![The CyberWire Daily Briefing 9.4.13](/images/social-media/cw-social-media-image-generic-article-690.jpg)
The CyberWire Daily Briefing for 9.4.2013
Deliberation precedent to a punitive strike on Syrian targets continues, with cyber operations widely expected to play a part. Assad's Syrian Electronic Army (SEA) is relatively quiet today, although pro-regime hacktivists' second stringers commit minor acts of cybervandalism. Yesterday's claims that hacktivists have emails showing the US Joint Staff faked chemical attacks sink without trace—failed black propaganda.
Cyber conflict makes strange bedfellows. Anonymous claims to have "taken down" the SEA and confirmed Krebs' identification of the group's leadership.
Other Anonymous cells call for cyber jihad (against the US and Israel) on September 11, and protests against Brazilian corruption on September 7. Such #Ops have a weak recent track record.
Researchers at Georgetown and the Naval Research Laboratory (NRL) show how Tor can be de-anonymized by traffic correlation, that is, through determined use of metadata. (NRL should know—it invented Tor.)
Supermicro's Baseboard Management Controller is vulnerable to data theft. Familiar threats assume new forms: Citadel, Backdoor.Darkmoon, and NetTraveler. Some good news: Hand-of-Thief proves lamer than feared, and a glut of commodity botnets cuts into black market profits. As Kim Dotcom exits Mega for the music biz, a developer says he pwns Mega's master key.
State-sponsored cyber attacks are expected to increase (routers and switches being preferred targets).
In industry news, In-Q-Tel invests in Socrata, Spry Methods buys James Secure Solutions, and Arbor acquires Packetloop. Silent Circle offers an anonymous messaging tool. Brazil's government is developing a secure alternative to Gmail and Hotmail.
Business Insider claims Russia's FSB penetrated Wikileaks.
Notes.
Today's issue includes events affecting Argentina, Australia, Bangladesh, Brazil, China, Egypt, India, Israel, Japan, Pakistan, Russia, Sweden, Syria, Taiwan, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Syria, Egypt strife sparks surge in cyber attacks — McAfee (Cyberwarzone) Syria's civil war and political strife in Egypt have thrown up new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company. More than half of incidents in the Gulf this year were so-called "hacktivist" attacks — which account for only a quarter of cybercrime globally — as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp's software security division McAfee said on Tuesday
How to Use Cyber Weapons Against Assad (The Atlantic) As we weigh taking action Syria, a strike using technology, rather than missiles, might be the best option
Assad's Anonymous Cyber-Force: Who is the Syrian Electronic Army? (International Business Times) The Syrian Electronic Army is representative of a much wider move online in modern warfare. While we are yet to truly see a full–scale cyber–war, almost every single conflict taking place around the globe is being fought in some part in cyber–space
'Anonymous' to Reg hack: We know SEA leaders' names (The Register) Anonymous hacktivists say they've taken down Syrian Electronic Army hacktivists. Following the Syrian Electronic Army's (SEA's) attack on a Melbourne IT reseller which resulted in the temporary compromise of domain name records for targets as diverse as The New York Times and Twitter, a group claiming association with Anonymous now says it has compromised SEA databases and servers
Could an extra $50 really have prevented The NYT hack? (Business Spectator) It seems no stone was left unturned in the hurricane of mass confusion surrounding last week's hack of The New York Times. What else can you expect when you combine a high profile target (the New York Times), with an obscure issue (DNS security) and a local company (Melbourne IT), where it's difficult to comprehend their core business is at best of times, let alone on a tight deadline
Syrian Electronic Army Defaced Marines Website, US Confirms (1070 WAPI) U.S. officials confirmed a cyber attack by the Syrian Electronic Army on the Marine Corps recruiting website late Monday in which the pro-Assad collective replaced the normal page with one calling on U.S. servicemen to refuse orders to fight in Syria should they be called
#OpIsrael: Anonymous calls on all Muslim hackers for joint cyber attack on US and Israel on September 11, 2013 (Hack Read) A YouTube video has been circulating on the internet for last couple of days in which online hackavist group Anonymous has called on Muslim hackers from around the world to join them in a joint operation against US and Israel on September 11, 2013 at the anniversary of 9/11 attacks in New York City. The message on the video bashes US and Israel for conducting wars over Muslim world and threatens that the
#OpFreeSyria: 40 Chinese Educational Websites Hacked by Team Hacking Argentino (Hack Read) The Argentinian hackers from Team Hacker Argentino have hacked and defaced total 40 Chinese educational websites for #OpFreeSyria, an ongoing online operation in support of Syrian president Bashar al Assad. Hackers left a deface page along with a message on all hacked websites with an audio and text message, defending Syrian government and asking the government of the world not to interfere in Syria
Bangladesh's Largest IT University Daffodil hacked, server rooted by 3xp1r3 Cyber Army (Hack Read) Two hackers going with the handle of ExpirED BraiN and IceCream from 3xp1r3 Cyber Army have hacked and defaced the official website of Bangladesh's largest Information Technology 'Daffodil University'. The hackers also rooted the university server, as a result 84 of its sub-domains were also defaced today. All hacked sites were left with a deface page along with a message which gives us a little bit of clue
Pakistani Hacker hacks website of Indian Bioresource Information Network (IBIN) (Hack Read) A famous Pakistani hacker going with the handle of h4x0r HuSsY is back, this time the hacker has hacked and defaced the official website of Indian Bioresource Information Network (IBIN) under government of Goa, India. The site was hacked today, left with a deface page along with a message in which hacker has been bashing Indian hackers for attacking Pakistani cyber space. The deface message was expressed in
