The CyberWire Daily Briefing for 12.2.2012
The Assad regime's use of the "Internet Kill Switch" has not deterred insurgents and their sympathizers from continuing their cyber campaign against the regime—the Syrian embassy in Beijing, for example, is under attack. Regime sympathizers for their part accuse Anonymous of being an instrument of the US State Department. (Anonymous seems more actively engaged against Israel than Syria.)
The Izz ad-Din al-Qassam Cyber Fighters promise more attacks against US banks—their preferred method has been distributed denial of service. The Japanese space agency investigates a cyber incident at the Tsukuba Space Center: malware appears to have been collecting agency technical data and exfiltrating it to an unknown party.
A security researcher claims he's found a vulnerability in Apple devices that can expose their networks to exploitation. Sophos offers a technical look at the Blackhole exploit kit. The SANS Institute publishes a useful list of common coding errors that "lead to 85 percent of criminal Internet activity."
SAIC will continue to provide counterintelligence services under the Global Harvest program, transitioning from the US Air Force to the DIA. Analysts believe 2013 will be a make-or-break year in the mobile device market for both RIM and Microsoft.
The US Department of Energy announces "Piranha," a new tool for text analysis. Bulgaria and the US announce closer cyber cooperation.
Iranian authorities investigate the death of a blogger in Iranian police custody. South Carolina legislators investigating the state's recent data breach allege that a $25,000 dual-password system might well have prevented the incident.
Notes.
Today's issue includes events affecting Australia, Brazil, Bulgaria, China, Iran, Israel, Japan, Malaysia, Romania, Russia, Syria, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Working Hand in Glove with US State Department? Hacking Network Anonymous declares Cyber War on Syria (Global Research) Anonymous which is affiliated to the Occupy Movement is not an NGO. It is an instrument of the US government acting covertly in the hacking of Syrian government websites. This attack follows earlier cyber attacks in 2011 directed against Iran and Syria
Syria Hits Internet Kill Switch; Blackout Continues (InformationWeek) For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites
Anonymous declares Cyberwar on Syrian government sites - Syrian Embassy in China under attack (E Hacking News) The hacktivist group Anonymous has announced a cyber war against Syrian Government websites hosted outside the country."Today, at precisely 10:30 AM ET all Internet traffic into and out of Syria ceased. Within a half hour of this sudden shut down, the PBX land-lines were degraded by 90% and Mobile connectivity was degraded by 75%. The nation of Syria has gone dark
Gaza Ceasefire Doesn't Hold Online: New Anonymous Hack (InformationWeek) War of words and hacked websites continues, even as the Palestinian territories receive upgraded state status from the United Nations
Hacktivist Hints at New DDoS Attacks - New Interview: 'We Have Done What We Had Promised' (Bank Information Security) The hacktivists are now letting their words speak for their actions. For the third time in one month, a source claiming to be part of the self-proclaimed hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters has granted an interview to discuss the wave of high-profile distributed denial of service attacks on U.S. banks. During the recent interview with Flashpoint Global Partners, an international consulting firm, the hacktivist representative said more attacks would be waged and that methods of attacks would diverge, until a YouTube movie trailer deemed by the group to cast Islam in a negative light is removed from the Internet
Malware Swipes Rocket Data from Japanese space agency (Hacker News) Japan's space agency says it is investigating a possible leak of data about its Epsilon rocket due to a computer virus. Malware Case : The Japan Aerospace Exploration Agency said the virus, in a computer at its Tsukuba Space Centre, north-east of Tokyo, was found to be secretly collecting data and sending it outside the agency. JAXA said in a statement that information about the Epsilon, due to be launched next year, its M-5 rocket and H2A and H2B rockets may have been compromised
Hacker attack siphons off $150,000 in teacher salaries from payroll systems (Naked Security) Hackers used the Thanksgiving holiday to launch a crafty attack against a local school district in the state of Wisconsin, compromising a direct deposit system, and stealing $150,000 intended for teachers
Apple device exploit opens internal networks to attack, researcher claims (Fierce Mobile IT) Security researcher Bogdan Calin said he could remotely compromise the internal networks of users with default or weak router passwords by convincing them to open an email on their iPhone, iPad or Mac. "Opening a legitimate looking email on an iPhone, iPad or Mac while using an Asus router with a default or guessable password could compromise the security of your internal network," he wrote in a blog
Technical paper: Journey inside the Blackhole exploit kit (Naked Security) Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year? Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit
The top 25 computing coding errors that lead to 85 percent of criminal internet activity (SANS) The list is being hailed as a major breakthrough that should gradually make theInternet much safer. "When consumers see that most vulnerabilities are caused by amere 25 weaknesses, a new standard for due diligence is likely to emerge," says Konrad Vesey, a member of the National Security Agency's Information AssuranceDirectorate
Cyber Trends
Emerging market employees more likely to engage in BYOD (Fierce Mobile IT) Three-quarters of employees in emerging markets engage in some form of BYOD, compared with only 44 percent of employees in mature markets, according to a survey of 3,796 individuals across 17 countries conducted by research firm Ovum
'Consumerization of IT' is a misnomer, says Aberdeen research director (Fierce Mobile IT) The term "consumerization of IT" does not describe what is really happening in the enterprise and why it is happening, said Andrew Borg, research director of the Mobility Center of Excellence at the Aberdeen Group. Instead of consumerization of IT, Borg describes the trend of employees bringing their own devices to work as the "better-at-home" phenomenon
Hacktivism gets attention, but not much long-term change (CSO) Latest break-in at International Atomic Energy Agency highlights that the public still doesn't buy criminal acts in support of 'good causes.' Another hacktivist group struck this week for yet another "good cause." Parastoo, which broke into a server of the International Atomic Energy Agency (IAEA) and leaked the email addresses of 167 experts working with the agency, declared that its goal was to expose "beyond-harmful operations" at Israel's Negev Nuclear Research Center
Marketplace
SAIC Wins Global Harvest Counterintell Program Extension (Govconwire) Science Applications International Corp. (NYSE: SAI) will continue to run a U.S. Air Force program for collecting intelligence on terrorist targets and financing, Defense News reports. The company won a month-by-month, sole-source extension as the Pentagon is transferring the program from the Air Force's ISR agency (intelligence, surveillance and reconnaissance) to the Defense Intelligence Agency
Deloitte CEO Joe Echevarria, 13 Chief Execs Attend WH Fiscal Cliff Meeting (Govconwire) Deloitte CEO Joe Echevarria was among the 14 chief executives who met with President Barack Obama and Vice President Joe Biden Wednesday to discuss approaches for averting the fiscal cliff of tax increases and spending cuts, Reuters reports. Echevarria told reporters the meeting was constructive and Obama sought input from everyone in attendance, according to
Deltek Promotes Mike Corkery to Acting CEO Dec. 7, Succeeding Kevin Parker (Govconwire) Deltek has appointed Chief Financial Officer Mike Corkery to serve as acting CEO, effective Dec. 7, the company announced Wednesday. Current President and CEO Kevin Parker will leave the company on that date after seven years at the helm, during which the company said its revenues tripled and its customer base doubled. Private equity firm
Microsoft joins malware, ad teams to fight click fraud (CSO) The company says click fraud is rampant in the US$32 billion online advertising industry. Microsoft is linking malicious software analysts with online advertising fraud experts in an effort to disrupt click fraud, a scam where advertisers pay for worthless clicks
Ballmer: Hardware Key To Microsoft's Future (InformationWeek) Facing tablet pressure, Microsoft CEO tells shareholders that company needs to bring hardware and software together to speed up innovation
RIM Redux: Can BlackBerry regain its position in the enterprise? (Fierce Mobile IT) Research in Motion this week prepped the market for the January launch of its new BlackBerry 10 platform and devices. Along with the BlackBerry Enterprise Server 10, the company is betting BlackBerry 10 will help it regain its spot in the business world
Next year is do-or-die for Microsoft, RIM in smartphone OS market (Fierce Mobile IT) IT spending on smart mobile devices--smartphones, tablet and eReaders--will increase 20 percent next year, making up 57 percent of the growth in overall IT spending for the year, according to estimates by research firm IDC
Digital investigation company First Response launches in London (Forensic Focus) First Response (Europe) Limited today announced their launch as one of the United Kingdom's leading IT investigation companies. First Response brings together the collective experience of more than 30 years in digital investigations, being launched by industry veterans John Douglas, Jonathan Krause and Bill Lindley who are offering a highly client focused service backed up by decades of technical experience and skill
Products, Services, and Solutions
10 Essential Android Apps For Work, Home (InformationWeek) Do you use your own Android phone at work? These 10 apps go the distance between home and office
Bloomberg BNA's eDiscovery Resource Center: A New e-Evidence Compliance Solution (Forensic Focus) Bloomberg BNA has launched its new eDiscovery Resource Center, a comprehensive web platform designed to help litigators and in-house legal teams keep up with emerging digital discovery and electronic evidence laws, decisions, and rules of court. The Resource Center delivers an array of useful tools, primary sources, and documents allowing practitioners to confidently litigate complex cases. This content–rich resource includes full-text decisions of current, significant federal and state cases affecting digital discovery and e-evidence; Federal Rules of Civil Procedure and Evidence; and pertinent rules from states that govern the discovery of electronically stored information
