The CyberWire Daily Briefing 10.09.12

Cyber Attacks, Threats, and Vulnerabilities

Cybercrime Group Recruits Botnets For Coordinated Attack On 30 US Banks (CRN) The attack, which is apparently planned for an undisclosed date this fall, would likely be the largest coordinated cyber attack in history, involving as many as 100 botmasters and their respective botnets. According to RSA, the group will be leveraging

Cyber-Criminals Plan Massive Trojan Attack on 30 Banks (PC Magazine) The proposed cyber-attack consists of several parts. The first part involves infecting victim computers with the variant of the Gozi Trojan, which RSA has dubbed Gozi Prinimalka, Once the computer has been compromised, it will communicate with the

Unmasked! Alleged mastermind of "Project Blitzkrieg" online attack plot against US banks (Naked Security) RSA last week revealed that a cyber gang is recruiting some 100 botmasters to join a planned Trojan attack spree on 30 US banks. Brian Krebs has unmasked the mastermind as a Russian hacker called vorVzakone, but given the alleged fraudster's flamboyant claims, the Underweb isn't sure whether or not he's a trap set by Russian law enforcement

Plot Behind Bank Cyber Attack Thickens (Fox Business) Security professionals investigating the cyber attacks that crippled the websites of U.S. banks last month have discovered the tools at the heart of the attacks are more complex than previously thought and have also been found in Saudi Arabia

Iran says it stopped Israeli cyber attack (NBCNews.com) IAfter vowing to ratchet up Internet security nationwide last week, Iran says it has thwarted a digital attack aimed at a computer network essential to its offshore drilling program

Iranian intranet in cyber attack (Al-Bawaba) Iran's claim that its domestic Internet system suffered a slowdown from a heavy cyber attack is possible, but knowing for sure would require a lot more details, experts say. Mehdi Akhaven Behabadi, secretary of Iran's High Council of Cyberspace, told

Proxy Service a Front for Malware Distribution (Threatpost) Hundreds of thousands of users who signed up for an inexpensive proxy service called Proxybox.name got quite a steal alright. They ended up installing a Trojan horse linked to a botnet first detected last summer. Researchers at Symantec reverse engineered the Backdoor.Proxybox malware and unearthed a major black hat operation and perhaps the actual malware developer

Dorkbot Now Worming Its Way through Skype (Threatpost) The Dorkbot worm that fooled many a Facebook and Twitter user is now socially engineering Skype users into downloading the malware, whose payload now includes a mechanism to lock down machines

Info-stealing Trojan posing as Panda Cloud Antivirus (Help Net Security) Researchers from Spanish antivirus vendor Panda Security are warning potential users about information-stealing malware disguised as their Panda Cloud Antivirus solution

Ransomware encrypts files claiming SOPA piracy charges (Naked Security) A new variant of ransomware wants you to believe you have been caught pirating software, music and movies and you must pay a fine under the SOPA act. Except there is no SOPA act

New Tactics Helping Toll Fraud Malware on Android Avoid Detection (Threatpost) Malware intent on SMS fraud, also known as toll fraud, has been a constant on mobile platforms, Android in particular, for some time. And FakeInst is definitely king of the hill when it comes to this type of malware. Prevalent in Russia and the rest of Eastern Europe, the malware poses as popular applications, free games or screensaver and once installed, sends premium SMS messages to a service controlled by an attacker. The malware also intercepts messages confirming the charges from wireless providers and ultimately, the user is socked with a massive phone bill while the attacker quietly cashes in. A recent report from Lookout Security said toll fraud malware accounted for 91% of mobile malware and FakeInst malware has netted more than $10 million this year for the attackers behind the malware

World of Warcraft players massacred in hack attack (Naked Security) If you're one of the millions of avid players of the online MMORPG World of Warcraft, then you may have been surprised to find the populations of entire cities killed off this weekend

PTI alleges government of monitoring its emails (Pakistan Today) According to a blogspot entry from PTI, which alleges the government of possible cyber attack, a recent Google Online Security blog article reading 'Security warnings for suspected state-sponsored attacks' to warn its users of attacks from state

