The CyberWire Daily Briefing for 10.30.2012
South Carolina tries to mitigate damage from data theft at its Department of Revenue. The culprit has yet to be identified, but the Governor says the attack came from outside the United States.
An attack on Abilene Telco Federal Credit Union in September 2011 compromised login credentials for Experian's credit scoring reports. Citibank ATMs at five casinos lost more than $1M to well-coordinated cyber thieves. Anonymous attacks the Greek Ministry of Finance to protest austerity. (Expect more from Anonymous over the coming week: Monday is, of course, Guy Fawkes Day.) Advertising on bogus Google Play apps is harvesting users' personal information. Facebook is quietly investigating the possible compromise of millions of users' personal data.
Mac OS, long regarded as inherently safer than other operating systems, is losing that reputation as targeted attacks against Macs rise. Malware authors return to simpler ways of evading detection, mostly through execution delays.
The European Central Bank warns against the "inherent instability" of virtual currencies like Bitcoin. An Ernst and Young report warns that small information security fixes no longer cut it: firms will have to adopt more comprehensive defenses. Experience in the UK and the example of the NSA in the US suggest that data centers are unprepared for the impact of big data. US budget sequestration will probably hit IDIQs first.
Several research projects make the news, among them a DARPA-sponsored five-year effort to redesign networks and their nodes for inherent security and a Hollywood-driven program to improve cryptographic tools for copyright protection.
Notes.
Today's issue includes events affecting China, Czech Republic, European Union, Finland, Greece, Iran, Japan, Netherlands, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Attacker grabs data for 3.6 million South Carolina taxpayers; governor wants to see culprit 'brutalized' (Naked Security) She's got a right to be incensed, with 77% of the state's population's Social Security numbers being snatched out from under the Department of Revenue. But what's the appropriate penalty for the department, for the crime of leaving the data unprotected
South Carolina Officials Provide Update On State Department of Revenue Cyber Attack (WJBF-TV) South Carolina Governor Nikki Haley, the head of the State Law Enforcement Division (SLED), and the director of the South Carolina Department of Revenue (SCDOR) gave an update Monday morning on a cyber attack that could potentially affect millions of
Taxpayers affected by cyber attack have until January to register for credit monitoring (WRDW-TV) South Carolina Law Enforcement Division Chief Director Mark Keel says the state did not announce the cyber attack earlier because they believed it compromised taxpayer information even more. "By allowing us the time that we had to conduct our
Hackers crack Texan bank, Experian credit records come flooding out (The Register) Hackers managed to get login credentials for Experian's credit scoring reports after they broke into the systems of Abilene Telco Federal Credit Union last year, it has emerged. Crooks gained access to the west Texan bank's systems after hacking into an employee's computer. The September 2011 breach allowed the hackers to get their hands on login credentials for the bank's account with Experian, exposing the details of millions to potential snooping in the process
INLAND: $1 million stolen from Citibank ATMs at casinos (pe.com) Five Inland casinos Pechanga, San Manuel, Morongo, Agua Caliente and Spa Resort were among 11 resorts where 14 people staged a high-tech scheme to steal more than $1 million from Citibank accounts via ATM kiosks, the FBI said. The plot required multiple withdrawals all launched within 60 seconds exploiting a hidden electronic gap in Citibanks transaction security, FBI Special Agent in Charge Daphne Hearn said. While advancements in technology have created a world of accessibility to users and a convenience for consumers, they have also left room for criminals to exploit even the smallest of loopholes, Hearn said in a news release
Anonymous Hacks Greek Ministry of Finance to Protest Against Austerity Measures (Softpedia) Anonymous hacktivists have leaked confidential documents and user credentials which they allegedly stole from the systems of Greeces Ministry of Finance. The breach comes at a time when the Greek government is trying to adopt a new austerity package. The Greek government is prepared to testify to a vote in the Greek Parliament the new package of economic austerity measures
Malicious 'Your Photos' email from fake LinkedIn users (Help Net Security) If you receive an email seemingly coming from a LinkedIn user, asking you to open an attachment in order to see "your photos" - don't do it
Privacy-invading module found in thousands of apps on Google Play (Help Net Security) An advertising module embedded into over 7,000 "free" fake versions of legitimate Android apps that can be found on Google Play is actively harvesting a ton of personal and mobile use information from
Malware hijacks your email, sends death threats (ZDNet) Three people were recently arrested in Japan in relation to death threats being posted online and sent through email. However, once a particular malware infection was found on each suspect's computer, all three were released without charge
Critical error in CoDeSys runtime of SCADA systems (AutomatiseringGids) Ron Wightman discovered vulnerability in the CoDeSys runtime during Project Basecamp, where industrial security guards come together. The problem is that according Wightman attackers by security hole in CoDeSys control PLCs can get into the industrial systems and critical infrastructures which it is mounted. An attacker must already have access to the network
Facebook tries cloaking probe into data leak involving 1 million accounts (Ars Technica) Blogger who bought e-mail addresses for $5 told to keep discussions private.
