The CyberWire Daily Briefing for 8.19.2013

Cyber Attacks, Threats, and Vulnerabilities

Al-Qaeda targeting European railways: report (al Jazeera) German newspaper says the plan came to light during al-Qaeda call intercepted by US National Security Agency. Authorities in Germany have deployed plain-clothes police officers at key stations, report says [AFP] Al-Qaeda is plotting attacks on Europe's high-speed rail network, German newspaper Bild reported on Monday, citing intelligence sources. The group could plant explosives on trains and tunnels or sabotage tracks and electrical cabling, said Bild, Europe's most widely-read daily. The newspaper said the information came from the National Security Agency (NSA) in the United States, which had listened in to a call involving top al-Qaeda operatives

UK lawmaker to ask police to explain detention (Seattle Times) A British lawmaker says he will ask police to explain why the partner of a journalist who received leaks from former National Security Agency contractor Edward Snowden was detained for nearly nine hours at Heathrow Airport. Keith Vaz, the chairman of the Home Affairs Select Committee, said Monday that he wants to know why police stopped David Miranda, the partner of Guardian journalist Glenn Greenwald

In Another Recent Display of Cyber Politics, SEA Hackers Take on The Washington Post and Others (Digital Journal) Last week's reported site redirection hack attack on The Washington Post and others wasn't the first time the Syrian Electronic Army (the SEA) tangled with major news outlets, back in April they hijacked Associated Press (AP) Twitter accounts, and for a few brief moments, sparked a panic which prompted a scary $136 billion stock market death spin based on faked AP Tweets that the White House had been bombed and President Obama had been injured. "The ripple effects of any type of successful cyber attack on a prominent and trusted organization can be mind boggling, but the social engineering possibilities of a successful redirection attack can lead organizations of any size to very dark places if the attackers have a more sinister objective in mind," says Joe Caruso, CEO/CTO of Global Digital Forensics, a premiere cyber security solutions provider with years of experience in the trenches of the real-world cyber battlefield

IIA Accuses ISI of Pakistan for Targeting BSNL with Cyber Attacks (SPAMfighter News) Propakistani.pk reported on 7th August, 2013 stating that Indian Intelligence Agency (IIA) has claimed that Pakistan's Secret Service, better known as ISI (Inter Services Intelligence) has launched a cyber attack on BSNL (Bharat Sanchar Nigam Ltd), India's state-owned telecom giant. Indian secret agency, usually called the IIA, believes that somebody from Pakistan pretending to be one 'Major Vijay' from Indian Army headquarters had phoned up a BSNL worker in February this year, and followed it up by email communication with the employee to obtain crucial information

Scammers catch porn users with 'ransomware' (NEWS.com.au) A PORNOGRAPHY consumer who called the police in tears is among hundreds of Australians whose computers have been hacked by cyber criminals while viewing adult websites. According to Fairfax, foreign gangs have been holding porn consumers ransom after infecting their PCs with viruses known as "ransomware'', which includes the "ukash", "reveton" and "trojan.ransomlock" viruses. The cyber criminals, who falsely claim to be members of the Australian Federal Police, "kidnap" a computer user's data and demand a ransom for its return, In this case, they have reportedly been activating the webcams on the users' computers. The viruses lock the desktop and post an incriminating image of the person on their screen before warning they have breached federal laws relating to child pornography, copyright or privacy, Fairfax reports

The Rise of Critical Infrastructure Attacks: Understanding the Privileged Connection and Common Thread (Intelligent Utility) Over the past two years, an alarming number of headline-grabbing cyber attacks, viruses and data breaches have targeted critical infrastructure-Stuxnet, Flame, Shamoon, and Red October to name just a few. These attacks have kept many organizations dealing in critical infrastructure on high alert. Recently, for example, researchers uncovered that the industrial control system used to manage Google's Australian offices had several security vulnerabilities that would enable hackers to adjust the heating and cooling controls in their offices (which could potentially damage equipment sensitive to heat and humidity). Subsequent research showed that hundreds of businesses across Australia are just as susceptible to attack - they have similar vulnerabilities in their building control systems as well

