The CyberWire Daily Briefing 11.05.12

Cyber Trends

Former US Intelligence Director Mike McConnell warns of threats to nation's cyber infrastructure (Alabama.com) The next great threat to the United States' cyber security could come from Pakistan, Iran, China or even Huntsville. All it takes, according to former Director of National Intelligence Mike McConnell is a motivated hacker on one end and a lack of security on the other

Companies don't understand cloud services (Help Net Security) A majority of SMBs in the UK and US are unsure of cloud services or think they are only for large companies, thus missing out on the opportunity to increase productivity and stay more effectively in

Cyber criminals target small businesses (Financial Times) Last year saw a number of high-profile cyber attacks at companies including Sony and Citigroup. Yet it is at the smaller end that cyber criminals are now focusing their attention, said David Emm, senior security researcher at Kaspersky Lab

Kaspersky Lab Examines IT Threat Evolution In Q312 (Biztech2) In their regular quarterly report the experts at Kaspersky Lab examined the changes to the IT-threat landscape throughout Q3 2012. Of particular note were high-profile cyber-espionage investigations, changes to the geography of threats, and a shake-up

For Internet Safety, Russia Most Dangerous In World (Forbes) According to a third quarter threat assessment report released Friday by Moscow-based cyber security firm Kaspersky Lab, Russia and the neighboring 'stans are nightmares for internet users. There are just 10 countries worldwide that host 86 percent of

Why Private Clouds Will Prevail (InformationWeek) Stu Laura, our irascible CIO, discusses the promise and pressures of private clouds

Legislation, Policy and Regulation

Russia deploys a massive surveillance network system (SecurityAffairs) Last year I wrote about a new powerful surveillance system that Russian government committed to private business to implement a complex monitoring system, officially to prevent terrorist attacks against Russia. The day is come, today the system has been deployed officially to prevent on-line pedophilia but it obvious that a similar system is also able to monitor internet activities of millions of citizens banning contents not approved by central government

Cybersecurity Executive Order Touts More Regulation as the Solution (Right Side News) Cybersecurity The executive order starts with several pages that talk about voluntary cybersecurity regulation and having the Department of Homeland Security (DHS) work with other agencies to come up with cybersecurity best practices. This innocent

Cyber response's fatal flaw: mistrust (Federal Times) Sharing details about the attack with the FBI, Department of Homeland Security or the National Security Agency is last on the list. "[I'm] not going to rush into sharing," said Dmitri Alperovitch, who played the oil company CEO at the Washington Post

Gulshan Rai tipped to be first coordinator of national cyber security agency (Times of India) The warning signals of far bigger damages are already there. Indian investigators had found Stuxnet, the cyber worm created by US' National Security Agency and Israeli military and targeted at Iran's nuclear enrichment centre at Natanz, in Indian systems

Indian Security Agencies taking offensive mode for Cyber Security (The Hacker News) India is set to take steps to protect its cyber infrastructure and designate agencies for carrying out offensive cyber attacks on other countries. Indian Government announce the appointment of first coordinator for The National cyber security agency. Mr. Gulshan Rai , who presently heads the Indian Computer Emergency Response Team (CERT-IN), will be the first coordinator

Cyber warfare is key priority for Israel (Middle East Monitor) Nor was this the only cyber-attack aimed at nuclear programmes in recent years. In 2010, the Stuxnet computer worm targeted the Iranian nuclear programme, in what was widely thought to be a joint US-Israeli attack. One of the appeals of cyber war is

Is the United States Militarizing Cyberspace? (Forbes) Several months later, in summer 2010, concerns about possible militarization were raised again when the Wall Street Journal reported on a National Security Agency (NSA) program called "Perfect Citizen." The program would allegedly involve NSA

Obama and Romney could rewrite cyber org charts (Nextgov) Either candidate likely would upgrade the status of U.S Cyber Command -- which is now subordinate to U.S. Strategic Command -- to that of a full combatant command. That means the two-year-old service, which directs offensive network operations and

South Africa's major institutes at risk (ITWeb) Our growing dependence on technology naturally opens up the window of opportunity for criminal elements, says Thales SA's Llewellyn Hartnick. South Africa's major institutions are at risk from a growing number of possibly debilitating cyber threats because of the lack of continuous sophistication of cyber crime technology by the vast number of cyber security specialists operating in the country

