The CyberWire Daily Briefing for 11.12.2012

Cyber Attacks, Threats, and Vulnerabilities

Hundreds of Brits' details exposed in claimed Amazon UK hack (ZDNet) A hacker has posted purported data on more than 600 Amazon UK customers online, but the retailer has said the information does not come from their systems. The data, posted on Saturday to Pastebin, was presented by a hacker named Darwinaire as proof that he or she broke into the online retailer's systems. It covers names, usernames, registration dates, phone numbers, email addresses and home addresses for 635 people

Anonymous again hacks OSCE and leaks restricted documents (Hacking News) Following the November 4th attack, Anonymous once again hacked into the Organization for Security and Cooperation in Europe (OSCE). Today they have leaked another 55mb of internal documents from OSCE Vienna, dating upto November 11th. Again, many of the documents are marked as restricted; They have published a 147k PDF file that talk about "Efforts in the field of arms control agreements and confidence and securitybuilding measures"

Google access returns to China after brief blocking (Computer World) Access to Google services in China appeared to return Saturday morning after they were blocked briefly as the country prepares to appoint new leadership. The blocking appeared to last for about 12 hours, with Internet traffic resuming to the sites after 6 a.m. local time, according to Google's Transparency Report, which monitors company's services worldwide. In Beijing, Google was accessible, although loading the sites was slow.

Google blocked in China, amid leadership transition (Quartz) Web censorship sites are reporting that Google is now blocked in parts of China, just as the delicate leadership transition gets underway at the 18th Communist Party Congress…It's unclear how extensive the outages are in the People's Republic. But they come as China has been especially touchy around the handover of power at its official party Congress. An investigative report in the New York Times laying out the fortune amassed by Chinese Premier Wen Jiabao's family was quickly followed by the blockage of New York Times' Chinese language web properties. IHS Global Insight analysts report that both the New York Times and Bloomberg remain blocked in the country

Tipsy Twitter apologises for password reset frenzy, but a real hack sparked it (Naked Security) While it did get a little tipsy with password-reset gusto, plenty of Twitter accounts were in fact hacked. Fingers of blame are pointed towards eastwards, with China watchers well-represented on the list of accounts hacked, but perpetrators of such attacks are tough to pin down

Twitter's Response To Compromised Account Situation: Accounts Were Compromised, But We Reset Too Many Passwords (TechCrunch) Twitter has responded to us with a statement regarding the password reset situation. For those of you just waking up or catching wind of this, a lot of folks have been reporting that their account password has been reset because it was compromised

Twitter Password Security: 5 Things To Know (InformationWeek) Twitter's response to compromised accounts teaches us lessons in social (networking) security

Facebook shuts down Albania Pirate Group, after stolen passwords shared (Naked Security) The Albania Pirate Group has had its Facebook page shut down by the social network, after stolen passwords were exchanged between 600+ members

DDoS Attacks Take Down What.cd, BTN and More BitTorrent Trackers (TorrentFreak) Several popular private BitTorrent trackers have suffered downtime today due to DDoS attacks. The attacks appear to originate from an individual who had aspirations of joining the music tracker What. cd, but carried over to other sites including BroadcastTheNet, PassThePopcorn and HDBits

Demonoid Is Back, BitTorrent Tracker is Now Online (TorrentFreak) After three and a half months of downtime Demonoid's tracker is now back online. The unexpected revival of the tracker is the first sign of life in weeks and suggests that the Demonoid team is working to bring the full site back online. While the index and forum remain offline, the many thousands of torrents tracked by Demonoid have been brought back to life

Cyber criminals hijacking PCs and holding them to ransom (ComputerActive.co.uk) Cyber criminals are hijacking people's PCs and holding them to ransom while they blackmail their victims, Symantec has warned. Sometimes the hijack turns out to be a simple demand for money to unlock the PC but there is a nastier element

HR departments at risk of malware infection after unemployment benefits email spammed out (Naked Security) Computer users, especially those working in the human resources departments of corporations, should be on their guard against a malware attack that is spammed out via email at the moment

Cyber criminals riding on Diwali frenzy (Hindu Business Line) Cyber criminals become hyper active during festivals. Diwali is no exception. They have now started luring unsuspecting users into a trap, which is built around the festival of lights

