The CyberWire Daily Briefing for 8.13.2013
OpIsrael, the hacktivist campaign that's so far produced fizzled attacks, promises to return in a big way on September 11. Their record suggests their limitations; still, it would be unwise to dismiss them out of hand.
Norman Shark publishes a well-documented report on Operation Hangover, allegedly an Indian government campaign against, among other targets, Norwegian telecom infrastructure.
Chinese attacks, surely state-directed, again affect Tibetan activist and sympathizer sites. FireEye reports that China's Comment Crew is back, and using new versions of cracking tools "Aumlib" and "Ixeshe."
Counter.php is found redirecting victims to the Styx exploit kit. IPv6 is shown readily adaptable to man-in-the-middle attacks. Researchers warn that Windows XP's retirement next April will be a boon to cyber criminals: users are likely to continue using XP, and attacks on the OS will not be met with patching.
Dark Reading reports on trends in malware obfuscation, including the increasingly familiar ability to detect virtualization.
Joomla, whose platform's vulnerabilities continue to be exploited, issues fixes and strongly encourages users to apply them. Today is, of course, Patch Tuesday, and Redmond is expected to issue its monthly upgrades shortly.
Shortages of cyber talent are affecting many sectors, including medical devices and healthcare.
Mega promises to fill the secure email market niches left by Silent Circle's and Lavabit's exit. Others hope to fill the gap by building meshnets.
US President Obama, whose recent denial of domestic electronic surveillance has met with widespread skepticism, appoints DNI James Clapper to lead a surveillance policy review panel.
Notes.
Today's issue includes events affecting China, Germany, India, Israel, Kenya, Democratic People's Republic of Korea, Norway, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
#opIsrael reborn: Hackers unite in global operation set for 11 September 2013 (Cyberwarzone) Multiple sources are showing that hackers are uniting to strike Israel on 11 September 2013. The #opIsrael reborn operation is an operation that has been initiated by hackers that are active on social media platforms like Facebook and Twitter. This is not the first time Israel is being targeted by an Operation
OPERATION HANGOVER |Executive Summary: Unveiling an Indian Cyberattack Infrastructure (NormanShark) This report details a sophisticated cyberattack infrastructure that appears to originate from India, conducted by private threat actors with no evidence of state-sponsorship. It has likely been inoperation for over three years, primarily as a platform for surveillance against targets of nationalsecurity interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key tasks, including some by freelance programmers
Key Tibetan website compromised (CSO) Code on the Central Tibetan Administration website targets Chinese-speaking visitors and installs a backdoor on their systems
Chinese Hackers Behind New York Times Attack Return with 'Improved' Malware (International Business Times) The Chinese-based attackers who were behind a high-profile attack on the New York Times are back with "new and improved" versions of their malware
China leads in Kenya's cyber attack, VOIP and banks top targets (HumanIPO) China leads in Kenya's cyber attack, VOIP and
Counter.php Found Redirecting to Sites Peddling Styx Exploit Kit (Threatpost) The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit
Researchers demonstrate how IPv6 can easily be used to perform MitM attacks (Virus Bulletin) Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment. I expected this could easily be used in various nefarious ways
XP's retirement will be hacker heaven (Computerworld) Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April
5 examples of zero-day attacks (Network World) Windows: In May, Google security engineer Tavis Ormandy announced a zero-day flaw in all currently supported releases of the Windows OS. According to his
Attackers' Toolbox Makes Malware Detection More Difficult (Dark Reading) The simplest techniques can be the best. Because analysis systems need to analyze malware quickly
Malware taps mobile ad network to siphon money (CSO) With more smartphones shipping than PCs, mobile ad networks open up the perfect backdoor for downloading code
Simple Hack Threatens Outdated Joomla Sites (Krebs on Security) If you run a site powered by the Joomla content management system and haven't yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors
Joomla Exploit Cashes Out Accounts with Zbot Variant (Infosecurity Magazine) Websites using the popular content management system Joomla are at risk of being hijacked for use in malware payload and phishing attacks, thanks to the discovery of a fresh vulnerability and accompanying zero-day attack
Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity (Webroot Threat Blog) Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones -- think traffic acquisition through illegally embedded iFrames -- has been contributing to the growing market segment where traffic is bought, sold and re-sold, for the sole purpose of monetizing it through illegal means
