The CyberWire Daily Briefing for 8.21.2013
The Dalai Lama's government in exile remains under Chinese attack. Chinese hackers continue to show a preference for the venerable Poison Ivy RAT, probably because of its effectiveness in exfiltrating narrowly targeted data.
As we've seen, criminals use denial-of-service attacks as a kind of artillery preparation for theft. Banks have been targeted via their wire payment switch as low-level DDoS attacks divert security resources from quiet wire fraud.
Tumblr and Joomla users should look to their account security, as both services are roiled by attacks. As expected, yesterday's extravagant claims that AnonGhost pwned Twitter were overblown.
Hacking-back seems to be gaining traction, particularly in the face of continued Sino-US tension over cyber espionage. Intel may be close to fielding a more effective, less active, IP defense tool. In any case Chinese IT trade with the West is inevitable: witness ZTE's quick successful entry into the phone market.
Snowden's leaks draw attention to the difficulty of achieving privacy online. Google's cloud encryption is one approach; analysts also note a hardware-based solution emerging from ARM.
NSA apparently remains unclear about exactly what information Snowden took, and GCHQ seems comparably antsy. Industry observers reach a despairing equanimity: if Cheltenham and Fort Meade can't keep track of their data, what can the rest of us do?
Fresh revelations about the scope of NSA surveillance draw domestic and international ire.
Businesses should look closely at their cyber insurance: Liberty Mutual declines to pay for Schnuck's data-breach lawsuits.
Manning gets 35 years for espionage via Wikileak.
Notes.
Today's issue includes events affecting Australia, Brazil, China, Eurpoean Union, Iran, New Zealand, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
New Cyber Attack Launched against Dalai Lama's "Central Tibetan Administration" (Spamfighter) According to warning by security firm Kaspersky, a massive cyberattack has struck the website of Central Tibetan Administration (CTA) which is the official organ of 'His Holiness' Dalai lama's exiled government
Poison Ivy RAT Spotted in Three New Attacks (Threatpost) The Poison Ivy remote access Trojan may be old, but it's not losing favor with nation states that continue to make it the center piece of targeted attacks. Three groups of hackers, reportedly all with ties to China and possibly related in terms of their funding and training, are currently managing campaigns using the RAT to steal data from organizations and monitor individuals' activities
Poison Ivy Dissected: Commodity Tool or APT Weapon? (Infosecurity Magazine) The contradiction behind a remote access trojan (RAT) such as Poison Ivy is that while it is easy to use and widely used, it can also indicate a sophisticated – or APT-style – attack designed to exfiltrate specific data from major organizations
FireEye Unveils New Research, Analysis Tools for Poison Ivy RAT (SecurityWeek) New research from security firm FireEye is turning attention to Poison Ivy – a remote access tool (RAT) that may not make users itch, but is troublesome nonetheless
Millions stolen from US banks after 'wire payment switch' targeted (SC Magazine) Criminals have recently hijacked the wire payment switch at several US banks to steal millions from accounts, a security analyst says. Gartner vice president Avivah Litan said at least three banks were struck in the past few months using "low-powered" distributed denial-of-service (DDoS) attacks meant to divert the attention and resources of banks away from fraudulent wire transfers simultaneously occurring
Mysterious "Delete-Proof" Posts Spread Across Tumblr (ThreatTrack Security Labs) Something curious is happening over on Tumblr, and a live search on Twitter for "Tumblr hacked" reveals close to 800+ Tweets about it in the last 2 hours
Update on Hacked Web Servers (Cloudmark) Just when the plague of hacked web servers seemed to be dying down a little, we hear of a new exploit for Joomla. While we haven't seen this exploit being used by spammers yet, it will likely turn up in coming weeks. In the meantime, there are already two easy exploits in Joomla 1.5 that have been widely used. One is a SQL injection attack that allows you to reset the administrator password. The other, a bug in the JCE content manager plug-in, allows attackers to upload a fake .gif file. Then they can use the directory rename feature to change it to a .php file. Patches are available for both of these, but there are still tens of thousand of unpatched Joomla sites out there – and by now, it looks like most of them have been hacked multiple times
Twitter Denies User Accounts Have Been Compromised by Hacker (Softpedia) Twitter has denied that any user accounts have been compromised. The statement comes after Mauritania Attacker, a member of AnonGhost, leaked the details of 15,000 accounts and claimed to have gained access to Twitter's entire user database
Apple Dev Center was hacked via remote code execution bug (Help Net Security) Apple's ever expanding article listing researchers' credits for finding and reporting potential security issues in Apple's web servers has some new entries, and reveals that UK-based researcher Ibrahim Balic is not to blame for last month's outage of the Apple developer center
