The CyberWire Daily Briefing 08.15.13

Cyber Trends

Rise in data breaches drives interest in cyber insurance (CSO) Companies became much more interested in insurance policies after an incident affected them, study found

Is cyber the new gunpowder and corruption the spark? (Reuters) A 2013 report by Kroll Advisory Solutions suggests that more than two-thirds of all cyber cases involving theft of data stem from corrupt corporate insiders - but that companies' desire to deal with incidents quietly and internally means they rarely reach the public eye

Anonymous is not anonymous (InfoWorld) At this point, most of us would welcome shelter from the gaze of government cyber spies. Here are six reasons why that may be unattainable

Putting an end to 'strike back' / 'active defense' debate (Curmudgeonly Ways) The concept of "hack/strike back", under any of its names, is decades old. Every year or three it surfaces again and makes news. Almost every time, it is a result of a new company claiming they do it to some degree. This extends to the related idea of "active defense", which is equally absurd. Not only because it is used as a cop-out fallback when a company is challenged on notion of "hack back", because the term is misleading at best

A Prescription for Cloud Data Security for Healthcare Service Providers (Help Net Security) Cloud services are here to stay, and practically everybody is embracing them. In fact, the cloud computing industry is growing at the torrid pace of nearly 30% per year right now, according to Pike Research

Legislation, Policy and Regulation

Brazil Mulls Taking Complaints on U.S. Spying to U.N. (Wall Street Journal) Brazil is considering taking its complaints on the U.S. National Security Agency's surveillance of Brazilian Internet data for discussion at the United Nations, Brazilian Communications Minister Paulo Bernardo said Wednesday

An Educated Guess About How the NSA Is Structured (The Atlantic) Want to understand how an organism really works? Take a look at its plumbing. Figure out where the pipes fit together. That's the approach I take to national security and that's the spirit behind this look at the structure of one of the most important institutions in U.S. intelligence: the National Security Agency

Intelligence committee urged to explain if they withheld crucial NSA document (The Guardian) Critics demand answers from chairman Mike Rogers after claims that committee failed to share document before key vote

The Other Side Of The Surveillance Story (Washington Post) It's time for the intelligence community to have its side of the debate over the National Security Agencys collection programs explained

The Job Of Protecting Security And Privacy ((McClatchy Newspapers) Many Americans probably don't know that there is a senior official whose job by law is to help ensure that civil liberties and privacy protections are built into intelligence programs. I am that official - the "Civil Liberties Protection Officer." I engage with the director of national intelligence and other intelligence officials to oversee and guide intelligence activities

The Snowden Revelations and Cybersecurity (Lawfare) One immediate consequence of Snowden's various revelations about massive USG surveillance - at home and especially abroad - was to put a chill on the loud U.S. campaign against Chinese cyber-snooping. (The hypocrisy in the U.S. position, and the fecklessness of mere complaints about the Chinese practice, was something that I and others have been pointing out for a while.) Yesterday David Sanger reported on another cybersecurity-related casualty: The NSA's ambitious plans to screen all Internet traffic in the United States for malicious cyber agents

Bitcoin laws are coming: US Senate launches virty currency probe (The Register) Who can regulate it and how? The heat is on for Bitcoin and other virtual currencies in the US, with lawmakers at the highest levels of government now actively investigating how to regulate the upstart digital monies

Think tank wants dedicated infosec minister, 'modern' data retention (The Register) Australian Strategic Policy Institute says government lacks infosec focus. The Australian Strategic Policy Institute (ASPI) has issued an "Agenda for Change" (PDF) that suggests data retention is a necessary centrepiece of Australia's future homeland security needs

Government urged to put up customised defence to combat cyber attacks (Computer News Middle East) Investing in anti-virus software is no longer enough to counter cyber attacks on vital data systems, especially if national security is at stake. This was what Trend Micro security experts said as they urged the Philippine government to draw up a defence plan against cyber attacks. "Look at what your neighbours are doing and what they are investing in to combat computer attacks," they said, adding that the country has to go beyond anti-virus software

DIRECTIVE 2013/40/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA (European Parliament) The objectives of this Directive are to approximate the criminal law of the Member States in the area of attacks against information systems by establishing minimum rules concerning the definition of criminal offences and the relevant sanctions and to improve cooperation between competent authorities, including the police and other specialised law enforcement services of the Member States, as well as the competent specialised Union agencies and bodies