Targeted attacks against Mac users continue to climb (IT World) Mac's OS X operating system is widely perceived to be safer than Windows, but when it comes to so-called 'advanced persistent threat' style attacks, OS X users may be at even more risk
Malware authors turn to simpler detection evasion techniques (Help Net Security) Given the huge amount of malware variants created each year, it is understandable that malware researchers count on automated threat analysis systems to single them out for additional manual analysis
Cyber Trends
European Central Bank warns of virtual currency risks (Finextra) The growth of virtual currency schemes such as Bitcoin and Second Life's Linden Dollars, could have a negative reputational impact on central banks due to their inherent instability, warns the European Central Bank. In a preliminary impact assessment of the proliferation of virtual currency schemes, the ECB notes that while most such schemes are too small to jeopardise price or financial stability, they do represent a challenge to public authorities due to the legal uncertainty surrounding their status and their adoption by criminals and money launderers. Lack of overarching regulation is a key theme picked up by the ECB, which expresses concern about the level of credit, liquidity, operational and legal risks imposed upon users
Short term information security solutions no longer an option if companies want to keep pace with today's threats (EY) Organisations need to fundamentally shift their approach to information security in order to meet the threats presented by existing and emerging technologies according to Ernst & Youngs 15th Global Information Security Survey 2012 results released today. The report is one of the most comprehensive surveys in its field and is based on responses from over 1,850 CIOs, CISOs and other information security executives in 64 countries. With 88% of respondents experiencing a higher number of security incidents in the last two years and 77% using the cloud, the need to develop a robust security architecture framework has never been greater
Cyber defences of SMEs lag behind larger firms, study confirms (Computer Weekly) SMEs are typically more vulnerable to viruses, worms, spyware and other malicious software, according to Kaspersky Labs latest Global IT Security Risks survey. The survey, which polled more than 3,000 information security professionals in 22 countries, found that 63% of small companies and 60% of medium-sized organisations have faced malware within the business network over the past 12 months
UK datacentres are not ready for big data impact shows study (Computer Weekly) UK datacentres are unprepared for the massive changes that big data will bring to the enterprises and their IT facilities, a study of 125 senior IT decision makers by Research Now has revealed. While IT executives are clear about the types of applications they will need to deploy to manage big data requirements in the next two years, they are not yet planning for the real increase in data volumes that these applications will need, the study further showed. More than half (55%) of IT respondents said their organisations datacentre capacity requirements could increase.
