The CyberWire Daily Briefing 10.02.12

Cyber Attacks, Threats, and Vulnerabilities

Team GhostShell Exposes 120,000 Records From Universities (Dark Reading) Calculated attacks turn up hundreds of thousands of vulnerable records at 100 universities across the globe, hacker group says. The hacktivist group TeamGhostShell says it has embarked on a new campaign to expose data and vulnerabilities at 100 of the top universities around the world

Visual Android Trojan as virtual theft aid (Help Net Security) The rise of mobile malware in the last few years has been well documented, and the latest reports show that malware sending out text messages to premium rate numbers is the type users encounter most often. This prevalence will likely not be challenged for a while - after all, there are not many crooks who would say no to a fast and easy buck - but users must be aware that new malicious software with as of yet unimaginable capabilities will surface in time

A Serious Security Flaw Lets Hackers Steal Your Twitter Account (Gizmodo) Do you have a highly coveted Twitter handle? You should probably change your password. One user, Daniel Dennis Jones,--who formerly went by @blanket--has uncovered a very serious flaw that lets hackers crack your account and put it up for sale. On Saturday, Twitter customer service notified Jones that his password had been changed. Alarming, because it clearly meant someone was trying to find a way into his account. He tried to log in but couldn't, but was still logged in on his phone, and saw that all his tweets had been deleted and his follower count had dropped to a big fat goose egg

Anonymous Brings Government Sites Offline in Philippines to Petition Cybercrime Law (Threatpost) The National Telecommunications Commission (NTC) of the Philipines has asked for assistance from law enforcement after a handful of government sites in the country, including the NTCs site, were brought offline this morning in a hack allegedly carried out by PrivateX, an offshoot of the hacktivist group Anonymous. The NTC has asked the Philippine National Police and its Criminal Investigation and Detection Group (CIDG) for help preventing future similar attacks, according to a report from the nations ABS-CBN news outlet earlier today."It is very difficult to prevent a repeat of this but we are coordinating with the CIDG for assistance both in investigation and protection of our websites,"Carlo Jose Martinez, the NTCs Deputy Commissioner told ABS-CBN. The hacking group also claims to have taken down a slew of other government sites, including the Philippine Information Agency and the Food Development Center in an attack the hackers have dubbed Bloody Monday, on Twitter

Islamic hackers deface emergency web pages (Sydney Morning Herald) Web pages of the NSW State Emergency Service were hacked and defaced in an apparent Islamic protest against the controversial YouTube video that insults the prophet Muhammad. The shame you are doing to Muslims is never going to be forgotten!!, reads the message on the defaced pages, addressed to US, Israel, France and all Muslim enemies. How can you even think talking about our Prophet Muhammad??

DDoS attacks reach new level of sophistication (Net-Security) Prolexic Technologies warned of an escalating threat from unusually large and highly sophisticated DDoS attacks. The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods

Bank attacks step up cyberwar (Washington Times) A series of sophisticated foreign cyberattacks against the websites of U.S. banks represents a serious escalation in global cyberconflict, according to security specialists and former officials. These are significant attacks, retired U.S. cyberwarrior Lt. Gen. Harry D. Raduege said. They should be considered a warning of the cyber cold war

Cyber Pearl Harbor - An undeclared cyberwar is under way (UPI) An undeclared cyberwar is under way. The U.S. commander of USCYBERCOM says the cyberwar threat has grown in 10 years from exploitation to disruption to destruction of computer networks. A shadowy hacker group in the Middle East has disrupted the electronic banking operations of some of the United States' largest financial institutions, The Seattle Times reported

Tizzy Over Bank Cyberattacks Unwarranted, Say Researchers (Tech News World) A week-long cyber attack on some of the nation's largest banks last week most likely wasn't the Armageddon headline writers made it out to be."It's ridiculous to consider an attack that takes your website offline for a few hours the world's worst nightmare scenario," Jeffrey Carr, CEO of Taia Global and author of Inside Cyber Warfare: Mapping the Cyber Underworld," told TechNewsWorld. The cyber attacks on the banks started Sept. 19 and ran through most of last week. The Distributed Denial of Service (DDoS) assaults slowed down service and even disrupted it entirely at some of the websites of the institutions, which included Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank

'Iran infiltrated most sensitive enemy cyber data' (Jerusalem Post) Rear Admiral Fadavi of Iran's naval branch claims Islamic Republic has decrypted highly classified data, promoted "cyberwar code."A senior commander of Irans Islamic Revolutionary Guards Corps claimed on Sunday that Iran has managed to infiltrate and decrypt its enemies highly classified data.R.-Adm. Ali Fadavi of the IRGCs naval branch said that the navys cyber corps had infiltrated the enemys most sensitive information and successfully promoted cyberwar code, according to a report on Sepah News, the IRGCs official news site. Fadavi did not specify the name of any particular enemy, but went on to talk about what he called imperialistic domination, referring to Irans enmity with America. The IRGC rear admiral claimed that Irans enemies were increasing their activity in cyberspace and on satellite networks

White House Hacked In Cyber Attack That Used Spear-Phishing To Crack Unclassified Network (Huffington Post) The cyber attack on the White House network occurred last month and breached a network used by the White House Military Office, according to the Washington Free Beacon, which first reported the story. The office provides military support for White

Washington confirms Chinese hack attack on White House computer (Fox News) White House sources partly confirmed an alarming report that U.S. government computers -- reportedly including systems used by the military for nuclear commands -- were breached by Chinese hackers. "This was a spear phishing attack against an unclassified network," a White House official told FoxNews.com. "These types of attacks are not infrequent and we have mitigation measures in place." A law enforcement official who works with members of the White House Military Office confirmed the Chinese attack to FoxNews.com on Monday, but it remains unclear what information, if any, was taken or left behind

Concerted Chinese Government Attacks or Just Another Day? (Infosec Island) Front page news headlines on some news site today: "Chinese Hackers Breach White House!" For a split second there I was almost concerned; and then after reading I thought to myself... blah another false alarm. What did I expect? Let's talk a little bit about sensationalism

White House Cyberattack Likely Won't Change Anything (Threatpost) So now it's the White House's turn. Having taken a swing at just about every other piece of the U.S. government's network infrastructure, attackers, reportedly based in China, recently targeted a machine on an unclassified network inside the White House Military Office and were able to compromise it through a spear-phishing attack. The attack has drawn a lot of attention, as stories that include the words "White House" and "attack" do, but the notion that this attack may be the one that finally forces the U.S. to address the threat from foreign attacks is misguided

Attackers Engage In 'False Flag' Attack Manipulation (Dark Reading) Just because someone claiming to be the Iranian Cyber Army claims responsibility in a Pastebin post for a targeted attack doesn't necessarily mean they did it nor that the group boasting about the attack is really the so-called Iranian Cyber Army. Welcome to the frustratingly deceptive age of hacking attribution. While the subterfuge is often all about a game of cat-and-mouse or to throw authorities off the trail of the real attackers, it can be an especially dangerous game when it comes to sometime attempting to incite conflict between the victim organization or nation, and the supposed attackers

Iranian vs. U.S clashes: Lost in Corruption (Cyberwarzone) We have received new information from credible sources within Iranian Judiciary that at least two Iranian Engineers have been captured and convicted for espionage against Iranian regime. These two young individuals are linked to Stuxnet attack to Iran's nuclear infrastructure. Our source has seen the final legal decision of Iranian judiciary issued to Families of these Two engineers and their conviction is reported to be "Working against national security with Foreign countries

Security Patches, Mitigations, and Software Updates

Oracle: Java upgrades still worthwhile despite postponed features (IT World) Java EE 7 and Java SE 8 will offer new capabilities in JavaScript programming and multicore processors, but PaaS cloud enhancements have been deferred

Oracle releases MySQL 5.6 RC (Help Net Security) Oracle announced the availability of the Release Candidate for MySQL 5.6, the popular open source database. MySQL 5.6 RC provides enhanced linear scalability, helping users to leverage modern hardware