SMS spam menace: UAE mobile users frustrated…but you can du says telco (Emirates 24/7) A promising announcement of Telecommunications Regulatory Authorisation (TRA) two years ago seemed to bring an end to the steady flow of marketing SMS' that thousands of mobile phone users in the UAE receive every day

Adobe Reader zero-day exploit shows us why sandboxes aren't a magic bullet (ExtremeTech) The real danger is zero-day exploits — security flaws that are found and attacked before anyone else even knows they are there, or has time to develop a patch. One way of mitigating zero-day exploits is through the use of sandboxes, which segregate an

Cyber crooks are taking advantage of outdated web browsers, warns Kaspersky (Inquirer) CYBER CRIMMINALS are taking advantage of security holes in web browsers because users are running old versions without bothering to update them, according to security firm Kaspersky Lab. Kaspersky Lab's Global Web Browser Usage and Security

As Windows gets safer, old vulnerabilities still have bite (IT World) Microsoft Windows is safer- and harder to exploit than ever before. Despite the improvements in OS security, however, security experts tell ITworld that it's the old wounds that hurt the most, as organizations continue to fall to cyber attacks that exploit vulnerabilities discovered - and patched - years earlier

Stuxnet infected Chevron, achieved its objectives (ZDNet) Chevron was infected by Stuxnet almost immediately after it spread into the wild, but the nature of the malware meant that it identified its systems as the wrong target and caused no damage

Hacker: Japan Is Extremely Vulnerable to Cyberattacks (Hacker: Japan Is Extremely Vulnerable to Cyberattacks) Wev'e had the opportunity to do an interview with DeadMellox, a member of Team GhostShell the hacker collective that has made a lot of headlines after leaking millions of sensitive records from organizations worldwide, including China and Russia. In September, the hackers focused their efforts on the worlds top 100 universities. Since some of the targeted organizations were from Japan, the country announced that it would launch an investigation into the matter

Experts: State needs long-term cyber security plan (Greenville Online) Governor calls computer security assessment 'premature,' says more steps are coming. A month after state officials learned of a massive data breach at the Department of Revenue, officials are still discussing what security measures to take to protect all of the state's computer systems

Security Patches, Mitigations, and Software Updates

Memory Bug Fixed in Tor Client (Threatpost) The Tor Project has fixed a flaw in its anonymization and privacy software that leaked information from memory on some machines running Tor that could give an attacker access to sensitive information stored in the cache. The issue was caused by the way that some compilers handle a specific function in the Tor client

Cyber Trends

Trusted deployment of personal data to boost growth in the European economy (Help Net Security) The effective and trusted deployment of personal data could be a boon to consumers and a source of massive growth in the European economy, but only if public and private sector organizations ensure

Users buying tablets in place of cheap PCs (Fierce CIO: TechWatch) The cannibalization of PCs by tablets is not just a figment of your imagination, and can be substantiated by hard figures. Well, at least according to the numbers made public by Nvidia at a conference call with analysts. Nvidia is a chip maker that churns out GPUs, Graphics Processing Units, as well as mobile processors used in tablets and smartphones

Rush to deploy tablets has left security in the lurch (Fierce Mobile IT) Close to half of organizations are allowing the use of company or privately owned tablets, up from just 20 percent in 2011, according to accounting firm Ernst & Young's annual information security survey. At the same time, the adoption of mobile security techniques and software in the enterprise is relatively low, with just 40 percent of organizations using some form of encryption technique on mobile devices, the global survey of 1,850 chief information officers, chief information security officers and other information security executives found

How important is online anonymity to you? (Fierce CIO: TechWatch) A blog on PCWorld outlines some tips on how to surf the web in secret, which may be a good idea given the many methods that website operators and advertisers use to track visitors. Knowing is half the battle, argues Brad Chacos, who highlighted how websites are able to track visitors through their IP addresses or the use of text cookies, Flash Cookies or Silverlight Cookies

