The CyberWire Daily Briefing 07.24.13

Cyber Trends

Don't be fooled by study's dramatically lower cyberthreat estimate, experts say (CSO) One analyst compared security spending to preparing for a natural disaster -- wait until it happens and it's 'too late'

Cyber Warfare: Is the risk of cyber-warfare overrated? (The Economist) Defending the motion: Thomas Rid, Reader in War Studies, King's College London. Against the motion: Richard Bejtlich, Chief Security Officer, Mandiant

Alcatel-Lucent reports rising cases of malware and breaches of cyber-security on broadband devices and smartphones (Alcatel-Lucent) Alcatel-Lucent (Euronext Paris and NYSE: ALU) today released new data showing that security threats to fixed and mobile broadband networks are on the rise as global consumer usage continues to grow

Legislation, Policy and Regulation

House to Vote on Repealing NSA Dragnet Phone Surveillance (Wired) The House is expected to vote later this week on an amendment to a roughly $600 billion defense spending package that would repeal authorization for the National Security Agency's dragnet collection of phone call metadata in the United States

Senator: Surveillance state based on secret law 'has no place in America' (The Register) But if it's not stopped now, it may soon be too late. The US government has created "an always expanding, omnipresent surveillance state," according to Senator Ron Wyden (D-OR), and if something isn't done, it may soon become impossible to dismantle

National Security Agency revelations reframe digital life for some (The Dailystar-journal) In Louisiana, the wife of a former soldier is scaling back on Facebook posts and considering unfriending old acquaintances, worried an innocuous joke or long-lost associate might one day land her in a government probe. In California

White House opposes amendment to curb NSA spying (CSO) The White House said the amendment will "hastily dismantle" counterterrorism tools. The White House is opposed to an amendment to a defense spending bill that would limit spending on mass surveillance by the National Security Agency

Showdown looming, surveillance program backers fight off a challenge as White House weighs in (Times Colonist) The White House and congressional backers of the National Security Agency's surveillance program warn that ending the massive collection of phone records from millions of Americans would put the nation at risk from another terrorist attack

N.S.A. Director Lobbies House On Eve Of Critical Vote (New York Times) The Obama administration scrambled on Tuesday to slow Congressional opposition to the National Security Agency's domestic spying operations as the House of Representatives prepared to vote on legislation that would block the agency's collection of records about every phone call dialed or received inside the United States

NSA snooping: Here we go again (FierceITSecurity) Here we go again. The secret court that has been rubber stamping requests from the National Security Agency to throw massive dragnets over communications records of carriers and web firms has approved the extension of the U.S. government's surveillance authority past the July 19, 2013, expiration date

U.K. government to probe Huawei security center in southern England (FierceITSecurity) Under pressure from Parliament, the U.K. government has launched a probe into a center set up by Chinese telecom gear maker Huawei in southern England to test the security of its telecom gear before it is deployed into the U.K. critical national infrastructure

Interior Minister sets up a cyber attack response group (LithuaniaTribune) In case of a cyber attack, the group will have to take swift actions to control the crisis," Barakauskas was quoted as saying in a statement by the Ministry of the Interior on Tuesday. The group will include representatives of the Ministries of the

New Kiwi spook law allows domestic prying (The Register) Kim Dotcom fair game under revised statute. New Zealand's Government Communications Security Bureau (GCSB), which illegally spied on resident Kim Dotcom, is on the cusp of gaining sweeping new powers that include wiretapping NZ citizens

Rabbitte ignores calls for State role in blocking online porn (The Independent) Communications Minister Pat Rabbitte will stand firm against calls to require Irish internet service providers to block pornography from home broadband services. Writing exclusively in today's Irish Independent, Mr Rabbitte says that legal concerns attached to mandatory filters, as well as a fear of imposing censorship, have persuaded him against trying to force ISPs to impose mandatory pornography-blocking internet filters

ISPs: Relax. Blocking smut online WON'T really work (The Register) Plus: Anti-porn MP slathered with porn (well, her website anyway). Since the start of this year it has become clear that the government was shifting away from its hands-off approach to censoring content online by leaving ISPs to work out an agreed code that would prevent regulatory intervention

