The CyberWire Daily Briefing for 10.11.2012
Sun Trust joins Capital One among the victims of the renewed Islamist hacking campaign against US banks. Investigators continue to look for a Saudi connection as Iran denies complicity. (For a skeptical take on the seriousness of the campaign, however, see this morning's op-ed in CSO.) Coincidentally or not, Russian mobs continue to prepare for large-scale wire fraud aimed at the same targets.
Cyber criminals steal student records from Northwest Florida State College. Symantec finds a Russian proxy service delivering Backdoor malware. 3G mobile devices are found vulnerable to involuntary physical tracking. Spearphishing techniques improve as attackers watch their targets' behavior more closely.
Mozilla pulls its latest Firefox release over security concerns and advises users to downgrade to the previous version. Facebook patches a vulnerability that exposed users' phone numbers.
RSA warns European companies that regulatory compliance and obsessing over privacy have trapped them in an obsolete security model. The National Cyber Security Alliance releases a new cyber crime report.
US House of Representatives members ask the Office of Management and Budget exactly what contractors have been told about budget sequestration. BAE's merger with EADS may have faltered, but BAE says it will pursue acquisitions in the US (especially in cyber). Silicon Valley acquisitions are increasingly aimed at getting high-value employees.
The US House Intelligence Committee opens the second phase of its investigation into Huawei and ZTE. Concerns about these telecom firms spread to Canada, but industry analysts say it will be difficult to exclude Chinese hardware from any market.
Notes.
Today's issue includes events affecting Australia, Bulgaria, Canada, China, European Union, Germany, Iran, Israel, Japan, Netherlands, New Zealand, Russia, Saudi Arabia, Sweden, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Islamic hacktivists target three more U.S. banks (CSO) SunTrust Banks and Capital One Financial have experienced intermittent disruption of their websites this week
Plot Behind Bank Cyber Attack Thickens; Tools Found in Saudi Arabia (Here Is The City) Iran has denied any involvement and this week said its infrastructure and communications companies were themselves hit by a cyber attack this week. Cyber-security professionals have been surprised at the sheer power of the attacks on U.S. banks
Russians Set to Make Big Withdrawals from U.S. Banks Without Having Bank Accounts (Threatmetrix) Using profit-sharing as added incentive to get recruits, a Russian-speaking criminal startup is organizing a massive fraudulent wire transfer Trojan attack targeting U.S. banks. Security expert Mor Ahuvia says a vorVzakone (Russian for Thief-in Law) is at the center of the scheme. This thief-in-law not to be confused with a brother-in-law whos a business partner who embezzles is, according to Wikipedia, a criminal who is respected, has authority and a high ranking status within the criminal underworld in the old Soviet Union and its successor states
Hackers steal thousands of student records from computers at Florida college (CSO) The hack at the Northwest Florida State College is believed to be a job by professional outside hackers
Russian Web proxy with backdoors, Distributing malware (The Hacker News) Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor
"Mitt Romney almost president" - Fake CNN alert leads to Blackhole malware attack (Naked Security) In an attempt to cash in on the interest in the upcoming US presidential election, online criminals have begun circulating malicious emails pretending to be CNN news alerts about Mitt Romney pulling ahead in the polls
Security flaw in 3G could allow anyone to track your smartphone (The Hacker News) New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked, according to research from the University of Birmingham with collaboration from the Technical University of Berlin. Researchers said that standard off-the-shelf equipment, such as femtocells, could be used to exploit the flaw, allowing the physical location of devices to be revealed. The 3G standard was designed to protect a users identity when on a given network
Facebook Scam Spam (Internet Storm Center) We are seeing reports of Facebook Scam Spam trickle in. Rene provided us with a detailed anecdote that includes the following image. The url provided in the image was investigated a bit. TinyURL has since taken down the redirect and classified it as Spam. However, the image (and others like it) still propagate by FB users clicking on the link
Iran rejects cyber attack on nuclear facilities (Trend.az) Sometimes we face more than 500,000 threats at the country's entrance gates but no major threat or cyber attack has targeted the nuclear facilities over the past few weeks," Taqipour said on Wednesday. Iran has been the target of several cyber attacks
Anonymous threaten to target Akamai as result of comments by an Akamai employee (Facebook) Comments from Akamai Technologies employee Josh Corman may backfire on him and his employer. Josh Corman calls himself a hacktivist expert and swings out against Anonymous in a TechWeek Europe
Businesses Remain Scared of Spear-Phishing as Attackers Study Behavior (Threatpost) Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry
Report: Four Out Of Five Phishing Attacks Use Security Scams (Dark Reading) Phishers scare users into clicking by sending security 'alerts,' Websense says
Constant connectivity to social networks goes hand-in-hand with malware (Help Net Security) In September, GFI threat researchers documented a number of cybercrime campaigns directed at users of various social networking sites including direct message spam on Twitter and a phony Pinterest app
iPhone hacker dream team edges closer to iOS6 jailbreak (CSO) Apple stepped up security in its latest mobile operating system, making it harder to jailbreak - but not impossible, the hackers hint
Windows XP is still Microsoft's biggest security headache, but infections are rising on Windows 7 (Naked Security) The rate of infection ticked up for Windows 7 in the first half of 2012, but Windows XP, Microsoft's legacy operating system, is still far and away the biggest security headache for Redmond
Security Patches, Mitigations, and Software Updates
Mozilla pulls day-old Firefox 16 from download site over security risk (Ars Technica) Downgrading to Firefox 15 tonight is not a bad idea, Mozilla says.