Project Management Offices: A Waste Of Money? (InformationWeek) The risks of starting a PMO have never been greater, new research shows. After years of observing project management, I agree. Will most companies that implement a project management office take on higher IT costs without improving performance? That's the bold headline of a Hackett Group study of more than 200 organizations. It's not just hype: I happen to agree that the risks of a disastrous PMO implementation have never been greater

Marketplace

Deficit Cutters Look To Pentagon Budget (New York Times) One war is done, another is winding down and the calls to cut the deficit are deafening. The military, a beneficiary of robust budgets for more than a decade, is coming to grips with a new reality fewer dollars

Navy Awards Contracts for Effort to Attack Enemy Networks (DefenseNews.com) It's still not clear what law governs the use of cyber attacks, though the State Department's top lawyer has said that a cyber attack in certain cases could be considered a "use of force" and would be subject to international humanitarian law…The companies awarded the contract are Anchored Systems (JV), Washington, D.C.; Ausgar Technologies, San Diego, Calif.; Burke Consortium Inc., Alexandria, Va.; The Cybrix Group, Tampa, Fla.; Flatter and Associates Inc., Stafford, Va.; GRSI, Frederick, Md.; ISHPI Information Technologies Inc., Mount Pleasant, S.C.; Mandex Inc. Fairfax, Va.; Mystikal Solutions LLC, San Antonio, Texas; Sentar Inc., Huntsville, Ala.; SPARC LLC, Charleston, S.C.; Stargates Inc., Arlington, Va.; Strohmier Consulting LLC, Ashburn, Va.; and Technical and Project Engineering, Kingstowne, Va.

Agency programs show outlines of future cyber ecosystem (GCN.com) The next step will be formation of a working group, probably to include the National Security Agency as well as DHS and NIST, to do a gap analysis identifying what needs to be done to move the present state of technology to the desired state

Lockheed Martin Ousts Incoming CEO (Wall Street Journal) Lockheed Martin Corp. ousted its incoming chief executive, Christopher Kubasik, for having a "close personal relationship" with a subordinate at the defense contractor. The company said Mr. Kubasik was asked to resign Friday after an investigation determined the "improper conduct" violated Lockheed Martin's code of ethics. He will receive a $3.5 million separation payment

Cyber firm KEYW moving beyond government work (Washington Business Journal) KEYW Holding Corp. made its name selling cybersecurity systems to government intelligence and counterterrorism agencies. Now, the 4-year-old Hanover, Md

SafeNet to Sell Government Solutions Business (Govconwire) SafeNet Inc. has entered into a definitive agreement to sell its government solutions business unit to an undisclosed buyer, the company announced Thursday

Thoma Bravo Acquires Crossbeam Systems (Dark Reading) Crossbeam's current senior management team will continue to manage the company

Army Picks 20 Firms for $10B Tactical Communications IDIQ (Govconwire) The U.S. Army has awarded 20 companies the opportunity to compete for task orders on the Global Tactical Advanced Communications Systems contract, according to Defense Systems…20 companies included in the IDIQ: CACI Technologies, D & S Consultants, DRS Technical Services, Envistacom, General Dynamics One Source, Globecomm Systems, Harris, ITT/Exelis, L-3 Services, Lockheed Martin Integrated Systems, Morgan Franklin C3T, Nexagen Networks, Northrop Grumman Systems, Raytheon, Rockwell Collins Satellite Communications Systems, Science Applications International, Scientific Research, Telecommunications Systems, Trace Systems, [and] Viasat

CSC to set up Wollongong cybersecurity centre (iT News) CSC Australia will set up a cybersecurity…regional and global network threats and cyber attacks

CSC secures govt funding for cloud, cyber security centres (iTWire) The Federal Government has granted IT services company, CSC Australia, $2.76 million to create two Centres of Excellence for Cloud and

Lockheed Moving DOL Data Centers to Cloud (Govconwire) Lockheed Martin will consolidate the Labor Department's data centers and move them to a secure data center, then ultimately move them to a cloud computing environment

VMware Does Complicated Dance With Open Source (InformationWeek) Now that VMware owns Nicira, how will Nicira continue to lead development of virtual networking in OpenStack? Nicira founder Martin Casado explains

