The CyberWire Daily Briefing for 10.22.2013
Indonesian hackers deface US State Department diplomatic mission sites. The motive is unclear: they may have done it just for the lulz.
The International Atomic Energy Agency (IAEA) warns member states it found malware on its networks in recent months. The IAEA doesn't think any data were lost.
International SOS—a medical and security service commonly used by study abroad programs—has been hacked, and users are advised to look to their data. This service sees heavy academic use, and it's worth reflecting that this episode, along with recent breaches at Sacramento State and Michigan State, can serve as a warning that academic networks represent a huge de facto BYOD experiment. It's no accident that uncontrolled endpoints, a vast attack surface, and attractive targets make them extraordinarily susceptible to attack. Note that younger users in universities and the workplace are so connected to their devices that they routinely ignore BYOD policies and prudent Internet hygiene. Surely there's work to be done here.
CryptoLocker ransomware continues to evolve in malice and efficiency. The SANS Institute blegs for info you may have on the campaign.
Here's a partial answer to what would fill Blackhole's niche in the criminal ecosystem: Cutwail hoods have replaced it with the Magnitude exploit kit.
SAP reports an "explosion" in its cloud revenue, which it happily attributes to post-Snowden surveillance backlash.
The Atlantic Council advises governments to get out of the way of industry cyber intelligence sharing. Governments worldwide struggle to evolve effective, workable security and privacy legislation.
Notes.
Today's issue includes events affecting Australia, Austria, China, Ethiopia, European Union, France, Germany, Indonesia, Israel, Italy, Japan, People's Democratic Republic of Korea, Republic of Korea, Mexico, Nigeria, Qatar, Russia, Saudi Arabia, Thailand, Turkey, United Arab Emirates, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Website of U.S. (US Embassy.gov) Embassies, Consulates, and Diplomatic Missions Hacked by Indonesian Hackers (HackRead) In an extremely high profile hack, An Indonesian hacker going with the handle of Dbuzz has hacked and defaced the official blog of a website managed by the U.S. Department of State, dealing with U.S embassies, Consulates, and Diplomatic Missions all over the world. The blog was hacked yesterday where hacker left a deface page along with a short message
Malware infected some U.N. nuclear agency computers (Yahoo Finance) Malicious software infected some U.N. nuclear agency computers in recent months but no data in its network is believed to have been compromised, the agency said in a confidential note to member states
Hackers breach ISOS emergency records (The Dartmouth) International SOS, a global medical and security services company that is a primary resource for Dartmouth students traveling abroad, reported in September that its U.S.-based servers were hacked in late August. The cyber attack breached the company's emergency records, which contained clients' names, addresses, emails and passport information
Simple, but critical vulnerability in Verizon Protal revealed users' SMS history (Hacker News) A Security researcher discovered a critical privacy vulnerability on Verizon Wireless's Web-based customer portal that allows anyone to download user's SMS History and Numbers of other users he communicated with
Rogue ads lead to the 'EzDownloaderpro' PUA (Potentially Unwanted Application) (Webroot Threat Blog) We've just intercepted yet another rogue ad campaign, attempting to trick users into installing the EzDownloaderpro PUA (Potentially Unwanted Application). Primarily relying on catchy "Play Now, Download Now" banners, the visual social engineering tactic of this campaign is similar to other PUA related campaigns we've previously profiled. Let's take a look at this new rogue ad campaign, and provide relevant threat intelligence on the infrastructure behind it
Cryptolocker Update, Request for Info (Internet Storm Center) It was briefly mentioned in a previous posting, but the Cryptolocker ransomware is still going strong. In essence, post infection it encrypts all of your "document" files based on file extension and then gives the user 72 hours to pay the ransom ($300 USD or 2 BTC). It is one of the few pieces of ransomware that does encryption right so at present, short of paying the ransom, there is no other means to decrypt
CryptoLocker: Its Spam and ZeuS/ZBOT Connection (TrendLabs Security Intelligence Blog) CryptoLocker, the latest strain of ransomware, is best known for trying to force users into paying a fee by encrypting certain files and then later offering a $300 decrypting tool. In this entry, we discuss how it arrives and how it is connected with other malware, most notably ZBOT/ZeuS