#OP7: Anonymous Brazil calls for biggest protest in the history of Brazil on September 7 (Hack Read) The online hackavist group Anonymous Brazil has asked Brazilians to join them on 7th September 2013, the country's independence day in one of the biggest protest against politicians and massive corruption. The protest will be conducted under the tag of '#OP7' in 140 cities especially against group of politicians involved in stealing massive amount of money from the government for ages without being charged
"Homeless hacker" Commander X quits Anonymous, retreats to robot lab (Ars Technica) Will "fade into the mists of myth and legend."Last year, I traveled to Canada to write a long profile of "homeless hacker" Christopher Doyon, who goes by the name "Commander X" and who is on the run from the US government. (Doyon brought down a California county's website for 30 minutes, with the help of Anonymous, as part of his protest over an "anti—sleeping" law targeting homeless people; he is under indictment in the Northern District of California and is the only known Anon who has jumped bail to live "in exile.") Doyon's life has been by turns bizarre and dramatic, but last week the online drama surrounding Anonymous proved too much even for him—and he quit
Persistent adversaries can identify Tor users (Help Net Security) Using the Tor network will not you grant perfect anonymity - in fact, a group of researchers from the US Naval Research Laboratory and Georgetown University say that "Tor users are far more susceptible
PRISM repercussion on the Tor network accesses (Security Affairs) The use of Tor Network to preserve user's anonymity and to avoid government surveillance, we discussed this topic several times explaining that through the analysis of Tor metrics data it was possible to study the effect of political events in the cyberspace. Cyberspace and ordinary life are directed linked, a disorder in the every part of globe has its repercussion on the cyber domain and viceversa. Analyzing the use of Tor Network it is possible to detect social protests or censorship/surveillance applied by any government
NSA Laughs at PCs, Prefers Hacking Routers and Switches (Wired) The NSA runs a massive, full-time hacking operation targeting foreign systems, the latest leaks from Edward Snowden show. But unlike conventional cybercriminals, the agency is less interested in hacking PCs and Macs. Instead, America's spooks have their eyes on the
Attacker could gain control of Supermicro's industrial control system, warns CERT (FierceITSecurity) An attacker could steal sensitive information, launch a denial of service attack, or gain control of Supermicro's (NASDAQ: SMCI) Baseboard Management Controller through multiple vulnerabilities, warned CERT in a vulnerability note issued Friday
G20 Summit Used as Bait to Deliver Backdoor.Darkmoon (Symantec) Ahead of tomorrow's G20 summit in Saint Petersburg, Russia, attackers are leveraging the meeting's visibility in targeted attacks. One particular campaign we have identified is targeting multiple groups. They include financial institutions, financial services companies, government organizations, and organizations involved in economic development
Malware Delivered by Fake Xerox Emails, says Bitdefender (SPAMfighter News) According to security firm Bitdefender, a new spam email campaign is currently masquerading across the Internet which is abusing the name and popularity of
Malicious Spammers Bait Facebook Users with Fake News Feed (ThreatTrack Security Labs) Here's something new about Facebook spam: the criminals behind this latest campaign are now using Facebook's "news feed" as lure to get recipients clicking on malicious links
Citadel botnet resurges to storm Japanese PCs (The Register) Banking Trojan infects 20,000 IP addresses. Citadel, the aggressive botnet at the heart of a widely criticised takedown by Microsoft back in June, is back and stealing banking credentials from Japanese users, according to Trend Micro. The security vendor claimed to have found "at least 9 IP addresses", mostly located in Europe and the US, functioning as the botnet's command and control servers
APT malware NetTraveler learning new tricks (CSO) Advanced Persistent Threat exploits Java vulnerabilities, embraces watering hole technique, says researcher. An Advanced Persistent Threat (APT) called NetTraveler has been spotted making mischief again, but it appears to have learned a few new tricks since it was last spotted in June. The malware is now attacking a known Java vulnerability, CVE-2013-2465, and added water holing to its propagation strategy, according to new research from Kaspersky Lab
Chinese Cyberspies Enlist Java Exploit (Dark Reading) The so-called NetTraveler targeted attack campaign discovered earlier this year by Kaspersky Lab is now employing an exploit that takes advantage of a just-patched Java bug, and is also adopting the increasingly popular waterholing technique to infect targets. NetTraveler, a.k.a. Red Star, Travnet, and Netfile, is a less sophisticated but persistent attack campaign with uncanny longevity: For nearly 10 years, it has targeted hundreds of victims in 40 different countries across governments, embassies, oil and gas, military contractors, activists, and universities. The APT group is made up of some 50 members and has traditionally employed patched Office exploits — namely CVE-2012-0158
Hand of Thief Linux Trojan fails to work as promised (Help Net Security) RSA researchers have recently spotted a banking Trojan targeting Linux systems being sold online by a cybercrime team based in Russia. Dubbed Hand of Thief by its creator(s), the malware apparently has form grabbing and backdoor capabilities, and is able to block the victims' access to hosts offering AV solutions and security updates. It also purportedly works on 15 different Linux desktop distributions and supports 8 different desktop environments