Cyber Trends

The Rise of Data-Driven Security (Threatpost) The phrase "you're doing it wrong" is a common refrain in the security community these days as people wander around in various states of disillusionment with the technology and processes that have led to what many perceive as a systemic failure. But that refrain usually is not followed by any useful discussion of what's going wrong or what can be done about it. To researcher Claudio Guarnieri, one of the major problems is obvious: we're completely backward in the way we prioritize protection

Rethinking How To Protect Networks From Cyber Attacks (AOL Government) John Jolly, vice president and general manager for General Dynamics Advanced Information Systems cyber division, echoed the shift in focus for network security specialists. "When we look at the threats, we see a different paradigm compared to three

Hackers shifting to 'destruction': US cyber chief (AFP) General Keith Alexander, who is director of the National Security Agency and commander of the US Cyber Command, told a Washington forum that the new tactics could move beyond mere annoyances and begin causing severe economic damage. "We are

Marketplace

FOIA portal opens to public (Fierce Government IT) The portal, which government officials say cost $1.3 million to develop, was spearheaded by the Environmental Protection Agency and is based on code from the regulations.gov portal, which the EPA also manages

JIE funding must also be 'joint,' says DISA official (Fierce Government IT) Budget austerity facing the Defense Department as it readies the forthcoming Joint Information Environment requires funding to also be "joint," said a Defense Information Systems Agency official speaking Sept. 27 at the Billington Cybersecurity Summit in Washington, D.C. "That J word is very, very important. Especially as we go through the ties to the lack of resources, from a funding perspective being down," said Lt. Gen. Ronnie Hawkins, director of DISA

DHS Center Could Extend Classified Pentagon Cyber Program to Nondefense Industries (Nextgov) If Congress fails to pass cyber information sharing reforms, the Homeland Security Department could offer all critical industries entry into a little-known facility that circulates classified warnings about threats, similar to the way an exclusive Pentagon initiative works, said a former DHS official who started the operation. The National Cybersecurity and Communications Integration Center, or NCCIC, is a 24-hour crisis center that has been investigating and responding to breaches since 2009

Leaders At Work On Plan To Avert Mandatory Cuts (New York Times) Senate leaders are closing in on a path for dealing with the "fiscal cliff" facing the country in January, opting to try to use a postelection session of Congress to reach agreement on a comprehensive deficit reduction deal rather than a short-term solution

Unlocking Big Government Data: Whose Job Is It? (InformationWeek) It's not just a good idea for private-sector organizations to help open up the treasure trove of government big data. It's a necessity. As storage pundit Jon Toigo pointed out last week, "big data," like "the cloud" before it, actually meant something when the term was first coined, but it's quickly becoming meaningless. But I'm less concerned about imprecise definitions--that happens with all new technologies--and more concerned with making the reams of publicly owned data more widely available and easily accessible

Lockheed: No Layoff Notices This Year Ahead of Sequestration (ExecutiveBiz) Lockheed Martin announced Monday the company will not issue employee layoff notices this year ahead of potential sequestration cuts scheduled to start Jan. 2

In Topsy-Turvy Russia, Google and Facebook Are on the Defensive (Wired Business) Google's Russian rival Yandex built a web browser -- and is zooming ahead in usage. Meanwhile, Facebook is struggling to keep up with a rival social network

Google Now More Valuable Than Microsoft, and Mobile Is Why (Wired Business) If the tech industry was a troop of australopithecines, a grizzled old alpha ape has finally been shoved off the second-highest branch on the tree

Good Technology Acquires AppCentral To Bolster iOS, Android And WP App Security, Manageability And Distribution In BYOD Era (TechCrunch) Secure enterprise mobility company Good Technology, which makes products for securing and managing the mix of mobile devices finding their way into businesses thanks to the BYOD (bring your own device) trend, has announced it is acquiring mobile application management and enterprise app store firm AppCentral -- another company riding the BYOD device wave, by offering businesses a cloud-based repository to simplify distribution and management of enterprise apps. Financial terms of the deal were not disclosed

