The CyberWire Daily Briefing for 12.26.2012
Only a few stories break on a very quiet post-Christmas morning. Iranian officials continue to talk about a cyber attack on its power grid, with central authorities denying a local civil defense organization's claim to have thwarted a recent exploit. Beyond that little new information is available.
Anonymous defaces the official Website of Kuwait's Crown Prince with an unusually childish North Pole motif. Israelis are warned that Backdoor.LV has returned; exploits using it appear to originate with hackers in Kuwait.
Researchers expect Java and Adobe vulnerabilities to remain prime hacking targets into 2013.
The cleared labor market drives security professionals who ought to know better toward over-sharing on Facebook and (especially) LinkedIn. Australian authorities are noticing the problem: present and former employees of the Defence Signals Directorate and the Defence Intelligence Organisation are advertising details of their careers online. The intent is innocent, but still, it's a problem.
A young British developer scores very well in the US Defense Department's 2012 Digital Forensics Challenge. It took, crows the Daily Mail patriotically, "Defense Giant Northrop Grumman" to defeat him.
Crowdsourced private crime fighting appears simultaneously in California and Mexico. Nextdoor and Nixle are enabling Californians to tip off one another and the police to criminal activity. In Mexico, Ret.io's Twitter feed, which began as a way of alerting people to police checkpoints, it emerging as a tool against small-scale but irritating official corruption. And data scientists at Harvard are tracking drug cartel activity online and providing police useful open source intelligence.
Notes.
Today's issue includes events affecting India, Iran, Israel, Kuwait, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Iran denies foiling cyber attack on industrial units (India Times) A local civil defence official denied an earlier account that a fresh cyber attack on industrial units in the southern province of Hormuzgan had been repelled, Iran's state broadcaster website reported on Tuesday."At a press conference we announced readiness to confront cyber attacks against Hormuzgan installations, which was mistakenly reported by the agencies as a cyber attack having been foiled," Ali Akbar Akhavan said. Earlier on Tuesday, ISNA news agency quoted him as saying: "A virus had penetrated some manufacturing industries in Hormuzgan province, but its progress was halted with ... the cooperation of skilled hackers." According to ISNA, Akhavan said one of the targets of the latest foiled attack was the Bandar Abbas Tavanir Co, which oversees electricity production and distribution in Hormuzgan and adjacent provinces. He had said the malware was "Stuxnet-like" but did not elaborate and that the attack had occurred over the "past few months
Iran says defeats cyber attack on industrial sites (Yahoo! News) An Internet virus attacked computers at industrial sites in southern Iran, in an apparent extension of a covert cyber war that initially targeted the country's nuclear facilities, an Iranian official said. Iran, the world's No. 5 oil
Christmas Hack from Anonymous : Kuwaiti Crown Prince official site hacked (E Hacking News) While Everyone is enjoying Christmas , the Anonymous hacktivist celebrates the Christmas in their own way. They have send Merry Xmas card by hacking into the official website of Diwan Of The Crown Prince
Cyber Attack From Kuwait (Israel Defense) Jonathan Gad, chairman and joint CEO of InnoCom of the Aman Group, warned yesterday (Monday) of a new wave of dangerous cyber attacks originating from Kuwait. According to Gad, a malware named Backdoor.LV, which was previously discovered in May, is behind the attack. The malware was identified via a tool by the company FireEye, which is represented by InnoCom in Israel
Wells Fargo hammered by web outages; banks warned to guard against cyberattacks (Biz Journals) Wells Fargo & Co. customers were frustrated for much of last week as they had difficulty at times accessing the bank's website to handle online banking and other matters. Wells Fargo's site had intermittent problems for four days. A spokesman for Wells (NYSE: WFC) -- Colorado's largest bank -- said on Friday: "We sincerely apologize for the inconvenience and thank our customers for their continued patience
Revealing some of the tactics behind a spear phishing attack (IT Proportal) Marketing tactics have changed. Gone are the days of mass mailings, marketers now target each individual customer think of Amazons recommendations page. Criminals have learnt the same lesson, as phishing emails are no longer sent to thousands of people
