The CyberWire Daily Briefing 12.11.12

Cyber Trends

Biggest U.K. Brands Failing To Protect Their Customers From Online Fraud, New Research Finds (Dark Reading) A mere 6 percent of home pages included some sort of site validation. Research released today raises worrying questions about the current ability of online retailers to protect their customers from the threat of online fraud

Motives behind IT budget spend and 2013 cloud trends (Help Net Security) A global survey of 550 CIOs, IT Directors, and senior IT managers has confirmed motives behind their IT budget spend in 2012, while revealing the rate of cloud adoption in 2013. The research analysis

Reflecting on 2012: Cyberwar, next generation firewalls and compliance (Help Net Security) Historically security products have been developed either in response to, or in anticipation of, major shifts in enterprise computing - or at least that's been my experience. Without a time machine it

Proprietary platforms to cause complexity in 2013 (Help Net Security) Citrix predicts that the rise of consumerisation and the Bring-Your-Own (BYO) phenomenon will force IT departments to focus on the challenge of apps and data governance. 2012 saw the proliferation

Survey: Mobile device availability seen as top trend affecting enterprise competitiveness (Fierce Mobile IT) The widespread availability of mobile devices in the workplace was identified as the top technology trend influencing the competitiveness of enterprises over the next three years, according to a survey of 474 corporate executives conducted by the Economist Intelligence Unit on behalf of Juniper networks

They Know What You're Shopping For (Wall Street Journal) 'You're looking at the premium package, right?' Companies today are increasingly tying people's real-life identities to their online browsing habits. Research conducted by the Journal on the practices of more than a thousand websites shows that the border between our public and private lives is blurring still more. Georgia resident Andy Morar is in the market for a BMW. So recently he sent a note to a showroom near Atlanta, using a form on the dealer's website to provide his name and contact information

Legislation, Policy and Regulation

Clegg orders internet monitoring rethink (Financial Times) High quality global journalism requires investment. Please share this article with Nick Clegg has told the Home Office to go back to the drawing board on proposals for police and security services to monitor email, web searches and Skype phone calls, after a cross-party committee issued a scathing report on the plans. The deputy prime minister commissioned a joint committee to scrutinise the governments draft legislation on communications data earlier this year, following concerns that awarding police new powers would breach civil liberties

UK CIOs see EU regulation as key (Computer Weekly) A third of UK CIOs are more concerned with EU regulation such as the data protection directive than their own local laws, a study has revealed. Some 34% of UK CIOs and 30% across Europe regard EU regulation as more important than local country laws, according to a survey of 400 CIOs by Forrester Consulting in eight European countries. he research report said: While organisations should be aware of the financial impact of ignoring compliance, the real danger is loss of reputation

Senate cybersecurity measure worries contractors (Politico) Critical Pentagon programs to protect classified data from cyberattackers and state-sponsored spies hang in the balance as lawmakers begin to confer on competing House and Senate defense authorization bills. The two chambers approved measures that make different cybersecurity requirements for companies that sell software to the government, and they set forth competing visions for how federal contractors should respond if their networks have been breached. In addition, the House and Senate specify different roles for the Defense Department to conduct clandestine operations in cyberspace

Senate Moves To Block Pentagon Plan To Add Spies (Washington Post) The Senate has moved to block a Pentagon plan to send hundreds of additional spies overseas, citing cost concerns and management failures that have hampered the Defense Departments existing espionage efforts

Kramer: U.S. not threatening to withdraw from WCIT-12 (Fierce Government IT) The United States has not threatened to withdraw from the World Conference on International Telecommunications, said Amb. Terry Kramer, head of the U.S. delegation to the treaty-writing conference meeting in Dubai. In a Dec. 10 State Department statement emailed to reporters, Kramer said inaccurate media reports have stated the U.S. delegation could walk away from the International Telecommunication Union-overseen effort to rewrite the rules governing international telecommunication connections. The reports say mounting frustration over attempts by other countries to extend the rules--the International Telecommunication Regulations--to cover the Internet is the cause. "The United States has made no such threat, and it remains fully committed to achieving a successful conclusion to the WCIT," Kramer said. A bloc of countries made up of Russia, China, Saudi Arabia, Algeria, Sudan, Egypt and the United Arab Emirates proposed Dec. 8 a proposal that would have greatly increased national control over Internet regulation; the ITU on Dec. 10 tweeted that the proposal "has been withdrawn." The Egyptian delegation also said it never supported the proposal in a Dec. 8 tweet