THREE THINGS JOURNALISTS, MEDIA OUTLETS, AND YOU SHOULD DO TO GUARD AGAINST HACKERS (CSO) Journalists and media outlets are prime targets for activists and politically-motivated hackers. Here are some tips to defend against getting hacked. The Washington Post, CNN, and Time magazine were all victims this week of attack from the pro-Assad Syrian Electronic Army (SEA). It seems to be a rising trend, and one that journalists and media outlets should pay attention to. Thankfully, there are some steps they (and you as well even if you're not a journalist or media outlet) can take to protect themselves from such attacks. To be fair, the Washington Post, CNN, and Time magazine were not directly compromised. Security experts indicate that the attackers actually used a sort of back door by attacking Outbrain—a marketing organization used by those media outlets

Cybercriminals add new exploit for patched Java vulnerability to their arsenal (CSO) Newly released exploit for Java vulnerability patched in June was added to the Styx exploit toolkit, researcher said Cybercriminals were quick to integrate a newly released exploit for a Java vulnerability patched in June into a tool used to launch mass attacks against users, an independent malware researcher warned. The exploit targets a critical vulnerability identified as CVE-2013-2465 that affects all Java versions older than Java 7 Update 25 and can enable remote code execution. The vulnerability was patched by Oracle in its June Critical Patch Update for Java

U.S. Dept. of Energy reports second security breach (CSO) For the second time this year, the U.S. Department of Energy is recovering from a data breach involving the personally identifying information of federal employees In a letter sent to employees on Wednesday, the U.S. Department of Energy (DOE) disclosed a security incident, which resulted in the loss of personally identifying information (PII) to unauthorized individuals. This is the second time this year such a breach has occurred. The letter, obtained by the Wall Street Journal, doesn't identify the root cause of the incident, or provide much detail, other than the fact that no classified data was lost

Edward Snowden downloaded NSA secrets while working for Dell: Sources (The Economic Times) Former intelligence contractor Edward Snowden began downloading documents describing the U.S. government's electronic spying programs while he was working for Dell Inc in April 2012, almost a year earlier than previously reported, according to U.S. officials and other sources familiar with the matter. Snowden, who was granted a year's asylum by Russia on Aug. 1, worked for Dell from 2009 until earlier this year, assigned as a contractor to U.S. National Security Agency facilities in the United States and Japan

New discovery may make encryption 'exponentially easier' to break (Extreme Tech) "Brute force" may not seem like a term well suited to mathematics or the quiet pursuits in cryptography that helped drive information security from the Second World War on through to the modern surveillance state. Yet, it's a term that may come back to prominence in the coming years, as researchers inch closer to finding the cracks in modern encryption algorithms. While programs like PRISM and XKeyScore may have access to your emails and social media, they've gained that access through legal requests, not hacking — encryption is still theoretically secure from mathematical attacks both sophisticated and brute

Tibetans Under Cyber Attack – And The Security Industry Isn't Helping (Tech Week Europe) Tibetans are pummelled with cyber attacks, but the security industry is not helping, and may even be hindering, TechWeek hears. Cyber Repression: Every month or so, a report on the latest malware attack aimed at Tibetans will emerge. But the reality is the frequency and range of Internet-based assaults on the people of Tibet, as well as their families, friends and associates, are far greater than people know. "Attacks happen pretty much every day," says Nart Villeneuve, from FireEye. Activists, Tibetan leaders and human rights activists operating in the area are the traditional targets. Off-the-shelf malware is regularly thrown at their systems, as highlighted this week, when the website of the Central Tibetan Administration, the Tibetan Government-in Exile's official Chinese language website, was hacked. Once users visited the site, they were redirected to an exploit that dropped a backdoor on their systems

The Changing Face Of Advanced Persistent Threats (Dark Reading) Earlier this year, a small aerospace company asked AccessData, a forensics and security firm, to investigate how its data had ended up on file-sharing service Box.com. The firm, which AccessData declined to identify, had received a call from the file-sharing service's sales team asking if it wanted to upgrade its accounts to Box's enterprise service. The only problem: The aerospace company had never signed up for Box