Hacker group says attacks Greek official websites (Reuters) The activist hacker group Anonymous said it had taken down a number of Greek government websites on Monday, on the eve of a visit by German Chancellor Angela Merkel that is likely to be met by angry protests. Several government websites appeared to go down briefly late on Monday, including those of the Citizens Protection Ministry, the police and the Ministry of Justice

New attack knocks out government sites (The Local.se) The websites of several Swedish government agencies were knocked offline at 2.30pm on Friday afternoon, the time at which hacktivist network Anonymous warned it would launch a cyber attack against Swedish state interests. Hacktivists threaten 'biggest

Iran X.25 terrorists actually BANKERS (The Register) Venerable network protocol probe bumble rumbled. An innocent explanation has emerged after a security expert linked a group of Islamic extremists to Iran after supposedly discovering the crew on a list of state-sanctioned leased telephone lines in the Middle East nation. Mike Kemp, a co-founder of UK-based Xiphos Research, found two entries for "Ansar Al-Mujahideen" in a spreadsheet of Iranian X.25 lines while looking into the venerable packet-switching protocol. He checked his results with a Syrian friend, who helped him translate the Arabic and Farsi in the file

Bing is the most heavily poisoned search engine, study says (The Register) Bing search results are more affected by poisoning than those of other search engines, according to a study by SophosLabs. Search engine poisoning attacks are designed to skew results so that dodgy sites - anything from malware infected websites to payday loan sites - appear prominently in the index of sites related to popular search terms. In many cases the tactic is so successful that malware sites appear in the first page of results for popular search terms, in sometimes much higher than legitimate websites

Huawei? The how, what, and why of telecom supply chain threats (ESET) You spell it Huawei and say it wah-way and it's all over the news. But what does it mean for the security of your data when, as the Wall Street Journal put it, A U.S. Congressional report has labeled Chinese telecommunications company Huawei Technologies a national security threat? As we will see, the implications for your data are largely determined by the type of data were talking about.

Tech Insight: The Most Common Vulnerabilities Found By Penetration Tests (Dark Reading) Professional pen testers share which holes they find the most in clients' networks

Mobile Trojans Can Give Attackers An Inside Look (Dark Reading) A spate of research into mobile devices as sensor platforms has shown that compromised smartphones can be turned into insiders -- eavesdropping on phone calls, "shoulder surfing" for passwords, or looking around an office

The danger behind low-volume email attacks (Help Net Security) "Broad [email spam] campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns

Mass-distributed malware reaches critical mass (CSO) Another finding: Antivirus solutions are unable to detect 60% of malware in the wild. That has been the trend, and the Security Engineering Research Team (SERT) at managed security services provider Solutionary confirms it. Among the key findings of the team's third-quarter report was that of the malware they analyzed, 92% was mass-produced

Solutionary Research Reveals Cybercriminals Frequently Use UPS, Better Business Bureau Names To Disguise Phishing Emails Used For Malware Attacks (Dark Reading) Solutionary, the leading pure-play managed security services provider (MSSP), announced today the release of the Q3 2012 SERT Quarterly Research Report, the first quarterly research report released by Solutionary's Security Engineering Research Team (SERT). The report provides insights into current malware trends and key tactics used by cybercriminals to execute malware distribution attacks. Research revealed that the UPS and Better Business Bureau (BBB) brands were among the most commonly used by cybercriminals to disguise malware-attack phishing emails, that 92% of all malware was mass distributed, and that anti-virus solutions were unable to detect 60% of malware in the wild

Exclusive: Anatomy Of A Brokerage IT Meltdown (InformationWeek) Regulators last year issued the SEC's first-ever privacy fine against broker-dealer GunnAllen for failing to protect customer data. But former IT staffers say regulators didn't seem to know half of this cautionary tale of outsourcing and oversight gone wrong

Security Patches, Mitigations, and Software Updates

Microsoft Security Bulletin Advance Notification for October 2012 (Microsoft Security TechCenter) This is an advance notification of security bulletins that Microsoft is intending to release on October 9, 2012. This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (Microsoft Security TechCenter) Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10