Smartphone Experts Hacked (eSecurity Planet) On August 6, 2013, Smartphone Experts began notifying an undisclosed number of its customers that a hacker or hackers had accessed the system used to process payments for purchases made on its Web site. The breach was discovered on July 12, 2013
Security Patches, Mitigations, and Software Updates
Heads up for Patch Tuesday: 24 hours, 8 bulletins, 3 critical, everything needs a reboot (Naked Security) It's that time of the month again, with Microsoft Patch Tuesday just 24 hours away. Paul Ducklin presents this month's eight bulletins in seven handy bullet points
Joomla Patches Zero Day Targeting EMEA Banks (Threatpost) Content management system Joomla patched a zero-day vulnerability that allowed attackers to upload malicious code that led victims to the Blackhole exploit kit
After paying $2M in rewrds, Google multiplies some bug bounties five times (Threatpost) Google's bug bounty program has been one of the more successful reward systems of its kind, and the company has regularly modified and expanded the program over the years to keep pace with what's going on in the industry. Google also has increased the rewards it offers for certain kinds of vulnerabilities several times, and the company is doing it again, raising the lower reward level from $1,000 to $5,000
Cyber Trends
Cryptography: The cloud war's weighty truce (SC Magazine) In reality, the true barrier to cloud adoption isn't the security itself but understanding data security and knowing how to utilize solutions such as cryptography to
480m trojan attacks on smartphones in China (Xinhuanet) More than 480 million smartphones in China have fallen victim to malicious software (malware) in the first half of 2013, a number almost equal to the total registered complaints in 2012
How security smart is Generation Y? (CSO) Some experts call Millennials, or Generation Y, the 'new threat vector.' But others say the weakest link in the enterprise is people of any age group
Android vulnerabilities'increasing' (Trade Arabia) Trend Micro's Q2 2013 Security Roundup Report describes cyber-security threats from the previous quarter combined with analysis to evaluate and anticipate
Marketplace
Sourcefire 'changed how people talk about cybersecurity': founder Martin Roesch [Q&A] (Technical.ly Baltimore) Martin Roesch founded Sourcefire in the living room of his Carroll County home in 1998. Last month, the Columbia-based cybersecurity firm for which he now serves as CTO announced it was being acquired by Cisco Systems for $2.7 billion
Health Care, Other Industries Face Shortage of Cybersecurity Workers (iHealthBeat) The survey was sponsored by Northrop Grumman, NetApp and Cyber Security Exchange. About 500 cyber professionals from 40 industries across 43 states
DHS Awards 17 Spots on Potential $6B Cyber Contract (GovConWire) Seventeen companies have won positions on a potential $6 billion Department of Homeland Security contract covering cybersecurity products and services, Federal News Radio reported Monday. Jason Miller writes the General Services Administration is responsible for the continuous monitoring and diagnostics contract and will charge a 2-percent fee for usage
CRGT Provides Technology Leadership for Maritime Homeland Security (Digital Journal) >CRGT Inc., a leading provider of full life-cycle IT services and an expert in emerging technology solutions for the Federal Government, announced an award of a $600,000 grant funded by DHS/FEMA for the Maritime Domain Awareness Infrastructure Program. This award was made to Signal Electronics in Freeport, Texas who partnered with CRGT as principal subcontractor. The City of Freeport, on the Gulf Coast, has vital assets in our nation's energy infrastructure, which are located within the critical, first-responder area of the Freeport Police Department
Learning to love security outsourcing (FierceITSecurity) In 2006, Computerworld's pseudonymous security manager columnist Mathias Thurman wrote "From an information security perspective, my company's offshoring strategy has been a nightmare"
DISA to leverage NSA's big data capabilities for Acropolis (FierceGovIT) The Defense Information Systems Agency sees big data and analytics as key components to providing cyber situational awareness for the Defense Department's networks, said an official speaking at the Aug. 9 Forecast to Industry at DISA headquarters in Ft. Meade, Md
DISA building out enterprise services cloud (FierceGovIT) The Defense Information Systems Agency has expanded its enterprise service offerings in the cloud for the Defense Department and has a clear list of near-term capabilities it aims to provide, said an official speaking at the Aug. 9 Forecast to Industry at DISA headquarters in Ft. Meade, Md
Will BlackBerry's Future Be A Piecemeal Sale? (InformationWeek) BlackBerry has formed a committee to explore strategic options. The company faces several challenges that make a sale of the entire organization look unlikely
Why BlackBerry's Biggest Strength Isn't Smartphones (Dark Reading) BlackBerry's best hope may be in software a service for large corporations — not its famous handsets. Here's why.