Suspicious Responses: Shining a New Light on an Old Threat (Umbrella Labs) OpenDNS users may have noticed an intriguing security feature in their dashboard: the ability to block "suspicious responses." When enabled, this feature blocks any DNS response containing IP addresses within a private IP range
San Francisco InterContinental Hotel Admits Security Breach (eSecurity Planet) An undisclosed number of guests' names, mailing addresses, e-mail addresses, phone numbers and credit/debit card numbers may have been accessed
Packet captures and log files for Port 14566 (Internet Storm Center) A recent uptick in Port 14566 shows some activity over the past month, as shown in our DShield Report(1), however we have little information about what exactly is happening. Some activity, then a lag near the end of August, followed by a large spike at the end, and the top port the past 24 hours, is curious. A search of that port using Google and other security and traffic sites has yielded little, so if anybody has log files or activity of this port, we'd love to have a look
Software developer releases tool that claims to reveal Mega users' master key (Parity News) Michael Koziarski, a software developer, has released a browser based JavaScript bookmarklet, which he claims has the ability to reveal Mega users' master key. Koziarski went onto claim that Mega has the ability to grab its users' keys and use them to access their files. Dubbed MegaPWN the tool not only reveals a user's master key, but also gives away a user's RSA private key exponent. "MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing that it is not actually encrypted and can be retrieved by MEGA or anyone else with access to your computer without you knowing," reads an explanation about the bookmarklet on its official page
Energy Department Updates Breach Count, Says 53,000 Affected (InformationWeek) DOE offers employees a free year of identity theft monitoring services after hackers steal personal info, including social security numbers
How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts? — part two (Webroot Threat Blog) We continue to observe greed-centered underground market propositions selling access to malware-infected hosts based in Russia and Eastern Europe, a practice which has been largely avoided by cybercriminals for years in order to avoid attracting the attention of local law enforcement. How are these prices shaped? Are these examples an indication of a trend, or a fad largely based on the seller's inability to secure a long-term revenue stream for selling? Are we witnessing a commoditization and over-supply of malware-infected hosts based in developed countries? Let's find out
Online Attack Leads to Peek Into Spam Den (New York Times) For years, Igor A. Artimovich had been living in a three-room apartment he shared with his wife in St. Petersburg, sitting for long hours in front of his Lenovo laptop in his pajamas, drinking sugary coffee. If he were known at all to Western security analysts who track the origins of spam, and in particular the ubiquitous subset of spam e-mails that promote male sexual enhancement products, it was only by the handle he used in Russian chat rooms, Engel
Anatomy of a killer bug: How just 5 characters can murder iPhone, Mac apps (The Register) What evil lurks in the Unicode of Death…oh, a buffer overrun. There has been much sniggering into sleeves after wags found they could upset iOS 6 iPhones and iPads, and Macs running OS X 10.8, by sending a simple rogue text message or email. A bug is triggered when the CoreText component in the vulnerable Apple operating systems tries to render on screen a particular sequence of Unicode characters: the kernel reacts by killing the running program, be it your web browser, message client, Twitter app or whatever tried to use CoreText to display the naughty string
Woah! Read this before you update the Google Authenticator app on your iPhone (Graham Cluley) Google has updated Google Authentictor, its iOS app for managing two factor authentication codes for accessing accounts. But if you install the app onto your iPhone or iPad, you'll find it wipes out all of your existing account information
Cyber Trends
State–Sponsored Cyber Attacks — This is Only the Beginning: Survey (SecurityWeek) The consensus of nearly 200 senior IT security professionals attending Black Hat USA 2013 in Las Vegas is that we're losing the battle against state-sponsored cyber attacks and things are not going to improve any time soon
Data–Security Expert Kaspersky: There Is No More Privacy (Wall Street Journal) Russia's Eugene Kaspersky Talks to WSJ About Growing Cyberthreats. A month after National Security Agency leaker Edward Snowden arrived at the airport here, Russian computer-security expert Eugene Kaspersky fielded a question on the newly-exposed U.S. surveillance programs at his office down the road. "There is no more privacy," the 47-year-old CEO of antivirus software firm Kaspersky Lab told a group of journalists
Data Privacy, Ownership In Precision Agriculture (PrecisionAg) The line between what data and information a grower is willing to share, and a company is allowed to use, will keep vacillating in the future
Over one–fifth of people use ad–blocking software—and it's beginning to hurt (Quartz) Last week, Quartz reported on an unlikely crowdfunding campaign: The browser extension AdBlock, which does exactly what its name says, is raising money so it can fund online ads that tell people how to use it to block online ads. As of this writing, the campaign has surpassed its second goal of $50,000, which AdBlock says will allow it to not only post online ads but also get space on a billboard in Times Square. We estimated that AdBlock is probably doing rather well for itself through donations alone and noted that the more people use AdBlock the more it could harm sites that rely on advertising revenue to stay afloat