Russia backs down on proposals to regulate internet (Sydney Morning Herald) A Russia-led coalition has withdrawn a proposal to give governments new powers over the internet, a plan opposed by Western countries in talks on a new global telecom treaty. Negotiations on the treaty mark the most sustained effort so far by governments from around the world to agree on how, or whether, to regulate cyberspace. The US, Europe, Canada and other advocates of a hands-off approach to internet regulation want to limit the new treaty's scope to telecom companies

Products, Services, and Solutions

Bat Blue Networks Expands Its Cloud Security Offering To Europe (Dark Reading) Adds London-based cloud node to its six data center locations in the U.S

Low Detection Rates Mar Google Android Application Verification Service (Threatpost) Google's brand new application verification service for Android, released in JellyBean 4.2, fails to measure up to its commercial counterparts, according to researchers from North Carolina State University

Bitdefender Internet Security 2013 takes top place in AV-TEST Trials (CSO) Security software analysis firm, AV-TEST, has bestowed Bitdefender Internet Security 2013 with the top spot following a round of independent testing. Following testing from September to October, Bitdefender's product scored a near perfect 17 out of 18 possible points in results released by AV-TEST in November

Wi-Fi operating system ArrayOS gets new features (Help Net Security) Wick Hill announced a new release of the ArrayOS operating system for Xirrus Wireless Arrays. Xirrus AOS 6.3 provides an advanced Wi-Fi operating system for optimizing the services and performance

French company to issue debit cards linked to bitcoin (Australian Techworld) The Paris-based company, Paymium, has operated a website called Bitcoin-Central since 2010 where people can purchase bitcoins, an electronic currency that uses peer-to-peer networking and cryptography to securely transfer funds around the world within

Ericsson, Huawei and Nokia Siemens Networks top SON vendor survey (Fierce Mobile IT) Ericsson, Huawei, and Nokia Siemens Networks are the top vendors for self-organizing networks, which support mobile broadband deployment, according to a survey of telecom operators conducted by Infonetics Research

Android Jelly Bean update blocks IBM Notes users from email, calendar (Fierce Mobile IT) A recent upgrade to the Android 4.2.1 Jelly Bean has thrown Android users of IBM's Notes off of their corporate email and calendar applications, according to a report by IDG News Service

Nokia Lumia 920: Close, But No Cigar (InformationWeek) I spent a few not particularly pleasant weeks with Microsoft's latest effort to achieve mobile relevance

Savvis Cloud Storage Takes On Amazon, Google (InformationWeek) Savvis Symphony Cloud Storage marries data center management expertise with CenturyLink's networking savvy to simplify data replication and increase disaster recovery reliability

Australian Police Steer Drivers Away From Apple Maps (InformationWeek) Error in iOS mapping app strands drivers in the middle of a desert, 45 miles from their intended destination. Australian police are not amused

Technologies, Techniques, and Standards

The Most Important IAM Question: Who Does This? (Dark Reading) IAM projects get so wound up around tooling and processes that critical organizational questions go unanswered. It's December, and so another full calendar year draws to a close. I have written about a number of important trends in identity and access management (IAM), including the advent of Mobile, rising importance of authorization, Infosec maybe finally putting down its password crystal meth pipe, and how to avoid AppSec Groundhog Day with IAM

Six Steps To A Risk-Based Security Strategy (Dark Reading) Developing a risk-based approach to IT security defense can be complicated. Here are some tips to help you navigate the maze

Deep packet inspection standard cannot guarantee privacy, says academic (Out-Law.com) Deep packet inspection standard cannot guarantee privacy, says academic. It is either "clueless or recklessly dishonest" to claim that 'deep packet inspection' (DPI) operations respect privacy, a Cambridge academic has said

Converging audit and risk management programs a flawed approach (TechTarget) Hutton also contributes, or has contributed in the past, to the Cloud Security Alliance (CSA), the Open Information Security Management Maturity Mode

12 useful websites for IT security (ComputerworldUK) Trying to get a grasp of security in the cloud can feel like chasing one, but look into the resources at Cloud Security Alliance, the group with a strong

3 Ways SMBs Can Leverage Big Data (InformationWeek) ClickFuel CEO and former Monster.com executive Steve Pogorzelski shares his advice on big data and small business.