New Zealand-based software security companies form alliance (Geekzone) The companies that all have a proven track record of success and traction in global ... criminal intelligence, cyber security, mission critical communications and ... in Washington DC and has appointed former Department of Homeland Security
Former DHS deputy secretary launches cybersecurity council (The Hill) Lute stepped down from her role as the second-highest official at the Department of Homeland Security this spring, and her name has been floated as a possible
Wendy Martin Joins Northrop as Cyber Initiatives, Campaign Director (GovConWire) Wendy Martin, formerly a vice president at Harris Corp. (NYSE: HRS), has confirmed to GovCon Wire that she has joined Northrop Grumman (NYSE: NOC) as director of strategic initiatives and campaigns for the cyber solutions division
Arinc Sold for $1.39 Billion (EAGB) Arinc, an aerospace technology firm based in Annapolis, will be acquired by Rockwell Collins for $1.39 billion. Arinc was formerly held by the Carlyle Group LP. Arinc provides communications and data services for the aviation and rail industries, industrial security, and public safety. The Anne Arundel company has regional headquarters in Singapore and London, and expects to top $600 million in revenue in 2013. With 757 employees in Anne Arundel, Arinc is one of the largest employers in the county. Rockwell Collins looks to Arinc to diversify and complement its own aviation technology offerings
Products, Services, and Solutions
High-speed networking upgrade helps EA-18G jets share electronic intelligence in real time (Nilitary and Aerospace Electronics) Avionics experts at the Boeing Co. Defense, Space & Security segment in St. Louis have upgraded and demonstrated an EA-18G Growler electronic warfare (EW) jet with a new secure high-speed network and onboard sensors to enable to the carrier-based electronic-attack aircraft to locate threats more quickly and accurately, company officials say
Webroot and gateprotect Partner to Deliver a Holistic Approach to Complete Security (Krebs on Security) Agreement Enables Innovative German Security Specialist to Deliver Real-Time Threat and Data Protection from Every Endpoint to any Network Boundary
Fortinet expands secure application delivery product portfolio (Help Net Security) Fortinet announced new additions to its secure application delivery product portfolio that are a result of the company's acquisitions of Coyote Point Systems and XDN
Protect against threats targeting Android (Help Net Security) Palo Alto Networks' WildFire malware analysis sandbox now is capable of analyzing Android applications in the APK file format to identify advanced threats in Android applications
Mega plans to offer encrypted email service (Help Net Security) With Lavabit's closure and Silent Circle's shutdown of its Silent Mail, the question is where to turn next for a secure email service. Prims-break.org has a few suggestions on which to consider
New antivirus system could protect medical devices from infection (FierceMedicalDevices) With more and more medical devices relying on computer programs to operate, finding malware in the software is critical for hospitals, which are the most vulnerable to such infections due to their large networks. Now, computer security experts at the University of Michigan have developed technology capable of detecting these dangerous viruses that can cause devices to malfunction
Technologies, Techniques, and Standards
Four Ways SMBs Can Get More from their Firewalls (Dark Reading) Small and midsize businesses do not have a lot of time on the road to improving their IT security, but the firewall should be the first stop
Meet Darknet, the hidden, anonymous underbelly of the searchable Web (IT World) There's a place lurking beneath the Internet you use every day
Zero-day attacks: How to fight back (Network World) However, virtually everyone is at risk from a zero-day attack. And the threat from zero-day vulnerabilities occurs long before vendor or public discovery, and
Snowden Classified Data Theft was Avoidable, Says Cyber Security Firm - Vir2us CEO Blog Says Most Firms Have Similar Gaps in Protecting Digital Assets (Digital Journal) "The Snowden incident where, according to the New York Times (21Jun2013), a government intelligence worker was able to easily copy and disseminate large amounts of highly sensitive and classified data, highlights one of the fundamental problems of legacy cyber security thinking," said Ed Brinskele, CEO of Vir2us, Inc., in his most recent Cyber Insights blog, Mr. Brinskele reviews the Snowden alleged espionage incident in light of next-generation cyber security technology, which the government is trying to adopt, according to Cyber Insights
Building a more useful audit and compliance function (FierceITSecurity) It's easy to find negative headlines and coverage of IT security products. Harder to find is real-world advice on program improvement. Fortunately, Norman Marks has concrete guidance on building a more effective audit and compliance program
Low Mobile Anti-virus Adoption Set to Drive Security Product Changes (Infosecurity Magazine) Despite mobile device penetration hovering around 100%, good security practices are a good deal less widespread. According to Gartner, willingness to pay for anti-virus software on mobile devices is "low," even as PC sales decline. Thus, new demand for different kinds of solutions will soon drive a wave of change in security product development, the analyst firm said