'Hacked' estate agency Foxtons breaks glass, pulls password reset cord (The Register) Trendy UK estate agency Foxtons pushed the big red password reset button, as a precaution, after it appeared hackers lifted thousands of clients' usernames and passwords from its systems
League of Legends hacked, salted passwords and credit card numbers stolen (Naked Security) Riot Games has confirmed that real names, usernames, email addresses and salted password hashes have been stolen in a recent security breach of its League of Legends real-time strategy game
UD reports more information stolen in cyber attack (WDDE 91.1 FM | Delaware's NPR News station) The University of Delaware says last month's cyber attack compromised the confidential personal information of more people than originally reported
"Bank of America" Malware: An In–Depth Analysis (ThreatTrack Security Labs) Bank of America remains one of the largest and most well-known name in banking in the Americas. It has also remained one of the brands most used by spammers and phishers, along with Wells Fargo, JP Morgan Chase and Citi Bank
A Question of DNS Protocols (CircleID) One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus. One writeup of this attack can be found here. I'm not sure about the claim that this attack "almost broke the Internet," but with a peak volume of attack traffic of some 120Gbps, it was a very significant attack nevertheless
Zmap's Fast Internet Scan Tool Could Spread Zero Days In Minutes (TechWeek Europe) The 45-minute Internet scan could be a force for good…or evil. Researchers have released a tool which can scan virtually the entire Internet in less than one hour. In the wrong hands, the tool could confer the ability to uncover and exploit millions of vulnerable servers in minutes – but security researchers welcome the powers it will give them for good
Routers talk, but who's listening? (Tripwire) A couple weeks ago I stumbled across a blog by Michael Kassner which discusses a set of problems with BGP (Border Gateway Protocol) that people in the security field have collectively declared an "internet time bomb"
The dangers of QR codes for security (CSO) David Geer investigates the dangers of malicious QR codes and finds this emerging technology is yet another way for criminals to exploit the same old threats
Attackers can steal corporate data using DNS tunnels, warn researchers (FierceITSecurity) Surreptitious communication via the domain name system (DNS) poses a serious security threat to enterprises, warns a group of researchers from the University of California system, Qualcomm (NASDAQ: QCOM) and IBM (NYSE: IBM)
Software Lets People Spy On PCs And Webcams (Forbes) You don't have to work for the NSA to spy on people. All you need is $79 to buy a piece of software called SniperSpy that you can remotely install on other people's computers. "No physical access is needed to the computer for installation"
Security Patches, Mitigations, and Software Updates
Microsoft Patch Problems Underline Tradeoffs For Securing Systems (Dark Reading) As the software giant works to fix the shortcomings in its latest set of patches, security experts debate whether 'trust the patch' is still the best course. For many companies used to problem-free patching, August's Black Tuesday--the second Tuesday of the month when Microsoft releases its latest security fixes--stands as a reminder that software systems are complex and patching software can lead to problems
Cyber Trends
4 Tactics Cybercriminals Are Using to Steal From Us (McAfee) Today McAfee Labs™ released the McAfee Threats Report: Second Quarter 2013, which reported that the cybercriminal community is using four main tactics to steal our identities, and our money. As consumers, it's critical that we are aware of the ways the hackers are trying to attack us and here's the four main ways
Cyber Pearl Harbor: Why hasn't a mega attack happened? (Pakistan Today) For the past few years, US officials have warned of a coming mega cyber attack against critical infrastructure, something akin to the Japanese attack on Pearl Harbor in 1941. The threat of a looming "Pearl Harbor" was reiterated last year by then Defense Secretary Leon Panetta, who painted a dark portrait of passenger trains sent careening off the tracks and poisoned water supplies, thanks to hackers
With Cyber Threats to Financial Services, Questions Loom about Role of Regulation (Bloomberg Law) Financial institutions are facing unrelenting threats from cyber criminals, industry participants told BNA in early August, but whether there is room for regulatory intervention is up for debate. While financial regulators have taken notice of the looming dangers, some in the industry question whether rules would help insulate firms from cyber threats or simply impose additional regulatory burdens
Cyberattacks the No. 2 cause of severe EU wired Internet outages in 2012 (CSO) Overall, they were responsible for 6 percent of outages that affected both mobile and fixed electronic communication networks, ENISA said
Cyber Risk Weighs Heavy on Minds of Execs (CSO) The Lloyd's Risk Index 2013 report shows business leaders focused on cyber risk, but very apprehensive about their ability to fend off an attack