Vulnerabilities Everywhere (Secunia) Every day, we read about cyber-attacks and data breaches, incidents that represent in many cases a disaster for private companies and governments. Technology plays a significant role in our lives; every component that surrounds us runs a piece of software that could be affected by flaws and exploited by those with ill intentions
Marketplace
Amazon hiring 'top secret' IT staff as it fights for CIA work (Computer World) Government private cloud bid represents new approach for Amazon — one that has put it at odds with IBM. The U.S. isn't doing a good job keeping secrets. Think Edward Snowden. But demand for trustworthy IT professionals is strong, especially if they want to work for Amazon Web Services
New Systems Seek to Connect Troops at the Tip of the Spear (SIGNAL Magazine) Two ongoing military programs, one getting ready to deploy and another still in the prototype stage, aim to connect troops at the very tactical edge back to larger military data and communications networks. These programs—one service–oriented, the other an agency effort—are part of the Defense Department's thrust to make warfighters, especially individual soldiers in small units, more connected
Landrieu seeks 'cyber footprint' for Louisiana (FCW) Sen. Mary Landrieu wants the federal government to build out its cybersecurity capabilities in her home state, far away from the federal contracting hub inside the Beltway. The Louisiana Democrat — who is up for re–election in 2014 — has parochial reasons for making such a pitch. But some experts agree with her
DRC Wins $6 Billion Blanket Purchase Award for Cyber Security Support (Wall Street Journal) Dynamics Research Corporation (Nasdaq:DRCO), a leading technology and management consulting company focused on driving performance, process and results for government clients, today announced it was one of 17 awardees of a $6 billion blanket purchase agreement for the Department of Homeland Security Continuous Diagnostics and Mitigation, Tools and Continuous Monitoring as a Service program to deploy continuous monitoring tools and services throughout the federal government. The contract has a one–year base period of performance and four one–year option years
GridCOM Technologies Awarded California Grant To Protect U.S. Electrical Grid From Cyber Attack (PRNewswire) GridCOM Technologies, the leader in quantum cyber security solutions for energy infrastructure, has been awarded a grant from the state of California to help protect the country's vulnerable electrical grid from the growing threat of cyber attack
VMware's security efforts lack focus, argues analyst (FierceITSecurity) VMware (NYSE: VMW) has shifted its security focus from security application programming interfaces (APIs) to a virtual networking platform, observes Paula Musich, principal analyst for enterprise security at Current Analysis, in a recent blog. Prior to its acquisition of software defined networking firm Nicira for more than $1 billion, VMware was focusing its security efforts on a set of higher level APIs developed with security partners to replace its VMsafe APIs. The new APIs were intended to be easier to work with and provided a greater variety of security functions, explained Musich
In–Q–Tel Investment Signals Intel Community Focus on Data Sharing (Nextgov) The CIA's venture capital arm is investing in cloud software provider Socrata Inc., a company that aims to "democratize" access to government data by making information more accessible to the public as well as internally to agency managers
Spry Methods, Inc. Completes Acquisition of James Secure Solutions, Inc. (gnom.es) Spry Methods completed its acquisition of James Secure Solutions, Inc. (JSS), just ranked by Inc., as #98 on the Top 100 Government Services Companies nationwide, is a leading provider of Cyber Security, Information Assurance, and Continuous Monitoring, services the Intelligence Community, Department of Defense, and federal law enforcement agencies who sustain mission critical operational and developmental programs in support of our Nation's security. JSS is well known within the industry for vulnerability and security assessments, penetration testing, risk management framework, FISMA compliance, auditing and audit review participation, and incorporating security into various development methodologies, i.e., Agile. JSS now becomes part of Spry Methods, which provides Information Technology, Enterprise Resource Planning, Financial Management, Business Process Consulting, C5ISR and Systems Engineering services in support of the United States Navy, Army, Department of Homeland Security, USDA, HUD, and the Intelligence Community
Arbor Networks acquires Packetloop (Help Net Security) Arbor Networks has acquired privately held Packetloop, an innovator and provider of Security Analytics. Terms of the deal were not disclosed. Arbor plans to invest in and expand Packetloop's Sydney, Australia
Who wins and who loses in Microsoft's acquisition of Nokia (Quartz) Microsoft just bought Nokia's smartphone business for $7.2 billion. No matter how this turns out, the implications for both companies, and for the fortunes of other smartphone makers, especially in emerging markets, could be huge
Elop in July: It's "Hard to Understand the Rationale" for Selling Nokia's Devices Business (All Things D) Microsoft's massive $7.2 billion deal to acquire Nokia's handset and services business has been rumored ever since the Finnish company's CEO, Stephen Elop, agreed to standardize Nokia's smartphones on Microsoft's Windows Phone operating system. And it's one that Elop touted as almost inevitable in a press conference Tuesday morning
Microsoft's Nokia Buy: Consumer Chase Is On (InformationWeek) Microsoft can't live by enterprise dollars alone. By purchasing Nokia's device business, Microsoft has shown its consumer strategy will survive into the post-Ballmer era
Verizon bets big on U.S. wireless market (CNN Money) One of the biggest deals in corporate history solely targets the already saturated U.S. wireless market. Verizon (VZ, Fortune 500) is paying $130 billion to take full control of Verizon Wireless from U.K. partner Vodafone (VOD), giving it full control of America's largest and most profitable wireless provider