Security Updates for Adobe Flash Player (Adobe Security) Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

Skype Works on Mitigating Impact of Worm/Ransomware Campaign (Softpedia) Security firms started issuing warnings about a new malicious campaign making the rounds on Skype, spreading ransomware and a worm thats designed to initiate click fraud activity. Initially, the scheme seemed to be less dangerous, but now that the problem has escalated, Skype has started taking measures. Skype takes the user experience very seriously, particularly when it comes to security

Cyber Trends

Why do we need hackers today? (SecurityAffairs) In the last decade the role of hacker is deeply changed, these strange characters were once kept away from government affairs, but the scenario is reversed, there has been an unprecedented technological evolution and principal countries have discovered a new way of making war, a new way of spying. Today the hacker is the most important player for governments and cyber warfare but not only, private companies and industry of crime consider him as the repository of knowledge that has become crucial, the mastery of new technology. Today is very common read about zero-day vulnerability, a concept unknown to many professional some years ago, we are all aware of the potential risks related to the exploit of this kind of bugs in large

UAE sees 1.5m cyber victims in past year (SRM-Ti) Symantec on Sunday revealed that more than 1. 5m people fell victim to cyber crime in the UAE in the last year. Its annual Norton Cybercrime Report said the average UAE victim suffered direct financial losses of $283

Major UK Companies Pierced By Cyber Attack Every Week (TechWeekEurope UK) Some of the biggest organisations in the UK are being successfully breached by hackers every week, research has found. Figures from the HP and Ponemon Institute's '2012 Cost of Cyber Crime Study' looked at 38 companies in the UK with 1,000 employees

Cybercrime Costs on the Rise, HP-Sponsored Study Finds (WebProNews) The 2012 Cost of Cyber Crime Study, conducted by the Ponemon Institute and sponsored by HP, found that the average annual cost of cybercrime for U.S. organizations was $8.9 million in 2012. That amount is 6% more than the ... Ponemon has served on the

Opinion: Corporate America Is Ignoring the Cybercrime Alarm (CNBC.com) What some corporate executives and their boards may not fully understand is that a cyber attack will put them in the crosshairs of potentially devastating legal challenges. Even more unsettling is the large number of scenarios in which a corporation is

'Wrong Answers' Plague Many Data Projects (Wall Street Journal) The information sharing project's setbacks illustrates for CIOs the challenge of extracting value from ambitious data analytics and business intelligence projects. The report found that the Department of Homeland Security's regional data-sharing sites

Lessons From Our Cyber Past: History of Cyber Intelligence (Smart Data Collective) The panel consisted of Rear Admiral Samuel J. Cox, Director of Intelligence (J2) for US Cyber Command, Matt Devost, President and CEO of FusionX with decades of experience as an intelligence and security entrepreneur, Jason Healey, Director of the

The Death of the Internet (Help Net Security) Fraud poses a significant threat to the Internet. 1.5% of all online advertisements attempt to spread malware. This lowers the willingness to view or handle advertisements

Marketplace

DHS Task Force Recommends Hiring 600 Cyber Workers (ExecutiveGov) The Department of Homeland Security needs to hire 600 cyber experts and develop training standards for future cyber workers, a DHS advisory task force recommends. Steve Myers, a member of the Homeland Security Advisory Council's task force on

NASA Issues Big Data Challenge (InformationWeek) Space agency partners with the Department of Energy and National Science Foundation to find creative ways to handle huge government data sets

Big Data: A Short History (Foreign Policy) The U.S. National Security Agency (NSA), a nine-year-old intelligence agency with more than 12,000 cryptologists, confronts information overload during the espionage-saturated Cold War, as it begins collecting and processing signals intelligence

NSA's Alexander Courts Chamber Of Commerce On Cybersecurity (AOL Government) NSA director and Cyber Command chief Gen. Keith Alexander stepped into the lion's den Thursday to address the Chamber of Commerce, which helped kill cybersecurity legislation Alexander had strongly backed. Over and over, Alexander

