
The CyberWire Daily Briefing for 10.4.2012
Team Ghostshell makes good on its threat to distribute records stolen from university databases. More than 120,000 people are affected. Among the universities hit are NYU, Princeton, Harvard, Michigan, Stanford, and Cornell.
This summer Google began warning users when it had evidence they were under "state-sponsored cyber attack." Three months later the company is surprised by the increase in attack indicators it's picking up. Middle Eastern governments appear to be overtaking China in frequency of attacks Google detects.
Trusteer reports the malicious Man-in-the-Browser utility is now more powerful and more widely available: it now recognizes fields in most browser forms and processes results in near real time. Anonymous hacks Swedish banks in retaliation for Swedish raids on dodgy Web operation PQR (which has now returned to the Internet). Iran claims it's under "heavy," sustained cyber attack. Last week's Islamist denial-of-service attacks on US banks have largely subsided; analysts comment on their strange mix of sophisticated planning and primitive approach.
The French government debunks claims of a Facebook privacy bug. Tulsa's CIO has been placed on administrative leave for raising a false alarm over planned, legitimate penetration testing of the city's networks. Investigation of a phishing campaign against White House military networks continues.
In industry news, CSC buys big data analytics shop 42Six, Lockheed Martin announces its team in a $4.6B DISA bid, and HP warns of tough times before a turnaround. Google plans major layoffs at Motorola.
The EU will soon conduct a pan-European cyber exercise focusing on a continent-wide DDoS campaign.
Cyber Attacks, Threats, and Vulnerabilities
GhostShell university hack: By the numbers (ZDNet) Records stolen from university databases including the University of Michigan, New York University, Princeton and Harvard were made publicly available yesterday, after hacker group leader 'DeadMellox' tweeted a link to the release posted on Pastebin. The group claimed to have released just a fraction of what they managed to obtain in campaign "Project WestWind", but it still apparently amounted to 120,000 sets of data. Identity finder analyzed the SQL breach, and found that the 120,000 records -- now available publicly in a number of cyberlockers and mirror sites -- appear to be "authentic enough" to warrant university investigation
Hackers post data from dozens of breached college servers (CNet) A group of hackers claims to have stolen thousands of personal records by breaching the servers of more than 50 universities around the world, including Harvard, Stanford, Cornell, and Princeton. A group calling itself GhostShell posted to Pastebin more than 120,000 records from the breached servers, including thousands of names, usernames, passwords, addresses, and phone numbers of students and faculty. While most hacker activity is motivated by a desire to steal identities or pranksterism, GhostShell said the goal of its data dump was to focus public attention on the state of higher education
Middle East cyberattacks on Google users increasing (CNet) Here we go again. Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified. The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East
Man-in-the-Browser malware scam goes universal (CSO) Utility lets scammers cull, distribute credit card data in real time. The Man-in-the-Browser has had a makeover: He is now available as the Universal Man-in-the-Browser (uMitB). The latest utility for a well-established malware scam offers two major improvements, said security vendor Trusteer, whose CTO, Amit Klein, wrote about it in a blog post on Wednesday
Malicious spam campaign targets QuickBooks users (Help Net Security) Intuit-themed malicious spam campaigns pop up every couple of months or so, given that the company's tax preparation, accounting, financial management and billing software and services are extremely
Iran claims to have been hit by 'heavy' cyber attack, pins slowdowns on coordinated hacking campaign (Engadget) Whatever you think of Iran's politics, it's hard to deny that the country has frequently been the target of internet-based attacks that sometimes go beyond the originator's plans. If you believe High Council of Cyberspace secretary Mehdi Akhavan Behabadi, the pressure is only getting worse
Swedish c.bank website shut down in cyber attack (Reuters) Hackers shut down the website of Sweden's central bank on Wednesday and targeted two other official sites after activist group Anonymous was reported to have threatened it would launch a cyber attack in support of Internet