Companies Counterattack Cyber Villains (CFO) Observers say that corporate "vigilantism" aimed at hackers is becoming part of a new, less passive approach to risk management. With worries about data breaches and privacy violations mounting by the day, corporations are becoming more aggressive about preventing physical and financial losses, experts say. In some cases, they add, that can involve counterattacks against hackers
In global cyber war, Silicon Valley urged to take care of own (Salt Lake Tribune) Chinese President Xi Jinping and American counterpart Barack Obama will talk cyber-security this week in California, but experts say the state's Silicon Valley and its signature high-tech firms should provide the front lines in the increasingly aggressive fight against overseas hackers. With China seeking to grow its economy and expand its technology base, companies like Facebook, Apple, Google and Twitter are inviting targets. In fact, all have been attacked and all point the finger at China, which has denied any role
Android is the new Windows for malware writers (FierceCIO: TechWatch) More malware is targeting Android devices, and its looking more like Windows malware than just a mobile app, says Kaspersky Lab in its latest IT Threat Evolution report. CSO Online, in a related report, noted: "The difference between Windows and Android malware is that the latter is evolving much quicker, as criminals borrow from what they learned in targeting PCs since the 1990s."
The mobile cybercrime landscape is becoming more defined (Help Net Security) McAfee found that Android-based malware achieved a 35 percent growth rate not seen since early 2012. This rebound was marked by the continued proliferation of SMS-stealing banking malware, fraudulent dating and entertainment apps, weaponized legitimate apps and malicious apps posing as useful tools
Marketplace
Postal Service Picks SecureKey for Federal Cloud-Based ID Program (GovConWire) The U.S. Postal Service has awarded Toronto-based SecureKey Technologies a potential three-year, $15,125,000 contract to implement a cloud computing-based authentication platform for the federal government
Interview: Christian Fredrikson, CEO, F-Secure (ComputerWeekly) Christian Fredrikson does not believe in free antivirus (AV) software, which is not surprising given he is CEO of IT security firm F-Secure, and is in the business of selling security software. He says: "Free AV may offer three layers of security, but this is a bit like having a phenomenal lock on your front door and not worrying about the back." F-Secure's products offer eight levels of security
Encryption Patents Could Be Blackberry's Biggest Asset (MIT Technology Review) Elliptic Curve Cryptography provides greater security and more efficient performance than the first generation public key techniques (RSA and Diffie-Hellman)
7 IT security skills certifications on the rise (NetworkWorld) A number of IT security skills certifications requiring candidates to pass exams have sharply gained in terms of demand and pay value, according to a new Foote Partners report
Coast Guard procurement of navigation app raises security concerns (Defense Systems) The U.S. Coast Guard released a request for proposal on Aug. 14 for a navigation app to replace traditional paper flight bags. The RPF, however, may be lacking significant security features needed for mission critical operations, reported NextGov
Qualys CEO Philippe Courtot talks cloud security (MENAFN.COM) With 376 employees today and annual sales of about 100 million, Qualys is far from the largest company scratching and clawing for a share of the cyber security
Products, Services, and Solutions
Altamira Designated Amazon Partner Status (GovConWire) Altamira has attained consulting partner status on the Amazon Partner Network. The public designation puts the engineering and analytic services provider in the company of other system integrators, strategic consultants and resellers that design, migrate or build Amazon Web Services-based solutions for clients, Altamira said Monday
Google Encrypts The Cloud, But ARM Has An Idea That May Actually Work (Forbes) Despite all the indignant outrage that Microsoft MSFT +0.75%, Facebook FB +1.59% and others have expressed over PRISM, and despite all our wider concerns about the undesired sharing of personal information, hardly anyone has so far stepped forward with a true, technological fix
Co3 Systems: Simplifying incident management (SC Magazine) In April 2012, we looked at a neat concept for managing security breaches where the focus of the breach was on privacy. Co3 Systems is a cloud-based service that takes everything one needs to know about their organization, meshes it with an extensive knowledge base containing everything one needs to know about the breach management process, procedure and law, and walks responders through the response to the breach. It uses a lifecycle approach, and once the admin sets up an organization, staying current is simple. Most of the heavy lifting - laws, best practices, state breach reporting acts, etc. - is done by Co3 Systems
Motorola Skip: Password security without the hassle (key restrictions apply) (Ars Technica) New wearable fob unlocks phones without a PIN, but the convenience comes at a cost
Next batch of ZTE's sold–out Firefox OS smartphones coming in September (ZDNet) Don't worry if you missed out on buying ZTE's $80 Firefox smartphones — more are on the way. ZTE put the first batch of its Firefox OS device, the ZTE Open, on sale in the UK and US on Friday. By Monday, the low–cost, low–spec devices had sold out. Those who missed out need not fret, though — more are on the way. "We will make more Open available on eBay in September," a ZTE spokesperson told ZDNet