Facebook patches security hole that allowed mass harvesting of phone numbers (CSO) Facebook prevents the abuse of phone number searching on its mobile site by imposing a search-rate limit
Google pays researcher $60K for Chrome hack (CSO) Patches bugs within 10 hours that "Pinkie Pie" used at Pwnium contest to claim cash
Cyber Trends
RSA boss demands revamp of outdated privacy, security regs (The Register) Corporate security policies that simply adopt regulations and obsess over privacy are stuck in the last century, according to senior execs at security biz RSA. Tom Heiser, president of the EMC-owned outfit, told delegates to the RSA Europe conference that efforts to comply with red tape and standards is fruitless as the rules were formulated to thwart adversaries of ten years or more ago
National Cyber Security Alliance and McAfee Release New Cybercrime Data for National Cyber Security Awareness Month (The Herald) Nearly one in five Americans report being victim to a crime that was committed over the Internet, according to a survey by the National Cyber Security Alliance (NCSA) and McAfee. October is National Cyber Security Awareness Month, a coordinated national effort focusing on the need for improved online safety and security for all Americans and the study examines one of the month's focal topics: cybercrime and law enforcement
RSA Europe 2012: Cloud computing has potential to drive greater security (Infosecurity Magazine) The Cloud Security Alliance (CSA) and ISACA have issued their Cloud Market Maturity report, outlining the top 10 issues with cloud adoption by businesses. They found that confidence is lowest in government regulation as a factor in driving
Banks face more attacks, and water is wet (CSO) Is it me or are vendors opening up a big can of FUD over recent attacks against the banks
Marketplace
House Lawmakers OMB for Sequestration, WARN Act Guidance Docs (Govconwire) Three members of the House Education and the Workforce Committee have asked the Office of Management and Budget to provide them with documents and communication related to guidance on how contractors should address the potential of sequestration
After Pledging Huge IT Savings, Can NSA's Alexander Deliver? (AOL Defense) Keith Alexander, head of the National Security Agency and Cyber Command, told a standing-room-only crowd at the annual Geoint intelligence conference last year that the NSA and its sister intelligence agencies could save one third or more on their
Acqui-hire trend turns startups into IT talent pools (IT World) Since 2010, Silicon Valley--the mecca of tech businesses--is home to a growing trend. Larger tech companies are buying smaller startups, but with a twist: They aren't looking to buy the intellectual property, the products or even the customers of the acquisition target. Rather, they want key employees
BAE's US unit to keep looking for M&A opportunities (Reuters) "We will continue to pursue growth opportunities in cyber, intelligence, security, electronics and international businesses," Roehrkasse said in an emailed message to Reuters when asked about the company's interest in future acquisitions
Too late for America to eliminate Huawei (Financial Times) To read the scathing condemnation of Chinese telecoms equipment suppliers fired from Washington this week, you would think we still lived in another world. In that world, telecoms networks were built by national monopolies such as AT&T, France Telecom and British Telecom, and outsiders stayed away. You know things have come to a pretty pass when US politicians throw their weight behind a French company because the alternative is worse
HP May Still Be The King Of PCs, But Lenovo Will Usurp The Throne Next Quarter (TechCrunch) Depending who you ask, Lenovo topped HP in 2012′s third quarter to become the top worldwide PC supplier. Research firm Gartner reports Lenovo shipped just slightly more PCs than HP to hit a 15.7% marketshare, besting HP's 15.5% marketshare. But IDC reports an additional segment and therefore different numbers; HP is still on top per IDC
Coviello: 'Customers fleeing to our competitors? It's baloney!" (Computing) Executive chairman of security firm RSA Art Coviello has hit back at rivals who have claimed to have snapped up some of RSA's customers since it was the victim of a cyber attack, describing the claims as "baloney". RSA, the security arm of storage firm
Lockheed Gets $13.5M U.S Navy Order (NASDAQ) In the first one and half years of the five-year contract, the industry team led by Lockheed Martin will demonstrate the capabilities of its Open-Architecture Planning and Trajectory Intelligence for Managing Unmanned Systems (OPTIMUS) architecture
IBM to Provide Virtual Hosting Services for DoD Healthcare Program (Govconwire) IBM (NYSE: IBM) has won a $30,025,383 time-and-materials contract with the U.S. Army to provide virtual hosting services in support of the TRICARE Management Activity. The U.S. Army Medical Research Acquisition Activity in Frederick, Md. is the contracting activity on the award, which featured 31 solicited bids and 2 bids received