Marketplace

Saudis and allies build cyberwar defenses (UPI.com) Saudi Arabia's state giant Aramco says it's the target of a cyberwar campaign to cripple the world's largest oil exporter, as Persian Gulf states drive to erect defenses against attacks like the one that knocked out 30,000 Aramco computers recently

Thales Covers ISTAR Tab Amid Watchkeeper Wait (DefenseNews.com) Thales UK has been picking up the cost of providing the British Army with a key intelligence, surveillance

House Dems, GOP Embrace Cuts In Defense Spending (Yahoo.com) Substantial reductions in military spending should be part of any budget deal that President Barack Obama negotiates with Congress to avert the so-called "fiscal cliff" of automatic tax hikes and spending cuts, a group of House Republicans and Democrats said Monday

Agencies should make social media easier to locate and concentrate efforts, finds study (Fierce Government IT) Social media can improve public participation in government, but in some ways, federal branch agencies and departments are going about social media the wrong way, according to an academic article published in the January 2013 issue of the Government Information Quarterly

KKR's TASC Plans U.K. Push Amid Clouded U.S. Defense Outlook (Bloomberg) TASC hopes to secure contracts in helping the government work out how to sift through massive amounts of collected intelligence data and protect sensitive

SafeNet Names Dave Hansen CEO, Succeeding Chris Fedde (Govconwire) SafeNet has appointed Dave Hansen to succeed Chris Fedde as president and CEO, the company said Monday, also announcing Hansen will join the board of directors. Hansen comes to the company from BMC Software (NASDAQ: BMC), where he most recently served as a vice president and general manager. Fedde joined Safenet in 2001 and served

Exelis Eyeing Air Traffic Expansion, Buying Australian Software Firm (Govconwire) ITT Exelis (NYSE: XLS) has agreed to acquire Melbourne-based communications software provider C4i Pty Ltd. from the Longreach Group Limited for $16.8 million, Exelis announced Monday

Thales USA CEO Allan Cameron Retiring, Alan Pellegrini Named Successor (Govconwire) Thales USA has promoted Alan Pellegrini, currently vice president and general manager for avionics, to succeed the retiring Allan Cameron as president and CEO, effective at the beginning of 2013. The company said Cameron started as CEO in 2006 and led the company through four acquisitions in the defense and security sector including Visionix, Tampa

ICF Names 25-Year Utility Vet Seth Hulkower Energy Group SVP (Govconwire) ICF International (NASDAQ: ICFI) has appointed 25-year utility executive veteran Seth Hulkower senior vice president for the energy, environment and transportation group. The company said he will design and implement the company's strategy to grow business in the distribution arena for electric operations, customer operations and business process outsourcing

Microsoft takes return fire from anti-Android Twitter campaign (Fierce Mobile IT) Last week, Microsoft (NASDAQ: MSFT) tried a Windows Phone marketing campaign on Twitter, offering a "present" to any Android user that shared a "malware horror story." In a Dec. 4 tweet on the official Windows Phone Twitter channel, Microsoft said it was prepared to offer a "get-well present" to anyone who shared an Android malware story at #DroidRage. The next day, Microsoft said it had received "hundreds" of #DroidRage stories. Unfortunately for Microsoft, a number of the stories were like these ones

Huawei to double its European staff to 14,000 workers (Ars Technica) Controversial Chinese telco hardware maker will also open R&D center in Finland

Motorola Mobility Sheds Manufacturing Bases In China, Brazil (TechCrunch) Google-owned Motorola Mobility is shedding its manufacturing operations in Tianjin, China, and Jaguariuna, Brazil — with long-time manufacturing partner Flextronics agreeing to acquire the factories and take on management and operation. The pair said employees and assets at both locations will transfer to Flextronics after the transaction closes — expected to complete by H1 next year

Adobe Closes Taiwan Sales Office, Alarming Local Tech Observers (TechCrunch) Adobe announced today that it has closed its Taiwan sales office. A statement from Ng Yew Hwee, Adobe's managing director of Greater China (posted in a JPEG, not a PDF) on Adobe's Taiwan site states: "Upon careful and deliberate consideration of our business strategy in Asia Pacific, Adobe has made the decision to reorganize our business in the Greater China region. As part of the reorganization

Research and Development

IBM's nanophotonic tech integrates optic data right into chips (Ars Technica) Ready for prime time, tech can push terabits per second over long distances

Security Patches, Mitigations, and Software Updates

Microsoft Security Bulletin Advance Notification for December 2012 (Microsoft) This is an advance notification of security bulletins that Microsoft is intending to release on December 11, 2012. This bulletin advance notification will be replaced with the December bulletin summary on December 11, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification

Cyber Attacks, Threats, and Vulnerabilities

Cyber attacks on Gulf infrastructure seen rising (Sydney Morning Herald) Qatar's natural gas firm Rasgas was hit by a cyber attack in September, although it has not said how much damage was caused or whether it was the same virus that hit Aramco. Theodore Karasik, director of research at the Institute for Near East and Gulf

Pentagon Blamed for Cyber Attack against Saudi Aramco Oil Company (Fars News Agency) "Proofs and evidence show that the cyber attack on Aramco company has been carried out by a foreign group and given the record of virus attacks against Aramco it can be said that Pentagon is behind it," the informed source told FNA on Monday

Joomla and WordPress Bulk Exploit Going on (Internet Storm Center) We've gotten some reports and discussion around many Joomla and some WordPress sites exploited and hosting IFRAMES pointing to bad places. We'll get to the downloaded in a second, but the interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. We'd like PCAPs or weblogs if you're seeing something similar in your environment. Right now it seems the biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which don't tend to break your website)

Beware of Bitcoin miner posing as Trend Micro AV (Help Net Security) Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself

Necurs Rootkit Spreading Quickly, Microsoft Warns (Dark Reading) Necurs found on more than 83,000 machines; Microsoft report calls rootkit a "prevalent threat." Necurs, a nearly two-year-old rootkit, has been spreading quickly recently and was found on 83,427 unique machines during the month of November, according to researchers at Microsoft

Your CPA License has not been revoked (Internet Storm Center) I have been seeing some e-mails hitting my spam traps today, warning me of my revoked CPA license. No, I am not a CPA. But the e-mails are reasonably well done, so I do think some CPAs may fall for them. At least they got the graphics nice and pretty, but the text could be better worded

GhostShell hackers release 1.6 million NASA, FBI, ESA accounts (The Register) The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1. 6 million account details purloined from government, military, and industry."ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net," the group said in a statement."For those two factors we have prepared a juicy release of 1. 6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more

Australian Defence Force Academy in stinkingly bad password breach (Naked Security) The Australian Defence Force Academy (ADFA) is the latest high-profile organisation to become embroiled in a data breach. Students at the Academy apply both to the Defence Force and to the University of New South Wales (UNSW), which runs the academic side of ADFA's operations in Canberra. It turns out that a hacker calling himself Darwinare breached the UNSW's servers about a month ago and sucked down a heap of SQL database records, including those of ADFA students

Hackers attack state websites (iafrica) A hacker is claiming responsibility for disrupting three South African government websites. The social development department's web address

Muslim Freedom Fighters Deface Website of British MP David Morris (Softpedia) A hacker collective called Freedom for the Mujahideen, claiming to be a group of Muslim freedom fighters, have breached and defaced the official website of Morecambe and Lunesdale Member of Parliament (MP) David Morris. My website has been hacked, currently working on the situation please e-mail or telephone until further notice, Morris wrote on Twitter shortly after the attack. While the attack appears to be a simple defacement, it seems it has caused some serious damage

Hackers encrypt medical centre's patient data, ask for ransom (Help Net Security) Russian hackers have apparently managed to break into a server where an Australian medical centre keeps its patients' records, encrypt the data, and are now asking for 4,000 Australian dollars

Anonymous to Leak 'Unprecedented Amounts of Data' Starting with December 10 Video (Softpedia) Starting with December 10 and until December 21, Anonymous hacktivists plan on leaking an unprecedented amount of corporate, financial, military and state data as part of the campaign called Project Mayhem 2012. According to the hackers, the information has been secretly gathered by whistleblowers, vigilantes and conscientious citizens. The global economic system will start the final financial meltdown, the hackers stated

Gmail goes dark for users worldwide (Sydney Morning Herald) Several Google web products, including the popular Gmail service, went down for users in Australia and around the world overnight. Google confirmed that "service disruptions" had affected Gmail and Google Drive, its online storage service. The two products are part of Google's Apps suite, a Microsoft Office rival that caters to both consumers and businesses

5 Biggest Online/Mobile Cyber Threats (Credit Union Times) Darrell Burkey, a security expert with Check Point Software Technologies in San Carlos, Calif.-explained that in Eurograbber a computer is first infected