Veeam Backup & Replication 7 released (Help Net Security) Veeam Software announced Veeam Backup & Replication 7, which introduces built-in WAN acceleration and backup from storage snapshots. Built-in WAN acceleration copies data to offsite locations up
Rapid 7 to offer new tools for risk management, performance tracking (CSO) Rapid 7 goes outside its usual area and talks tools to help organizations deal with user-based risk and track security control performance
Technologies, Techniques, and Standards
Is PCI Growing Up? (Dark Reading) Last week's sneak peek by the PCI Security Standards Council into the highlights of the upcoming PCI DSS 3.0 revision set industry tongues wagging once again about the direction of the ever-evolving state of the payment card compliance standards. While the highlights may not reflect all of the changes on tap — and there are always plenty of diverse opinions about PCI — many experts agreed that this time around, the council is baking in more provisions to move the exercise of PCI compliance beyond point-in-time, check-box activities into continuous compliance and, eventually, more mature risk management practices
Execs, Technical Staff Don't See Eye To Eye In Secure Application Development Progress (Dark Reading) New Ponemon Group report finds major rifts in how executives, technical staffers feel about their enterprise secure application development programs. If you ask most executives, they'll say their company's secure application development practices are solid. But if you ask the developers and technologists in the trenches, the story is much different
It pays to know who your Friends are (Trend Micro SimplySecurity) Last week I was checking through my spam email folder, I do this every now and then just in case I miss an important email and because I get sent so many emails that my spam folder gets pretty full. I noticed a Facebook notification saying that Ana Scott had tagged me in some photos. Luckily our spam filter had picked it up
Among the NSA's own tips for securing computers: remove the webcam (Nextgov) Seems like everything gets hacked these days. Baby monitors. White House employees' personal email. Toilets
Knowing Your Web Site Is Vulnerable Is One Thing But Acting Upon That Information Is Key (BH Consulting) As I am sure many of you know already there have been many breaches of online newspapers and other media entities recently. Over the last few months the likes of the New York Times and the Washington Post have both had their web sites hacked and organisations such as the Syrian Electronic Army show no signs of letting up in their assault of the media
Industrial control system requirements defined by new cyber security standard (Water World) A new ISA99 standard addresses risks arising from the growing use of business information technology (IT) cyber security solutions to address industrial automation and control systems (IACS) cyber security in complex and dangerous manufacturing and processing applications
Non–profit to develop security guidelines for Internet–enabled med devices (FierceHealthIT) The non-profit Center for Internet Security has announced that it is developing guidelines on securing Internet-enabled medical devices, beginning with insulin pumps, and plans to release them by the end of the year. It's seeking input from hospitals, device manufacturers and cyber security experts through the end of August and plans to focus on other devices later
Block & Tackle: How IP Reputation Filtering is Central to Your Security Success (SecurityWeek) We've all heard the longstanding piece of advice to "nip it in the bud" when confronted with something unpleasant or avoidable. But sometimes, we forget to take this same advice when it comes to data security. Focusing early on the preventative side of security before reactive measures are needed is pivotal when it comes to thwarting damaging attacks and data compromises. One of the best ways to proactively guard against infiltrators is to identify the origin of an attack and block it before it hits your network. IP reputation filtering (IPRF) correlates source IP addresses against databases of known malicious IP addresses, and stops them before they have a chance to make it into your network
Jolly discusses leveraging threat intelligence data (Tripwire) Apneet Jolly (@Jolly) - or just Jolly as the security world knows him - the self described "hacker, photographer and social butterfly," is a senior consultant with ThreatGRID and has formerly worked with Raytheon and Neohapsis in his security career. Jolly took some time to talk with us about some interesting analytics derived from a malware cloud analysis platform that works as an information sharing database to enhance threat intelligence
An 'Overwhelmed' NSA Still Doesn't Know What Snowden Took (The Atlantic Wire) Despite the NSA's statements to the contrary, it looks like the intelligence agency doesn't know everything that whistleblower Edward Snowden took from them after all. Intelligence officials told NBC News that the NSA was still "overwhelmed" with the work of finding out what else Snowden has. The news comes just two days after British authorities detained journalist Glenn Greenwald's partner David Miranda for nearly 9 hours