NSA and the Future of Big Data (SmartData Collective) The National Security Agency of the United States (NSA) has seen the future of Big Data and it doesn't look pretty. With data volumes growing faster than the NSA can store, much less analyze, if the NSA with hundreds of millions of dollars to spend on analytics is challenged, it raises the question; "Is there any hope for your particular company"? By now, most IT industry analysts accept the term "Big Data" is much more than data volumes increasing at an exponential clip. There's also velocity, or speeds at which data are created, ingested and analyzed. And of course, there's variety in terms of multi-structured data types including web logs, text, social media, machine data and more
Internet crime a growing worry (Tribune-Review) "It's going to get a lot worse before it gets better," said Bradford Willke, a cybersecurity adviser in the Department of Homeland Security's National Cyber Security Division. Willke was among more than a dozen experts who spoke at the Western
Firms should consider regulatory, security impact of BYOD, Gartner advises (Fierce Mobile IT) Before implementing a BYOD program, enterprises should consider the regulatory and security ramifications of such a move, advised Gartner analysts Leslie Fiering and Van Baker
Gartner: Enterprises to reach 'crucial tipping point' for mobile devices in 2014 (Fierce Mobile IT) In 2014 enterprises will reach a "crucial tipping point" where there are more web-connected mobile devices than PCs in the workplace. This will have a major impact on application development, explained Gartner analyst Ian Finley
5 Emerging Enterprise Technologies (InformationWeek) If you are not watching these developments, your business is missing out. Here's what Gartner's annual top 10 tech trends list missed
Marketplace
Day of Reckoning For Open Source Software May Be Coming (AOL Government) But a presentation from the National Security Agency (NSA) during a technology symposium last week presented a stark warning for the proponents of open source software: Get your house in order because sooner or later government and industry customers
Could Sandy Give Teleworking A Boost? (Washington Post) Sandy is sitting on the federal government like a huge, wet and windy blanket, a killjoy if ever there was one. Yet, despite the storm that has closed government offices along the East Coast, stopped transit systems and forced residents to hunker down in their homes, some work of the government continues to get done
Want a security pro? For starters, get politically incorrect and understand geek culture (CSO) While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau
Desperately seeking cybersecurity pros (FCW) The calls for a beefed-up workforce that specializes in cybersecurity are not new. In this highly critical arena, the demand for talent is sky-high and insatiable. But with a nationwide shortage of students of science, technology, engineering and math (STEM), where will tomorrows workforce which is needed already be found
Kaspersky Lab improves its position on Sunday Times Top Track 250 (Bizcommunity.com) This placement comes after a fruitful year when Kaspersky Lab discovered nation-state cyber-espionage campaigns now known as Flame and Gauss - highly sophisticated weapons developed to target entities in several countries. The company's products
IDIQs Could Be Among 1st Contracts Cut Under Sequestration (ExecutiveBiz) Federal contracts that expire and are up for renewal or re-competition will be most vulnerable to sequestration cuts if they take effect in January, Federal Times reports. According to Sarah Chacko's report, $23 billion in federal contracts are set to expire in January with that figure totaling $291 billion for full calendar year 2012
Intel joins SAFECode (Help Net Security) The Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services
VMware Revenues Show Cloud Worries (InformationWeek) VMware rules the virtualization market and wants to do the same with cloud. Can it pull that off and continue its fast-paced growth
Huawei vows to be at the forefront of war on cybercrime (mydigitalfc) Chinese telecom networking equipment major, Huawei on Monday said it would be at forefront of combating cybercrime in cooperation with international agencies. Huawei also declared that it would adopt any internationally accepted standard or security practices and be transparent with their security capabilities. Huawei has flagged cybersecurity issues in a white paper released on Monday in the capital
Columbia cybersecurity firm gets boost from Silicon Valley (Baltimore Sun) Gula, a former information security expert at the National Security Agency at Fort Meade, used to run so-called "penetration tests" at the agency, where he probed government networks and tried to find vulnerabilities. He partnered with Renaud Deraison
APT malware crack squad CrowdStrike hires ex-US Air Force Colonel (CSO) CrowdStrike's chief and co-founder, George Kurtz, points out that Convertino has earned his cyber stripes -- both within the US Airforce and later at