Swedish Web host PRQ returns following government raid (Ars Technica) PRQ, started by a Pirate Bay co-founder, hosts a number of questionable sites
Defiant Pinoy hackers dare PNoy, expand cyberattacks (GMA Network) Filipino hacktivists have stepped up their protests against the Anti-Cybercrime Act, expanding their list of targets to include vital government websites even as they directly dared President Benigno Aquino III to shut them down. The hacktivist collective Anonymous posted on YouTube a video entitled, "Anonymous - Message to the President of the Philippines" in which it warned that the government will feel its wrath if the latter attempts to "shut down the message (and) chill our speech."You want to see Anonymous rise up? Try to shut down the message
Cyberattacks on banking websites subside -- for now (Computer World) The wave of cyberattacks against a half-dozen U.S. financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches. The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking. But customer-facing websites are just a small part of very complicated banking systems consisting of sometimes thousands of back-end applications that are being prodded by attackers, said Scott Hammack, CEO of Prolexic, a company based in Hollywood, Florida, which specializes in defending against distributed denial-of-service (DDOS) attacks
Bank Site Attacks Trigger Ongoing Outages, Customer Anger (InformationWeek) Who's really behind the recent bank DDoS attacks? They are more diverse and powerful than previously seen hacktivist campaigns, security experts say
DDoS attacks on major US banks are no Stuxnet here's why (Ars Technica) The attacks that recently disrupted website operations at Bank of America and at least five other major US banks used compromised Web servers to flood their targets with above-average amounts of Internet traffic, according to five experts from leading firms that worked to mitigate the attacks. The distributed denial-of-service (DDoS) attackswhich over the past two weeks also caused disruptions at JP Morgan Chase, Wells Fargo, US Bancorp, Citigroup, and PNC Bankwere waged by hundreds of compromised servers. Some were hijacked to run a relatively new attack tool known as "itsoknoproblembro." When combined, the above-average bandwidth possessed by each server created peak floods exceeding 60 gigabits per second
White House Hack Attack Under Investigation: Report (Newsroom America) National Security Agency officials are also involved. On Monday, White House spokesman Jay Carney acknowledged that attack, which he characterized as "spear phishing," which is a form of cyber attack utilizing emails that attempt to convince recipients
French privacy watchdog dismisses reports of Facebook bug (CSO) Users did not realize the messages they posted on friends' Walls were public, and their visibility to all was not a bug, CNIL found. An investigation by the French privacy watchdog has found no truth to worldwide press reports last week that a Facebook bug was exposing old private messages to public view. Users had not grasped the public nature of the personal messages they were posting, and the "bug" was in their understanding of Facebook's privacy settings, the French National Commission on Computing and Liberty (CNIL) said late Tuesday
What happened to Tulsa's CIO could happen to you (CSO) Tulsa CIO Tom Golliver is on paid administrative leave after the city's response to a data breach turned out to be a false alarm. What happened there could happen anywhere. Tulsa CIO Tom Golliver kind of reminds me of Chief Brody in the second JAWS movie. He sees what he thinks is a Great White, yells at everyone to get out of the water and fires away at what turns out to be a school of bluefish
UK at greatest risk of identity fraud in Europe (Help Net Security) The UK is at the greatest risk of identity fraud throughout Europe, according to new independent research. As National Identity Fraud Prevention Month starts, a taskforce of partners from the
Cyber Trends
App Whitelisting Could Offer Answer To Next-Gen Malware, Report Says (Dark Reading) Reducing attack surface is a solid alternative to antivirus for defending against zero-day malware, Forrester says. As malware continues to proliferate at a rate that overwhelms many signature-based antivirus tools, enterprises may want to take a new approach: limit the number of applications allowed
You're Nobody Without Your Mobile Device (Dark Reading) Will mobile biometrics be an IAM driver or nonstarter in the enterprise? The mobile device explosion within the enterprise has opened up countless new technology opportunities, but one that is just now starting to be explored is the idea of turning a mobile device into the ultimate biometric hardware