Government data leaks, enterprise fallout: IT security and the NSA Prism scandal (ITProPortal) The National Security Agency (NSA) might be an American institution, but the fallout over its recent data leak also has international implications. In the UK, businesses initially reacted to the content of the leaked data, as the US PRISM programme raises questions for companies around the world that store their data with American cloud providers. Perhaps of even greater concern, however, is the fact that one of the world's premier security agencies failed to effectively secure its own data. With NSA repercussions still evolving, and with the recent revelation that the Serious Fraud Office (SFO) in the UK has had its own data loss disaster, enterprise IT leaders have to ask themselves: If governments can't secure their critical data, how can businesses
Research and Development
The First Quantum Teleportation In A Computer Chip (Forbes) In a milestone for quantum computing, researchers at ETH Zurich have demonstrated quantum teleportation in a solid-state circuit. Even more, they've broken something of a quantum speed record – they estimate that their system could teleport 10,000 quantum bits per second. This teleportation occurred on a setup involving superconducting circuits in a configuration resembling a conventional computer chip
Intel bakes super–snooper to stop industrial espionage (The Register) Hadoop-based tool sniffs 4bn network events a day, may end up as McAfee product. Intel has created a Hadoop-based rig that analyses just about every network event in the company – four to six billion of them on business days - in close to real time so it can spot threats including industrial espionage
David Mortman on Big Data Security Challenges (Tripwire) The illustrious and deeply knowledgeable David Mortman (@Mortman), Chief Security Architect at Dell, discusses some research he did with Adrian Lane of Securosis regarding challenges with securing of Big Data systems, from really large relation databases to NoSQL systems, Hadoop and everything in between. "What we found is that, generally speaking, especially when you get into the NoSQL or the Hadoop space, there really isn't much in the way of security — these products are not designed with security in mind," Mortman said in this interview
If public key cryptography were really broken (ZDNet) The asymmetric cryptography on which so much security on the Internet is based relies on one of two mathematical assumptions to work: that it is impossible
New cyber tool learns network behavior to sniff out malware (GCN) Network administrators and security officials could soon have a new tool to help detect malicious traffic on their networks by sifting out the command and control traffic of infected computers from the background noise. Researchers from the Georgia Institute of Technology tested a prototype of the tool, called ExecScent, on live networks and identified dozens of previously unknown command and control domains while discovering hundreds of infected hosts on the networks
Academia
NSF awards grants totaling $20 million for cybersecurity research (FierceGovernmentIT) The National Science Foundation has made three large "Frontier" awards worth almost $20 million to support collaborative, multi-university research and education activities in the area of cybersecurity, according to an agency announcement. The awards are funded under NSF's interdisciplinary Secure and Trustworthy Cyberspace program
Legislation, Policy, and Regulation
New Zealand Passes Law Allowing Domestic Spying (SecurityWeek) New Zealand passed legislation Wednesday allowing its main intelligence agency to spy on residents and citizens, despite opposition from rights groups, international technology giants and the legal fraternity. The bill to expand the power of the Government Communications Security Bureau (GCSB) passed by 61 votes to 59 after impassioned debate, with Prime Minister John Key acknowledging the move had left some people "agitated and alarmed"
Brazilians tear strip off NSA in wake of Snowden, mull anti–US–spook law (The Register) South Americans demand web privacy as PRISM journalist's Brazilian boyfriend held. Businesses selling online to Brazil-based consumers could be forced to store any personal data they collect about those individuals on local servers under proposed new laws under consideration in the country
Journalist invited to appear at Brazil Congress (NewsOK) Brazilian congressmen will invite the American journalist who has published documents leaked by former National Security Agency contractor Edward Snowden to appear before the Foreign Relations and Defense Committee of the lower house Chamber of Deputies
Anti–corruption body calls for better control of IT contractors (ZDNet) IT contractors are necessary for work that simply can't be done in-house, but they also represent a significant risk that must be more carefully managed
White House Cyber Policy Focuses on Internal Consolidation, External Engagement (SIGNAL) As a part of its ongoing efforts to protect critical national infrastructure, the Obama administration has been actively working on making government computer networks more robust and resistant to cyber attack. To do this, the White House has looked internally at federal agencies to put into place new metrics and policies to improve their security stance and externally, reaching out to foreign governments to set up international accords on cyber espionage, a top administration official said