Products, Services, and Solutions

RSA, FireEye Partner In Threat Monitoring (Channelnomics) To that end, FireEye Inc, and RSA, Inc., the security division of EMC Corp.,are ... such as previous network compromises and current cyber attack methods

Cypherpath/ZanttZ Launch CyberFire -- Acquire Knowledge…Demonstrate Skill…Exercise Cyber Defense (Sacramento Bee) As cyber threats continue to grow at an exponential rate, the need for identifying and educating cybersecurity professionals has taken center stage as part of a national strategy to secure our cyberspace. Cypherpath and ZanttZ have teamed up to offer an immersive, hands-on solution, called CyberFire

Secure nationwide managed services network (Help Net Security) Harris Corporation introduced a new managed services solution that will enable customers to move massive amounts of data securely over a nationwide, high-capacity terrestrial communications network

ARM, Microsoft working on 64-bit version of Windows (Fierce CIO: TechWatch) ARM is working with Microsoft (NASDAQ: MSFT) to tune the Windows RT operating system to work on ARM's 64-bit architecture, reports PC World

Google Search App Vs. Apple Siri: 8 Questions (InformationWeek) Updated Google Search App for iOS is a viable alternative to Apple's Siri

iPad Mini Hits Store Shelves (InformationWeek) Apple's smaller iPad is on sale in 34 countries. Early reviews praised the design, but knocked the display

Windows RT app incompatibility could be Surface 'buzzkill' (Fierce Mobile IT) The Windows RT operating system, which runs Microsoft's (NASDAQ: MSFT) new Surface tablet, is not compatible with earlier Windows apps, which could be a "major buzzkill" for the tablet, observed Current Analysis analyst Charlotte Dunlap

Technologies, Techniques, and Standards

Security through obscurity: How to cover your tracks online (CSO) From Tor to steganography, these six techniques will help obscure the data and traces you leave online

Tech Insight: Five Steps To Implementing Security Intelligence (Dark Reading) Building an initiative to collect and analyze threat and risk information takes some planning. Here's a look at the key steps toward making it happen

How to Prevent Security Breaches from Known Vulnerabilities (eSecurity Planet) While it's bad to be targeted by a hacker using new and relatively unknown security vulnerabilities, it's awful to fall victim to well-known attacks. Why are hackers able to breach the security of so many organizations using known vulnerabilities, and what can you do minimize the risk that this happens to you? It's an important question to ask, because

What's important on your network? (Internet Storm Center) Often when you ask someone what is important on their network, they will say "Everything". But that cannot be the case. You have to determine your High Value Targets first. A High Value Target is a device, system, database or resource that you cannot live without and still accomplish your mission. If you look at this from a military perspective, it is the key targets that can win you or lose you the war. This may seem like common sense, but strangely many people have not considered this. We protect networks so they can accomplish some defined mission whether it be information sharing or business related as examples. Too often its seems we forget the mission part and don't really factor it into why we are doing security; whether designing an infrastructure or monitoring that infrastructure. It becomes just a checklist…IDS (check)…Firewall(check)…Antivirus(check)…logs(check)…but are you really focusing on what is critical

Mozilla: Don't Abandon Web For Native Mobile Apps (InformationWeek) HTML5 isn't the problem. Hardware that hobbles Web code is, Firefox maker says

NIST advises firms on mobile device security (Fierce Mobile IT) The National Institute of Standards and Technology, the technology standards arm of the Department of Commerce, has published draft guidelines that outline the baseline security technologies that mobile devices should include to protect the information they handle

Marketplace

Contractors Look For Sequestration Delay (Washington Post) As mandatory federal spending cuts of nearly $1 trillion loom larger, many Washington area government contractors are making bets the cuts will be delayed, and they are holding back on lowering their financial guidance to Wall Street

AF Gen Janet Wolfenbarger: Sequestration is an Opportunity for Ingenuity (ExecutiveGov) "Yes, it's hard, but it also provides us opportunity," a top Air Force official said of the across-the-board defense cuts that are set take place at the start of the new year, according to an article published by Dayton Daily News