Products, Services, and Solutions

SailPoint unveils IAM-as-a-Service suite (Help Net Security) SailPoint announced IdentityNow, an IAM-as-a-service (IDaaS) that delivers enterprise-grade identity governance, provisioning and access management in a single, unified solution

DHS to Deploy 'Einstein 3' Cyber Protection Tool; Brendan Goode Comments (ExecutiveGov) The Department of Homeland Security has finished testing a network intrusion prevention system and is gearing up for the technology's government-wide adoption, Federal News Radio reported Monday. Jason Miller writes Brendan Goode, DHS director of

Deliver real-time phishing detection from Webroot and RSA (Help Net Security) Webroot announced a technology partnership with RSA, The Security Division of EMC, to provide real-time phishing detection to RSA FraudActionSM Anti-Phishing Service

Quarri delivers Protect On Q as a virtual appliance (Help Net Security) Quarri Technologies released Quarri Protect On Q (POQ) 3.2, a virtual appliance version of its flagship web browser security solution. It also delivers high availability, enabling enterprises to deploy

PhishMe and FireEye Partner to Offer Multi-Layered Approach to Securing Critical Information and Networks (MarketWatch) PhishMe and FireEye hope to create a new organization-wide mindset that cyber security impacts each employee, from the lowest level all the way to the

SkyDrive in Windows 8.1 will be like your C Drive (FierceCIO: TechWatch) SkyDrive will be getting a radical overhaul in the upcoming Windows 8.1 update, and using it will be "as easy as saving to your hard drive." Or so says Mona Akmal, group program manager for SkyDrive, in a new blog entry

Sound-Based Device Authentication Has Many Possibilities (Video) (Slashdot) Imagine a short (audio) squawk, less than one second long, as a secure authentication method for cell phones or other mobile devices. A company called illiri has developed (and has a patent pending on) a method to do exactly that. The company is so new that its website has only been up for a month, and this interview is their first real public announcement of what they're up to. They envision data sent as sound as a way to facilitate social media, mobile payments (initially with Bitcoin), gaming, and secure logins. Couldn't it also be used for "rebel" communications, possibly by a group of insurgents who want to overthrow the Iranian theocracy? Or even by dissidents in Russia, the country our interviewee, illiri co-founder Vadim Sokolovsky, escaped from? (And yes, "escaped" is his word.) And, considering the way illiri hopes to profit from their work, should they think about open sourcing their work and making their money with services based on their software, along with selling private servers that run it, much the way Sourcefire does in its industry niche? Their APIs are already open, so moving entirely to open source is not a great mental leap for illiri's management

One–Stop Bot Chop–Shops (Krebs on Security) New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines

Latest SwiftKey beta goes to the cloud (C/NET) SwiftKey has always been good at learning the way you type. But with today's new beta release, the app can now sync everything it learns across your devices

Solera Networks Introduces Blue Coat ThreatBLADES (Dark Reading) The Blue Coat ThreatBLADES solve this problem by unifying threat intelligence, big data security analytics and security visibility to protect against zero-day, advance persistent, web and email threats, spear phishing attacks and malicious files and

How Private is Internet Explorer's InPrivate Browsing?…First define "private" (Magnet Forensics) As a follow-up to my recent posts about a suspect using CCleaner in an attempt to hide their Internet activity, I received several emails asking about Internet Evidence Finder's ability to recover InPrivate browser artifacts that I wanted to address

Technologies, Techniques, and Standards

Choosing And Implementing An Enterprise Database Encryption Strategy (Dark Reading) A lot of attention is given to securing database systems-- and rightly so: Databases are the target for attackers who wish to siphon off intellectual property, gather financial data that can be turned into cash and, in some cases, break in just for the sport of it. The attacks against computer systems are diverse, but the end target is typically the database

Moving Away From Rash Hashing Decisions (Dark Reading) Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better