NSA Reaches Deep Into U.S. To Spy On Net (Wall Street Journal) The National Security Agency — which possesses only limited legal authority to spy on U.S. citizens — has built a surveillance network that covers more Americans' Internet communications than officials have publicly disclosed, current and former officials say
New Revelations Detail How The NSA Scans 75% Of The Internet Through Telco Partnerships (TechCrunch) Today the Wall Street Journal reported the existence of several NSA programs that were either previously unknown, or little was known about. Meet Blarney, Fairview, Oakstar, Lithium and Stormbrew. The programs allow for far greater surveillance than the government has admitted to, and, importantly, detail how the government forces Internet service providers (ISPs) to hand over raw data
What You Need to Know on New Details of NSA Spying (Wall Street Journal) Today's report in The Wall Street Journal reveals that the National Security Agency's spying tools extend deep into the domestic U.S. telecommunications
Understanding the NSA's errors (Washington Post) That's how one senior National Security Agency (NSA) official defended his outfit to The Post. It's also what's been making many people nervous about recent
Dennis Kucinich: NSA Should Be 'Abolished,' Snowden Should Get A 'Ticker–Tape Parade' (Huffington Post) Former Rep. Dennis Kucinich (D-Ohio) had some strong words for the National Security Agency last week, arguing that the federal government should abolish it and throw leaker Edward Snowden a celebratory parade
Petition Seeks Removal of NSA Director Alexander (Threatpost) It has been a rough few months for the National Security Agency, and specifically for its director, Gen. Keith Alexander. The leaks of details of NSA surveillance programs by former contractor Edward Snowden have taken over the news cycle this summer and put the agency's business out in the open. Then, when Alexander spoke at Black Hat last month, he was heckled and booed as he defended the NSA's programs. Now, there's a petition, on the White House's own Web site, to have Alexander removed from his position
Revelations hint at NSA ducking oversight: Our view (USA Today) Since news broke in June that the government has been seizing millions of Americans' phone and Internet records, the Obama administration's defense has rested on three pillars. The collections are needed to prevent terrorist attacks. Internal safeguards protect the public's privacy. And ultimately, Congress and judges on a special court have Americans' backs
Analysis: The Wrong Way to Figure Out If the NSA Is Abusing Its Power (Government Executive) Commentators as diverse as Ben Wittes, Kevin Drum and Jennifer Rubin have tried to understand NSA rules violations in recent days in part by attempting to compare the number of violations to the overall number of queries, as if the percentage of errors is a useful metric to use
Data–driven journalism debunks media claims that NSA runs amok with big data (FierceBigData) There's been much ado in the media about the NSA's use of metadata and big data in general--ever since Edward Snowden leaked agency documents. Certainly the drip-drip-drip of leaks from Snowden made for some sensational headlines and presumably more than a few movie scripts. The documents he shared appear to be the real thing and, coupled with his testimony, they pointed to an alarming, large scale privacy invasion by the government and a general running amok with certain constitutional principles. But as Paul Harvey would say " now for the rest of the story"
The continuing saga of NSA snooping (FierceITSecurity) The National Security Agency is again on the defensive with the latest document disclosures by Edward Snowden
FTC shows little interest in ''Do Not Track' mandate (The Hill) The leaders of the Federal Trade Commission expressed little interest in requiring that Web companies allow users to opt out of online tracking
Litigation, Investigation, and Law Enforcement
Bradley Manning Sentenced to 35 years (SecurityWeek) US Army Private Bradley Manning was sentenced to 35 years in jail and dishonorably discharged Wednesday for the biggest breach of official secrets in American history. Military judge Colonel Denise Lind delivered her verdict after a months-long trial for Manning, who passed a massive cache of classified government documents to WikiLeaks, the anti-secrecy website headed by Julian Asange
What's Wikileaks hiding in its 400GB of 'insurance' files? (Naked Security) Last week Wikileaks released an enormous collection of mysterious 'insurance' data on to the web. The data was released in 3 sizeable torrent files alongside a message asking the people of earth to mirror the data far and wide. But what's in the files