Vaultive Joins the Cloud Security Alliance (MarketWatch) The Cloud Security Alliance is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within cloud computing. As a corporate member, Vaultive will support CSA research and work toward the
David Lacquement Joins SAIC's Cybersecurity Team (IT News Online) The business unit delivers adaptive solutions to protect critical networks around the globe from cyber attacks with proven solutions that provide real- time situational awareness to enterprise operators. As SAIC continues to build its
Products, Services, and Solutions
nCircle Adds Significant New Features And Technologies To All Existing Product Lines (Dark Reading) nCircle, the leader in information risk and security performance management, today announced new technology innovations across every product line during the first half of 2012
Review: Free, open source VirtualBox lags behind VMware and Parallels (Ars Technica) Poor 3D support and lack of OS integration features hurt VirtualBox the most. Our Parallels Desktop and VMware Fusion shootout took a deep dive into the two most successful commercial virtualization products for the Mac, but many of you had questions about VirtualBox, the free and open source desktop virtualization software currently offered by Oracle. Both Parallels and VMware offer plenty of features for home and business users, but is VirtualBox an acceptable alternative for the cash-strapped
New updated Virus Removal Tool from Sophos now available (Naked Security) Sophos has just released an updated version of its free and very popular Sophos Virus Removal Tool
A better reason not to use Huawei routers: Code from the '90s (Network World) Security researcher Felix "FX" Lindner has a more compelling reason to steer clear of routers from Huawei Technologies than fears about its ownership. While the company [was] blasted for its opaque relationship with China's government in a U.S. intelligence report released Monday, a bigger worry for some is what's inside its routers."The code quality is pretty much from the '90s," said Lindner, who has analyzed the software inside Huawei's home and enterprise routers, and runs Recurity Labs, a security consultancy, in Berlin
HyTrust prevents virtual data center and audit failures (Help Net Security) HyTrust released HyTrust Appliancev3.0 which includes a Secondary Approval feature that is designed to prevent risk, whether caused by unintended or malicious actions, to VMs, critical applications
Free mobile app profiler for risk assessment (Help Net Security) Zscaler announced today the results of an analysis from ThreatLabZ which reveals that up to 10 percent of mobile apps expose user passwords and login names, 25 percent expose personally identifiable
One-click security within Microsoft Outlook (Help Net Security) CertiVox launched an automatic, end-to-end encryption capability designed specifically to enable government, businesses and individuals to benefit from one-click security within Microsoft Outlook
Advatech Pacific's Cross Domain Solution Listed On UCDMO Baseline List of Validated Solutions (The Herald) Advatech Pacific's small form factor Tactical Cross Domain Solution, TACDS, has undergone full National Security Agency (NSA) certification and been approved for inclusion on the UCDMO Baseline List of Validated Solutions
General Dynamics Introduces NSA-Certified COTS Computer (Dark Reading) General Dynamics C4 Systems today introduced the new TACLANE MultiBook laptop, now certified by the National Security Agency (NSA) to secure network communications to the Secret level and below. Government, agency and state and local law
O2 mobile customer data to be sold to third parties (CSO) Smart Steps product first on the block - targeted at retailers and public sector
BlackBerry's BES mess: No more Express Server version, says RIM (ZDNet) Research in Motion's message on future enterprise products is confusing. It's a mess. Here's what we've learned: small-medium sized business relying on BlackBerry freebies may not like what's coming
BlackBerry 10 Launch: Is March Too Late? (InformationWeek) RIM's next-generation smartphone platform may arrive even later than hoped, dimming the BlackBerry maker's chances for a turnaround
10 Great Social Features For Microsoft SharePoint 2013 (InformationWeek) Social computing will play a big role in Microsoft's upcoming collaboration platform
Technologies, Techniques, and Standards
Walking the Mobile Mile (Dark Reading) Putting the i in identity means navigating the hidden complexities in Mobile Identity. Mobile applications have disparate characteristics from normal web applications and so demand different requirements from developers. This in turn drives the need for new security models. When enterprises write Mobile apps, they are not simply delivering data to the customers as in a web app, they are delivering code that interacts with the mobile device OS, data and security tokens (and beacons) that will reside on the device for some period of time
