The CyberWire Daily Briefing 12.09.12

Summary

By The CyberWire Staff

The Saudi Interior Ministry announced today that it has determined this summer's attack on Saudi Aramco came from "several" foreign countries. It declined to name the governments it believes are implicated, saying that the investigation is on-going. Elsewhere in the Middle East, Anonymous announces that phase two of OpIsrael has begun, with .org and .gov domains as the objective. Anonymous is also responsible for minor disruptions of the International Telecommunications Union meetings: ITU reported a two-hour degradation of its IT system performance.

November saw a major spike in Neccurs rootkit infections. Commonly delivered by the Black Hole exploit kit, Neccurs affected more than 83,000 machines last month. Black Hat Abu Dhabi saw a disturbing proof-of-concept exploit that targets widely used accounting systems, including those provided by SAP and Oracle.

Anonymous hopes to replace Wikileaks with "Tyler," a leaks release platform that went live Friday.

Foreign Policy notes the growth of intelligence services as in-house units of major corporations. These perform traditional business intelligence functions (like red-teaming and black hat proposal reviews) but they also develop political intelligence. Foreign Policy notes that corporate intelligence departments are increasingly staffed by alumni of the US Intelligence Community.

Apple show it's indeed serious about returning manufacturing to the United States: production of one existing Mac line will move from Foxconn to the US. RIM, seeking revitalization through its traditional reputation for security, introduces a new security wrinkle in BlackBerry, a black list of weak passwords.

The British Government worries about shortages in cyber-trained undergraduates.

Notes.

Today's issue includes events affecting China, Israel, Pakistan, Saudi Arabia, United Arab Emirates, United Kingdom, United Nations, and United States..

Selected Reading

Legislation, Policy and Regulation

U.S. Cyberwar Doctrine Would Not Matter Without International Agreement (Threatpost) When the history of cyberwar is written, 2012 may well be marked down as the year that it all began in earnest. Governments have been attacking one another electronically for decades now, but the last 12 months have seen both the concept and reality of cyberwar elbow their way into the consciousness of the general public through attacks such as Flame, Gauss and Shamoon, and also have seen government officials openly discussing offensive operations and calling out other nations for their extensive attacks on U.S. networks. Now, those same U.S. officials are in the process of developing doctrines for cyberwar operations as way of defining how and when military and government teams can act

Privacy fears over police cybersecurity monitoring (South China Post) The police have to adopt greater transparency in their monitoring of the internet so as to dispel public fears of privacy violations brought on by launch of the force's new cybersecurity centre, lawmakers and activists said yesterday. The HK$9 million centre, located in the force's headquarters in Wan Chai, was launched yesterday to ensure internet security for government departments, public utilities, transport operators, communications service providers and financial institutions amid a surge of cyber attacks. Authorities reiterated that police would monitor, with the consent of the institutions involved, only the flow of information, and not its content

Cyber crime in Pakistan: Serious threat but no laws! (Tribune) Cyber crime is the one of the biggest threats all over the world. Almost all countries, including developing African countries, are combating these threats with extreme legal measures. They have completed their legislation and now there are laws to tackle cyber criminals

CITC wants exit visa to deactivate mobile SIM card (Arab News) Saudi Arabia's telecom regulator said yesterday that it would ask mobile phone operators to inactivate chips of expatriates leaving the Kingdom on exit-only visas as part of its efforts to prevent misuse of the facility

Products, Services, and Solutions

RIM moves to block commonly used passwords (Fierce CIO TechWatch) It appears that RIM has drawn up a blacklist of common passwords to better protect customers who will use its upcoming BlackBerry 10 smartphones. This was reported by RapidBerry, who reproduced the list of 106 forbidden passwords that was found in a PasswordService.properties file. As you may expect, this includes passwords such as 123456, aaaaaa, abc123, password, newpass and trustno1

Amazon Web Services adds PowerShell support (Fierce CIO TechWatch) Amazon Web Services has added support for PowerShell in the form of 550 cmdlets that allows administrators to access various options for managing Amazon's cloud service. A cmdlet is a lightweight command that is invoked by the PowerShell runtime, which allows complex tasks to be quickly dispatched via a command line interface. Cmdlets can also be scripted, which lends itself well to automation, or managing large numbers of servers

Google launches private apps service to address Android security woes (Fierce Mobile IT) In response to growing IT managers' concern about Android app security, Google (NASDAQ: GOOG) has launched its Private Channel service that enables enterprises to create private apps stores and control the apps their employees can download

IBM Launches Cloud Docs; Eyes Google, Microsoft (InformationWeek) IBM gets serious about becoming a player in end-user cloud services for the enterprise

Technologies, Techniques, and Standards

Striking a balance with passwords (Fierce CIO TechWatch) In a bid to protect users from choosing passwords that are easily guessable, security-conscious RIM (NASDAQ: RIMM) has taken the unorthodox step of creating a blacklist of common passwords used for their BlackBerry ID

Marketplace

Spooks, Incorporated (Foreign Policy) Since 9/11, a quiet intelligence revolution has been brewing inside many of America's leading companies. Hotel chains, cruise lines, airlines, theme parks, banks, chemical companies, consumer products manufacturers, pharmaceutical companies, and even tech giants have been developing in-house intelligence units that look and act a lot like the CIA. These organizations don't steal competitor trade secrets or wiretap your phones.