Miranda warning: Info leak wars about to get messier (IT World) David Miranda (pictured on the right above), the partner of the Guardian's Glenn Greenwald (pictured above left), was detained while transporting encrypted data on the Snowden affair from Berlin; all his electronics were destroyed. Over at the Guardian offices, British police destroyed more the newspaper's hard drives. Privacy blogger Dan Tynan sees where this one is going: reporters like Greenwald are going to stop even bothering to be circumspect with their revelations. Sorting through the contents of such infocaches to redact sensitive information just gives the government time to track you down. Eventually, the information will just be dumped online, warts and all, as soon as someone who wants the information public gets ahold of it
Miranda battles to have seized stuff back, Guardian details drive destruction (Help Net Security) David Miranda, the partner of The Guardian reporter Glenn Greenwald, has employed UK lawyer firm Bindmans LLP to inform the British Home Office that they will challenging the legality of Miranda's recent detention on Heathrow under Schedule 7 of the Terrorism Act of 2000
NSA files: UK and US at odds over destruction of Guardian hard drives (The Guardian) White House says it would be 'difficult to imagine' US authorities adopting GCHQ tactics. The White House distanced itself from Britain's handling of the leaked NSA documents when representatives said it would be difficult to imagine the US authorities following the example of Whitehall in demanding the destruction of media hard drives
UK Home Office defends nine–hour interrogation of journalist's partner (Ars Technica) Reactions are heating up surrounding the dramatic actions of the British government revealed in the last two days--specifically the Sunday detention of reporter Glenn Greenwald's partner David Miranda at Heathrow airport, and Guardian editor Alan Rusbridger's revelation that GCHQ intelligence agents destroyed the newspaper's hard drives in an attempt to block more reporting on National Security Agency (NSA) leaks
In classified cyberwar against Iran, trail of Stuxnet leak leads to White House (Washington Times) The Obama administration provided a New York Times reporter exclusive access to a range of high-level national security officials for a book that divulged highly classified information on a U.S. cyberwar on Iran's nuclear program, internal State Department emails show
Forced Exposure (Groklaw) The owner of Lavabit tells us that he's stopped using email and if we knew what he knew, we'd stop too. There is no way to do Groklaw without email. Therein lies the conundrum. What to do? What to do? I've spent the last couple of weeks trying to figure it out. And the conclusion I've reached is that there is no way to continue doing Groklaw, not long term, which is incredibly sad. But it's good to be realistic. And the simple truth is, no matter how good the motives might be for collecting and screening everything we say to one another, and no matter how "clean" we all are ourselves from the standpoint of the screeners, I don't know how to function in such an atmosphere
Big Brother Isn't A Reason For Journalists To Quit The Internet (TechCrunch) In fear of Big Brother, award-winning technology law blog, Groklaw, has decided to shut down. TechCrunch, however, will not be following its lead. There is always a risk that an abusive government agent may try to intercept or intimidate our sources, but it's the kind of risk that every media outlet has faced since the printing press and will continue to face into the foreseeable future
Insurer to Schnucks: We won't pay for lawsuits related to your breach (SC Magazine) The insurer for Midwestern supermarket chain Schnucks, whose systems were hacked last winter to steal 2.4 million credit card numbers, is claiming in court that the grocer's policy doesn't cover the cost of lawsuits arising from the breach. Liberty Mutual Insurance Co. last week filed documents in a Missouri court contending that the general liability policy it issued St. Louis-based Schnucks, which does business as Schnuck Markets, was not designed to insure "suits and claims arising from the data breach" it recently experienced
How Not to DDoS Your Former Employer (Krebs on Security) Pro tip: If you're planning to launch a debilitating denial-of-service attack against your former employer, try not to "like" the Facebook page of the DDoS-for-hire Web service that you intend to use in the assault. Tell that to Kevin Courtois, a 28-year-old from Three Rivers, Quebec who was arrested earlier this year for allegedly launching a volley of cyber attacks against his former company over a nine month period beginning in May 2012. Courtois did not respond to requests for comment
More UK hacking victims identified (ITWeb) At least a hundred people have been identified as victims of the UK blue-chip hacking scandal
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, Oct 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
2013 Cyber Security Division Transition to Practice (TTP) Technology Demonstration for Investors, Integrators, and IT Companies (I3) — West (San Jose, California, USA, Aug 22, 2013) This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories and have the potential to strengthen and organization's cybersecurity posture. During this event cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations, and discussions with the research teams that produced these technologies. In addition, attendees will have an opportunity to schedule a private one-on-one discussion with the Researcher to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research. Registration closes August 12.
Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, Aug 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.
TechCrunch Disrupt San Francisco (San Francisco, California, Sep 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September 7-11 on your calendar, because you're not going to want to miss Disrupt SF 2013. The Hackathon kicks everything off, followed by our main event, which starts every morning with panels of special speakers and guests, one-on-one chats featuring TechCrunch writers and editors, special guest speakers and judges, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. In the afternoons, the Startup Battlefield presentations begin, with the final presentations held on the last day of Disrupt.
SANS CyberCon Fall 2013 (Online, Sep 9 - 14, 2013) With sequestration still in place, organizations are finding themselves with training budgets, but drastically reduced travel budgets. This one-of-a-kind online training event brings SANS' top instructors teaching SANS' top courses to those who can't travel.
15th Annual AT&T Cyber Security Conference (New York, New York, USA, Sep 10, 2013) The AT&T Cyber Security Conference is an annual day-long conference offered by the AT&T Chief Security Office. Combining the expertise of its security experts, the scale and reliability of its global IP network and the innovation of AT&T Labs, AT&T is giving businesses some of the most powerful weapons available today in their battle against cyber security attacks. The conference showcases AT&T's leadership in helping businesses, large and small, manage the increasingly complex and critically important security of their IT networks and assets.
International Common Criteria Conference (Orlando, Florida, USA, Sep 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC has become the main marketing and meeting opportunity for all those involved in the specification, development, evaluation, and validation or certification of IT security.
GrrCon (Grand Rapids, Michigan, USA, Sep 12 - 13, 2013) Says IT World, "Another hacker conference, this time in Michigan. The schedule looks to be bawdy, brash and anything but dull, with hackers promising to "pwn" you before you leave town. There are also sessions on penetration testing tools and mobile hacking methods."
cybergamut Technical Tuesday: Malware Analysis for the Masses (Columbia, Maryland, USA, Sep 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With modern technology and tools, it's now possible for junior security analysts to gather detailed malware indicators to craft defense and alert signatures. More enticing, all of this can be done with free tools and applications, some written by this presenter.
Shaping the Future of Cybersecurity Education Workshop (Gaithersburg, Maryland, USA, Sep 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National Cybersecurity Education Interstate Highway".
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
Strange Loop (, Jan 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and where we're not. Topics include emerging languages, concurrent and distributed systems, new database technologies, front-end web, and mobile.
ISSA Cyber Security Forum at Ft Belvoir (Fort Belvoir, Virginia, USA, Sep 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber security and information technology products/services available today. This is an excellent opportunity for exhibitors to network with key decision makers, cyber, technology, communications and contracting personnel from various commands and tenant units at Fort Belvoir.
CISO Executive Summit (Atlanta, Georgia, USA, Sep 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind of change that is sweeping through the IS community motivating today's information guardians to develop a new way of thinking to ensure success in protecting their respective organizations. (At Hacker Halted USA.)
2013 Cyber Security Summit (New York, New York, USA, Sep 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be held September 25th at the Hilton in New York City, will showcase the latest tools and resources available to defend against cyber crime on both corporate and government levels. Keynote addresses and interactive panel discussions lead by notable security experts will highlight strategic priorities, risk factors, threats and provide inspirational guidance to prepare and protect from attacks.