BKDR_LIFTOH.AD (TrendLabs Threat Encyclopedia) This malware is involved in a ZBOT spam campaign that targeted British users. Once the malicious attachment is opened, it inevitable leads to the download of ZBOT malware into the affected system
Ransomcrypt: A Thriving Menace (Symantec) While Ransomlock Trojans have plagued the threat landscape over the last few years, we are now seeing cybercriminals increasingly use Ransomcrypt Trojans. The difference between Ransomlock and Ransomcrypt Trojans is that Ransomlock Trojans generally lock computer screens while Ransomcrypt Trojans encrypt (and locks) individual files. Both threats are motivated by monetary gains that cybercriminals make from extorting money from victims
Blackhole Arrests — How Has The Underground Reacted? (TrendLabs Security Intelligence Blog) About two weeks ago, it was reported that "Paunch", the author of the Blackhole Exploit Kit (BHEK), had been arrested by Russian law enforcement. (In addition to his work on BHEK, Paunch is also suspected of working on the Cool Exploit Kit.) Some reports suggested that associates of Paunch had been arrested as well, although how exactly they were tied to BHEK remains unclear
Cutwail Cybercriminals Replace BlackHole with Magnitude Exploit Kit (Softpedia) A group of cybercriminals that uses the Cutwail spam botnet to distribute malware has switched from BlackHole to the Magnitude (Popads) exploit kit. Ever since the author of BlackHole was arrested, cybercriminals are trying to find a replacement for it. At least one group has started using Magnitude, researchers from Dell's SecureWorks report
Darkleech in Europe, Middle East and Africa (FireEye) In a previous blog post, we discussed how Darkleech-related malware wound up on a FireEye partner's website. We followed up with a post detailing a major wave of Darkleech activity linked to a major global malvertising campaign. In this post, we focus on trends in Europe, the Middle East and Africa (EMEA). The data presented here covers the five-month period through Oct. 7, 2013
Chinese hotel guests find data spaffed all over the internet (The Register) Chinese hotel-goers beware — newspaper reports from the Middle Kingdom claim that the personal details of thousands of guests from major hotel chains have been leaked online
Phishing scam strikes MSU employees direct-deposit system (LSJ) Michigan State University police detectives are investigating an attempted theft of MSU employee direct-deposit payroll earnings related to a sophisticated online "phishing" attempt, a spokeswoman said Monday
Ouidad Acknowledges Data Breach (eSecurity Planet) Hair products company Ouidad recently began notifying an undisclosed number of customers that their personal information may have been accessed by hackers between June 30 and July 4, 2013
Hacker stole $100,000 from users of California based ISP using SQL injection (Hacker News) In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including DDoS attack, SQL injection, DNS Hijacking and Zero-Day Flaws
Can you trust the apps you use? (Help Net Security) With the advent of smartphones, the word "app" has almost become a synonym for pleasure. Whatever you need, whatever you want is right there at your fingertips, located in a few huge online marketplace
Facebook data mining tool uncovers your life (Help Net Security) You know you shouldn't post potentially damaging data on Facebook, but more often that not, your friends don't think twice about it, and this can impact you even more than you think
How Apple's Address Book app could allow the NSA to harvest your contacts (Ars Technica) When syncing your Address Book to Gmail, HTTPS encryption isn't an option
Security Patches, Mitigations, and Software Updates
Patching the Perpetual MD5 Vulnerability (Infosecurity Magazine) Earlier this month, Microsoft updated the security advisory that deprecates the use of MD5 hash algorithms for certificates issued by certification authorities (CA) in the Microsoft root certificate program. The patch has been released so that administrators can test its impact before a Microsoft Update on February 11, 2014, enforces the deprecation. This is an important move in the fight against the cybercriminal activity that abuses the trust established by cryptographic assets like keys and certificates
Cyber Trends
Generation Y Users Say They Will Break Corporate BYOD Rules (Dark Reading) Most young employees are so dependent on their mobile devices that they are prepared to break any policy that restricts their use, according to a new study