China Tech Giant Under Fire (Wall Street Journal) A Chinese telecommunications giant that has been attempting to expand in the U.S. poses a national-security threat and may have violated U.S. laws, according to a congressional investigation. The year-long investigation by the House intelligence committee concluded the firm, Huawei Technologies Inc., and a second firm, ZTE Inc., pose security risks to the U.S. because their equipment could be used for spying on Americans

Top Chinese Telecom Makers Could be Shut out of US (Fox Business) The committee plans to refer such allegations to the Justice Department and Department of Homeland Security, according to the draft made available to Reuters. "U.S. network providers and system developers are strongly encouraged to seek other vendors

Nations Still Deadlocked On EADS-BAE Dea (Wall Street Journal) Government officials negotiating terms of the proposed merger of Britain's BAE Systems and Airbus parent European Aeronautic Defence & Space Co. remain deadlocked over critical issues including state ownership stakes and the location of the combined company's headquarters, according to several people close to the talks

BAE-EADS: Defence of the realm (Financial Times) It wants BAE to continue providing the UK with cyber technology, an area where it is an important supplier to GCHQ, the government's signals intelligence agency. "As a government you don't know today what defence equipment you will need 20 years from

Facebook Hits 1 Billion Users: Now The Hard Part (src) Facebook will struggle to sustain its rate of growth. That's likely one reason why it's developing technology to let kids under 13 use the site with parental supervision

Apple After Jobs: Cook's Real Challenge (InformationWeek) A year after the death of its charismatic leader, Apple is thriving. But CEO Tim Cook's success may depend on content services--not finding another iPad

HP's Smartphone Plans: Anything But Clear (InformationWeek) HP CEO Meg Whitman says she has no plans for a smartphone, but the company is trying to fill 50 webOS developer jobs

HTC Losing Smartphone War One Quarter At A Time (InformationWeek) Despite making some of the best smartphones available, HTC struggles to gain market share against Apple and Samsung

SAIC Awarded $56M Contract By U.S. Navy Space and Naval Warfare Systems Command (Benzinga) Science Applications International Corporation (SAIC) (NYSE: SAI) announced today it ... computers, intelligence, surveillance, and reconnaissance (C4ISR)

Verizon, AT&T to Provide DISA iPads for Mobility Test (Govconwire) The Defense Information Systems Agency has awarded contracts to Verizon (NYSE: VZ) and AT&T (NYSE: T) for Apple and Samsung mobile devices, Federal News Radio reports. Jason Miller reports DISA made the purchase with aims at expanding its program to acquire commercial mobile devices. According to Nextgov, the agency acquired the iPad 3s, Samsung Galaxy

Raytheon Wins $164M Tactical Terminals Contract from U.S. Army (Govconwire) Raytheon Co. (NYSE:RTN) has won a $164 million firm-fixed-price contract for procurement and services supporting the advanced extremely high frequency secure, anti-jam, mobile, reliable tactical terminals. Location of the work will be determined for individual task orders. The estimated completion date is on September 28, 2015

ITT Exelis Wins $221M Middle East Comm Contract (Govconwire) ITT Exelis Corp. (NYSE:XLS) has won a $220,704,301 cost-plus-fixed-fee contract to operate and maintain the communications and information systems under the 160th Signal Brigade. Work will be performed in Kuwait, Iraq, Afghanistan and Qatar while the estimated completion date is June 29, 2013

General Dynamics Announces $346M Army WIN-T Increment Order (Govconwire) On the heels of the Army announcing a limited deployment of a General Dynamics-made (NYSE: GD) tactical communications network, the company's C4 systems unit announced Thursday it received a $346 million delivery order to implement the network. The company will help the Army field the Warfighter Information Network-Tactical Increment 2 as part of the branch's Capability