Exchange 2013 Enhanced Email Retention, Archiving, Legal Hold, and eDiscovery (Network World) Eliminating the Need for 3rd Party Tools and Leveraging the Built-in Capabilities of the 2013 Office Server Products. In this day and age, email is more than just messages, calendars, and contacts for organizations, they also need the ability to address legal requirements around message retention (both keeping content or automatically deleting content by policy) along with the ability to do eDiscovery search of content throughout the enterprise as well as put content on Legal Hold
Oxygen Forensic Suite Adds Chrome, Dolphin and LinkedIn Support, Parses WAL Data (Forensic Focus) Oxygen Software has updated Oxygen Forensic Suite 2012, the company's flagship mobile forensic tool, adding forensic support for more applications. The newest release adds support for Google Chrome and Dolphin Web browsers as well as LinkedIn support. In addition, the new release of Oxygen Forensic Suite 2012 adds the ability to parse WAL files storing temporary caches of mobile devices' major databases
BlackBag Technologies Announces BlackLight 2012 R4 Forensics Software Release (Forensic Focus) BlackBag Technologies, Inc., a leading developer of forensics software, training, and eDiscovery solutions, today announced the immediate availability of BlackLight 2012 R4, a comprehensive iPhone, iPad, and Mac OS X forensic analysis tool. This latest release delivers intelligent and flexible features including automated VMware virtual machine recognition and Time Machine support, and a new consolidated search and file filter tool that quickly pinpoints relevant evidence in massive data sets
Microsoft Security Essentials loses AV-Test certification (Fierce CIO: TechWatch) Every two months, independent antivirus lab AV-Test will pit popular security software against real world threats and publish a report of its findings. The security suites are scrutinized and scored in terms of their protection, repair and usability. Protection refers to the ability to protect against common, recently detected or completely novel malware, also known as "zero-day" attacks, while repair relates to the ability to detect an existing malware and to thoroughly remove it
Amazon launches cloud data warehouse with Redshift (Fierce CIO: TechWatch) Amazon on Wednesday launched a cloud-based data warehousing service called Redshift. By circumventing the traditional software and hardware stack offered by enterprise storage vendors, Amazon (NASDAQ: AMZN) says the service will substantially reduce the cost of deploying data warehouses
Toshiba announces self-encrypting 4TB hard disk drives (Fierce CIO: TechWatch) Toshiba mid-week announced its first family of 4TB hard disk drives for businesses. Operating at 7,200 rpm, the new HDD uses five platters at 800GB each to achieve its 4TB capacity. The drives are available in SATA 3 or SAS 2 variants, and self-encrypting models are also available
Technologies, Techniques, and Standards
Researchers demo free online technique to perform computation, store data (Fierce CIO: TechWatch) Cloud-based browsers such as Amazon (NASDAQ: AMZN) Silk, Cloud Browse, Opera Mini and Puffin could be abused to perform computing tasks anonymously and at no cost at all, says a group of computer scientists at North Carolina State University and the University of Oregon. The researchers called the technique Browser MapReduce, an allusion to MapReduce developed by Google (NASDAQ: GOOG) to perform parallel processing of large data sets. In this instance, BMP aggregates the JavaScript processing offered by cloud-based browsers in tandem with a scheduling scheme to perform MapReduce jobs
How closely do you monitor your network? (Fierce CIO: TechWatch) How closely do you monitor the outgoing traffic on your corporate network? The question sprang to my mind as I read about the story of how a Tor operator was raided over the allegation of child porn. In this case, one of seven Tor exit nodes operated by William Weber was apparently used to transfer the illegal images, culminating in his arrest and seizure of his computers by the authorities
Design and Innovation
Poll: 20 free infosec tools (SCO Salted Hash) Have your say in a slideshow we're planning for January on free infosec tools that are to die for. I'm working on a slideshow for January that will outline 20 free infosec tools, and I need your help. I have my thoughts on what should make the list, but want to hear from you as well. So tell me, what are some free infosec tools you simply can't live without? Thanks in advance for participating
Video: Norwegian Fox Steals Smartphone, Sends Text (Slate) Sixteen-year-old Norwegian Lars Andreas Bjercke's smartphone was stolen last weekend by a fox—and no, I don't mean a sexy lady. After they turned the app on, the fox appeared almost immediately, the two young men told Swedish news outlet Aftonbladet in an interview. After sniffing, stalking back and forth, and even nipping the smartphone, the animal grabbed the gadget with his teeth and made off with it, like a fox…A day later, Bjercke's other friend sent him a Facebook message wondering whether he had gotten his phone back (he hadn't). In return, they say, she got a garbled text message. Bjercke says he is convinced the fox sent that message. (He has since deactivated his phone)