Mild-Mannered Malware Sleuth Rocks Security (Dark Reading) Botnet and malware expert Joe Stewart chats up his self-taught skill of picking apart malware and botnets, how targeted companies are in denial, Metallica -- and his raucous rock 'n roll years
Dodging 5 Dangerous Database Default Settings (Dark Reading) Out-of-the-box settings and weak configuration of databases make it easier for thieves to break into data stores and harder for IT to quickly detect breaches
10 technologies shaping the future of IT (IT World) Which of today's newest shipping technologies will cast the longest shadow over business computing? Here are our best guesses
Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two (Internet Storm Center) It is Day 10 of Cyber Security Awareness Month. I am continuing with Part Two of my entry from Day 3 on Standard Sudo - Part One. We will cover some technical implementation options of sudo with pros and cons of the given examples
Design and Innovation
Security as an enabler of innovation (Help Net Security) For years, many enterprises have viewed IT security as a costly extra that has to be endured as a way to reduce risk, without providing any other value to the business. Recent years have shown that
Fix The Fear Factor In Government Innovation (InformationWeek) Fear of failure breeds failure. CIOs must help change this dynamic as private and public sector minds work together on unlocking government big data
Research and Development
Pentagon Scientists: We Can't Predict Violent Outbursts. Yet. (Wired Danger Room) In the years to come, a top group of military scientists believe, the Pentagon may be able to use genomics and bio-markers to spot when a soldier is about to snap. But that moment is not in the immediate future. So, for now, the only option is to try to prevent these troops from reaching the breaking point, rather than predicting when that point will come
Academia
European Knowledge Institute for Cyber Security Set Up (TDworld) Alliander, DNV KEMA and KPN, together with TNO and Radboud University, are setting up a new European cyber security knowledge center, the European Network for Cyber Security (ENCS). ENCS will engage in research, testing, knowledge sharing and training in the field of cyber security for critical infrastructure such as energy, water and telecom networks with the objective of helping infrastructure owners to improve their protection against cyber crime. In view of the cross-border nature of cyber crime, ENCS is seeking to involve as many parties as possible in this mission
NYU-Poly Hosts World's Largest Capture the Flag Hacking Competition (The Herald) "The explosion of entrants this year is a sure sign that more students are being drawn to the excitement of computer security," said Nasir Memon, founder of CSAW and director of NYU-Poly's cyber security program
Legislation, Policy, and Regulation
US and EU clash over Whois data (IT World) The United States Federal Trade Commission (FTC) consumer protection tzar on Wednesday welcomed moves by ICANN to store more data on those who run websites
Germany spies on the internet after all (Tech Eye) While Germans are a little sensitive about online privacy, it appears its Government has no problems with spying on them. The German government revealed that its police monitor Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat "as and when necessary" but very precisely. The information was released as part of a move towards financial transparency
GAP Praises President's Action to Protect National Security Whistleblowers (Government Accountability Project) These are workers at organizations like the Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), National Security Agency (NSA), and intelligence units in nearly all other government agencies. Extension of WPA free speech rights and
DHS signs cooperative agreement with Bulgaria (Government Security News) The Department of Homeland Security will collaborate with authorities in Bulgaria to combat international crime and terrorism under an agreement signed by U.S. and Bulgarian officials on Oct. 10. Secretary of Homeland Security Janet Napolitano
Senate Homeland Security Committee Misses the Mark with Statement on DHS (American Civil Liberties Union News and Information) Last week, the Senate Homeland Security Committee's Subcommittee on Investigations issued a report criticizing the Department of Homeland Security for its failure to ensure proper oversight over state and local "fusion centers
Lieberman: Cyber Attacks Threaten the US (Moneynews) Cyber attacks are a profound threat to this country, yet our cyber defenses are woefully lacking, warned Sen. Joe Lieberman, I-Conn., in an editorial in The Washington Post. National intelligence leaders have told Congress exactly that in no uncertain
Dicks warns of possible 'cyber 911,' urges government action (Kitsap Sun) In just an instance, a cyber attack could bring America to its knees, crippling transportation systems, freezing money supplies, shutting down power grids and imperiling nuclear plants. That was the somber and frightening message