Forget the Microsoft Soap Opera. It's the Verizon Deal That Matters (Wired) To be sure, Microsoft's purchase of Nokia's cellphone business makes for a better story. The $7.17 billion deal spans the big-time patent wars, a simmering drama over the CEO succession plan at Microsoft, and the tragic spectacle of two aging tech giants flailing around in search of relevance — not to mention all those shiny gadgets
BAE Systems picks up two execs from Lockheed (Washington Business Journal) Two former Lockheed Martin executives have joined BAE Systems' Intelligence & Security sector in McLean, the defense contractor announced Tuesday
Products, Services, and Solutions
Alert Logic And Kroll Announce Strategic Alliance (Dark Reading) Strategic alliance to help businesses identify, respond to, and recover from data breaches and other security incidents
Google Glass Sharpens View of Wearable Computer Future (SIGNAL Magazine) From wearable mobile devices to a sensor that lets you control your screen with the wave of a hand, cutting-edge consumer technologies could be key to solving government challenges
FireEye Launches New 'Continuous Protection' Platform (SecurityWeek) FireEye, the soon-to-go-public provider of threat protection solutions, today announced a new, real-time, continuous protection platform that leverages a combination of people, technology and intelligence to protect customers against advanced cyber attacks. Dubbed "Oculus", the new platform from FireEye is comprised of three components
GitHub adds two–factor authentication option (Help Net Security) GitHub is the latest web-based service to add a 2–factor authentication feature to make the users' login process more secure
Privacy case makes your phone untrackable (Help Net Security) With all the recent revelations about NSA's long cyber reach and the (in)voluntary involvement of big Internet companies and US telecoms in its many surveillance programs, it's not entirely surprising that a Kickstarter project offering a portable and usable Faraday cage for mobile devices has been successful
NSA–resistant Android application 'burns' sensitive messages (CSO) Silent Circle's messaging application ensures only the sender and receiver can view messages and files. Silent Circle, a company specializing in encrypted communications, released a messaging application for Android devices on Wednesday that encrypts and securely erases messages and files
Neohapsis and Arxan protect sensitive apps (Help Net Security) Neohapsis and Arxan announced a partnership to offer enhanced tamper-resistance and self-defense built into a comprehensive application security strategy
30–Second HTTPS Crypto Cracking Tool Released (InformationWeek) Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible. Details of the BREACH — short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext — attack were first revealed last month at the Black Hat information security conference in Las Vegas by Salesforce.com lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and Salesforce.com lead security engineer Yoel Gluck
Android 4.4 named KitKat (Open Source Insider) The next version of the open source Android mobile operating system from Google has been named KitKat. Now powering what is estimated to be more than 1 billion of the planet's smartphones and tablets, Android 4.4 had previously been rumoured to be named Key Lime Pie
#Socialmediaruinedmylife: Live to (not) regret using social media (Trend Micro) Those who have ruined their reputations and damaged their careers after posting inappropriate material on social networks include politicians, movie and sports stars as well as teachers, police officers and even fast food restaurant employees. The problem of exposing too much information could continue to plague social media users, a possibility supported in the August 2013 poll by Cint USA and the global security software developer Trend Micro. According to the poll, 24 percent of the respondents said they have posted something they later regretted or removed, and 36 percent said they have seen something they regard as inappropriate
Technologies, Techniques, and Standards
Domain Security Needs More Than Registry Locks (Dark Reading) Protecting domains requires registry locks as well as other measures, including two-factor authentication and administrative access control. Today's networking infrastructure relies on the domain name system--not only a company's public-facing Web servers and Internet appliances but much of its private infrastructure as well. But enterprises need to better protect their DNS environments, as last week's attack on a reseller of domain registrar MelbourneIT and the subsequent redirection of the New York Times, the Huffington Post, and two subsidiary Twitter domains, demonstrated. While the attacks should not have come as a surprise, the vast majority of companies are unprepared for such malicious attention
Do You Know Where Your Databases Are? (Dark Reading) One of the most important first steps to any database security strategy is also coincidentally one of the most likely to be forgotten: enumerating the databases an organization manages. After all, unless an enterprise knows how many databases it has and which ones contain sensitive information, it is pretty difficult to prioritize them based on risk and implement appropriate controls. And yet, many organizations are operating in the dark with regard to database discovery
Online backup for mobile devices: Key factors to consider (Help Net Security) Most technology users keep personal information (contacts, calendars, documents, photos, etc.) on their mobile devices. That information isn't protected if the mobile is lost/stolen
Emulating binaries to discover vulnerabilities in industrial devices (IOActive Labs Research) Emulating an industrial device in a controlled environment is a really helpful security tool. You can gain a better knowledge of how it works, identify potential attack vectors, and verify the vulnerabilities you discovered using static methods. This post provides step-by-step instructions on how to emulate an industrial router with publicly available firmware. This is a pretty common case, so you should be able to apply this methodology to other scenarios