Research and Development
Energy lab's Piranha puts teeth into text analysis (GCN) The Energy Departments Oak Ridge National Laboratory has pioneered a new approach to text analytics that uses software agents distributed over very large computer clusters that can quickly filter through large volumes of documents, show relationships between them and present relevant information to business and government analysts. The software, called Piranha, is designed to overcome challenges most people face attempting to derive accurate and relevant information as they sift through large amounts of data on their computers. Piranha works faster than traditional approaches by clustering massive amounts of textual information in relatively short amounts of time, due to the scalability of the agent architecture, ORNL officials said
Legislation, Policy, and Regulation
Bulgaria, US to Cooperate Tightly in Combatting Cybercrime (Novinite) The FBI is to send a special agent to Bulgaria who will deal with combattingcybercrime in a total of 12 countries, officials have announced. On Tuesday,Bulgarian Interior Minister Tsvetan Tsvetanov met with Michael Daniel, specialassistant to US President Barack Obama and White House cybersecurity coordinator. During their meeting, it was announced that a special unit for fighting cybercrimewill be created with the involvement of Bulgaria's Chief Directorate for CombatingOrganized Crime, Secret Service and the US Department of Homeland Security
New Cybersecurity Leaders in Congress - Tom Carper, Mike McCaul Moving Up to Key Chairmanships (Govenment Information Security) The chairs of the committees that have jurisdiction over IT security serve as the point men or point women on cybersecurity matters in the U.S. Congress. In both houses, committee leadership changes mean new lawmakers will lead legislative initiatives on cybersecurity in the 113th Congress. The most evident change will be in the Senate with the retirement of the chairman of the Homeland Security and Governmental Affairs Committee, Joseph Lieberman, ID-Conn., a longtime champion of IT and IT security reform in Congress
Litigation, Investigation, and Law Enforcement
Iranian Cyberpolice Chief Fired Over Blogger Death (Eurasia Review) Iran's police have fired the head of their cybercrimes unit over the case of a blogger dying while in police custody. Iran's semiofficial Fars news agency said on December 1 that General Kamal Hadianfar was fired due to failure and lack of sufficient supervision over the performance of personnel under his command
Tor operator raided on allegations of child pornography (Fierce CIO: TechWatch) An Austrian man has been charged with child pornography, which was detected to have passed through his computer. One of the seven Tor exit nodes operated by William Weber, a 20-year-old IT administrator who lives in Graz, Austria, was allegedly used to transport the illegal images
VA still lags on encryption (CSO) Six years after major data breach, a report finds the agency has only 16 percent of its computers running encryption software. More than six years after the Veterans Administration (VA) suffered one of the worst data breaches in history, it is still a long way from closing off the vulnerability that made the breach possible: lack of encryption. It was on May 3, 2006, that a laptop and external hard drive containing an unencrypted national database with names, Social Security numbers, dates of births, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses was stolen from a VA analyst's Maryland home
SC Senator: 'For $25,000, we wouldn't be here' (The State) A $25,000 dual password system likely would have prevented hackers from stealing state tax data belonging to 6.4 million consumers and businesses from the S.C. Department of Revenue, a special state Senate subcommittee investigating the data breach was told Wednesday. "I almost fell out of my chair," Sen. Kevin Bryant, R-Anderson, co-chairman of the cyber-security breach subcommittee, said after the hearing. "For $25,000, we wouldn't be here"
ATM fraudster faces jail after skimming 9,000 PINs (CSO) Police suspect Romanian was part of larger gang. A Romanian man faces a jail sentence after being convicted of skimming 9,000 ATM PINs that could have allowed to him steal over APS3 million ($4.8 million) from British victims
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, Dec 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.
tmforum Management World Americas (Orlando, Florida, USA, Dec 3 - 6, 2012) Management World Americas is the only conference covering end-to-end management of digital services and the challenges of running any service provider business. In addition to a full Cable Summit and Executive Roundtables, this year's new interactive conference covers the most critical challenges facing digital business today across five Forums.
Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, Dec 4, 2012) An overview of sandboxing as a key security technology.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.