Presidential candidates quiet on cyber policy (CSO) Obama and Romney differences aired by analysts, not so much by one another
Cyber Command has appropriate authorities but lacks agility, says official (Fierce Government IT) Cyber Command, in collaboration with the National Security Agency, has the authorities it needs to protect Defense Department networks and effectively share information with the Homeland Security Department and FBI to defend non-military entities, said Rear Adm. Samuel Cox, director of intelligence at Cyber Command
ISE set to play larger role in cybersecurity info sharing, says Paul (Fierce Government IT) The Information Sharing Environment program will play an increased role in federal efforts to coordinate cybersecurity with state and local governments, said Kshemendra Paul, ISE program manager, after speaking Oct. 10 at an AFCEA-Bethesda panel
Litigation, Investigation, and Law Enforcement
U.S. panel to probe new wave of complaints against Huawei, ZTE (Reuters) A U.S. congressional report that urged American companies to stop doing business with Chinese telecom equipment makers Huawei and ZTE has triggered a fresh wave of complaints against the firms, opening a second phase to the panel's investigation. A staff member of the House of Representatives Intelligence Committee said the panel has been receiving "dozens and dozens" of calls from current and former employees and customers reporting supposedly suspicious equipment behavior, chiefly involving Huawei."I don't think the companies should expect our attention to stop," the staff member told Reuters, adding that the panel would follow up on new leads. The staffer was not authorized to speak publicly on the matter
Huawei: Separating fact from fiction (IT World) Industry veteran David Newman analyzes the charges made against Chinese telecom vendor
Red Star Over Canada's Networks: Huawei Or The Highway (Eurasia Review) This Monday, a US House Intelligence Committee report was published outlining the case for banning Huawei and ZDT, two major Chinese telecoms, from network infrastructure building in the United States. The report argued that potential ties between these companies and the Chinese government represented a national security risk. If Huawei or ZDT were allowed to lay critical infrastructure in the United States, they might plant secret backdoors or data mining processes in network hardware at the behest of the Chinese government, thus creating a security risk in the event of a future conflict between the two countries
Canada spy accessed Australia intelligence (The Australian) The sub-lieutenant had access to signals intelligence produced by the US National Security Agency, Britain's Government Communications Headquarters, Canada's Communications Security Establishment, Australia's Defence Signals and New Zealand's
Cyber-attack technique used against state turns against individuals (Asahi Shimbun) The two men who were released after being arrested on suspicion of sending online threats of terrorism and mass murder are likely victims of a sophisticated virus, similar to last year's targeted attack on Japan's Diet chambers and defense contractors
Supreme Court Won't Hear Challenge to Telecom Immunity (Wall Street Journal) The Supreme Court won't be hearing a class action against several telecommunications carriers that helped the National Security Agency monitor calls and emails, ending the action against the companies. The court declined to hear Hepting v AT&T Tuesday
Court rules book scanning is fair use, suggesting Google Books victory (Ars Technica) Judge rules for Google's library partners in lawsuit brought by Authors Guild
Top Secret Service agent helps kick off cyber-crime campaign in South Florida (Sun-Sentinel) The nationwide campaign, organized by the Department of Homeland Security, is designed to teach the public and private companies about the rapidly increasing number of cyber-related crimes. "Sophisticated cyber-criminals pose a great threat to our
Conficker worm still being tracked, but evidence collection slows (CSO) Since the botnet operators abandoned Conficker, it makes it harder to trace them
Missing Pirate Bay founders tracked down (CSO) Illness and legal advice derailed a talk by Peter Sunde and Fredrik Neij on Wednesday at Hack in the Box
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cyber Maryland 2012 (Baltimore, Maryland, Oct 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding networking. CyberMaryland 2012 is for technology companies, business leaders, students, emerging professionals, policy makers, elected officials, business services and entrepreneurs in public and private enterprise."
National Cyber Security Hall of Fame Inaugural Award Ceremony (Baltimore, Maryland, USA, Oct 17, 2012) Created to honor those who've created the cyber security industry, the National Cyber Security Hall of Fame celebrates its inaugural class this month.