Why Taking the Apple Developer Sites Down was a Good Thing (Trend Micro Simply Security) Over the weekend, we learned that Apple's Developer Center was taken down due to a security vulnerability or breach on the site last Thursday July 18. In their notice, Apple indicates that this security breach could have led to developer's names, mailing addresses and e-mail addresses being accessed, although the company states clearly that sensitive personal information was encrypted and not accessed

Continuous Security Monitoring: The Attack Use Case (Securosis) We have discussed why continuous security monitoring is important, how we define CSM, and finally how you should be classifying your assets to figure out the most appropriate levels of monitoring. Now let's dig into the problems you are trying to solve with CSM. At the highest level we generally see three discrete use cases

KPMG found leaking data, as it criticises every single company in the FTSE 350 for doing the same (Graham Cluley) BBC Technology correspondent Rory Cellan-Jones contacted me this morning, about a press release that had arrived in his inbox entitled ""Economic growth and national security put at risk as FTSE 350 fail to raise cyber defences, says KPMG"

Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON (Infosecurity Magazine) Hacker conferences, like Black Hat and DEFCON, are notorious for highlighting the security missteps of attendees. Before the show, which takes place in Las Vegas next week, IT security professionals should take every security precaution to prevent being hacked

Identifying Security Issues Common to All Server Roles (Tech-FAQ) Server security is basically one of the initial security requirements

4 Non–Technical Measures for Mitigating Insidious Insiders (CSO) Even the best technology will be useless if the non-technical basics aren't correct. Can threats from insiders be proactively mitigated with non-technical measures? The short answer is "yes and no." And promise, this isn't going to turn into a blog on quantum computing to explain how these two answers can exist at the same time. An incident associated with a careless or malicious insider can be mitigated, sometimes, but it is highly dependent on a number of factors and many of these are non-technical

Enterprise Insurance Policies and the 20 Critical Security Controls (Tripwire) It's that time of year: business insurance renewal. I received the "Network Security & Privacy" section of an application for Errors & Omissions (E&O) insurance from our CFO last week

Does User Awareness Help? Vendors Begin To Take Sides (Dark Reading) Security vendors such as FireEye speak in favor of awareness training -- even without a dog in the fight. "When all you have is a hammer, everything looks like a nail," the old saying goes. In the past, this has been especially true in cyber security, where technology vendors have attempted to solve virtually every problem with the one thing they have: more technology. Got a virus? Antivirus software. Data leak? Data leak prevention. If you've got a security problem, there's an app (or an appliance) for that

Application Sandboxes: A pen–tester's perspective (Bromium Call of the Wild Blog) I'm excited to announce a new research report from Bromium Labs, written by myself and Rafal Wojtczuk. It ended up being far more comprehensive than we initially thought, so we decided to call it "Application Sandboxes: A Pen Tester's Perspective". In this report we perform security evaluation of publicly available application sandboxes viz: Google Chrome, Adobe Reader, Sandboxie, BufferZone Pro and Dell Protected Workspace

Encryption in the Cloud: Who Holds the Key? (IFSEC Global) There's no silver bullet for cloud security, but cryptography should be at the core of any cloud security architecture. Effective cryptography depends on the ability, not only to encrypt the data, but also to manage and control the keys to decrypt and

Black Hat: Don't Blindly Trust Vulnerability Data (eWeek) Researchers at Black Hat plan to discuss some of the common ways data about vulnerabilities is used to draw false conclusions about security. Numbers never lie--except when they are used to draw false conclusions. And if those false conclusions are part of an IT security strategy, then nothing good can happen

Marketplace

ASX goes to war on cyber crime (Brisbane Times) A research paper published by the World Federation of Exchanges and the International Organisation of Securities Commission found 53 per cent of exchanges - including the key global exchanges - suffered a cyber attack last year. ASX chief information

US cloud firms face backlash from NSA spy programs (Computerworld) A Cloud Security Alliance (CSA) survey found that 10% of 207 officials at non-U.S. companies have canceled contracts with U.S. service providers following the revelation of the NSA spy program last month. The alliance, a non-profit organization with