A Closer Look at Two Bigtime Botmasters (Krebs on Security) (Over the past 18 months, Ive published a series of posts that provide clues about the possible real-life identities of the men responsible for building some of the largest and most disruptive spam botnets on the planet. Ive since done a bit more digging into the backgrounds of the individuals thought to be responsible for the Rustock and Waledac spam botnets, which has produced some additional fascinating and corroborating details about these two characters

Academia

IU Professor Lands Cyber Security Grant (Inside Indiana Business) An Indiana University researcher has been awarded a $2.4 million grant from the U.S. Department of Homeland Security. Informatics Professor L. Jean Camp will use the funding to help people make informed decisions about computer security. What to do with that dreaded pop-up warning, "Secure Connection Failed. The certificate is not trusted…"? Continue anyway, view the security certificate or, tempting fate, add an exception and press forward? Now an Indiana University Bloomington professor in the School of Informatics and Computing whose research focuses on technology, security and society is helping make such decisions easy for us

Litigation, Investigation, and Enforcement

FTC Launches Investigations into Mobile Apps for Kids (Threatpost) The Federal Trade Commission on Monday said it's launching "non-public investigations" to determine if mobile application providers are violating federal laws by collecting information on children without their parents' permission

When links are outlawed, only outlaws will use links (InfoWorld) Ex-Anonymous spokesmouth Barrett Brown's indictment for links to stolen credit card numbers could be bad news for the rest of us. Don't look now, but there's a crime wave surging across the Webbernets. Everywhere around you, people are recklessly sharing dangerous and illegal hyperlinks. Lock up your children, barricade the doors and windows, throttle your broadband connection, and pray that the FBI gets to these scofflaws in time

International Organized Crime Cyber Fraud Ring Responsible for Millions of Dollars in Fraud Dismantled (FBI) In a coordinated international takedown, law enforcement officials in Romania, the Czech Republic, the United Kingdom, and Canada, acting on provisional arrest requests made by the United States, arrested Romanian nationals Emil Butoi, Aurel Cojocaru, Nicolae Ghebosila, Cristea Mircea, Ion Pieptea, and Nicolae Simion. Another defendant, Albanian national Fabian Meme, is already incarcerated in the Czech Republic. The U.S. arrest warrants, unsealed today, were issued in the Eastern District of New York based on a federal complaint alleging the defendants involvement in a sophisticated multi-million-dollar cyber fraud scheme that targeted consumers on U.S.-based Internet marketplace websites

Echelon Spy Network Secrets To Be Revealed in Megaupload Copyright Case (Reason) There was a lot of buzz a decade or so ago about Echelon, an international electronic surveillance network said to link the United States, Canada, Britain, Australia and New Zealand. A flurry of stories covered the connections among the five countries, speculation about the network's capabilities, and rumors about Echelon's targets in a post-Cold War world. The European Parliament even produced a report (PDF) discussing the the potential risks the spy system posed to the European Union. Then, as with all such things, public attention shifted elsewhere and most people lost interest in an old-hat international surveillance system. Now, Echelon is re-entering the headlines, and we are likely to learn more about the network's capabilities than conspiracy fans ever dreamed possible, all because of the copyright case against the defunct online storage company, Megaupload

Cheng v. Romo and Applying Unauthorized Access Statutes to Use of Shared Passwords (Volokh Conspiracy) The federal computer crime statutes punish unauthorized access to a computer. As regular readers know, courts are hopelessly divided on what this language means, and in particular what makes an access to a computer authorized versus unauthorized. In Cheng v. Romo, 2012 WL 6021369 (D. Mass. Nov. 28 2012), Judge Casper authored an opinion on an interesting wrinkle that I've pondered but that hasn't come up before in published decisions: How do computer crime statutes apply when one party gives his password to another party for some limited uses, but the latter party uses the password for broader uses? Is the accessing with the password but beyond the implicit or explicit limit "unauthorized" for purposes of the computer crime laws? Here are the facts of the new case. Cheng and Romo were doctors who worked together

Design and Innovation

Betamore, entrepreneurship hub, opens in Federal Hill (MD Biz News) We told you about Betamore last summer while it was still under construction. The 8,000-square-foot entrepreneurship center was due to open at the end of September, but took a few months longer than expected. As of today though, Betamore is open for business. Technically Baltimore has the skinny on the center's launch party and some good pics of what the space looks like

Does Microsoft Really Need To Make Its Own Hardware? (InformationWeek) Without some fundamental added value, Microsoft's hardware offerings are likely to go the way of the Zune