Aggressive defence needed against cyber threats, expert says (Ottawa Citizen) Canada must aggressively deploy its spies and other intelligence capabilities against accelerating cyber threats to the country's vital digital infrastructure, says a leading expert. Angela Gendron, writing in the Canadian Foreign Policy Journal, delivers a meaty 11,000-word assessment of the risks and dangers that digital technologies have wrought for the country's critical infrastructure, from the machinery of government to public utilities, communications, transportation, energy and finance

Products, Services, and Solutions

Intigua: Automate the provisioning of management technologies (Help Net Security) CIOs today are asking their IT teams to build private clouds that reflect the on-demand simplicity and agility that Amazon Web Services delivers in its public cloud. Unlike with public clouds

MS SQL Agent facilitates the collection of MSSQL audit records (Help Net Security) SNARE for MSSQL allows a security administrator to remotely set up, control and monitor the application through a standard web browser and a self-contained installation package, including Setup Wizard

Kaspersky updates its security solutions for home users (Help Net Security) Kaspersky Lab released Kaspersky Anti-Virus 2014 and Kaspersky Internet Security 2014. Both products now include ZETA Shield antivirus technology, which performs an in-depth scan of files and

Free Android anti–virus for mobile devices (Help Net Security) Avira Free Android Security reached 2.0 and offers antivirus scanning and removal, as well as retaining the remote lock, wipe and 'scream' features available in the original version

Secure rugged Android tablet for the government (Infosecurity Magazine) Becrypt announced a new technology partnership with Getac to provide the first secure Android tablet solution suitable for military, defence and government and wider public sector markets based on Getac's ruggedized devices

Identify unknown internal email-enabled systems (Help Net Security) Sendmail today introduced Sentrion Rogue Email Application Control (REAC) 2.0, the first inside-threat protection application with new Big Data search capabilities to further protect organizations against the growing internal threats posed by machine-generated email, which accounts for more than 50% of all corporate email traffic

Circumventing Communications Blackouts (Schneier on Security) Rangzen looks like a really interesting ad hoc mesh networking system to circumvent government-imposed communications blackouts. I am particularly interested in how it uses reputation to determine who can be trusted, while maintaining some level of anonymity

Technologies, Techniques, and Standards

Imaging LUKS Encrypted Drives (Internet Storm Center) This is a "guest diary" submitted by Tom Webb. We will gladly forward any responses or please use our comment/forum section to comment publically. Tom is currently enrolled in the SANS Masters Program. When imaging a live system there are several factors to be taken into account. But this post is going to cover encrypted Linux systems. Use of the logical drive for imaging encrypted systems is critical if you do not have the decryption password

Researchers Put a Dent in the Twitter Underground (Threatpost) A USENIX paper presented yesterday explains how a team of researchers was able to disrupt a small portion of the underground merchants selling fraudulent Twitter accounts

DKIM: Useless or just disappointing? (ZDNet) Now that DKIM is established as the leading method for sender authentication, it's clear that it doesn't really claim to do all that much, and fails even at that. Spam is perhaps the oldest of security problems affecting Internet users widely. A lot of effort has been put into fighting it, and yet it persists. Even the most advanced of standards for combating spam fails in the face of a simple spoofing attack. There's probably nothing that standards bodies can do that will make a real difference

Don't Get Hacked — Tools to Fight Cyber Attacks (Entrepreneur) Here's an unfortunate and immutable fact: You will never be 100 percent immune to hacking. If someone targets and wants to get something from you, they'll figure out a way in. Even if your small business judiciously focuses on tightening security, you have a countless number of cyber doors to protect, and the bad guys only need to access one. It's a battle of asymmetry

Covert Tops (Washington Post) Fed up with surveillance, activists are designing ways to thwart prying eyes and ears

Dear CSO, do you know how to build security culture? (Help Net Security) What do you really know about security culture? I am going out on a limb here and claim you know very little, if anything at all. Your day job is about security, and like most CSOs out there, you

Why isn't RAM analysis part of every computer forensic investigation? (Digital Forensic Investigator) To the analyst, RAM is just a large blob of data with minimal structure, at least not the structure that we are expecting to see when it comes to operating systems

Video: How private companies can do self-defense (SC Magazine) Robert Clark, attorney for the U.S. Army Cyber Command, discusses how private companies can perform "active defense" during this press conference at this year's Black Hat conference in Las Vegas