AT&T bets $8 billion that it will gain market share from 4G rivals (Fierce Mobile IT) AT&T (NYSE: T) is hoping to gain market share from its U.S. 4G competitors Verizon Wireless (NYSE: VZ), Sprint Nextel (NYSE: S), and T-Mobile with an $8 billion wireless infrastructure investment announced this week

Ericsson slashes mobile network equipment workforce (Fierce Mobile IT) Ericsson is cutting close to 10 percent of its Swedish workforce, 1,550 out of a total of 17,768 employees, mostly in its mobile network equipment division

Products, Services, and Solutions

Windows 8 security unshaken by antivirus vendor's claims (CSO) Bitdefender raises worry over trusting included antivirus software, but one analyst said Windows 8's core security picks up the slack

Cyber Threat Intelligence Services Launched By Dell SecureWorks To Help Organizations Identify And Defend Against Attacks (Dark Reading) Dell SecureWorks, an industry leader in information security services, has launched a new suite of "Targeted Threat Intelligence Services" designed to help organizations be proactive in identifying, understanding and defending against cyber threats targeting their key infrastructure, critical data and executives

Red Hat Enterprise Linux 6 Secure-Ready for Government Clouds (Integration Developers) Notably, Red Hat Enterprise Linux 6 features Security-Enhanced Linux (SELinux), a joint project developed with the National Security Agency (NSA). The certification provides assurance that using Red Hat Enterprise Linux 6 with the KVM hypervisor allows

New Threat Protection Solution from Norman Now Available (Business Wire) In response to growing concerns from the worldwide security and IT community over the proliferation of cyber threats

Updated SkyBox risk and compliance management solutions (Help Net Security) Skybox Security added new capabilities to Firewall Assurance 6.5 and Network Assurance 6.5 that make it easier for security managers to see, analyze and take action to secure the network infrastructure

MobileIron unveils two new MDM products for the enterprise (Fierce Mobile IT) Mobile device management startup MobileIron launched this week two new products for establishing and securing what the company calls the "enterprise app persona"

IBM expands mobile enterprise offerings (Fierce Mobile IT) IBM (NYSE: IBM) is expanding its mobile software and services capabilities in a market that is predicted by McKinsey & Co. to reach $130 billion in revenue by 2015

New Mastercard has LCD screen and keyboard (BBC) A credit card with an LCD display and built-in keyboard has been launched in Singapore by Mastercard. The card has touch-sensitive buttons and the ability to create a "one-time password" - doing away with the need for a separate device sometimes needed to log in to online banking. Future versions of the card could display added information such as the remaining balance

Technologies, Techniques, and Standards

Puzzle Logic (Dark Reading) Authentication is an enduring mystery, but solving authorization puzzles may be a better use of your security resource

Finding Rootkits By Monitoring For 'Black Sheep' (Dark Reading) Looking for kernel changes among flocks of computers can help organizations detect rootkits, according to team of researchers

Salvaging Digital Certificates (Dark Reading) Following breaches at Diginotar, Comodo, and RSA, digital certicate technology has been deeply tarnished. Here are five ways to shine it up and make it work for your organization

Oak Ridge Unveils 20-Petaflop 'Titan' Supercomputer (IEEE Spectrum) New 299,008-CPU Cray XK7 will simulate nanomagnets, global climate, and turbulent combustion

Design and Innovation

How a $20 tablet from India could blindside PC makers, educate billions and transform computing as we know it (Quartz) Suneet Tuli, the 44-year-old CEO of UK/Canadian/Indian startup Datawind, is having a taxing day. "I'm underwater," he says as he struggles to find a cell signal outside a restaurant in Mumbai. Two days from then, on Sunday Nov. 11, the president of India, Pranab Mukherjee, will have unveiled the seven-inch Aakash 2 tablet computer Tuli's company is selling to the government for distribution to 100,000 university students and professors. (If things go well, the government plans to order as many as 5.86 million.) In the meantime, Tuli is deluged with calls from reporters, and every day his company receives thousands of new orders for the commercial version of the Aakash 2. Already, he's facing a backlog of four million unfulfilled pre-orders