Army Hands Down $7B for Software, Systems Engineering (Govconwire) The U.S. Army has awarded a potential $7 billion contract to several companies for software and systems engineering services, the Defense Department announced Thursday. Companies will compete for task orders under the cost-plus-fixed-fee contract through Sept. 30, 2017 and the Army will determine work location with each order. Awardees include: BAE Systems, Booz Allen Hamilton (NYSE: BAH), CACI International (NYSE: CACI), CGI Federal (NYSE: GIB). Computer Sciences Corp. (NYSE: CSC), Engility (NYSE: EGL), Lockheed Martin (NYSE: LMT), ManTech International (NASDAQ: MANT), Northrop Grumman (NYSE: NOC), Science Applications International Corp. (NYSE: SAI), Sotera Defense Solutions

QinetiQ Names Scott Kaine Head of Cyber Intell Subsidiary (GovConExecutive) QinetiQ North America has appointed Scott Kaine president of its Cyveillance subsidiary, a Fairfax, Va.-based cyber intelligence provider for several Fortune 50 firms including Microsoft

Cisco Adds President Title to COO Gary Moore (Govconwire) Cisco Systems (NASDAQ: CSCO) has promoted Chief Operating Officer Gary Moore, formerly leader of the services unit, to the company's president ranks. The company said in a Thursday release Moore will oversee end-to-end operations and will continue to drive alignment across the company to support the long-term strategy. Cisco also announced a promotion for 18-year

Oceus Names 20-Year Vet Jim Patterson Special Programs Lead (Govconwire) Oceus Networks has appointed Jim Patterson vice president of special programs, giving him responsibility for leading pursuit of new markets in the defense and intelligence sectors through new partnerships and applications. The Reston, Va.-based broadband provider said in a release he will also be responsible for financial performance, strategy and execution across international, public safety

Troy West to Lead Dell Federal as VP & GM After 22 Years With Firm (Govconwire) Dell (NYSE: DELL) has promoted 22-year company veteran Troy West to vice president and general manager of its federal business, where he will oversee all military and civilan aspects of the government portfolio and Dell's federal channel business. West rejoined Dell Federal in 2011 to lead the public enterprise solutions sector after a stint serving as

Products, Services, and Solutions

BlumAlerts.com Launches Anti-Phishing Software To Protect Macs From Harmful Websites (Dark Reading) Also protects from pharming. Macs may be widely immune to malware and viruses, but this does not mean a Mac user can't be duped

SafeNet Launches First Authentication-As-A-Service Designed Specifically For Service Providers (Dark Reading) SafeNet Authentication Service enables service providers to increase their average revenue per user

Meet PureData, IBM's New Big Box For Big Data (TechCrunch) Two worlds exist when it comes to the enterprise. The new generation of cloud services represents one space. They rely on distributed infrastructures on Amazon Web Services (AWS) and the rest of the vendors in that world. They don't buy hardware until it makes sense to move off a cloud service and into their own data center

Samsung-Backed Pivot3 Is Now Powering Samsung's Push Into Small Business Cloud Serivces (TechCrunch) Pivot3, the Texas-based data storage company, and Samsung Electronics are entering a new partnership aimed at broadening the pair's appeal to small and medium-sized enterprises wanting to deploy virtualized desktop infrastructure. Channel partners of the two companies can now offer a starter bundle to SMEs consisting of a Pivot3 VDI starter appliance and Samsung thin-client monitors

SSH Communications Security Unveils Information Assurance Platform Service (Sacramento Bee) The services offering is a new complementary component to the Universal SSH Key Manager and CryptoAuditor solutions of the company's Information Assurance Platform. Without a centralized key management system, it is virtually impossible for a large

iPhone-controlled keyless lock (Help Net Security) Lockitron replaces keys with your phone. With Lockitron, you can instantly grant family, friends and guests access to your home or business from anywhere in the world using your internet enabled smart

Predicting Malicious Behavior (Help Net Security) Predicting Malicious Behavior combines real-world security scenarios with actual tools to predict and prevent incidents of terrorism, network hacking, individual criminal behavior, and more

Cloud solution delivers risk-based information security programs (Help Net Security) TraceSecurity introduced TraceCSO, which allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a risk-based information security program,

Free online identity risk calculator (Help Net Security) EMC and RSA announced the Online Identity Risk Calculator, a free interactive assessment tool for PC and mobile device users designed to help educate consumers about their personal exposure to online