Hague issues warning about global cybercrime danger (BBC) It has never been easier to become a cybercriminal, Foreign Secretary William Hague is to warn an international conference in Budapest. He will tell delegates that cybercrime is "one of the greatest global and strategic challenges of our time."Mr Hague is highlighting the UK's determination to be a world leader in cyber security - it is spending 2m setting up a cybercrime centre. He also wants international hotlines set up to help tackle emergencies
Marketplace
UK to spend 2m pounds a year on shoring up cybersecurity worldwide (ZDNet) A UK-based cybersecurity 'centre of excellence' will help other countries defend themselves against cyber-attacks, according to foreign secretary William Hague, who also hinted at the establishment of 'hotlines' between rival countries to stop
McCain Threatens To Block Contractor Payments From Pentagon (Bloomberg.com) The top Republican on the Senate Armed Services Committee said today he would move to block Pentagon payments to defense contractors facing layoff-related expenses from automatic budget cuts set to begin in January
Thousands of Lotus Notes applications complicates GSA cloud migration (Fierce Government IT) Streamlining of applications is often meant to be a major benefit of migration to the cloud, but the General Services Administration has allowed its offices in at least one case to replicate a duplicative Lotus environment in the cloud. Each GSA component has developed its own inventory of Lotus Notes applications for decommissioning or migration to the cloud, and the GSA office of the chief information officer didn't perform an analysis on those applications to look for duplication, says the GSA office of inspector general
The State of the Cybersecurity Workforce (FederalNewsRadio.com) Cybersecurity affects every agency, program and employee, and has become an even greater challenge to manage as global networks become more susceptible to risk
LifeLock's IPO Is Unimpressive, But Not as Bad as Its Checkered Past (Wired Threat Level) LifeLock, which provides identity theft protection services to Americans, had its initial public offering Wednesday, which didn't tank as badly as one might expect from a company that'd been fined $12 million for deceiving Americans
From The Smoke And Fire Dept: Huawei Denies (Again) It's Launching Its Own Mobile OS (TechCrunch) Last week saw a little skirmish in the mobile platform wars, when news broke that Huawei, which makes smartphones based on Google's Android OS, was working on an operating system of its own — first reported by Reuters and then picked up by others. Curious to hear from the horse's mouth, we got in touch. And it turns out that Huawei, in fact, has "no plans" to launch an OS any time soon
Google plans wider job cuts at Motorola unit (Huffington Post) Google says it is expanding its plan to cut jobs from its Motorola Mobility unit outside the US and will take $390 million in charges related to the layoffs
H-P falls 7% as Whitman points to tough year (MarketWatch) Shares of Hewlett-Packard Co. on Wednesday fell to their lowest level in a decade as Chief Executive Meg Whitman warned that it will take longer to turn around the beleaguered tech powerhouse
CSC Buys Big Data Analytics Firm 42Six (Govconwire) Computer Sciences Corp. (NYSE: CSC) has acquired a Maryland-based software developer that focuses on big data processing, analytics and advanced applications support for defense and intelligence customers. CSC did not disclose terms of its acquisition of 42Six Solutions in a release. "Data services and analytics capabilities are rapidly becoming essential elements of commercial and government
Lockheed Announces $4.6B DISA Info Grid Contract Team (Govconwire) The Lockheed Martin-led team on a potential $4.6 billion contract to run the Defense Department's global information grid includes Xerox subsidiary ACS, AT&T, BAE Systems, ManTech International and Serco's U.S. subsidiary. Lockheed made its announcement Wednesday on the heels of the Government Accountability Office's decision to uphold Lockheed's win of the potential seven-year contract
Razorsight Names Chris Checco President, Chief Analytics Officer (Govconwire) Big data and analytics specialist Razorsight Corp. has added Chris Checco, former lead management scientist for Accenture Federal Services, to its executive ranks as president and chief analytics officer. Checco is charged with leading efforts to accelerate Razorsight's development of advanced analytics solutions for global communications providers, cable operators and mobile operators
Hypesters Put IT Credibility On The Line (InformationWeek) Business technology leaders and managers need to get into the habit of underpromising and overdelivering