Marketplace

Cyber: Protecting Britain's national security and the defence supply chain (Defence Management) The Ministry of Defence has boldly set out to boost the UK's cyber security, in partnership with a handful of the UK's leading defence firms. Peter Armstrong, director of cyber security at Thales UK, one of the firms involved, outlines the partnership's key priorities for the year ahead

How A 'Deviant' Philosopher Built Palantir, A CIA–Funded Data–Mining Juggernaut (Forbes) Since rumors began to spread that a startup called Palantir helped to kill Osama bin Laden, Alex Karp hasn't had much time to himself

Meet The American Dealer Of Swiss Data Secrecy (Forbes) The Swiss reputation for low taxation and secrecy is well known when it comes to money, but it's also becoming a popular place to store data, thanks to the country's strict, data-protection laws that are at odds with those of the European Union. While U.S. encryption services like Silent Circle are planning to establish servers in Switzerland for that reason, a scrappy startup called PrivacyAbroad has begun promoting itself as a rare conduit to Swiss data services

Cisco to Slash 4,000 Jobs (SecurityWeek) Just days after announcing that it would pay $2.7 billion to acquire network security firm Sourcefire, Cisco said Wednesday that it would cut 4,000 jobs, or roughly five percent of its workforce in an effort to cut costs. Cisco executives said the cuts were in response to a weaker-than-expected economic recovery

Desperate Obama Not Helping Tech Leaders (MoneyNews) The law of unintended consequences reached Silicon Valley this summer. Thanks to Edward Snowden, the whole world knows not to trust U.S. Internet companies with private data. The cost will likely be huge

Watchful Software Recognized as CRN Emerging Vendor for 2013 (MarketWatch) Watchful Software, a leading provider of data-centric information security solutions, today announced it has been named a 2013 Emerging Technology vendor by UBM Tech Channel's CRN Magazine. The annual list highlights hot tech startups making an impact on the channel and an impression on the tech industry as a whole. These up-and-coming technology vendors have recently introduced a new product or technology that is not only innovative, but addresses a key strategic issue that solution providers require answers for in today's competitive marketplace

4 Things VMware Must Do At VMworld (InformationWeek) VMware CEO Gelsinger needs to show customers a new leadership team and a company that understands how to compete in a multi-hypervisor marketplace

BlackBerry forms special committee to 'explore strategic alternatives' (FierceMobileIT) BlackBerry looks like it's decided to stop bailing water and just abandon ship altogether. After flailing around for the past few years, the Canadian mobile device maker announced it has assembled a special committee to "explore strategic alternatives."

BlackBerry's patents could be worth $5bn if it finds a single buyer (ZDNet) While BlackBerry's future is still to be decided, the value of its patents is looking more certain

BlackBerry: It's the end–to–endness, stupid (The Register) RIM's miracle impossible to recreate - but that won't stop people trying. Going private still looks the most likely next step for BlackBerry, with Prem Watsa, the largest shareholder in the company, resigning from its board this week, apparently to put together a deal. Watsa still holds almost 10 per cent of BlackBerry stock

As Dell battle drones on, operating challenges escalate (FierceFinance) In the thick of a private equity show down, priorities tend to get inverted. In the Dell buyout drama, for example, various reports about the poor state of the PC market have dribbled out amid the Michael Dell vs. Carl Icahn back and forth. Those reports attest to terrible market conditions, yet the reports have been seen as good news, at least for Team Dell-Silver Lake

Proofpoint Buys Armorize Technologies (eSecurity Planet) California-based Proofpoint recently announced the acquisition of Taiwanese cloud-based anti-malware solutions developer Armorize Technologies for approximately $25 million in cash. The deal is expected to close in the third quarter of 2013

IBM to acquire endpoint security company Trusteer (CSO) IBM is also setting up a cybersecurity software lab in Israel

Research and Development

Encryption is less secure than we thought (MIT News) For 65 years, most information-theoretic analyses of cryptographic systems have made a mathematical assumption that turns out to be wrong

Security Patches, Mitigations, and Software Updates

Microsoft Starts Countdown on Eliminating MD5 (Threatpost) Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm

Google patches Android after Bitcoin wallet issue (CSO) Applications that used the random number generator within Android could be at risk