TASC Appoints Terry Roberts VP of Intelligence and Cyber for Intell Group (Govconwire) TASC Inc. has named Terry Roberts vice president of intelligence and cyber for its intelligence group, the company announced today. "Terry brings a deep understanding of the intelligence mission and the systems engineering and integration discipline, honed over more than 30 years of serving the intelligence community," says Al Pisani, senior vice president of TASC's
Top Apple iOS and retail executives to leave company (IT World) Two of Apple's top executives are leaving the company: Scott Forstall, who has overseen the iOS platform that runs the iPhone and iPad, will leave Apple next year, and John Browett, senior vice president of retail, is leaving sooner, Apple said Monday
Products, Services, and Solutions
Yahoo! rejects privacy arguments, ignores do not track from IE 10 users (Naked Security) Yahoo! has decided to ignore Internet Explorer 10 users privacy choices. Are IE 10 users losing out on a tailored advertising experience
Cavium to Demonstrate Industry-Leading LTE Small Cell And TurboDPI Deep Packet Inspection (The Herald) Evolved Packet Core Deep Packet Inspection Demonstration: Kontron and Cavium will illustrate how TEMs can use Deep Packet Inspection to analyze up to 1Tbps (1000Gbps) of traffic to: identify protocols and applications, monitor response times, extract
Xilinx Announces Defense-Grade 7 Series FPGAs and Zynq-7000 All Programmable SoCs with Fourth Generation Secure Capabilities (Military and Aerospace Electronics) Xilinx, Inc. (NASDAQ: XLNX) today announced its fourth generation secure architecture with Information Assurance and Anti-Tamper IP core support for defense-grade 7 series FPGAs and Zynq (TM)-7000 All Programmable SoCs . These unique high reliability, defense-grade devices reduce the risk and cost of deploying the latest Aerospace and Defense (A&D) systems by utilizing off-the-shelf reprogrammable Xilinx FPGAs and SoCs . Manufactured with state-of-the-art 28nm process technology, all devices are optimized for high performance and the lowest total power. Xilinx defense-grade products are fully pin-compatible to commercial-grade equivalents for low cost prototyping and are offered off-the-shelf
Service Bus for Windows Server released (Help Net Security) Service Bus for Windows Server provides Windows Azure Service Bus messaging capabilities on Windows Server. It enables you to build, test, and run loosely-coupled, message-driven applications
Red Hat Enterprise Linux 6 achieves top security certification (Help Net Security) Red Hat Enterprise Linux 6, including the KVM hypervisor, has been awarded the Common Criteria Certification at Evaluation Assurance Level (EAL) 4+ - the highest level of assurance for an unmodified
Open source NAC system PacketFence 3.6 released (Help Net Security) PacketFence is a fully supported, trusted, free and open source network access control (NAC) system. Among the features provided by PacketFence, there are:BYOD (Bring Your Own Device) workflowsSi
Coverity Security Library released on GitHub (Help Net Security) Coverity announced the creation of the Coverity Security Library, an open source project available through GitHub and Maven to help developers easily fix cross-site scripting (XSS) security defects in
Mobility management for Windows Phone 8 (Help Net Security) AirWatch unveils device and application management support for Windows Phone 8 devices. "With the introduction of the Nokia Lumia 920 and Nokia Lumia 820, partnerships with important enterprise
Endace Limited : Endace Launches World's First 100G Network Monitoring System (4Traders) EndaceAccess 100 Enables Organizations to Monitor and Troubleshoot 100G Networks with Standard 10 Gbps Tools
Can Windows Phone 8 lift Microsoft, save Nokia? (Fierce Mobile IT) With the release of Windows Phone 8 on Monday, Microsoft (NASDAQ: MSFT) is hoping that the new mobile operating system will spur sales of the devices both among consumers and employees who bring their devices to work
Technologies, Techniques, and Standards
Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard (Internet Storm Center) A "Clear Desk Policy" is becoming a more commonly adopted STANDARD in the work place. The idea that a clean desk is a standard may seem a bit of stretch. However, it is recognized in the access control domain by ISO [1], NIST [2], and ISC2 [3]. The standard name varies a bit and often includes the "Clear Screen" title and requirements too. A Clear Desk standard is not primarily targeting the actual cleanliness of the desk, but the often seen clutter of classified information left unattended out in the open
Cloud Security Alliance released SIEM guidance (Help Net Security) The Cloud Security Alliance (CSA) released the Security Information and Event Management (SIEM) guidance report as part of its Security as a Service
How To Strengthen Your Moral Compass (InformationWeek) Those in the spy business know that people in financial trouble are more vulnerable to blackmail and bribery. So are you
Research and Development
DOE flips switch on Titan, world's newest fastest supercomputer (Ars Technica) Powered by CPU-GPU hybrid architecture, reaches 27 quadrillion calculations/second