Research and Development

How the Pentagon's Plan X could revolutionize cyberwarfare (CyberWarZone) The same Pentagon futurologists who helped create the Internet are about to begin a new era of cyberwarfare. For years, the Pentagon has been open and adamant about the nation's need to defend itself against cyberattack, but its ability and desire to attack enemies with cyberweapons has been cloaked in mystery. Next week, however, the Pentagon's Defense Advance Research Products Agency (DARPA) will launch Plan X an effort to improve the offensive cyberwarfare capabilities needed to dominate the cyber battlespace, according to an announcement for the workshop

Cyber experts engage on DARPA's Plan X (CyberWarZone) When the team behind DARPA's Plan X mapped out where it wanted to go with research in the development of cyber capabilities and platforms, it knew the DARPA approach to problem solving included soliciting input from the leading experts in the field. On October 15 and 16, DARPA outlined its plans for Plan X to a packed house of potential developers and performers and solicited their feedback

DARPA Sponsors Surveillance Technology to Predict Future Behavior (The New American) It is foreseeable that such immensely powerful video summarizing technologies could be very valuable to the National Security Agency (NSA) employees who will soon be monitoring, recording, and storing the electronic communications of every American

Academia

Michigan's Inaugural Cyber Security Training Program Launches in Washtenaw (Patch.com) Michigan Cyber Range partners include Merit Network, U.S. Department of Homeland Security, U.S. Department of Energy, National Institute of Standards and Technology, DTE Energy, Consumers Energy, Plante and Moran PLLC, Juniper Networks, Eastern

Legislation, Policy, and Regulation

Changes proposed to [Singapore] Computer Misuse Act to better deal with cyber attacks (Straits Times) Proposed amendments allow the Minister of Home Affairs to order a person or organisation to act against any cyber attack even before it has begun. Under the current Act, the Minister can exercise his powers only when there is an outright cyber attack

All talk and no action (so far) on cyber threats (FCW.com) "We are not going to be able to secure every system and every company," said Jenny Menna, director of the Stakeholder Engagement and Cyber Infrastructure Resilience Division at the Department of Homeland Security and former acting director of the U.S.

India, Britain to step up cooperation in cyber security (Can India) India and Britain decided to step up cooperation in cyber security during their Foreign Minister-level talks here on Thursday. They also discussed the situation in Afghanistan and Pakistan besides cooperation in nuclear energy, defence and counter-terrorism, said officials who gave no additional details. At a joint press conference with External Affairs Minister Salman Khurshid, British Foreign Secretary William Hague supported Indias bid for membership in four export control regimes.

Litigation, Investigation, and Law Enforcement

CIA Director's affair caught by FBI e-mail monitoring (Ars Technica) Petraeus' explicit Gmail messages exposed by probe of mistress' e-mail threats

Officials Say F.B.I. Knew Of Petraeus Affair In The Summer (Washington Post) No general in the U.S. military had a more loyal retinue of staff officers than retired Gen. David H. Petraeus

Did General Stumble On Strange Turf? (New York Times) High-level officials at the Federal Bureau of Investigation and the Justice Department were notified in the late summer that F.B.I. agents had uncovered what appeared to be an extramarital affair involving the director of the Central Intelligence Agency, David H. Petraeus, government officials said Sunday

Petraeus Probe Draws Scrutiny (Washington Post) Senior lawmakers called for an inquiry into the FBI's handling of the case of CIA Director David H. Petraeus on Sunday as new details and questions emerged about the investigation that led to his resignation last week

Canada fears becoming cyber-attack host (Metro News) The Public Safety Department worries Canada is becoming a digital launching pad for — not just a target of — malicious cyber-activities, confidential briefing notes reveal. Traditionally, most cyber-criminals are known for plotting their online schemes in places like Eastern Europe, East Asia and Africa, say departmental notes prepared for a closed-door meeting of the Cross-Cultural Roundtable on Security

Teenage Hacker 'Cosmo the God' Sentenced by California Court (Wired Threat Level) The 15 year-old UG Nazi hacker known as Cosmo or Cosmo the God was sentenced in juvenile court on Wednesday in Long Beach, California. According to Cosmo, he pled guilty to multiple felonies in exchange for a probation, encompassing all

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

E2 Innovate Conference & Expo (Santa Clara, California, Nov 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.

Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.

ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.

Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.

Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.

CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.

BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.

TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.