PCI DSS 3.0 is a start, but more changes are needed (SC Magazine) The PCI Security Standards Council (PCI SSC) recently released highlights of the widely anticipated PCI DSS 3.0 requirements. Businesses that store, process or transmit cardholder data must follow the requirements to better protect their customers' information from being stolen by criminals
Dude, where's my security ROI? (CSO) When it comes to security, ROI or return on investment has historically been difficult to measure. It's a bit like that bar receipt from Las Vegas that you don't want to bring up around management because it's hard to defend
Academia
Kaspersky Lab kicks off its annual student conference 'CyberSecurity for the Next Generation — 2014' (Kaspersky Lab) Kaspersky Lab announces the start of its international student competition 'CyberSecurity for the Next Generation' for the new academic year. In 2014 the conference will comprise four regional rounds and a global final. Entries can be submitted for all regions from September 1, 2013 at the new online platform
How the government intends to close the cyber security skills gap (Computing) The Department for Education recently published a revised national curriculum framework and programme of study for computing, including references to the safe use of technology and to protecting online privacy and identity at key stages 3 and 4
Making the grade in Massive Open Online Courses (C/Net) MOOCs are becoming increasing popular as a way for people to access lessons from Ivy League universities. But access doesn't always translate into student success
NUARI to Receive $9.9 Million Contract from U.S. DHS S &T to Develop Technologies for Combating Cyber Attacks (IT News Online) Norwich University Applied Research Institutes (NUARI) and U.S. Senator Patrick Leahy (D-Vt.) announced Thursday that U.S. Department of Homeland Security Science and Technology (DHS S &T) directorate intends to award NUARI a $9.9 million contract for technologies and systems to help financial institutions, government agencies and other critical infrastructure respond to cyber attacks through expansion of capabilities of its DECIDE software platform
Legislation, Policy, and Regulation
India govt concerned about Chinese apps (ZDNet) Amid the growing popularity of Whatsapp and UC Browser in India, various government agencies have expressed concerns over potential security risks of these made–in–China mobile apps
Brazilian government plans national 'anti–snooping' email system (Wired) The Brazilian government is planning to develop a national email system that is protected from the sort of espionage that the US National Security Agency carries out. The government has already been working with the national postal agency Correios to develop the new commercial email system, providing an alternative to the likes of Gmail and Hotmail, which would guarantee the veracity of documents and offer functions such as a delivery certification showing when an email has been read by the recipient
President Obama says U.S. not snooping on ordinary people's emails, phones (Reuters) President Barack Obama said on Wednesday the United States was not spying on ordinary people's correspondence and phone calls, but its international intelligence gathering was targeted at specific areas of concern. "I can give assurances to the publics in Europe and around the world that we are not going around snooping at people's emails or listening to their phone calls," Obama said during a joint news conference with Swedish Prime Minister Fredrik Reinfeldt
New documents detail cyber operations by US (Economic Times) Newly disclosed budget documents for America's intelligence agencies show how aggressively the United States is conducting offensive cyber operations against other states, even while the Obama administration protests attacks on U.S. computer networks by China, Iran and Russia
Dispute over report about secret NSA budget (Security Info Watch) The National Security Agency on Thursday disputed a published report that secret intelligence budget files provided by agency leaker Edward Snowden show that the surveillance agency warned in 2012 that it planned to investigate up to 4,000 cases of possible internal security breaches
The Only Way to Restore Trust in the NSA (The Atlantic) The public has no faith left in the intelligence community or what the president says about it. A strong, independent special prosecutor needs to clean up the mess. I've recently seen two articles speculating on the NSA's capability, and practice, of spying on members of Congress and other elected officials. The evidence is all circumstantial and smacks of conspiracy thinking — and I have no idea whether any of it is true or not — but it's a good illustration of what happens when trust in a public institution fails
Piecemeal Approach to Cyber Legislation (Healthcare Info Security) As lawmakers head back to Washington after their summer recess, the U.S. Senate likely will take a piecemeal approach to cybersecurity legislation, says Jacob Olcott, the former counsel to the Senate Commerce, Science and Transportation Committee, whose leaders introduced a draft bill
Leaked documents show Information Sharing Environment budget of $25M (FierceGovIT) The Information Sharing Environment within the Office of the Director of National Intelligence has an annual budget of around $25 million, shows a budget document leaked by former intelligence contractor Edward Snowden
Cameron Kerry decries U.S. privacy notice model while warning against divided Internet (FierceGovIT) The model underlying current American privacy protection is clearly no longer sufficient, said outgoing Commerce Department General Counsel Cameron Kerry in an Aug. 28 speech, while warning against attempts to prevent European data from residing on U.S.-based servers