DHS Wants to Develop 'Cyber Reserve' After Observing Sandy's Impact (Government Technology) A task force led by U.S. Department of Homeland Security Secretary Janet Napolitano suggested the idea of recruiting a "Cyber Reserve" of computer security professionals who could be deployed to assist regions that need help in the event of a

DHS Compares Cyber Threat to Hurricane Sandy Devastation (CIO) You definitely cannot say the Department of Homeland Security (DHS) is hesitant about cashing in on disasters. On Wednesday, DHS Secretary Janet Napolitano cited the damage wrought by Sandy as a warning of what could happen if the United States

Has DHS Task Force On Cyber Skills Rushed to Judgment? (AOL Government) The DHS Task Force on Cyber Skills released a much-anticipated report last month on the state of the cyber workforce within the Department of Homeland Security. Commissioned in June 2012 by

DHS continuous monitoring can't automatically track devices or connections (Fierce Government IT) In an annual assessment dated Oct. 24 of the DHS information security program required under the Federal Information Security Management Act, auditors note several areas where DHS has yet to fully automate matters, including the tracking of network devices, external connections and software applications

Salesforce.com Cloud Apps Spread to UK Govt; Vivek Kundra Comments (ExecutiveGov) Cloud computing company Salesforce.com is joining the U.K. government's G-cloud framework, the company has announced. As a result, U.K. public sector organizations can now purchase Salesforce cloud applications from the G-Cloud CloudStore

How Will MIT's Reverse Engineering Of Twitter's Trending Topics Algorithm Impact Twitter's Advertising Business? (Forbes) I don't think it will have any negative impact. It's implied that perhaps this knowledge can be used by another service to build an advertising product that is similarly effective as Trending Topics, hence creating new competition in the online advertising marketplace. The harder problem is figuring out how to get 100,000,000 or more active users, at which point having solid monetization products becomes invaluable

Big Data Talent War: 7 Ways To Win (InformationWeek) 53% of big data-focused companies say analytics experts will be tough to find for the next two years. Here's how IT leaders plan to train, borrow, or steal talent--and what job seekers should know

Raytheon Names 25-Year AF Vet Scott Henderson an Information Systems VP (Govconwire) Raytheon Co. (NYSE: RTN) has appointed retired Air Force Col. Scott Henderson a vice president in its integrated information systems division, Florida Today reports. The 25-year military veteran previously was director of mission assurance and integration at SpaceX and served as the company's primary liaison between NASA, the Air Force and elected state officials

SAP NS2 Hires Cherreka Montgomery to Help Grow National Security Business (Govconwire) SAP's (NYSE: SAP) National Security Services subsidiary has appointed security and intelligence veteran Cherreka Montgomery national vice president for corporate development. According to a Thursday SAP NS2 release, Montgomery will work with defense and intelligence customers and system integrators to understand their mission requirements

Sourcefire seeks new leader after death of CEO (Washington Post) Following the death of its chief executive, Columbia-based cybersecurity business Sourcefire has started a search for a new leader. In the meantime, Martin F. Roesch, the company's founder and its chief technology officer, has taken over as interim CEO. John C. Burris, who died of cancer last month, shortly after announcing he would take medical leave, had been chief since 2008

Research and Development

BAE to help DARPA boost computing power for ISR systems (Defense Systems) The Defense Advanced Research Projects Agency has awarded a $10.9 million contract to BAE Systems to help develop more efficient computing technology for military intelligence, surveillance and reconnaissance systems where power generation is a

48-core tablets could be reality in less than a decade, says Intel (Fierce CIO: TechWatch) Intel (NASDAQ: INTC) is working on a 48-core processor designed for smartphones and tablets, according to a new report by Computerworld, who spoke to a couple of research scientists working at Intel Labs in Barcelona. And based on hints offered by the researchers, each core may function more like an independent processor than the two to six core chips used in laptops and desktops today

Security Patches, Mitigations, and Software Updates

Apple increases security with iOS 6.0.1 (Help Net Security) Apple released iOS 6.0.1 for iPad, iPhone and iPod touch, which can be downloaded and installed using iTunes. An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them

Cyber Attacks, Threats, and Vulnerabilities

PayPal, Symantec hacked as Anonymous begins November 5 hacking spree (ZDNet) As it becomes the 5th of November around the world, Anonymous announced a hacking spree that has claimed many websites and a few databases