Ex–CIA official to address government–wary hackers (Hartford Courant) A former CIA official and a retired Air Force general will address next week's Def Con hacking convention, which for the first time asked federal officials to steer clear because of anger over alleged government spying

Government Has Power to Improve Security With Incentives (Veracode) Back when I testified with the L0pht to the Senate in 1998 we suggested the government use incentives as a way to get businesses to improve their security. The Senate was Republican controlled at the time and even us political newbies knew that regulation was going to be a non-starter at the time. We also proposed that the government use its purchasing power to require the vendors it buys from to have good security

Medical Device Hackers Find Government Ally to Pressure Industry (Bloomberg) Two years ago, Jay Radcliffe discovered a software bug in his insulin pump that could allow hackers to take remote control of the device. The diabetic and computer security researcher went public with his findings at a hacker conference after the manufacturer, Medtronic Inc., didn't respond to him

Sourcefire-Cisco deal: No layoffs expected (Baltimore Business Journal) Sourcefire Inc.'s roughly 650 employees will all join Cisco Systems after the Columbia cyber security firm's sale is complete, Cisco executives said on Tuesday. San Jose, Calif.-based Cisco announced on Tuesday an agreement to acquire Sourcefire

Cisco's $2.7B Sourcefire Deal Boosts Cyber Security (Bloomberg) Cisco's $2.7B Sourcefire Deal Boosts Cyber Security. You need to enable Javascript to play media on Bloomberg.com. Info. Comments. VIDEO TEXT. July 23 (Bloomberg) -- Bloomberg Editor-at-Large Cory Johnson reports that Cisco Systems boosted its

Cisco Banks On Sourcefire And Snort For Its Security Future (Dark Reading) Cisco's security save to the tune of $2.7 billion, and the Snort pig stays open source. Cisco's announcement today that it plans to purchase Sourcefire in a $2.7 billion deal signals a major effort to resuscitate the networking giant's increasingly shaky standing in the network security market

What Cisco Gains From Sourcefire (InformationWeek) $2.7 billion acquisition deal brings intrusion expertise; Sourcefire promises Snort intrusion detection and prevention system will remain free and open source

UPDATE 4-Cisco to buy Sourcefire, more network security deals seen (Reuters) Cisco Systems Inc said on Tuesday it plans to purchase cybersecurity company Sourcefire Inc for $2.7 billion, a deal that analysts say should spark more acquisitions in the industry as large vendors seek to profit from growing demand for IT security

IBM, Juniper could be next cyber-security buyers (MarketWatch) Cisco to buy Sourcefire Inc. for $2.7 billion; more deals likely to follow. Big tech firms like IBM and Juniper Networks are likely to follow Cisco Systems Inc.'s $2.7 billion deal for Sourcefire Inc. with their own cyber-security takeovers, said analysts Tuesday

Big Defense Firms Faring Well Despite Budget Cuts (Washington Post) Big defense contractors are weathering the federal budget sequester far more easily than they projected, in part because they have gradually eliminated jobs over the past few years in anticipation of spending cuts. Bethesda-based Lockheed Martin, the world's largest defense contractor, reported Tuesday that its profit rose 10 percent, to $859 million, during the second quarter even as revenue dipped slightly

Lockheed to SAIC Seek $6 Billion U.S. Anti-Hacking Work (Bloomberg) The U.S. Department of Homeland Security plans to create a $6 billion shopping hub for federal, state and local agencies seeking to shield their computer networks from hackers. Contracts for what may become the biggest unclassified cybersecurity program in the U.S. government will be awarded as early as this month

SAIC Awarded $38 Million Task Order By Defense Information Systems Agency (gnom.es) Science Applications International Corporation (SAIC) (NYSE: SAI) announced it was awarded a task order by the Defense Information Systems Agency (DISA) to provide Global Command and Control Systems - Joint (GCCS-J) production, testing and technical services in support of U.S. Combatant Commands. The single-award cost-plus fixed-fee contract has a one-year base period of performance, three one-year options, one six-month option, and a total contract value of approximately $38 million, if all options are exercised. Work will be performed at Fort George G. Meade in Jessup, Md. The task order was awarded under the ENCORE II contracting vehicle