Army swears in new cyber command leader (FCW) In a ceremony held Sept. 3 at Fort Belvoir, Va., Army Chief of Staff Gen. Ray Odierno swore in Lt. Gen. Edward Cardon as commander of Army Cyber Command. Cardon previously served as commanding general of the 2nd Infantry Division in South Korea. Prior to that, he was deputy commanding general for support for U.S. Forces-Iraq. That appointment was the last of Cardon's several commanding positions in and deployments to Iraq
Litigation, Investigation, and Law Enforcement
Vladimir Putin: Russian Officials Were In Contact With Snowden Before Flight To Moscow (Business Insider) Russian officials were in touch with Edward Snowden before the US intelligence leaker flew to Moscow from Hong Kong, President Vladimir Putin has revealed
Did WikiLeaks Sell Out Snowden To The Russians? (Business Insider) Is it just a coincidence that former NSA analyst Edward Snowden, a valuable intelligence asset, ended up in the hands of Russia's security services? Or did WikiLeaks, the "anti-secrecy" organization that has taken responsibility for Snowden, send him there in collaboration with the Russians Former senior U.S. intelligence analyst Joshua Foust makes a compelling argument that Wikileaks may have been infiltrated by Russia's Federal Security Bureau, the post-Soviet successor to the KGB
Russia Issues International Travel Advisory to Its Hackers (Wired) For roughly two decades Russia has been something of a safe haven for professional spammers, hackers, phishers and fraudsters hitting the U.S with cyber scams. Now the Russian government has some advice for its cyber criminal class, and any other citizens who might be wanted by U.S. law enforcement: Don't leave home
Surveillance Law Meant to Curb Spying, not Boost It, Senators Say (Courthouse News Service) Walter Mondale and another former senator who crafted the 1978 Foreign Intelligence Surveillance Act want to join in the fight against the National Security Agency's spying powers. The so-called Church Committee, which published 14 reports on U.S. intelligence agencies and their operations, formed as members of Congress learned about the abuses of power in the Nixon administration
HTC's star smartphone designer allegedly stole secrets for a Chinese city government (Quartz) Taiwanese authorities have arrested three former heads of HTC, a leading Taiwanese smartphone maker, on suspicion of handing trade secrets over to the city government of Chengdu, in Sichuan province, as Reuters reports, citing Next Magazine
Data breach lawsuits roll on as lawyers work to establish legal precedent (SC Magazine) Nearly a decade ago, identity thieves posed as customers to steal more than 160,000 consumer records from data broker ChoicePoint. If the incident were to happen today, it likely would be met with a passing yawn, common hacker play that is nothing more than just another headline, only to replaced by tomorrow's breach, that one by the next day's. But the ChoicePoint heist remains a landmark incident, mostly because it was the first big breach required to be publicly reported, thanks to a pioneering notification law passed in 2003 in California, known as SB-1386
AT&T's massive call detail record database accessible to DEA agents (Help Net Security) Since 2007, AT&T employees have been working side by side with US Drug Enforcement Administration and local law enforcement agents, helping them access electronic call detail records (CDRs) for suspected
Texas comptroller ducks data breach deposition by claiming immunity (FierceITSecurity) The Texas comptroller successfully invoked governmental immunity in avoiding a pretrial deposition for a data breach that exposed personal information on millions of Texans, according to a report by Law360
Lawyers report steep rise in employee data theft cases (Naked Security) UK law firm EMW has reported a sharp rise in confidential data theft cases brought before the High Court. Is that because data control is becoming laxer, or actually because things are tightening up so that more crooks are getting caught
UK authorities handled more than 700 cases of personal data theft over 5 years (FierceITSecurity) U.K. authorities have investigated more than 700 cases of theft of personal information over the last five years, according to an analysis by The Sunday Telegraph newspaper and the Big Brother Watch privacy group
Microsoft, Google fail to reach accord with US government over surveillance data release (FierceITSecurity) Negotiations between Microsoft (NASDAQ: MSFT) and Google (NASDAQ: GOOG) on one side, and the U.S. government on the other, over publishing data on the National Security Agency's (NSA's) surveillance program have ended in "failure," Microsoft General Counsel Brad Smith acknowledged in a blog post on Friday
Microsoft, Google discover newfound respect for Constitution (FierceITSecurity) Microsoft (NASDAQ: MSFT) and Google (NASDAQ: GOOG) have discovered a newfound respect for the U.S. Constitution. In their efforts to disclose additional information about the data they turned over to the National Security Agency, the two firms are waving the flag and appealing to the First Amendment
Why Child Identity Theft is Dangerous (McAfee) Identity theft in the form of new account fraud can happen to anyone with a Social Security number, which includes virtually any American with a pulse...as well as some who no longer do. Identity theft can even happen to your newborn baby shortly after a Social Security number has been issued to him or her and this could have long term implications for your child
Nine cyber syndicate members remanded (ITWeb) Nine members of a cyber syndicate, which allegedly stole R15 million, have been denied bail. The syndicate reportedly defrauded thousands of people through phishing scams, opening false store accounts and accessing credit using cloned identities. Forty-five members of an alleged cross-continental cyber syndicate, which stole R15 million from South Africans, were released on bail yesterday
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, Oct 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.