Cybercriminals are just businessmen at heart (CSO) Cybercrime today is a full-fledged business with executives, middle managers and workers who depend on a variety of service providers to keep the illicit operations humming, a new study shows. Supporting these criminal enterprises that mirror legitimate commercial enterprises is a shadow underground of chat rooms, Web portals and marketplaces for finding and hiring people and buying or leasing malware, exploit code and botnet-building tools, says the 2013 Cybercrime Report from Fortinet. Also ready to lend a hand are tech consultants and hosting providers ready to turn a blind eye in return for payment
Interview with Kaspersky Chief Malware Expert Alex Gostev (Threatpost) The last year has seen a lot of changes in the threat landscape, with the emergence of a number of new cyber espionage tools such as Gauss and Flame, as well as an increase in the volume of malware targeting mobile platforms such as Android. Recently, Alex Gostev, the chief malware expert at Kaspersky Lab, answered questions submitted by users on Facebook, discussing the evolution of antimalware solutions, the threats to mobile devices and how governments around the world are handling the cybercrime explosion
Cyber Trends
Java and Abobe Highly Targeted By Cyber Bad Guys and Malware (Hot Hardware) Software vulnerabilities will be the main target of cyber criminals in 2013, according to research by Panda Security's malware laboratory, PandaLabs
Marketplace
Spooks use internet and social media to advertise their skills (Mudgee Guardian) Hundreds of former and some present Australian spies have posted information about their employment with intelligence agencies on the internet in what security experts have called "a gift for foreign espionage". A survey by Fairfax Media has discovered more than 200 intelligence officers have disclosed their classified employment in profiles on professional networking sites such as LinkedIn, and social media including Facebook and Twitter. While many have disclosed only the fact of their employment by agencies such as the Defence Signals Directorate and the Defence Intelligence Organisation, some have revealed significant details about their work
British amateur named world's top civilian cyber defender in hacking challenge staged by the U.S. military (Daily Mail) Chris Doman from Essex lost out only to a professionals team from U.S. defence giant Northrop Grumman. He is one of three UK competitors who placed in the top 12 of the global competition held by U.S. Department of Defense. Now he is eligible to take part in the next round of face to face competitions held by Cyber Security Challenge UK
Technologies, Techniques, and Standards
Monitoring a la Borg (Dark Reading) What would a true infrastructure collective look like? Imagine there's no console. It's easy if you try. No central server, no admin tty. Imagine all the endpoints, living all the same
Design and Innovation
CloudByte Wins the 2012 Tech Trailblazer Award (MarketWatch) We're thrilled to announce that CloudByte, the technology leader in enterprise storage, has won the 2012 Tech Trailblazer award from emerging markets. We thank all our delighted customers and the judging panel - including eminent technologists from enterprises such as VMWare and Colt, and thought leaders from standard bodies such as SNIA and Cloud Security Alliance - for this honor
Litigation, Investigation, and Law Enforcement
Become a Crime-Fighting Superhero in Your Spare Time (Wired) Chris Goodroe doesn't do Facebook, and he doesn't do Twitter. Online socializing isn't his thing. But after watching his neighbors use the internet to bust a pair of burglars earlier this year, the Oakland attorney decided to make an exception for Nextdoor, a neighborhood social network that is increasingly being used to fight crime
Ret.io, A Crowdsourced Answer To Corruption In Mexico (TechCrunch) Three years ago Mario Romero Zavala and Jose Antonio Bolio decided to create a Twitter account in Mexico City to alert people to cumbersome police checkpoints that too often resulted in various forms of harassment to locals. This was the beginning of Ret.io, which has since changed tremendously
In Mexico, Tech Is Used To Help Combat Narco Violence, Insecurity (TechCrunch) Google has been used for many ends, but in the hands of researcher Viridiana Rios, the search engine has become a tool to fight Mexican drug cartels and help the government organize to prevent violence. Rios is a researcher at Harvard University who recently published a paper about a tool she created to track publicly available cartel data and how it can inform Mexican security officials' work
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.