Windows 8: Why I Won't Upgrade (InformationWeek) Somehow I've managed to not crumble under the albatross that is a near-five-pound laptop. I'm sticking with Windows 7--and many small businesses will, too

Technologies, Techniques, and Standards

Cyber Security Awareness Month - Day 8 ISO 27001 (Internet Storm Center) The ISO 27000 series consists of a number of standards that apply to information security. The main standard that you can actually certify against is ISO 27001. The remaining standards are mainly supporting standards that help you address specific areas of information security

Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA (Internet Storm Center) The North American Electric Reliability Corporation (NERC) has published under the Critical Infrastructure Protection program a security standard that is mandatory for every SCADA to manage infrastructure within the electrical system. It has a close resemblance to ISO27002 control objectives. Look for the Critical Infrastructure protection item at NERC website. Let's have a look inside the detail of each document

Faster Computation Will Damage the Internet's Integrity (Technology Review) The knowledge of weaknesses in SHA-1 led the National Security Agency (NSA) to develop and NIST to release SHA-2, which so far hasn't been shown to be susceptible to the same flaws. On October 2, NIST announced the selection for the SHA-3, designed

SHA-1 Hash Collision Could Be Within Reach of Attackers By 2018 (Threatpost) However, some in the cryptography community say it may not be a bad idea to start making plans to move away from the older SHA-1 algorithm fairly soon, given the quickly dropping cost of compute power. The SHA family of hash algorithms was introduced

Network Monitoring As A Security Tool (Dark Reading) What can your network data tell you about potential threats? Here are some tips to help you get the most out of network monitoring tools

When Monitoring Becomes a Liability (Dark Reading) The combination of "bigger data" and "more intelligence" could lead down a path that creates problems for the enterprise

Eight Steps To Securing Small Databases (Dark Reading) Just because your database is in a workgroup or a small business doesn't mean the data isn't valuable. Here are some low-costs steps to keeping it secure

Inside One Amazon Cloud Customer's Zone Defense (InformationWeek) How does Okta ensure its service stays up and running on Amazon EC2? It takes an extreme view of Amazon's advice and replicates data in five availability zones

Reassessing Risk Assessment: Accounting for Societal as well as Shareholder Interests (Bank Info Security) Let's assume executives at the banks reportedly victimized by recent distributed denial of service attacks performed information risk assessments that accounted for the possibility of their customer-facing online services being knocked off the Internet

Automated IT security gets a step closer (GCN.com) SCAP is a specification for expressing and manipulating security data in standardized ways, developed under the authority of NIST in cooperation with other organizations, including the National Security Agency, Mitre Corp., and the Forum for Incident

Design and Innovation

How Steve Jobs Inspired IT Execs (InformationWeek) Steve Jobs didn't set out to change enterprise IT, but he did by personally inspiring its leaders and by designing products at the core of the consumerization of IT. Five senior IT execs on InformationWeek's advisory board share their thoughts on the Jobs legacy

Apple After Steve Jobs: 10 Hits And Misses (InformationWeek) Oct. 5 marks the one-year anniversary of Steve Jobs' death. During that time, Apple has had some amazing successes and some spectacular failures

Research and Development

Raytheon studies intelligence analysts' tradecraft (PR Newswire) "One way to think of this is that we are analyzing the analysts," said Karen Ebling, analytics strategy director for Raytheon's Intelligence and Information

The Future Of Cyberwar (Washington Post) A workshop on cyberwar, sponsored by the Defense Advanced Research Projects Agency (DARPA), is scheduled this month in Arlington to discuss Plan X, which the agency says is designed to create revolutionary technologies for understanding, planning, and managing cyberwar and to study fundamental strategies and tactics needed to dominate the cyber battlespace. People from industry and academia have been invited; the general public, news media and foreigners have not