SAIC Showcases Latest Advanced Mobile Multi-Intelligence Solutions (SYS-CON Media) Stu Shea, SAIC chief operating officer and United States Geospatial Intelligence Foundation (USGIF) chairman and chief executive officer, who is the opening

Staged cyber schemes may help shore up 'weakest link' (PCWorld) Northrop Grumman--a major defense contractor--conducts mock attacks against users. Northrop Grumman sends phishing attacks to its own users that appear to come from unknown third-party sources. If they fall for it, they're directed to a website that

BAE Systems Selected to Provide Strategic Program Management and Technical Support Services for the Department of Homeland Security (Heraldonline.com) BAE Systems has been awarded a multi-year $27.4 million contract to provide program management and technical support services to the Department of Homeland Security (DHS) Office of the Chief Financial Officer (OCFO)

CACI Wins Prime Spot on $247M Army C4ISR Prototyping IDIQ (GovConWire) CACI International (NYSE: CACI) has won a prime position on a potential $247 million U.S. Army contract to prototype and insert technology into military platforms for C4ISR missions (command, control, communications, computers, intelligence, surveillance and reconnaissance). The company said the five-year indefinite delivery/indefinite quantity contract contains one base year and four one-year options and cover

Products, Services, and Solutions

Leaked Account Notification May Be Worth The Warning (Dark Reading) PwnedList provides companies and consumers with warnings of any account names that have been leaked to the public. Such services can help firms find out when an account could be in jeopardy, but coverage remains spotty

Peak Chrome? Google's browser falls as Firefox, Internet Explorer stay flat (Ars Technica) Latest results may stem more from IE9 and Firefox fixes than any Chrome falter. Once again, Firefox has maintained its grip on second place, behind Internet Explorer. And as Chrome falls away, there's now a gap of more than one percentage point between the browsers

Coverity releases development testing platform (Help Net Security) Coverity announced the next generation of its Coverity Development Testing Platform, an integrated suite of software testing technologies for identifying and remediating critical quality and security

Adobe unveils Acrobat XI with cloud services (Help Net Security) Adobe unveiled Adobe Acrobat XI software with cloud services, a new solution that features newly integrated cloud services, including Web contracting with Adobe EchoSign and forms creation, data collection

Pen-testing Cookie Cadger continues where Firesheep left off (Help Net Security) When the Firesheep extension was revealed to the world in late 2010, its developer said that his main goal was to get sites to switch to full end-to-end encryption, i.e. SSL. Since then, many big

New wireless APs and 2-factor authentication products from Fortinet (Help Net Security) Fortinet announced four new wireless access points along with three new two-factor authentication products. Fortinet is introducing four new additions to its wireless access point product family

Tool prevents hackers from obtaining Android app source code (Help Net Security) RIIS announced HoseDex2Jar, a mobile security tool that can prevent Android decompilation by hackers on mobile devices. Android runs applications in .dex format. Dex2Jar is the only tool available

Contrast security plugin invisibly monitors applications during testing (Help Net Security) Aspect Security announced Contrast, an application security service that creates a real-time dashboard of intelligence and vulnerabilities. Contrast is an IAST solution, integrating the best aspects

Boeing Enhances Kestrel Analytic Software Search Capability (Equities.com) Boeing [NYSE: BA] is offering defense and intelligence users of its Kestrel TAC analytic software faster and more secure data searching via version 7.5 of the software, which was released today. TAC persistently monitors data in real time, searching

How LexisNexis Competes In Hadoop Age (InformationWeek) Open source HPCC platform evolves from turnkey system to Hadoop competitor. Hadoop is the certainly biggest name in big data platforms, and often the go-to solution for enterprises seeking a way to manage growing volumes of unstructured data. But LexisNexis, best known as a provider of computer-assisted legal research services, wants the world to know it has an alternative, albeit one that relatively few organizations are using