Ask.fm Makes Changes To Safety Policy Aimed At Combating Bullying In Wake Of Teen Suicide (Tech Crunch) Ask.fm, a social network startup built around a Q&A format which has a predominantly teenage user-base, has announced changes to its safety policy after completing an internal audit of its procedures. This follows heightened concerns about bullying on the site, following the suicide of U.K. teenager Hannah Smith earlier this month. The 14-year-old had apparently received abusive messages from other Ask.fm users

JIGSAW PEN-TESTING TOOL SPOTTED IN ATTACKS (ThreatPost) If you've run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networking tools such as Metasploit, Nessus and Nmap, cybercrime groups have been known to pervert them for harm. Such may be the case with Jigsaw, which researchers at RSA Security's FraudAction team said they've seen being used in active attacks

Cyber Trends

Cloud market destined to change following NSA leaks (Network World) Internet surveillance by the National Security Agency (NSA), leaked to the media by ex-contractor Edward Snowden, has shifted companies' priorities when sizing up cloud services providers in and outside the U.S., experts say. The economic impact to the industry is open to debate. The Information Technology & Innovation Foundation estimated last week that U.S. cloud providers could lose as much as $35 billion in business by 2016, as companies flee to rivals overseas

Cyber attacks climb the asset management risk agenda (Financial News) The number of chief risk officers in the asset management industry who are now focusing on data and cyber security to head off attacks has tripled in the past year

IBM, Oracle and EMC under scanner in China: Report (The Times of India) China's Ministry of Public Security and a cabinet-level research centre are preparing to probe IBM, Oracle and EMC over security issues, a newspaper report said. The report follows revelations by former US spy agency contractor Edward Snowden of widespread surveillance by the National Security Agency and his assertion that the agency hacked into critical network infrastructure at universities in China and in Hong Kong

Marketplace

Microsoft apologizes for Outlook, ActiveSync downtime, says error overloaded servers (The Verge) In a lengthy update to its service status page, Microsoft has explained the causes and resolutions to the extended downtime Outlook.com and Exchange ActiveSync users experienced earlier this week. The company says that it has "restored service so all customers should have normal access from all of their devices," though as The Next Web notes, there is still an issue for "a small percentage of mobile users" as of this writing. Microsoft's explanation details the triage work system administrators needed to go through to identify and resolve the outage. The main issue was "a failure in a caching service that interfaces with devices using Exchange ActiveSync." That failure caused a cascade effect where devices flooded Microsoft's servers with traffic that they weren't able to handle, taking down Outlook and SkyDrive

Facebook fixes timeline bug, cites language trouble in delay (CSO) A researcher in Palestine broke Facebook's rules by using a bug to post a message on Mark Zuckerberg's Timeline A Facebook engineer blamed language difficulties and documentation issues for a delay in fixing a bug that let a security researcher post directly to founder Mark Zuckerberg's Timeline, which is restricted if two users aren't friends. Khalil Shreateh, who lives in Palestine, demonstrated the vulnerability by writing a message on Zuckerberg's Timeline after an earlier bug report he submitted wasn't acted upon, according to his blog

Google to encrypt Cloud Storage data by default (CSO) Users can choose if they want to hold the encryption keys themselves Google said Thursday it will by default encrypt data warehoused in its Cloud Storage service. The server-side encryption is now active for all new data written to Cloud Storage, and older data will be encrypted in the coming months, wrote Dave Barth, a Google product manager, in a blog post. "If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," Barth wrote. "We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing

Global Cyber Security Market to Reach $120.1 Billion by 2017 at a 11.3% CAGR – New Report by MarketsandMarkets (WatchList News) According to a new market research report "Cyber Security Market (Identity & Access Management (IAM), Risk & Compliance Management, Data Encryption, Data Leakage Prevention (DLP) Solution, Data Recovery Solutions, Unified Threat Management (UTM), Anti-Virus, IPS/IDS, Web Filtering, Fire-Wall, Vulnerability Management): Advanced Technologies, Geographical Analysis and Worldwide Market Forecasts (2012 – 2017)", the Cyber security market is expected to reach $120.1 billion by 2017 at a CAGR of 11.3% from 2012 to 2017