Academia

Iowa State hosts world's largest cyber defense competition (Iowa State Daily) With over 150 students competing, as well as industry professionals participating alongside, the environment was electric at the Active Learning Center in Coover Hall as the world's largest cyber defense competition took place at Iowa State. Doug Jacobson, university professor of electrical and computer engineering and co-organizer for the ISU Cyber Defense Competition on Sept. 25, described the happenings as a sort of celebration or party. Two weeks of hard work and preparation went into this much-anticipated event, culminating in both an exciting, as well as educational, night from the caffeine-infused teams

Fort Meade: University councils see appeal Meade offers to college grads (CapitalGazette.com) Dr. Evelyn Goldman, of the Combined Action Group at U.S. Cyber Command, and Steven LaFountain, distinguished academic chair for Information Assurance and Cyber at the National Security Agency, also briefed the group. Mickey L. Burnim, president of

Influence of federal cyber workforce roadmap growing (FederalNewsRadio.com) "An education program co-led by the National Security Agency and DHS now has 166 two-year and four-year universities across the country that have been designated as centers for academic excellence in information assurance or cybersecurity, and they're

Hodges earns certification (Gulf Coast Business Review) "It is an honor to have Hodges University's continued work in information assurance education recognized by the National Security Agency, Department of Defense and Department of Homeland Security. We look forward to helping students become the next

L-3, Virginia Tech partner on cybersecurity center (Defense Systems) L-3's National Security Solutions Group will operate the National Security Solutions Center. The arrangement gives L-3 cyber professionals direct access to

Legislation, Policy and Regulation

Sweden Boosts Web Security Amid String of 'Anonymous' Attacks (Wall Street Journal) In January, the group knocked down the U.S. Justice Department website, as a retaliation against the shutdown of a media-downloading site. Earlier this year, the director of the U.S. National Security Agency, Gen. Keith Alexander, warned that the

FP Passport: Japan, ASEAN, team up for cyberdefense (Foreign Policy) "Under the system, the government intends to share information about cyber-attack patterns and technology to defend against the attacks. It also plans to carry out exercises to verify the effectiveness of the system within the current fiscal year

Japan to push cyberdefense network (The Daily Yomiuri) After a recent spate of international cyber-attacks--many of which are believed to have originated in China--the government plans to promote a cyber-attack defense network with 10 member countries of the Association of Southeast Asian Nations

UK cyber security centre: Expert reaction (Computer Business Review) Cyberspace is emerging as a new dimension in conflicts of the future. Many nations simply do not yet have the defences or the resources to counter state-sponsored cyber attack. If we do not find ways of agreeing principles to moderate such behaviour

India yet to sign treaty with other countries on Cyber crime, says CBI special (The Hindu) "It remains unclear if response to cyber attack includes authority to shut down a computer network, even if it's been taken over by a malicious cyber attacker with an intention to destroy it," he said. Laws, both at national and international level

Emirati daily criticises discriminatory security policies of US (WAM - Emirates News Agency) Commenting on a recent report on the US Department of Homeland Security that has revealed damning information about its performance, Gulf News said that when superpowers adopt strategies that infringe on the rights of people, the repercussions are

OMB waives 3-year security reauthorization in favor of continuous monitoring (Fierce Government IT) The Office of Management and Budget says agencies no longer need to conduct a security reauthorization every 3 years or when an information system has undergone what it considers a significant change under OMB Circular A-130. Agencies' continuous monitoring programs fulfill the security reauthorization requirement, making a separate reauthorization process unnecessary, according to an Oct. 2 OMB memo

HPSCI Chair Thinks New Threat May Rekindle Cyber Bill; Slams White House (AOL Government) What Rogers did make clear was that he saw a new opportunity to push his controversial Cyber Intelligence Sharing and Protection Act. CISPA passed the intelligence committee -- with strong bipartisan support, 17 votes to 1 -- and the full House

Perspectives: MATRIX and Fusion Centers, government's gatherers and hunters (Dixie Press Online) There is as much myth as there is fact known about the MATRIX; but in simple explanation, it is a database regarded, according to the Deseret News, as the nation's largest cyber-compilation of personal records. The Deseret News also reported that there