TechCrunch Disrupt San Francisco (San Francisco, California, Sep 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September 7-11 on your calendar, because you're not going to want to miss Disrupt SF 2013. The Hackathon kicks everything off, followed by our main event, which starts every morning with panels of special speakers and guests, one-on-one chats featuring TechCrunch writers and editors, special guest speakers and judges, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. In the afternoons, the Startup Battlefield presentations begin, with the final presentations held on the last day of Disrupt.
SANS CyberCon Fall 2013 (Online, Sep 9 - 14, 2013) With sequestration still in place, organizations are finding themselves with training budgets, but drastically reduced travel budgets. This one-of-a-kind online training event brings SANS' top instructors teaching SANS' top courses to those who can't travel.
15th Annual AT&T Cyber Security Conference (New York, New York, USA, Sep 10, 2013) The AT&T Cyber Security Conference is an annual day-long conference offered by the AT&T Chief Security Office. Combining the expertise of its security experts, the scale and reliability of its global IP network and the innovation of AT&T Labs, AT&T is giving businesses some of the most powerful weapons available today in their battle against cyber security attacks. The conference showcases AT&T's leadership in helping businesses, large and small, manage the increasingly complex and critically important security of their IT networks and assets.
First Regional Southeast Conference on Cyber Security for National Security (Charleston, South Carolina, USA, Sep 10, 2013) The First Southeast Regional CS4NS Conference focuses on the immediate need of strengthening the critical cyber infrastructure of our nation. The conference will address the current cyber security state and rank vulnerabilities of our Critical Infrastructure/Key Resources (CI/KR), Internet Infrastructure, and available security resources. Discussions will highlight future development needs and solutions, especially for underserved businesses and government. Overall, CS4NS will answer the question "Are we secure?"
International Common Criteria Conference (Orlando, Florida, USA, Sep 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC has become the main marketing and meeting opportunity for all those involved in the specification, development, evaluation, and validation or certification of IT security.
Angel Venture Forum: Cyber Security & Healthcare Investment Conference (Washington, DC, USA, Sep 11, 2013) With the increasing adoption of cloud computing, mobile devices and web-based applications, hackers have more opportunities than ever to infiltrate and crash network systems, especially in healthcare, which is increasingly becoming more vulnerable. The two greatest areas of opportunity for investment capital and the start-up community is in healthcare and cyber security. The nexus of these two sectors provides an even greater and more focused set of opportunities for investment. The Angel Venture Forum brings together all star roundtables of experts to opine and discuss the topics and the opportunities herein.
GrrCon (Grand Rapids, Michigan, USA, Sep 12 - 13, 2013) Says IT World, "Another hacker conference, this time in Michigan. The schedule looks to be bawdy, brash and anything but dull, with hackers promising to "pwn" you before you leave town. There are also sessions on penetration testing tools and mobile hacking methods."
cybergamut Technical Tuesday: Malware Analysis for the Masses (Columbia, Maryland, USA, Sep 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With modern technology and tools, it's now possible for junior security analysts to gather detailed malware indicators to craft defense and alert signatures. More enticing, all of this can be done with free tools and applications, some written by this presenter.
Shaping the Future of Cybersecurity Education Workshop (Gaithersburg, Maryland, USA, Sep 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National Cybersecurity Education Interstate Highway".
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
Strange Loop (, Jan 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and where we're not. Topics include emerging languages, concurrent and distributed systems, new database technologies, front-end web, and mobile.
ISSA Cyber Security Forum at Ft Belvoir (Fort Belvoir, Virginia, USA, Sep 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber security and information technology products/services available today. This is an excellent opportunity for exhibitors to network with key decision makers, cyber, technology, communications and contracting personnel from various commands and tenant units at Fort Belvoir.
CISO Executive Summit (Atlanta, Georgia, USA, Sep 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind of change that is sweeping through the IS community motivating today's information guardians to develop a new way of thinking to ensure success in protecting their respective organizations. (At Hacker Halted USA.)
2013 Cyber Security Summit (New York, New York, USA, Sep 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be held September 25th at the Hilton in New York City, will showcase the latest tools and resources available to defend against cyber crime on both corporate and government levels. Keynote addresses and interactive panel discussions lead by notable security experts will highlight strategic priorities, risk factors, threats and provide inspirational guidance to prepare and protect from attacks.
4th Annual Cybersecurity Summit (Washington, DC, USA, Sep 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote at the 4th Annual Cybersecurity Summit on September 25, 2013 at the National Press Club in Washington, D.C.Michael Daniel, White House Cybersecurity Advisor, and Gen. Keith Alexander, Commander U.S. Cyber Command, and Director, NSA, are confirmed to keynote. Cybersecurity topics to be addressed include: the White House Cybersecurity Executive Order, the Cybersecurity Framework and New Emerging Standards for Critical Infrastructure, information sharing, mobile security and BYOD, legislative developments in cybersecurity, big data and cloud cybersecurity, continuous monitoring, cyber situational awareness, and the JIE rollout active defense and cyber warfare. Organized by Billington CyberSecurity™.