Booz Allen, ManTech, Noblis Win $236M DHS R&D Support IDIQ (GovConWire) The Department of Homeland Security has awarded a potential $236 million contract covering research and development and related professional services to Booz Allen Hamilton (NYSE: BAH), ManTech International (NASDAQ: MANT) and Noblis

US cyber-spies strike electronic gold (Intelligence Online) Without waiting for their former employee Edward Snowden to blow the whistle on their work as contractors to the National Security Agency (NSA), the US cyber-intelligence consultants Booz Allen Hamilton and others have already moved on to fresh pastures. The most lucrative is undoubtedly the Persian Gulf, particularly

Don't Count VMware Out In Rough Seas (InformationWeek) Wall Street analysts and pundits are busy talking down VMware, but the virtualization pioneer is going through a cycle from which it's likely to bounce back. Wall Street talks VMware down, key executives exit and industry pundits continue to pile on the criticism. But VMware can bounce back from this down cycle, if it focuses on its identity as a supplier of fundamental data center software

Michael Dell ups buyout offer; shareholder vote pushed off to Aug. 2 (C/NET) Dell announced today that its founder Michael Dell, along with partner Silver Lake, will pay $13.75 per share to bring the company private

Tom Anderson Appointed STG COO (GovConWire) Tom Anderson, most recently a group president at Wyle, has joined STG Inc. as chief operating officer. The three-decade federal information technology veteran will be responsible for managing day-to-day operations and driving new business, STG said Tuesday

Research and Development

The 'Quantum Internet' Could Be The Most Secure Way To Browse The Web (San Francisco Chronicle) Quantum cryptography represents one of the most powerfully secure communication systems that science can conceive of, relying on the underpinnings of quantum mechanics to obscure data from those you don't want seeing it. What if there were a data

Long–Distance Quantum Cryptography (IEEE Spectrum) Quantum cryptography uses physics, specifically the quantum properties of light particles, to secure communications. It starts with a laser that generates photons and transmits them through a fiber-optic cable. The polarization of photons--whether they

Hey kids! Learn to be "cyber smart" from the NSA's youth page! (Ars Technica) Word searches, code games, and tips on how to behave online while surveilled. The National Security Agency wants your kids to know that it's cool to be "cyber smart"

Cyber Attacks, Threats, and Vulnerabilities

Syrian Electronic Army follows Guardian and FT hacks with Tango data theft (ITProPortal) The Syrian Electronic Army (SEA) has claimed to have successfully hacked free video and text messaging service Tango. The organisation, which is loyal to Syrian President Bashar-al-Assad, boasted that it breached Tango's website and back-up, database, managing to steal sensitive personal data, including users' private phone numbers, contacts and email addresses. The stolen information allegedly amounts to 1.5TB of data

Bad Vibes, man: Babble app chaps unwapped in phish trap hack flap (The Register) Viber website pwned, privates leaked all over the 'net by Syrian hackers. Hacker gang the Syrian Electronic Army broke into the systems of Viber, the popular mobile chat service, and dumped its user account records online

UAE thwarts cyber attacks from Egypt (Business Standard) TRA director general Mohammed Nasser Al Ghanim said the organisation had traced the source of the cyber attack. TRA has contacted the relevant Egyptian authorities in order to coordinate the efforts of the two countries on this matter, he said

UAE Fends Off Cyber-Attacks Originating in Egypt (Infosecurity Magazine ) Another Middle East-focused cyber-attack has been launched, but it's a piece of news that would not be out of place in the Cold War era: the International Atomic Energy Agency has been hacked. Information from an out-of-use server has been stolen and

Multi-stage attack compromises customers of French webhost OVH (CSO) OVH, one of the largest webhosting companies in the world, says hackers have compromised the company's European customer database and gained access to an installation server in Canada