Deep Packet Inspection - Market Analysis & Forecasts: 2013-2018 (Networking @ IT Business Net) Research and Markets (http://www.researchandmarkets.com/research/s4k4cj/deep_packet) has announced the addition of the "Deep Packet Inspection: Market Analysis & Forecasts" report to their offering

In 'cyber' Maryland, a bid for business growth (The Baltimore Sun ) Business leaders try to leverage federal installations to spur on commercial ventures. Zuly Gonzalez and Beau Adkins used to work at the National Security Agency. Now they run a cybersecurity firm in Catonsville, helping companies defend against online threats. They're the embodiment of why Maryland officials call the state the nation's "epicenter" of cybersecurity: big federal installations here that focus on cyber problems, and all the private-sector growth related to it

The NSA's Contractor Problem (Voice of America) Another Worry In An Already Bad Summer For The NSA. In recent weeks, much attention has been paid to the privacy implications of the NSA's surveillance programs, and rightly so. Now comes a new issue. Edward Snowden, the man behind this summer's leaks about secret U.S. programs to monitor wide swaths of electronic communications, isn't just a big headache for the NSA. He was also a contractor for the agency, working through the private firm Booz Allen Hamilton. His revelations about programs such as PRISM have not only raised concerns about the extent of U.S. surveillance, but the out-sized and pervasive role of outside private contractors play in the NSA's operations

Why we should still be worried about what Google said regarding Gmail privacy (Naked Security) Last week a furore erupted over a statement Google made about privacy - it was widely, and incorrectly, interpreted as having said that Gmail users could have no legitimate expectation of privacy. Google was then widely re-interpreted, correctly, as not having said that. So what happened, what did it say, and now that the mistake has been corrected is everything rosy in the garden

McAfee regrets 'flawed' trillion dollar cybercrime claims (AFR.com) McAfee chief technology officer Mike Fey said he regretted his own company's estimates, which once pinned global losses from cyber crime at more than $1 trillion. Attempts to quantify the global financial losses of cybercrime are distracting from the real problem, according to a senior executive at Intel's security subsidiary McAfee. Global chief technology officer Mike Fey told The Australian Financial Review that he regretted his own company's estimates, which once pinned global losses from cybercrime at more than $US1 trillion, and that even recent, more conservative estimates were "hard for me to swallow". "I wish we had never put a dollar figure on it," Mr Fey said. "[It is] very scary to just latch onto the number. "People take that half-a-trillion number, and say 'that's what it's worth'. What they forget is organisations are spending a very large amount of money to defer attacks today – so there's an additive number that has to go on top of that. It would be like saying car crashes kill three people a year in this particular city, so how much should we invest in stop lights. It's flawed

Products, Services, and Solutions

Panda Security launches 2014 retail line (Help Net Security) Panda Security launched Panda Global Protection 2014, Panda Internet Security 2014 and Panda Antivirus Pro 2014. Designed to provide complete protection with minimum impact on PC performance, the new Retail 2014 solutions leverage all of the benefits of cloud-based security to tackle all types of threats from the digital world: viruses, hackers, online fraud, and identity theft, in addition to known and unknown threats. All products in the new line-up are easy-to-use, secure, consume minimal PC resources and are built on Panda Security's Collective Intelligence system, which has extended its multi-platform coverage

Academia

Cyber attacks spark demand for training, jobs (WRAL.com) Dominique McCarroll gets surprised by how little people seem to know about computers here. It's something the Alabama State University senior said she's seen a lot as she pursued a computer information systems degree and got a security certification. "There were things I thought would have been common knowledge," McCarroll said