Facebook shutdown: Anonymous hacking to begin today (Emirates 24/7) Sites in Australia already hit, along with claims of personal info leaked from PayPal accounts. The global internet community is poised at the edge of their seats with 'hactivists' group Anonymous threatening to take down Facebook on November 5 (today) if social gaming company Zynga doesn't reverse plans to lay off 1,000 employees and outsource work to India

Hacker leaks VMware ESX kernel source code online (ZDNet) Hackers associated with the Anonymous collective have leaked the source code for the VMware ESX Server kernel on the Web. Dutch hacker, going by the name "Stun," tweeted a link to a torrent file earlier today, which downloads at just shy of 2MB (compressed) in size, which contains a bevy of source code files. The kernel is believed to be dated between 1998 and 2004, but writing in a comment, the hacker said that, "kernels don't change that much in programs, they get extended or adapted but some core functionality still stays the same"

VMware: Leaked source code dates to 2004, customers should patch (CSO) The source code, part of which was released in April, comes from VMware's ESX hypervisor

Will Anonymous attack Facebook on November 5th? Here's what you should do about it (Naked Security) If you believe the internet, Anonymous hackers are planning to "take down" Facebook on Monday, November 5th

NBC sites OK again after hacking (Detroit Free Press) Cyber attack. Several NBC websites were hacked Sunday by a person or group calling itself "pyknic"and suggesting a possible link to the cyber-attack group Anonymous. It appeared that the defacement of the affected sub-sites was cleaned up in a couple

Anonymous ransomware - but who is hiding behind this malware's mask? (Naked Security) Here's an interesting twist of the Reveton/FBI/police ransomware that has been plaguing internet users lately. In this example, the malware that locks you out of your data, and demands 100 be paid via Ukash to gain access back to your files, claims to be from the Anonymous hacktivist group. Of course, just as when ransomware victims see demands from cash on their computer seemingly coming from the police, they should be equally dubious about whether this particular attack originated from someone affiliated with Anonymous hacktivists

US Bank Cyber Attackers Deny Iran Connection (ABC News) The group that claimed to launch large, sustained cyber attacks against the websites of several major U.S. financial institutions told ABC News it is not acting on behalf of and is not supported by the Iranian government, contrary to recent news reports. In an email interview Wednesday, a self-described member of the so-called al-Qassam Cyber Fighters told ABC News the group was made up of computer-savvy volunteers who have taken to cyber space to spread the protest against an anti-Islam film made in California

South Carolina: 'The mother of all data breaches' (Charleston Post Courier) At the University of South Carolina, the Center for Information Assurance Engineering researches and teaches information-systems security using courses certified by the federal National Security Agency. Department Chairman Michael Huhns said it's

Information expert says safeguards exist to protect against hacking (Greenville Online) For days, Gov. Nikki Haley has maintained that a massive exposure of personal information caused by the hacking of files at the state Revenue Department was not caused by errors by the agency or its employees. However, the director of the University of South Carolina's Center for Information Assurance, which trains students in cyber security, says otherwise

Team GhostShell leaks 2.5M records from Russian govt, firms (Help Net Security) Team GhostShell, the hacker group responsible for the recent leak of some 120,000+ records raided from top universities around the world, has done it again. "GhostShell is declaring war on

Windows 8 zero-day code available for sale (Fierce CIO: TechWatch) French security firm Vupen Security on Tuesday announced that it has developed an exploit to take over a Windows 8 machine running Internet Explorer 10, mere days after it was released for general availability last Friday. The "zero-day" or "0 day" exploit was successful in spite of the significantly enhanced security in Windows that was praised by at least one security researcher for "raising the bar and making things harder to exploit"

Free game offer leads to Steam phishing site (Help Net Security) Online gamers are often targeted with phishing schemes set up by crooks who are after users' in-game items and money, and the latest one to be spotted is aimed at Steam users

Facebook flaw allowed access to accounts without authentication (Help Net Security) A commenter on the Hacker News website has discovered by accident a pretty big security flaw that could allow anyone who knew what to search for to access over a million Facebook accounts - all without