New Trojan could create headaches for banks, customers (CSO) KINS is 'something that cyber criminals are cheering on,' RSA said. With the major developers of banking malware laying low, a new crook on the block has emerged gunning to be top dog in the market. The developer's new malware is called KINS, and he's selling it for $5,000 a pop, although that price is likely to climb if the malware is a good as he brags it is

Newly launched 'HTTP-based botnet setup as a service' empowers novice cybercriminals with bulletproof hosting capabilities (Webroot Threat Blog) A newly launched managed 'HTTP-based botnet setup as a service' aims to attract novice cybercriminals who've just purchased their first commercially available malware bot -- or managed to obtain a cracked/leaked version of it -- but still don't have the necessary experience to operate, and most importantly, host the command and control server online

First Malicious Apps Targeting Android 'Master Key Vulnerability' Found in the Wild (SecurityWeek) Earlier this month, researchers from Bluebox Security uncovered a serious vulnerability in Android that allowed for the modification of apps without affecting the cryptographic signature, making it possible for attackers to turn legitimate apps into Trojans. Shortly after the "master key vulnerability" was uncovered, Proof-of-concept code for exploiting it was found on the Internet

HTML ransomware goes global (Help Net Security) Last week we saw that a ransomware scheme does not need to involve actual malware, as clever cyber crooks leveraged browsers' "restore from crash" feature to make inexperienced users believe they cannot

Equal-opportunity malware targets Macs and Windows (Ars Technica) Janicab ushers in cross-platform era as OS X becomes more appealing target. Researchers have uncovered a family of malware that targets both Windows and OS X. Janicab.A, as the trojan is known, is also unusual because it uses a YouTube page to direct infected machines to command-and-control (C&C) servers and follows a clever trick to conceal itself

Long-Range RFID Hacking Tool to be Released at Black Hat (Threatpost) A tool that enables a hacker or penetration tester to capture RFID card data from up to three feet away will be released next week at Black Hat

Sessions with(out) cookies (Internet Storm Center) Recently in a penetration test engagement I tested a WebSphere application. The setup was more or less standard, but the interesting thing happened when I went to analyze how the application handles sessions

Dissecting a WordPress Brute Force Attack (Sucuri Blog) Over the past few months there has been a lot of discussion about WordPress Brute Force attacks. With that discussion has come a lot of speculation as well. What are they doing? Is it a giant WordPress botnet? Is it going to destroy the internet? Well, as you would expect of any good geeks we set out to find a way to find out

SIM card vulnerabilities easy to fix, researcher says (PCWorld) A pair of severe security problems in millions of SIM cards should be easy for operators to fix, according to the German security researcher who found the issues. Karsten Nohl of Security Research Labs in Berlin previewed research earlier this week that millions of SIM cards are likely still using an outdated, 1970s-era form of encryption to authenticate over-the-air (OTA) software updates

Hacking the SIM card: Why it matters to the enterprise (FierceCIO: TechWatch) It appears that the SIM card has finally been hacked, more than 20 years after it was first developed. More specifically, security researcher Karsten Nohl of Security Research Labs says he has found a serious vulnerability that allows mobile phones to be tricked into granting access to SMS functions and other capabilities--without the owner knowing

Cybercriminals Capitalize on Plants vs. Zombies 2 Hype (TrendLabs Security Intelligence Blog) The original Plants vs. Zombies game enjoyed a lot of popularity back then when PopCap Studios released it on the iOS in 2010, and on the Android in 2011. Now, with the approaching release of its sequel (soft-launched in New Zealand and Australia), cybercriminals have already begun taking advantage of the hype

Royal Baby lures to Blackhole Site (SecureList) Kaspersky Lab congratulates the royal couple on the birth of their new baby boy and wish them all well for the future. It is truly joyous news that is being celebrated in the UK and in the rest of the world

The Birth of the Royal Baby Blackhole Exploit Kit Run (TrendLabs Security Intelligence Blog) Since the first official announcement in early December last year, the world has eagerly awaited for the birth of the firstborn child of Prince William and Kate Middleton. After months of anticipation, the Duchess of Cambridge has given birth to a son, the new Prince of Cambridge, a couple of days ago