Microsoft pulls faulty Exchange 2013 patch HOURS after release (The Register) Patch Tuesday's fudged fix: Sysadmins, quick - turn Outside In inside out. Microsoft has pulled a security update for Exchange 2013 after problems emerged with the latest patch to the email server software just hours after its release

Cyber Attacks, Threats, and Vulnerabilities

#OpIsrael: Pakistani hacker H4x0r HuSsY celebrates independence by hacking 650+ Israeli websites (Hack Read) A Pakistani hacker going with the handle of H4x0r HuSsY has hacked and defaced 650+ Israeli websites on the eve of Pakistan's independence day. Hack was conducted for #OpIsrael where hacker left a deface page along with a message on all hacked websites displaying message against Israel and in support of Palestine. The deface message was expressed in following words

OpIsrael Reloaded: Official Mazda Motors and 20 Israeli Porn websites hacked by Indonesian SultanHaikal (Hack Read) Well known Indonesian hacker going with the handle of SultanHaikal has hacked and defaced the official website of Mazda motors club

Iran's Web Defacement Archive Website Hacked, database and thousands of accounts leaked by OxAlien (Hack Read) OxAlien, known for his high profile Virgin Radio Dubai hack is back in news by breaching into an Iranian based cyber crime and events archive website, as a result the database and 2000+ login accounts have been leaked online. The site is not government owned yet contains massive data, exposing login details of site users. The hacker contacted me on Twitter and explained why the site was targeted, a similar

Iran: How a Third Tier Cyber Power Can Still Threaten the United States (Atlantic Council) When most people think of the "military option" against Iran, they imagine a US attack that takes out Iran's most important known nuclear facilities at Natanz, Fordow, Arak, and Isfahan. They expect Iran to retaliate by closing the Strait of Hormuz, sending missiles into Israel, and/or supporting terrorist attacks on US personnel in Iraq and Afghanistan

1600 Websites hacked by TurkHackTeam against Chinese Uyghur Muslims Massacre (Hack Read) Turkish hackers from Turk Hack Team have hacked and defaced more then 1600 websites against alleged killings of Uyghur Muslims in China. All sites were left with deface pages along with different deface messages, protesting against the Chinese government for conducting massacre against Chinese based Uyghur Muslims

Al–Qaida threat that closed US embassies was discussed by leaders in online jihadi chat room (Washington Post) Al-Qaida fighters have been using secretive chat rooms and encrypted Internet message boards for planning and coordinating attacks -- including the threatened if vague plot that U.S. officials say closed 19 diplomatic posts across Africa and the Middle East for more than a week

Terrorists Turn To Secretive Forum To Evade U.S. (Miami Herald) Al-Qaida fighters have been using secretive chat rooms and encrypted Internet message boards for planning and coordinating attacks including the threatened if vague plot that U.S. officials say closed 19 diplomatic posts across Africa and the Middle East for more than a week

Online forums provide key havens for terror plots (WLOS) One expert calls it a cat-and-mouse game between terrorist groups that can buy commercial technology and intelligence agencies that are trying to find ways to

Osama Bin Pwned: Al Qaeda mocked in Twitter counter–jihad (The Register) Terror group asks world+dog to suggest a PR strategy. And thousands reply. Al Qaeda has come under attack from a massive troll army after asking Twitter users for ideas on how jihadis could run a PR campaign

Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability (Trend Micro Security Intelligence Blog) About a month ago, the Apache Software Foundation released Struts 2.3.15.1, an update to the popular Java Web application development framework. The patch was released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers

Hackers find new way to stuff malware in Android mobile devices (FierceMobileIT) Firewall vendor Palo Alto discovered recently that hackers are using ad networks to deliver malware to Android devices. InformationWeek's Mathew J. Schwartz says, "they've discovered a series of attacks that have been serving up malicious code by hacking into an ad network's software development kit (SDK). Developers add these SDKs to their Android apps to tie into mobile advertising networks and earn referral fees"

New ransomware threat 'Browlock' freezes computers and demands payment (SC Magazine) Security firm F-Secure is tracking a new ransomware family known as Browlock, which spreads by tricking unsuspecting web surfers into believing the police are after them

Joomla exploit doing rounds, users advised to update (Help Net Security) Users who run their sites own sites and use the Joomla CMS but haven't updated it in a while should do so immediately if they don't want to see their sites compromised and hosting malicious content