[Interview:] Mikko Hypponen (Tech and Law Center) Tech and Law Center interviews Mikko Hypponen, Chief Research Officer for F-Secure. He has worked for the company since 1991 and has led his team through the largest malware outbreaks in history. In 2003 Hypponen's team took down the global network used by the Sobig.F worm and in 2004 he was the first to warn the world about the Sasser outbreak. In 2007 he named the infamous Storm Worm and in 2010 he produced classified briefings on the operation of the Stuxnet worm. Hypponen is also an inventor for several patents, including US patent 6,577,920 "Computer virus screening". Mikko Hypponen has assisted law enforcement authorities in the United States, Europe and Asia on cybercrime cases
Legal and Political Perspectives of Cyber Security (Bit9) I recently listened to Paul Rosenzweig's Thinking about Cybersecurity: From Cyber Crime to Cyber Warfare from the Great Courses. I found the content thought-provoking and relevant, which surprised me. Not knowing anything about Professor Rosenzweig or the Great Courses program, I expected the course to stay relatively shallow in order to appeal to a wide audience and the information to be stale due to lag in production times. But I was mistaken. I looked into Rosenzweig's background after getting sucked in by the first lecture and must admit I was surprised by the absence of computer science in his academic credentials, or Silicon Valley experience. Upon reflection I realize that the course shines because of those omissions, not in spite of them. He comes at the problems of cyber security primarily from legal and political perspectives, which makes it fresh to those of us who focus on it technically
In cyberarms race, North Korea emerging as a power, not a pushover (Mobile Device Management) A 4-year cyberattack-and-espionage campaign targeting key South Korean institutions suggests North Korean cyberwarfare capabilities are far more potent than previously believed
Consumers and Businesses Continue to Play Catch Up as Cybercriminals Develop More Sophisticated Attack Vectors (Digital Journal) ThreatMetrix™, the fastest-growing provider of integrated cybercrime solutions, continues its commitment to National Cyber Security Awareness Month by aligning to the week four theme, "Cybercrime." Criminals, especially cybercriminals, go where the money is. As more businesses adopt online transactions, cybercrime has become a lucrative market
Is antivirus worth the investment? (ComputerWeekly) Only 8% of European companies plan to decrease spending on antivirus (AV) in 2013, compared with 21% that will increase their investment in this area, according to a recent poll by Computer Weekly
Marketplace
Where To Find Next–Gen Cybersecurity Pros (InformationWeek) Millennials are generally uninterested in cybersecurity careers -- which is dangerous, given the shortage of experts in this vital field
Army Cyber Chief Meets Buyers In Pursuit Of Faster Acquisition (Breaking Defense) The Army's top cyber commander, Lt. Gen. Edward Cardon, met with acquisition officials for several days last week eager to find ways to buy capabilities within three years or less. Cardon told reporters at a roundtable here that he wanted to buy "faster, better, quicker" since the cyber realm doesn't really allow for the seven to 10 years a standard acquisition program usually takes
BAE Systems' DeEtte Gray on crisis management through sequestration, Snowden and shutdown (Washington Business Journal) During the shutdown, BAE Systems Inc.'s DeEtte Gray saw about 20 percent of her employees in the intelligence and security business excused from their jobs at customer sites. That came soon after Edward Snowden left a black mark on contractors in the intel space, fair or not, and all while sequestration continued to do a number on federal budgets
SAP Sales Jump After NSA Leaks (Bloomberg BusinessWeek) Edward Snowden's revelations about the National Security Agency may have embarrassed the Obama administration and irritated governments worldwide, but Jim Hagemann Snabe says the furor has been good for business. Snabe is co-chief executive officer of German software company SAP (SAP), the world's biggest maker of business management software, and he says customers are focusing more on SAP's ability to provide data security outside the U.S. Snabe spoke with Bloomberg Businessweek today after SAP announced a 5 percent increase in operating profit and reiterated its full-year forecasts, reassuring investors worried after disappointing results from rivals Oracle (ORCL) and IBM (IBM)