Apple's iTunes, QuickTime, High On Cyber Security Vulnerability List, Kasperky says (Forbes) Popular Apple programs iTunes and QuickTime are being used by malware code writers to hack into computer platforms and potentially steal data, Russian-based cybersecurity firm Kaspersky Lab said Friday. In their third quarter IT Threat Evolution report

Android Malware Surges Despite Google's Efforts To Bounce Dodgy Apps Off Its Platform; F-Secure IDs 51,447 'Unique Samples' In Q3 (TechCrunch) Despite Google tightening Android's security screw, by introducing an additional layer of security to the Play Store, Android's malware problem has surged in the third quarter. Security firm F-Secure's latest mobile threat report (for Q3) reports "a whopping 51,447 unique samples" detected in Q3, up from 5,033 in Q2 and 3,063 in Q1

Shopping The Russian Cybercrime Underground (Dark Reading) If you weren't already convinced that the Russian cybercrime underground is now a vast, sophisticated, high-volume market, consider this: there are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits, according to a new report

Life cycle and detection of an exploit kit (Help Net Security) As the process of owning systems and dragging them into botnets becomes ever more commercialized, exploit kits have emerged as a favorite of attackers

Coke Hacked And Doesn't Tell (Bloomberg) FBI officials quietly approached executives at Coca-Cola Co. (KO) on March 15, 2009, with some startling news. Hackers had broken into the company's computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time

Occidental Petroleum says faced cyber attack on email in 2009-10 (Reuters) "In 2009 and 2010 Occidental experienced a cyber attack on its email system, which had no effect on its operations, financial systems or reputation," the company said in its quarterly filing with the SEC, released on Friday. Occidental acknowledged

Academia

US building an army of cyber geeks (Fudzilla) The US government is assembling a unit of computer geeks for what will be known as the "Cyber Reserve." The Department of Homeland Security said that the Cyber Reserve would function like a National Guard for computer-related emergencies. This isn't exactly a new idea. The same law Congress passed in 2002 that established the Department of Homeland Security grants the department permission to build a "National Emergency Technology (NET) Guard" of on-call volunteer specialists to assist in cyber crises

Litigation, Investigation, and Enforcement

FBI ordered to disclose 'Going Dark' surveillance program (The Hacker News) A federal judge ordered the FBI to disclose more information about its Going Dark surveillance program, an initiative to extend its ability to wiretap virtually all forms of electronic communications. Why shocking ? because a federal judge just ruled that police can place surveillance cameras on private property without a search warrant and another federal judge quickly overturned a previous decision blocking the indefinite detention provisions of the National Defense Authorization Act (NDAA) for Fiscal Year 2012

US gov advised to SUE GOOGLE by FTC over patent trade wars (The Register) The US government has reportedly been advised by the Federal Trade Commission to sue Google for breaching competition law, because of the ad giant's requests to US courts to prevent the sale of goods it claims infringe its essential patents. According to Bloomberg, which cites anonymous sources, the five-member Federal Trade Commission put the recommendation to the White House in a report, but no decision will be made until after the presidential election on 6 November

UK data retention law a 'hacker honeypot' (SC Magazine) Serious criminals and nation states will increase attacks on communications providers with UK customers if a controversial draft communications law is enacted, according to a British Liberal Democrat peer. The draft law, styled by critics as the 'Snooper's Carter', seeks to force communications service providers (CSPs) to retain valuable personal data for scrutiny by law enforcement. Lord Strasburger, who sits on a joint parliamentary committee that is scrutinising the bill, said in a committee meeting with home secretary Theresa May last week that the data would be "a honeypot for hackers"."If this bill were enacted, there would be a massive increase in the data being held about every citizen who uses the internet," Lord Strasburger said

Distrust Harms Both Nations (China Daily) Instead of blocking Huawei as a whole, the US government should take a more constructive approach and inspect Huawei's products. For its part, Huawei should go public to make itself thoroughly transparent. As to fighting cyber espionage, the effective way is a joint effort by Sino-US governments.

Mozilla: Firefox may have lost 9M downloads over Microsoft glitch (Fierce CIO: TechWatch) A "technical error" could have cost the Firefox browser up to 9 million downloads during the 15 months in which Microsoft failed to show a court-mandated browser choice screen in Windows 7 Service Pack 1. So claims Mozilla's general counsel and vice president of business affairs, Harvey Anderson, in a new entry on his personal blog