Meshnet activists rebuilding the internet from scratch (New Scientist) Worried about the NSA snooping on your email? Maybe you need to start creating your own personal internet. The internet is neither neutral nor private, in case you were in any doubt. The US National Security Agency can reportedly collect nearly everything a user does on the net, while internet service providers (ISPs) move traffic according to business agreements, rather than what is best for its customers. So some people have decided to take matters into their own hands, and are building their own net from scratch
How Cyber Security Helps to Transport Gas Safely Across the Continent (Bulk Solids Handling) Operating and maintaining a gas pipeline involves numerous safety concerns. Cyber security assessment is one of the solutions that helps to maintain safety parameters - especially when handling such explosive and flammable goods such as natural gas
A strong MDM strategy begins with HR (FierceMobileIT) Mobile devices in the workplace are reaching critical mass and companies that fail to proactively define a management strategy will soon find themselves in the unfortunate position of playing catch-up. Although a CIO's first instinct is to call a meeting with the IT department to hammer out details for acceptable use policies (AUP), don't forget to include another branch of corporate governance: Human Resources
Cisco sounds alarm on upcoming airwave shortage to affect mobile devices (FierceMobileIT) Brace yourself. Cisco Systems says we'll be facing a nationwide airwave shortage by the end of the year that will affect mobile devices, including cellular phones and tablets. The good news is the FCC is looking at several ways to address the problem
Legislation, Policy, and Regulation
Former Obama Advisor Reveals "We Do Have Domestic Spying Program" (Off the Grid News) President Obama says the federal government is not spying on Americans, but one of his former aides disagrees. Obama appeared on NBC's "The Tonight Show with Jay Leno" Tuesday and defended the National Security Agency's surveillance program. "There is no spying on Americans," Obama said. "We don't have a domestic spying program. What we do have are some mechanisms where we can track a phone number or an email address that we know is connected to some sort of terrorist threat. And that information is useful. But one of his former advisers, Van Jones, said the government indeed is spying on citizens. Jones is a former environmental adviser and currently a senior fellow at the Center for American Progress. He also is co-host of CNN's "Crossfire"
No End To The Snooping (Washington Post) President Obama's message about the government's massive electronic surveillance programs came through loud and clear: Get over it
Obama proposes legislative tweaks to bulk surveillance (FierceGovIT) President Obama announced a handful of prospective changes to intelligence community surveillance efforts including additional oversight, while continuing to argue for their criticality to preventing terrorist attacks
No–Spying Pact With U.S. Called Possible (Washington Post) Germany and the United States will begin talks this month on an agreement not to spy on one another in the wake of revelations by National Security Agency leaker Edward Snowden about massive electronic surveillance by the NSA, a senior German official said Monday
N.S.A. Leaks Make Plan For Cyberdefense Unlikely (New York Times) Even while rapidly expanding its electronic surveillance around the world, the National Security Agency has lobbied inside the government to deploy the equivalent of a Star Wars defense for Americas computer networks. But administration officials say the plan, championed by Gen. Keith B. Alexander, has virtually no chance of moving forward given the backlash against the N.S.A. over the recent disclosures about its surveillance programs
Litigation, Investigation, and Law Enforcement
New profile of Snowden's trusted ally illustrates importance of opsec (Ars Technica) Edward Snowden first bonded with Laura Poitras—the filmmaker and one of the two journalists who first exposed his leaks from the National Security Agency (NSA)—when Snowden "discovered Laura was more suspicious of me than I was of her, and I'm famously paranoid." That revelation comes from a new profile of Poitras in the New York Times Magazine published on Tuesday
Online Gambling Site Cyber Attackers Arrested (Online-Casinos.com) A cyber attack against a Manchester-based online gambling site has made headlines recently with the arrest of two men who have been accused of attempting
IU law prof: NSA surveillance violates privacy (Evansville Courier & Press) An Indiana University law professor is joining a national group of legal experts arguing against the National Security Agency's
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.
Security in Government (SIG) (Canberra, Australia, Aug 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy Division in the Attorney General's Department, Robyn Devin said the SIG conference attracted protective security professionals from both the public and private sector.
A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.
Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.
First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
2013 Cyber Security Division Transition to Practice (TTP) Technology Demonstration for Investors, Integrators, and IT Companies (I3) — West (San Jose, California, USA, Aug 22, 2013) This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories and have the potential to strengthen and organization's cybersecurity posture. During this event cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations, and discussions with the research teams that produced these technologies. In addition, attendees will have an opportunity to schedule a private one-on-one discussion with the Researcher to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research. Registration closes August 12.
Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, Aug 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.