Products, Services, and Solutions
ESET Releases ESET USSD Control To Prevent Dangerous Android Vulnerability (Dark Reading) Security flaw allows cybercriminals to potentially take control of unprotected Android-based smartphones
Kaspersky Mobile Security helps Android users recover stolen smartphones (Help Net Security) Kaspersky Lab announced the addition of new features to Kaspersky Mobile Security designed to aid in the protection of data residing on lost or stolen smartphones and the recovery of missing devices
Solera Networks enhances appliance for big data security (Help Net Security) Solera Networks announced enhancements to its DeepSee Virtual Appliance that provides visibility of network traffic--including traffic between applications running in the virtual network
Ipswitch releases WhatsUp Gold 16 (Help Net Security) Ipswitch released WhatsUp Gold 16, which comes loaded with network, server and application monitoring, automated layer 2 discovery and mapping, wireless infrastructure management and hardware and soft
Review: Incapsula: Enterprise-grade website security (Help Net Security) Over the last few years, small to medium businesses has seen a huge increase in website attacks. Website owners are seeking for affordable and effective tools to protect their websites from hackers
Lockheed offers agencies a cloud storefront (GCN.com) The Solution as a Service (SolaS) hybrid cloud solution provides a modular suite of capabilities delivering command, control, brokerage and security across multiple clouds, according to Curt Aubley, vice president of NexGen Cyber Innovation
RIM Improves PlayBook With OS 2.1 (InformationWeek) Updated PlayBook OS lets users send text messages, secure personal data with government-grade encryption
Google Enterprise, I'm Not Impressed (InformationWeek) You have great products and are a proven innovator, but it will take changes in thinking to conquer the enterprise.
Technologies, Techniques, and Standards
SMTP Dialects: How to Detect Bots Looking at SMTP Conversations (Infosec Island) It is somewhat surprising that, in 2012, we are still struggling fighting spam. In fact, any victory we score against botnets is just temporary, and the spam levels raise again after some time. As an example, the amount of spam received worldwide dropped dramatically when Microsoft shut down the Rustock botnet, but has been rising again since then
How to Protect against Denial of Service Attacks: Refresher (Infosec Island) With all of the information about DoS attacks in recent months, it is easy to blame banks and say that they didnt have the proper security controls in place to withstand this type of attack, but in reality things are not that simple. So, how does this happen? Is it preventable?
Government Agencies Get Creative In APT Battle (Dark Reading) Debora Plunkett, information assurance director at the National Security Agency (NSA), in a keynote address here today pointed to the recent breaches of major financial institutions as an example of how even the most security-conscious organizations
And the SHA-3 title goes to .....Keccak (Internet Storm Center) In response to a number of attacks on SHA , NIST started to look for the successor to SHA-2, figuring that it was likely that it to may fall. To date that hasn't occurred and SHA-512 still looks strong. The competition proceeded and was whittled down from 64 candidates over a number of rounds. Yesterday NIST annouced the winner of the SHA-3 competition, Keccak
Why agencies don't have to upgrade to a new crypto hash (GCN.com) "In current protocols there is not going to be any major push to move to SHA-3," said Tim Polk, manager of NIST's Computer Security Division's Cryptographic Technology Group. "SHA-2 is a very good algorithm. For existing protocols in use today, SHA-2
8 IT Mistakes: Must-Have Lessons From Top CIOs (InformationWeek) Spare the euphemisms. Great teams embrace mistakes and get better
Legislation, Policy, and Regulation
Opposition to cybersecurity executive order among Republican senators (Fierce Government IT) In a letter dated Oct. 2, Sen John McCain (R-Ariz.) and five Republican colleagues say an issue "as far reaching and complicated as cybersecurity requires all stakeholders to work together to develop an enduring legislative solution
MPAA Chief Says SOPA, PIPA 'Are Dead,' But ISP Warning Scheme Lives On (Wired Threat Level) Former Sen. Christopher Dodd, now chairman of the Motion Picture Association of America, said the Stop Online Piracy Act and Protect IP Act aren't going to be floated again in Congress. "These bills are dead. They are not coming back