Dating app Tinder briefly exposed the physical location of its users (Quartz) Tinder, the popular mobile dating app that matches people based on how they rate each other's photographs, briefly exposed the physical location of its users to other people on the service

Lakeland hacked and passwords reset, customers advised to change passwords elsewhere (Naked Security) Lakeland has suffered a "sophisticated and sustained" attack in which two encrypted databases were accessed. It says it's found no evidence that data was stolen but has reset customers' passwords to be on the safe side

Lessons learnt from the Lakeland attack (Help Net Security) Last Friday, the British Kitchenware store, Lakeland, suffered a major data breach that involved two encrypted databases. To make things worse, the company doesn't know if data was compromised or what data was involved

Citi Bike leaks private info of 1,174 customers by accident (C/NET) A software glitch in the New York bicycle-sharing program has led to a breach of customers' names, contact information, credit card numbers and security codes, passwords, and birth dates

Social Security numbers of Va. students printed on mailing labels (SC Magazine) Thousands of University of Virginia students were affected by a printing error that caused their personal information, including Social Security numbers, to be printed on a mailing address label

OpUSA Analyzed — Systems Compromised, Little DDoS but Hundreds of Defacements (Infosecurity Magazine) OpUSA is an online hacktivist campaign officially launched May 7, 2013, and motivated by alleged war crimes committed by the US during military campaigns in Iraq, Afghanistan and Pakistan. A new study analyzes its effect so far

Increase in malicious DNS request traffic (Help Net Security) With regard to the OpUSA hacktivist campaign, Solutionary discovered that attackers responsible for previous DDoS attacks on the financial sector leveraged a variety of techniques to execute the campaign, including SQL Injection and XSS, in addition to DDoS

Scenario Puts Energy, Politics in Hackers' Cross Hairs (Defense News) A US Army cyber official warns that the nation faces a possible cyberwar in which anonymous foreign computer hackers penetrate government networks andcreate friction between Washington and its allies, discredit elected officials, and create political and economic instability if the US fails to adapt

Cyber-Sabotage Is Easy (Foreign Policy) So why aren't hackers crashing the grid? Hacking power plants and chemical factories is easy. I learned just how easy during a 5-day workshop at Idaho National Labs last month. Every month the Department of Homeland Security is training the nation's asset owners -- the people who run so-called Industrial Control Systems at your local wastewater plant, at the electrical power station down the road, or at the refinery in the state next door -- to hack and attack their own systems. The systems, called ICS in the trade, control stuff that moves around, from sewage to trains to oil. They're also alarmingly simply to break into. Now the Department of Homeland Security reportedly wants to cut funding for ICS-CERT, the Cyber Emergency Response Team for the nation's most critical systems

Is a cyber attack on US infrastructure inevitable? (Salon) The U.S. and China locked horns on cyber espionage, Edward Snowden allegedly leaked classified intelligence about National Security Agency (NSA) monitoring programs that target communication networks, and the Cobalt malware took 13 U.S. oil refineries

IT Hiccups of the Week: U.S. State Government IT System Meltdowns Galore (IEEE Spectrum) After a couple of quiet weeks, IT related snafus, snarls and ooftas reappeared with a vengeance last week. We start off with several U.S. state governments' IT systems that have had better weeks

Litigation, Investigation, and Enforcement

Feds put heat on Web firms for master encryption keys (C/NET) Whether the FBI or NSA have the legal authority to obtain the master keys that companies use for Web encryption remains an open question, but it hasn't stopped the U.S. government from trying

Facebook Event For 'NSA Nature Walk' Leads To Police Visit For German Man (Forbes) People outside of the United States have been alarmed by revelations about the degree of NSA access to information held by American technology companies given that foreigners are not granted the same privacy protections as U.S. citizens. Daniel Bangert, a 28-year-old German man, has been following news articles about the Edward Snowden leaks closely. Last month, after discovering that the NSA has a facility near his home in Griesheim, he posted a screed to Facebook lamenting "hav[ing] the NSA spies on my doorstep." A few weeks later, after creating a satirical Facebook FB +0.33% event inviting people to join him for a "nature walk" around the NSA's "Dagger Complex," he had actual police on his doorstep

