider Corbin Co., a prime contractor on a close to $2 billion U.S. Army contract for sensor technology support. Corbin provides cybersecurity and sensor technology services, among others, and will expand Centreville, Va.-based Fulcrum's healthcare and human resources portfolio to include change management and strategic planning services
Tom Anderson, Head of Wyle IT and Systems Integration Business Resigns (Govconwire) Wyle IT and systems integration head Tom Anderson has resigned, according to Washington Technology. He had led the business unit for the past two-and-a-half years. Brent Bennitt, executive vice president and former president of Wyle Aerospace, has been named interim president of the group. According to Washington Technology, a company spokesman said it was a resignation and the executive
Products, Services, and Solutions
WatchGuard, AVG Ease Security Management (Channelnomics) AVG's CloudCare isn't unique, as similar services are offered by other security vendors such as Panda Security, McAfee, Symantec and Trend Micro. And nearly every antivirus vendor has some model that enables solution providers to offer hosted security
Self-service password management in the cloud (Help Net Security) Ilantus released Password Express, a self-service password management solution with security and enterprise integration. It can be deployed in the cloud or on premise to meet the needs of an enterprise
LinkedIn Profiles: Not Just For Resumes Anymore (InformationWeek) Profiles update makes the platform less resume-focused and more like a true social network. But users are still griping about LinkedIn Endorsements
Dell Strives To Simplify The Data Center (InformationWeek) Propelled by a series of acquisitions, Dell's Active Systems platform takes aim at Cisco, HP, and IBM
Salesforce Marketing Cloud Adds Social Analytics Options (InformationWeek) Klout, Kred, OpenAmplify, and 17 other partners help Salesforce Marketing Cloud customers make sense of social networks
Samsung's Newest Chromebook: Perfect Extra Machine? (InformationWeek) The latest Google Chromebook offers an interesting mix of features for its bargain price of $249. Made by Samsung, this smaller, less powerful Chromebook weighs just 2.5 pounds and measures 0.8 inches thick
Kaspersky's exploit-proof OS leaves security experts skeptical (CSO) While there is a need for a more secure operating system for industrial control systems, experts say a U.S.-built OS would be preferred
Technologies, Techniques, and Standards
Analyst Webcast: Blind as a Bat? Or Eagle Vision Into Encrypted Packets? (SANS Institute) Bad actors now commonly hide payloads, bot commands and outbound sensitive data behind SSL, which network monitoring tools are blind to. While there are tools to decrypt packets, users have problems setting them up to operate real-time and inline due to performance issues and limitations within individual brands of products. In this webcast, learn the pros and cons of today's network packet decryption solutions and how to mitigate stress points with optimized network monitoring
The Elephant in the Security Monitoring Room (Dark Reading) It's right in front of us, but is too rarely taken into account within monitoring and risk systems: the policy exception
Know your enemy - protect yourself (Technet) Of the many weapons and tricks in an attackers arsenal, none is more dangerous or insidious than the ability to hide and continuously compromise a system from within. This is the role of a rootkit. Malware uses rootkits, or rootkit functionality, in order to hide their presence on an affected computer and thus impede their removal
Is OpenStack Cloud Platform Secure? (eSecurity Planet) When most people talk about security, the discussion tends to end up on the topic of cryptography, Clarke commented. He stressed that doing cryptography, and especially hashing correctly, is not an easy process. It's important for OpenStack users to
Cryptography And The Power Of Randomness (AOL Government) He works with law enforcement and other defense organizations at the forefront of data protection. In this video, he discusses the power of cryptography, a topic that came up last week during a panel discussion on technology and the federal government
ISF launches multi-organization standards initiative to tackle supply-chain (Infosecurity Magazine) In order to address this issue, the ISF Information Security Standards Group's Supply Chain Assurance Framework Group is bringing together representatives from the UK Cabinet Office, the Information Security Office, the Cloud Security Alliance and a
The Balancing Act: How Universities Can Prevent Malware and Enable Information Access (Infosec Island) With universities into another year, their IT departments will surely be making security a top priority especially in light of recent data breaches at colleges in Tampa and Nebraska. Considering most universities must accommodate a network of thousands of desktops and laptops, in addition to end-users ranging from students, developers, researchers, academics and admin staff its no wonder balancing security and productivity is such a complex endeavor. For instance, a major concern is the number of apps downloaded on university computers, many of which become gateways for malware to infect the university system at large
Legislation, Policy, and Regulation
Death by defibrillator? FDA called to address hacking risk (NBCNews.com) It also suggested FDA begin working with other federal agencies whose primary duties focus more on cyber security, make the issue one of the things it monitors during postmarket review, and "establish specific milestones for completing this review
Federal agencies don't do enough to protect your data (NBCNews.com) Carey, who worked as a security analyst at the National Security Agency, told me he worries that the problem will get worse as more data moves to mobile devices. He said information is going onto smart phones and tablet computers, and even though a lot
Cyber Threat Translation (Nextgov) "DC3 has adopted that framework to enhance its information sharing," Amin said, referring to the breakdown of the attack path, or "cyber kill chain." Critics of the industrial base program are skeptical that the intelligence gained is any better than
U.S. rattles preemptive cyberattack saber (CSO) Defense Secretary warns the government would tap new forensics abilities, and experts say the time is right to use new tech to strike first
Litigation, Investigation, and Law Enforcement
Microsoft Settles With Kelihos Botnet Defendant, Says He Didn't Run the Network (Threatpost) Microsoft on Friday said it has reached a settlement with a Russian programmer it named as a defendant in a lawsuit related to the operation of the notorious Kelihos botnet. The company said that it no longer believes Andrey N. Sabelnikov was the operator of the botnet, but was instead responsible for writing some code that was later used by the botnet
Pirate Bay switches to ghost mode and moves servers to the cloud (Cyberwarzone) In the midst of threats of a possible police raid, the Pirate Bay decided to armor itself and become literally raid-proof. It's ditched its servers and moved to several cloud-hosting providers in different countries around the world."Slowly and steadily we are getting rid of our earthly form and ascending into the next stage, the cloud," the Pirate Bay wrote in a blog post. "Our data flows around in thousands of clouds, in deeply encrypted forms, ready to be used when necessary.
FSA fines Bank of Scotland over costly legacy computer lash-up (Finextra) The Financial Services Authority (FSA) has fined Bank of Scotland (BOS) 4. 2 million for computer system failures which meant it held inaccurate mortgage records for 250,000 of its customers. As a result of the failings, the bank mistakenly made 20
India Battles Against Cyber Crime (Indolink) India is facing the threat of being poorly cyber protected. The increasing number of Indians falling victim to cyber crime has finally got the attention of the officials. Nearly 42 Million Indians were scammed online in the past year
EU orders hit on organised crime (New Europe) Member states need to recognize the presence of criminal organisations throughout the European Union and develop a unified method of stopping them, according to the special committee on organised crime, corruption and money laundering. Rapporteur Salvatore Iacolino (Italy/EPP) presented key findings from the working document on organised crime, 15 October. Four thematic papers covering drug cartels, human trafficking, cybercrime and asset confiscation were also offered, and MEPs who participated in a delegation to Serbia reported back on what they saw
Verizon Wireless raises privacy ire over data collection (CSO) Verizon says data-gathering does not violate Wiretap Act because the data cannot be linked to a single customer, but advocates cry foul
For a complete running list of events, please visit the Event Tracker.
Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.