NSA establishes $60 million data analytics lab at NC State (Miami Herald) As the field of "big data" continues to grow in importance, N.C. State University has landed a big coup – a major lab for the study of data analysis, funded by the National Security Agency. A $60.75 million grant from the NSA is the largest research grant in NCSU's history – three times bigger than any previous award

Legislation, Policy, and Regulation

Put NSA 'violations' in proper context: Opposing view (USA TODAY) President Obama has called for a national conversation on the balance between securityand liberty, between necessary surveillance and necessary privacy. That's a good thing. It would be an even better thing if the discussion were fact-based, rather than contaminated by unreasonable fear, ignorance, misinformation and more than a little posturing

Lawmakers: NSA reform needed (CNN blog) Republican Rep. Justin Amash of Michigan said Sunday he's hopeful the House will have another chance to vote on a measure that would curb the National Security Agency

Congress to weigh limits on surveillance programs (Associated Press) The U.S. House of Representatives will consider legislation that would cut off funds for the National Security Agency's surveillance programs and impose limits on their operations. The chamber's Rules Committee voted late Monday to allow the NSA amendments to the $598.3 billion defense bill. The House begins consideration of the sweeping measure Tuesday. One amendment would bar the NSA from collecting records, including telephone records, unless the individual is the subject of an investigation

Rand Paul: NSA Spying 'Unconstitutional,' Can't Be Saved By More Oversight (Huffington Post) Sen. Rand Paul (R-Ky.) called for congressional hearings on the National Security Agency's data collection on Sunday, while saying that much of the program is unconstitutional and likely can't be improved by oversight. "You know, I think it would be better with more oversight, but there are some things they are doing that I fundamentally think are unconstitutional," Paul said

No-spying pact with U.S. called possible (The Washington Post) Germany and the United States will begin talks this month on an agreement not to spy on one another in the wake of revelations by National Security Agency leaker Edward Snowden about massive electronic surveillance by the NSA, a senior German official said Monday

US official: New anti-leak measures set at NSA (Associated Press) The National Security Agency is implementing new security measures because of the disclosures by former NSA-systems-analyst-turned-fugitive Edward Snowden, a top defense official said Thursday. Deputy Defense Secretary Ashton Carter said systems administrators like Snowden must now work with a colleague when accessing sensitive, compartmented intelligence — the kind Snowden leaked to the media. The information revealed that the agency was gathering millions of U.S. phone records and intercepting some U.S. Internet traffic

Germany recognizes Bitcoin as a "private money," subject to capital gains tax (Ars Technica) But if you hold your bitcoins for over a year—no capital gains tax! In response to a query by a member of parliament, the German Finance Ministry has declared (Google Translate) that it accepts bitcoins as a "unit of account." The Ministry added that bitcoins are a sort of "private money" and that mining bitcoins constitutes "private money creation." The Ministry also clarified that if a German taxpayer holds bitcoins for more than a year, then she is exempt from paying the 25 percent capital gains tax. Such a tax would ordinarily be paid after profiting from the sale of a stock, bond, or other security. However, taxpayers are now required to pay taxes on any profits made from Bitcoin transactions that happen within a year

NSA Broke Privacy Rules Thousands of Times, Contrary to Official Claims (Wired.com) The chairman of the Senate Judiciary Committee has called for more hearings to examine the government's surveillance tactics following new revelations that the National Security Agency has violated privacy rules thousands of times in its surveillance of U.S. citizens and foreigners. The revelations come from leaked documents and stand in stark contrast to claims by NSA Director Keith Alexander that the agency has not abused its surveillance powers and that it stores no data on U.S. citizens

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.

SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.

2013 Cyber Security Division Transition to Practice (TTP) Technology Demonstration for Investors, Integrators, and IT Companies (I3) — West (San Jose, California, USA, Aug 22, 2013) This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories and have the potential to strengthen and organization's cybersecurity posture. During this event cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations, and discussions with the research teams that produced these technologies. In addition, attendees will have an opportunity to schedule a private one-on-one discussion with the Researcher to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research. Registration closes August 12.

Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, Aug 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.

Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.