Cybersecurity Under the COPPA Cabana (Huffington Post) The proposed changes the administration are trying to make concern the third party buttons on websites, and the challenges brought up by tablets and smartphones -- trying to take these gaps in cybersecurity law and find a solution to closing those gaps
Homeland Security's 'fusion centers' defended in response to sharply critical report (Washington Post) The Department of Homeland Security, law enforcement authorities and some lawmakers on Wednesday defended information-sharing offices known as "fusion centers" after a sharply critical Senate report said the offices were wasteful and inept. A national
Litigation, Investigation, and Law Enforcement
Hacktivist's Advocate: Meet the Lawyer Who Defends Anonymous (The Atlantic) As a lawyer not particularly immersed in the technology world, Jay Leiderman first became interested in the hacker collective Anonymous around December 2010. That was when Anonymous activists launched distributed denial of service attacks (DDoS) against Mastercard and PayPal, who stopped processing donations to WikiLeaks. Since then, he has represented a number of high-profile hackers, including Commander X, who is on the run from the FBI for a DDoS attack on a county website in Santa Cruz, California, to protest a ban on public sleeping, and Raynaldo Rivera, a suspected hacker from LulzSec who is accused of stealing information from Sony computer systems
Global action takes down tech support scam (The Register) Australian, US and Canadian authorities have jointly proclaimed a victory over scammers who call punters and offer unsolicited and unnecessary tech support. The scam has been running for years and involves a call from someone claiming to be an employee of Microsoft or another tech titan. If you answer, the caller explains that malware has been detected on your PC and helpfully offers to remove it
NY charges in US-Russia military electronics case (Wall Street Journal) Authorities in New York say they've charged 11 members of a Russian military procurement network, a Texas-based company and others with illegally exporting high-tech microelectronics from the United States to Russian military and
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
8th Cyber Security and Information Intelligence Research Workshop (, Jan 1, 1970) This workshop will "discuss and publish novel theoretical and empirical research focused on one or more of the Federal Cybersecurity themes."
THOTCON 0x4 (, Jan 1, 1970) A small, non-commercial hacking conference.
Center for Applied Cybersecurity Research Security Summit (, Jan 1, 1970) Indiana University holds its ninth annual conference on information security and policy.
Europe Ramps Up Cyber Attack Testing With Second Simulated Pan-Europe DDoS (, Jan 1, 1970) 300 IT security professionals from across Europe are locking horns in a simulated cyber war exercise taking place today which -- if it was a real attack -- would be capable of disrupting services for millions of Europeans. The exercise, known as Cyber Europe 2012, is being run by ENISA: the European Network and Information Security Agency, and is part of ongoing efforts to bolster cyber crisis cooperation, preparedness and response across Europe. This is first Cyber Europe event to include participants from the private sector -- specifically the finance sector, ISPs and eGovernment -- not just the public sector…
National Cyber Security Hall of Fame Inaugural Award Ceremony (Baltimore, Maryland, USA, Oct 17, 2012) Created to honor those who've created the cyber security industry, the National Cyber Security Hall of Fame celebrates its inaugural class this month.
Upcoming Events
Cyber Maryland 2012 (Baltimore, Maryland, Oct 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding networking. CyberMaryland 2012 is for technology companies, business leaders, students, emerging professionals, policy makers, elected officials, business services and entrepreneurs in public and private enterprise."
National Cyber Security Hall of Fame (Baltimore, Maryland, Oct 17, 2012) Baltimore welcomes the US cyber security community to honor the members of the National Cyber Security Hall of Fame innaugural class.
National Cyber Security Hall of Fame Inaugural Award Ceremony (Baltimore, Maryland, USA, Oct 17, 2012) Created to honor those who've created the cyber security industry, the National Cyber Security Hall of Fame celebrates its inaugural class this month.
Cyber Security: A National Imperative (Washington, DC, Oct 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the National Press Club.
TechExpo Cyber Security Careers (Columbia, Maryland, Nov 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
E2 Innovate Conference & Expo (Santa Clara, California, Nov 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.
Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.