IBM moving to replace silicon with carbon nanotubes in computer chips (IT World) IBM has hit a milestone in its quest to come up with a successor to silicon computer chips
Hollywood studios pushing for secure, next-generation 'digital home library' (ElectroIQ) But some Hollywood studios are hoping to find better ways to deliver paid content to consumers directly to hard drives and flash storage, according to Cryptography Research, which is working on a futuristic project to do that
Killing The Computer To Save It (New York Times) He is leading a team of researchers in an effort to completely rethink how to make computers and networks secure, in a five-year project financed by the Pentagons Defense Advanced Research Projects Agency, or Darpa, with Robert N. Watson, a computer security researcher at Cambridge Universitys Computer Laboratory
Academia
Stanford Grads Get Most Startup Cash, Harvard Counts on Facebook Effect (Wired Business) Calling all soon-to-be college students and undergrads with time left to transfer: Your choice of school might affect how much investment capital you'll get if you start a business
Legislation, Policy, and Regulation
The Next Weapon Of Mass Destruction Will Probably Be A Thumbdrive (Business Insider) Despite congressional foot dragging, or maybe because of it, most defense and technology analysts are screaming dire warnings of impending cyber attacks, whether by Internet hacks or infected thumb drives
You may soon be able to register your SIM card online (Emirates 24/7) TRA instructs Etisalat and Du to speed up online service. In a bid to ease the process involved in the 'My Number, My Identity' campaign, the Telecommunications Regulatory Authority (TRA) has instructed the two mobile service providers - etisalat and du - to speed up online registration services
Privacy compliance laws: Why the European Commission finally got it right (Help Net Security) The debate about privacy compliance has always been a heated one. Add to the mix new European Commission legislation and you have a recipe for not only a lively debate but also a controversy about the
Government turns to social media for #Sandy alerts (Fierce Government IT) Federal agencies are taking to social media to message alerts and updates related to Hurricane Sandy. In addition to broadcasting their own information, they repurpose and share information from other federal agencies
State Department finds success using eDiplomacy for knowledge management, says report (Fierce Government IT) The State Department allocates the bulk of its eDiplomacy resources toward public diplomacy, Internet freedom and knowledge management, but gains the most success with information technology-enabled knowledge management, according to a report published Oct. 25 by the Brookings Institution
Eric Rosenbach: Legislation Would Standardize Public-Private Info Sharing (ExecutiveGov) American Forces Press Service reports Eric Rosenbach, deputy assistant defense secretary for cyber policy, said such a bill would consider the volume of information traded between the government and private sector. ... Outlining clear roles and
New FBI Initiative Will Identify And Trace Hackers (ThinkProgress) The FBI will share the information it gathers with the Departments of Defense, Homeland Security, and the National Security Agency. Earlier this month the military announced similar efforts to counter cyber attacks directed at the U.S. But Panetta said
Litigation, Investigation, and Law Enforcement
Legal fears muffle warnings on cybersecurity threats (Chicago Tribune) Two talks about a nuclear power plant's potential vulnerabilities to cyber-attack were canceled after an equipment supplier threatened to sue, organizers said, even though plant officials had approved the presentations. The vendor complained that the
Challenge To Wiretaps Is Heard By Justices (New York Times) A challenge to a federal law that authorized intercepting international communications involving Americans appeared to face an uphill climb at the Supreme Court on Monday, but not one quite as steep as many had anticipated
All Three Branches Agree: Big Brother Is the New Normal (Wired Threat Level) Indeed, Big Brother is the new normal. Despite Hurricane Sandy, the Supreme Court on Monday entertained oral arguments on whether it should halt a legal challenge to a once-secret warrantless surveillance program targeting Americans' communications, a program that Congress
Pentagon Inspector Starts Investigation Of Contractor (USA Today) The military's top propaganda contractor in Afghanistan is under federal criminal investigation for its possible role in a smear campaign against USA TODAY, according to a letter from the Pentagon's inspector general
Taiwan Arrests 3 For Spying For China (Wall Street Journal) A retired Taiwanese naval officer and two others were arrested on suspicion of spying for China, the latest in a string of cases that underline the mistrust between Beijing and Taipei despite warming economic ties
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
TechExpo Cyber Security Careers (Columbia, Maryland, Nov 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.