Is that YouTube Video Downloader browser plugin safe? Beware! (Graham Cluley) Cybercriminals have created YouTube video downloading plugins for your browser which can lead to your computer being infected with malware, or help them earn money by messing with your browser's search results or displaying unauthorised adverts

How Attackers Target And Exploit Social Networking Users (Dark Reading) A look at the security issues surrounding the use of social networks in the workplace -- and what you can do about them

Facebook phishing: manual session hijacking (zscaler) We have reported a number of Facebook phishing pages and scams on this blog. Attackers always come up with clever ideas to fool users in order to obtain their credentials. One of these phishing tricks is a "poor-man" session hijacking attack whereby the user is fooled into copying and pasting a Facebook URL containing the session ID or other credentials into a malicious page. I'll describe such an example that I spotted this past weekend

CookieBomb still dropping malicious content (zscaler) Cookiebomb is a malicious obfuscated javascript injection put onto legitmate sites. We've talked on this blog about compromised sites before, but this one appears to still be fully functional and actively spreading malicious content to unsuspecting users. The talent at MalwareMustDie is onto their shenanigans as well. As they have mentioned, this is a multi-redirection exploitation that uses 2 stage obfusacation to hide it's malicious payload. The curious thing about this situation is that few AV vendors haven't taken note of the good research. The final dropped file being detected by only 7/45 vendors

Java — The Gift That Keeps On Giving (F-Secure) I bet vulnerability researchers love Java. It seems that especially the 2D sub-component of Java has felt their love lately: since the out-of-band patch for CVE-2013-0809 and CVE-2013-1493 in March 2013, 2D has been the most patched sub-component with a total of 18 fixed vulnerabilities. Fortunately, CVE-2013-1493 has been the only one of these exploited in the wild

Targeted Attacks Delivering Fruit (Symantec) Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT

Google confirms Bitcoin–theft vulnerability in Android (ZDNet) An initialisation flaw within the Java Cryptography Architecture has been patched, but not before leaving Android vulnerable to attacks resulting in Bitcoin theft

Kaspersky warns on offline cyber attacks through USB drives (Human IPO) Kaspersky Lab has warned users they need to protect themselves from threats facing their computers and digital devices from offline sources

Lost flash drive compromises data for thousands of students (SC Magazine) More than 20,000 students across 36 schools in the Boston Public School (BPS) system had their data compromised when the district's ID card vendor Plastic Card Systems lost a flash drive containing the information

Cogent Healthcare Acknowledges Data Breach (eSecurity Planet) Approximately 32,000 patients' personal health information may have been exposed

Baby monitor hack highlights manufacturers' security shortfalls (CSO) In addition to lax passwords, manufacturer lacks a effective way to get its patches and updates out to customers

Hackers not responsible for New York Times website wipeout (The Register) Hours-long outage attributed to internal systems fault

DNSSEC administration likely cause of .gov outage (FierceGovIT) A government website outage that lasted for hours the morning of Aug. 14 was likely caused by a failure to update a cryptographic key necessary for DNSSEC, says cybersecurity researcher Johannes Ullrich

Litigation, Investigation, and Enforcement

Users Have No Expectation of Privacy in Gmail Says Google (Infosecurity Magazine) In filing a motion to dismiss a class action that it illegally intercepts and reads emails, Google lawyers have invoked a ruling from a 1979 court case (Smith vs Maryland) that originally referred to telephony

NSA, DEA, IRS Lie About Fact That Americans Are Routinely Spied On By Our Government: Time For A Special Prosecutor (Forbes) It seems that every day brings a new revelation about the scope of the NSA's heretofore secret warrantless mass surveillance programs. And as we learn more, the picture becomes increasingly alarming. Last week we discovered that the NSA shares information with a division of the Drug Enforcement Agency called the Special Operations Division (SOD). The DEA uses the information in drug investigations. But it also gives NSA data out to other agencies - in particular, the Internal Revenue Service, which, as you might imagine, is always looking for information on tax cheats

Fired flight attendant forced to give employer access to Facebook and bank accounts (Naked Security) A flight attendant was forced to allow her employer to examine her Facebook activity and bank account after she was fired over her activity while on sick leave

Design and Innovation

The Trouble With Smartphone Kill Switches (InformationWeek) To fight smartphone theft, public officials tell smartphone makers to add remote-deactivation, tracking and recovery features. But manufacturers may not do the job right