Technologies, Techniques, and Standards

CIOs Should Get to Know Their Chief Legal Officers (CSO) Corporate CIOs and chief legal officers (CLOs) have a lot to talk about: data privacy, e-discovery and policies for employee mobile devices, to name a few topics. But a recent Gartner survey of 70 CLOs found that over half (51 percent) of them said they have conversations with CIOs no more than once a month

How to Prevent Remote File Inclusion (RFI) Attacks (eSecurity Planet) RFI inclusion is a simple website attack that nonetheless can make sites vulnerable to data loss or other malice. Using careful code logic will thwart RFI attacks. Preparing a defense against sophisticated, high-profile attacks is obviously a necessity in today's cybersecurity landscape. But this doesn't mean you can forget about the low-hanging fruit

5 dysfunctional IT relationships -- and how to repair them (IT World) Sys admins are from Mars, developers are from Venus, and legal is from hell -- here's how to heal friction among IT factions

Three Primary Analytics Lessons Learned from 9/11 (Smart Data Collective) In James Bamford's Shadow Factory expose on the United States National Security Agency (NSA), he cites missed opportunities to catch the 9/11 terrorists. First, because of information silos and lack of communication and information sharing between the

How to protect yourself and your business from a cyber attack (Fox News) "White House sources partly confirmed an alarming report that U.S. government computers -- reportedly including systems used by the military for nuclear commands -- were breached by Chinese hackers. This was a spear phishing attack

Design and Innovation

A behind-the-scenes look at LinkedIn's mobile engineering (Ars Technica) Pros' network was anything but in the mobile space. Then ethos and execution linked up. LinkedIn is the career-oriented social network that prides itself on professional excellence. But the company's original mobile offering was anything but--it left much to be desired. There was an iPhone application, but no support for Android or tablets. The backend was a rickety Ruby on Rails contraption; afflicted with seemingly insurmountable scalability problems. And despite serving only seven or eight percent of the LinkedIn population, the company's original mobile build required approximately 30 servers in order to operate. This was clearly not made to sustain a growing mobile user base

The Clean Web Movement: Mobile's Influence On Startup Design (TechCrunch) Whether it's in response to the over-stimulation of banner ads and animated gifs, the proliferation of mobile and tablet devices whose screen sizes dictate simpler navigation and layout options, a reaction to our information-overloaded society, or, likely, all of the above, a new class of web startups is adopting the minimalist look in terms of their user interface and design. This "clean web" movement, if you can call it that, is defined by simple typography, lots of negative space, and thoughtful but careful use of color. And it's seemingly everywhere you look these days

Academia

WCC gets nearly $500000 grant for cybersecurity program (TheNewsTribune.com) The school will develop a new two-year degree in information assurance, a field of information security that focuses on protecting databases from hackers and viruses. The degree will be created in collaboration with Western Washington University and

Legislation, Policy and Regulation

FDA Urged to More Rigorously Evaluate Medical Devices' Security Risks (Threatpost) Lawmakers are urging the Food and Drug Administration to more thoroughly vet certain implantable medical devices for security, not just safety, risks. They include life-saving defibrillators, insulin pumps and pacemakers, which have been shown in recent years to be vulnerable to remote attacks

Stricter Web Regulation in Southeast Asia (Global voices online) While Southeast Asian governments are enhancing the delivery of online services for the benefit of their citizens, they are also instituting tougher internet regulations which many analysts believe could be used to curtail media freedom. This post is a summary of recent Global Voices articles which discussed several controversial internet regulation policies in the region. In Cambodia, the government is enforcing a circular drafted earlier this year which requires internet cafes to set up surveillance cameras and to register callers

Businesses to face tougher penalties for data breaches (Computer Weekly) Businesses will face tough penalties for failing to secure personal data under new European legislation. Companies could face fines of up to 2% of their turnover for breaching a proposed EU data protection law. It is fairly certain that penalties will increase substantially, said Karin Retzer, partner at law firm Morrison and Foerster

The cyber debate goes public (The Week Magazine) As the head of the United States Cyber Command (USCYBERCOM), he simply puts on a different hat: Title 10 of the U.S. code, which proscribes conduct for military operations, is his guide. This germ of a lesson in bureaucratic descriptionaring is a lot