Protecting Your Privacy Could Make You the Bad Guy (Wired) There's a funny catch-22 when it comes to privacy best practices. The very techniques that experts recommend to protect your privacy from government and commercial tracking could be at odds with internet business models and the law. It's a system

Internet 'Data Scraping': A Primer for Counseling Clients (Law Technology News) The proliferation of Internet access and mobile devices has led to an exponential explosion of content on the Web, creating a vast repository of "publicly available" information. This includes not only news, business, and financial information, but also personal data, movie and restaurant reviews, concert ticket sales, flight information, and a virtually endless array of other categories. This same technological explosion, however, has made it far easier for third parties to extract this data for commercial sale and use--and to do so for free and without authorization. This data extraction, commonly referred to as "scraping," "crawling," or "spidering" (collectively "scraping"),1 creates legal issues and concerns for both sides of this issue--those who want to scrape, and those who want to protect against scraping of their websites

State Department's Cybersecurity Office is a S#%t Show (RYOT) In an apparent effort to emulate the very hackers it's tasked with fighting, the Department of State's Bureau of Information Resource Management, Office of Information Assurance (still with us?) is evidently an aimless, overfunded LAN party with no real boss or reason to exist. We'd like to be able to tell you what the IRM/IA does, but a new report from the Office of the Inspector General concludes that it doesn't really do anything

IG: State Dept. Security Office 'Irrelevant' (GovInfoSecurity) For example, the IG says, the information assurance office is charged with overseeing the information systems security officer programs, but it's not the principal office where ISSO personnel overseas seek information and guidance. Several unit

Secret court renews NSA's snooping authority (FierceITSecurity) The secret court set up to oversee the National Security Agency's snooping program has given the green light for the agency to continue its information dragnet. The Office of the Director of National Intelligence confirmed on Friday that the Foreign Intelligence Surveillance Court had renewed the NSA's authority to collect "certain telephony metadata under the business records provision of the Foreign Intelligence Surveillance Act," authority, which expired on July 19, 2013

VA seeks dismissal of data breach lawsuit (FierceHealthIT) The U.S. Department of Veterans Affairs last week motioned to dismiss a lawsuit brought against it following a data breach made public in April by the William Jennings Bryan Dorn VA medical center in Columbia, S.C., HealthITSecurity reported

Texas man charged in multimillion-dollar Bitcoin Ponzi scheme (The Register) Risk-free investments carried some risk, it turns out

Design and Innovation

Visualization Helps Attackers Spot Chinks In Software's Armor (Dark Reading) Using data visualization techniques, researchers make memory and randomization flaws easier to recognize, spotting vulnerabilities in anti-exploitation technology such as ASLR and DEP

Inside MuckerLab, The Startup Accelerator That's Amping Up L.A.'s Tech Ecosystem (TechCrunch) In the San Francisco Bay Area, there is no shortage of "accelerator" programs that promise to take fledgling technology companies to the next level by providing mentorship, funding, business introductions, and the like. And as the startup scene a few hundred miles south in Los Angeles continues to heat up, the appetite for accelerators is growing too. One of the leading new startup

Latino Startup Accelerator Partners with Google For Entrepreneurs To Launch In Fall (TechCrunch) Manos Accelerator, a program to support Latinos involved in the startup community, has announced a partnership with Google For Entrepreneurs and will launch its first session for five to six startups in September. Based in San Jose, Manos Accelerator is meant to increase the number of Latino entrepreneurs and startups. Less than one percent of venture-backed startups were founded by Latinos

IBM Standardizes On Cloud Foundry, The Open-Source Developer Platform (TechCrunch) IBM is getting into the platform-as-a-service (PaaS) market by standardizing on Cloud Foundry, originally developed by VMware and now part of Pivotal, the EMC spin-off

The CyberWire Daily Briefing for 7.24.2013