Citrix Buys Zenprise: What's Next In BYOD? (InformationWeek) Citrix's acquisition signals that standalone mobile device management vendors could become less common

Apple Mac To Be Made In USA (InformationWeek) Apple shareholders may not be thrilled, but Apple's decision to make some Mac computers in the U.S. will bring more jobs, training to domestic workers

Cyber Attacks, Threats, and Vulnerabilities

Saudi Arabia Says Aramco Cyberattack Came From Foreign States (Bloomberg) Saudi Arabia blamed unidentified people based outside the kingdom for a cyberattack against state-owned Saudi Arabian Oil Co. that aimed at

Anonymous targets Israel.org & .gov domains in opIsrael phase 2 (cyberwarzone) The Anonymous collective has initiated phase 2 of their operation Israel. The collective is warning the Israeli government to leave the internet as it is. The video that has been uploaded on Youtube links to an Facebook page that has linked the websites that are going to be attacked. The Facebook page also links further to the DangerHackers group were hackers like Teamr00t hold

Anonymous, Planning to Attack ITU Site (amog) It was reported that hacktivist group Anonymous is planning to attacked the International Telecommunications Union website this weekend. ITU is the United Nations agency that is holding a meeting of 190 governments to talk about the political and commercial control of the Internet. Control Over the Internet Causes RageTaking place in Dubai from December 3-14, the ITU-organized World Conference on International Telecommunications caused rage within Anonymous and the Blogosphere

International Telecommunication Union Hit by Cyber Attack (eSecurity Planet ) Hackers recently disabled an International Telecommunication Union (ITU) Web site during the World Conference on International Telecommunications (WCIT) in Dubai."Government regulators from 193 countries are participating in the conference to revise a wide-ranging communications treaty for the first time since 1988 after last negotiations in Melbourne, Australia," Computer Business Review reports. "Delegates participating in the conference were unable to access the information relating to the meeting after the cyberattack. ITU said some performance degradation was experienced for two hours before normal operation was restored

Necurs Rootkit Infections Way Up (Threatpost) Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines

New Accounting System Hack Could Cause Mayhem (Threatpost) Attacks against massive and proprietary enterprise accounting systems, in particular financial software such as SAP and Oracle, have been few and far between. That changed at this week's Black Hat Abu Dhabi conference where a pair of researchers presented proof-of-concept code that could change the dynamic of the financially motivated attack landscape

TYLER platform has been activated Anonymous says (cyberwarzone) The message that is going on the internet is that the Anonymous platform TYLER has been activated. The platform is activated as of 8:17 AM December 7th, 2012. TYLER is a secure, no cost and decentralized online leaks release platform that is build to replace Wikileaks

Academia

Cyber crime battle needs more undergraduates (Times of London) A lack of undergraduate courses that cover online information security is jeopardising the effectiveness of the UK's Cyber Security Strategy, according to a leading expert. In a written statement on 3 December, Francis Maude, minister for the Cabinet Office, praises the progress of the strategy, which was published 12 months ago and sets out the UK's approach to tackling cyber crime."One year after the Strategy's publication a great deal has already been accomplished in our aim of protecting UK interests in cyberspace and making the UK one of the safest places to do business online," he says."The past year has created an increasing momentum across the UK at varying levels and across all sectors in addressing a wide range of cyber security threats

Litigation, Investigation, and Enforcement

Anonymous affiliate indicted for threats, stolen credit cards (Computer World) A federal grand jury in Texas has indicted Barrett Brown, a putative spokesman for the hacker collective known as Anonymous and co-author of a book-in-progress about the group, in connection with a massive data breach of Stratfor Global Intelligence, a geopolitical risk analysis organisation. Brown is in federal prison based on another indictment returned against him on October 3. In that case he's charged with making a threat on the Internet, conspiring to make public restricted personal information of a federal employee, and retaliation against a federal law enforcement officer.

Design and Innovation

Silicon Valley Needs To Get Out More (InformationWeek) The next great technology problems to solve are out there in rail yards, power plants and farm fields. If Silicon Valley is going to drive this "Internet of things," it needs to build closer ties with companies in established industries.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

2012 European Community SCADA and Process Control Summit (Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.

SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, December 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

The CyberWire Daily Briefing for 12.9.2012