Keith Alexander: Civilians must take cyber lead (Politico) The leader of U.S. Cyber Command, Gen. Keith Alexander, said Monday that letting civilian agencies lead the charge on domestic cybersecurity information sharing is "the correct thing to do." Alexander, who also serves as head of the National Security

Former NSA Director Urges National Debate on Cybersecurity (HSToday) The US National Security Agency (NSA), the electronic eavesdropping and cyberwarfare arm of the Department of Defense (DOD), has the most sophisticated cyberattack and defense capabilities in the world. But the agency lacks the legal authority to

Traynere appointed to online task force (Morris Daily Herald) Will County board member Jackie Traynere (D-Bolingbrook) has been appointed to the National Association of Counties' cybersecurity task force. The newly formed initiative will raise awareness of online threats and fraud as well as educate local governments and the public on how to better secure their networks

House strips out protection for intel officials in whistleblower bill (The Hill) The Whistleblower Protection Enhancement Act, S. 743, was passed by unanimous consent on Friday and with little debate, and after an agreement was reached between House Republicans and Democrats that the language related to intelligence officials

Killer Apps: Sen. Collins is no fan of the White House's cyber security executive order (Foreign Policy) This comes as the Defense Department is working to expand existing programs whereby defense contractors and Internet service providers share and receive information on cyber attacks and threats with DoD and intelligence agencies. Pentagon officials are

The Case for Abolishing Patents (Yes, All of Them) (The Atlantic) Our patent system is a mess. It's a fount of expensive litigation that allows aging companies to linger around by bullying their more innovative competitors in court. Critics have suggested plenty of reasonable reforms, from eliminating software patents to clamping down on "trolls" who buy up patent portfolios only so they can file lawsuits. But do we need a more radical solution? Would we be possibly be better off without any patents at all? That's the striking suggestion from a Federal Reserve Bank of St. Louis working paper by Michele Boldrin and David Levine, professors at Washington University in St. Louis who argue that any patent system, no matter how well conceived, is bound to devolve into the kind of quagmire we're dealing with today

Litigation, Investigation, and Enforcement

Not From the Onion: Army Says 'Social Network' Use Is a Sign of Radicalism (Wired Danger Room) These are some warning signs that that you have turned into a terrorist who will soon kill your co-workers, according to the U.S. military. You've recently changed your "choices in entertainment." You have "peculiar discussions." You "complain about bias," you're "socially withdrawn" and you're frustrated with "mainstream ideologies." Your "Risk Factors for Radicalization" include "Social Networks" and "Youth"

INTERPOL effort aims to harmonize cyber info sharing (Fierce Government IT) Sharing cyber threat information and pursuing cybercriminals is a global issue, but coordinating among countries can be difficult due to varied resources and rules for sharing. The European Convention on Cybercrime, is a helpful guide but INTERPOL hopes its digital crime center at Global Complex for Innovation will address the implementation piece of the problem

Cyber cops are busy on the beat (Sydney Morning Herald) The defence agency responsible for dealing with ''cyber events'' threatening the Australian government and systems of national importance is experiencing its busiest year. Officially launched in January 2010, the Cyber Security Operations Centre, which is part of the Defence Signals Directorate, has reported 1105 incidents up until the end of August. If the same average-per-month rate of incidents continues, the full-year total will exceed 1650, which is greater than the 1259 cases reported in 2011

Police link internet attacks to Assange case (Sydney Morning Herald) Swedish police have linked an internet attack that blocked access to several popular Swedish websites to the controversy surrounding WikiLeaks founder Julian Assange. The Australian activist, 41, has been holed up in the Ecuadoran embassy in London since claiming asylum on June 19 in a bid to avoid extradition to Sweden, where he faces questioning over an alleged sexual assault. Mr Assange denies the allegations and says he fears Sweden would extradite him to the United States, which was deeply embarrassed by WikiLeaks' 2010 release of huge caches of US diplomatic cables and confidential documents on the wars in Iraq and Afghanistan