Killer Apps: Is the Pentagon and DHS' cyber info sharing program really shrinking? (Foreign Policy) The Pentagon's effort to exchange data about cyber threats with defense contractors -- dubbed the Defense Industrial Base (DIB) program -- has actually been losing participants since it was expanded to include the Department of Homeland Security

Guard focusing on cyber security (TheNewsTribune.com) It can also be used by different government agencies, such as the National Security Agency. This year's defense budget included $35 million to build an information operations readiness center at the Washington National Guard. It would enable

Cybersecurity awareness descends on Washington (FCW.com) Keith Alexander, commander of U.S. Cyber Command and National Security Agency director, Homeland Security Secretary Janet Napolitano and several members of Congress. The general theme seemed to be calls for partnership to secure U.S. interests in

Obama Vs. Romney: 6 Tech Policy Differences (InformationWeek) With the 2012 election drawing near, InformationWeek Government compares the tech plans of President Obama and the Democrats and those of Governor Romney and the Republicans

Litigation, Investigation, and Enforcement

Chinese Telecom Giants Seen As Cyber-Spying Threat To U.S. (Washington Post) Congressional investigators plan to turn over to the FBI evidence of potential cyber-espionage involving Chinese telecommunications giant Huawei Technologies, the chairman of the House Permanent Select Committee on Intelligence said Monday

Huawei says US probe had 'predetermined outcome' (The Register) Huawei has hit back at the US Congress'House intelligence Committee report labelling it a business US companies should avoid if they value their privacy and security. In a canned statement, the company says ... despite our best effort, the Committee appears to have been committed to a predetermined outcome. The company says those best efforts involved a significant kimono-opening effort that saw: our top management team carried out multiple rounds of face-to-face communication with the Committee members in Washington D.C., Hong Kong, and Shenzhen; we opened our R&D area, training center, and manufacturing center to the Committee and offered a wealth of documentation, including the list of members of the Board of Directors and the Supervisory Board over the past 10 years, and the annual sales data since our establishment in 1987; we also made the list of our shareholding employees, the shares they hold, as well as information about our funding resources and financial operations available to the Committee

Politics, not security, at center of Huawei, ZTE allegations, say analysts (CSO) China's Huawei and ZTE pose security threats to the U.S., according to an upcoming report from a U.S. congressional committee

Copyright Scofflaws Beware: ISPs to Begin Monitoring Illicit File Sharing (Wired Threat Level) The nation's major internet service providers by year's end will institute a so-called six-strikes plan, the "Copyright Alert System" initiative backed by the Obama administration and pushed by Hollywood and the major record labels to disrupt and possibly terminate internet

Facebook Agrees to Pay $10 to Each 'Sponsored Stories' Victim (Wired Threat Level) Facebook is agreeing to pay up to $10 each to users who appeared in the social-networking site's "Sponsored Stories" advertising program without their permission. The revised settlement agreement to a class action, lodged Saturday, comes two months after a federal

TinKode sentenced after hacking Oracle, NASA and others to expose weak security (Naked Security) The infamous hacker known as TinKode has been sentenced by a Romanian court - receiving a hefty fine and a suspended prison sentence

Prosecutor seeks up to 24 years for hacker group members (Todays Zaman) An Ankara prosecutor is seeking prison sentences of 8. 5 to 24 years for members of RedHack, a hacker group responsible for attacks on several government and public websites. The indictment, prepared by the Ankara Deputy Chief Public Prosecutor's Office and naming 10 members of the socialist hacker group, was recently accepted by the Ankara 13th High Criminal Court.

Landmark Ruling: Insiders Aren't Hacking if You Gave them Access (Infosec Island) How many systems, applications, or servers do you have access to right now in your organization? Right now, do you know which systems you're supposed to have access to? More importantly, do you have access to those and only those

Obama Administration Claims It Can't Be Sued over Indiscriminate Wiretapping (AllGov) One lawsuit, brought by lead plaintiff Carolyn Jewel on behalf of current and former AT&T customers, claims the company helped the National Security Agency eavesdrop on them. The other case, filed by Virginia Schubert and three others, addresses all

The CyberWire Daily Briefing for 10.9.2012