SAP responds to user fears of NSA spying in Australia (ComputerWorld) SAP may build a second data center in Australia to meet customer demand for locally delivered cloud services in the wake of revelations about the National Security Agency's Prism surveillance program. "When I talk to the public sector, it's clear they will only consume cloud if we can guarantee their data stays here in Australia. And we are ready for that," SAP co-CEO Jim Hagemann Snabe said in a recent story in the Australian Financial Review
SANS Institute and ETDA–ThaiCERT Collaborate to Build Thailand's National Cybersecurity Competency (Hispanic Business) The US-based SANS Institute, the most trusted and largest source for computer security training, certification and research worldwide and the Electronic Transactions Development Agency (Public Organization) (ETDA), of which the Thailand Computer Emergency Response Team (ThaiCERT) is a lead unit, announced the establishment of a partnership to facilitate Thailand's cybersecurity competency development
CACI Wins Army Intell, Info Warfare Task Order (ExecutiveBiz) CACI International has won a potential $40 million task order to help the U.S. Army's intelligence and information warfare directorate deploy intelligence and information tools and services to soldiers
Navy Picks 14 Companies for Potential $900M C5ISR Computing, Infrastructure Services IDIQ (GovConWire) Fourteen businesses have won positions on a potential five-year, $899,543,435 U.S. Navy contract for transport computing and infrastructure services related to C5ISR (command, control, communications, computers, combat systems, intelligence, surveillance and reconnaissance)
Doyle Choi Joins SRA as Civil Govt Growth VP (GovConWire) Doyle Choi, a 17-year veteran of Northrop Grumman (NYSE: NOC) and a former chief technology officer there, has joined SRA International as vice president of growth for the civil government group
Matt Keller Joins GuidePoint Security as IT Threat Management Becomes Top Priority for Government IT Departments (Digital Journal) Information security solutions provider hires new Vice President of Federal Services to address modern requirements to protect the federal IT environment against cyber attacks, identify theft, corporate espionage, accidental leaks and more
RSA CISO Eddie Schwartz Departs to Take Role as VP of Security at Verizon (SecurityWeek) RSA's Chief Information Security Officer (CISO) Eddie Schwartz has left the security division of storage giant EMC and taken on the role of VP of Security at Verizon Enterprise Solutions
Products, Services, and Solutions
BlackBerry resumes rollout of BBM for Android, iPhone (USA Today) BlackBerry is resuming the rollout of iPhone and Android apps for its popular BlackBerry Messenger mobile social messaging service
Catching Malware With DNS As A Service (Dark Reading) A cloud provider used to be the low-cost option for domain-name system (DNS) services, but the ability to act as a security proxy has convinced many that cloud is better
The Coders Who Built The Obamacare Website Knew It Had Huge Problems (Business Insider) Insiders who worked on US health website describe high stress, complaints about major problems
Missing standards created integration struggles with HealthCare.gov (CSO) Insurers faced problems connecting software to federal government's online health insurance marketplace
Mindspeed and Lionic to Demonstrate Intelligent Quality of Service Capabilities for Broadband Home Routers (Wall Street Journal) Mindspeed Technologies, Inc. (Nasdaq:MSPD), a leading supplier of semiconductor solutions for network infrastructure applications, and Lionic Corporation, a worldwide supplier of innovative network security solutions, today announced that the Deep Packet Inspection (DPI) engine in Mindspeed®'s Comcerto® 2000 communication processor family will be showcased in a live quality of service (QoS) demonstration at the 13th Annual Broadband World Forum in Amsterdam this week
ThreatTrack Security Delivers Advanced Threat Analysis to Re–Sec Technologies (Hispanic Business) ThreatTrack Security today announced a partnership with Re-Sec Technologies, an enterprise security firm based in Israel. Re-Sec will integrate ThreatTrack Security's ThreatAnalyzer malware analysis sandbox technology into its MachineSafe security platform
Mobile IDS/IPS solution for iOS devices (Help Net Security) Skycure introduced its mobile IDS/IPS solution that protects iPhones and iPads by monitoring network traffic behavior and remediating suspicious activity. Existing solutions either do not provide
Internet of Things starter kit from IBM and Libelium (Help Net Security) IBM and Libelium released an Internet of Things Starter Kit to enable dozens of sensor applications ranging from monitoring parking spaces or air pollution to providing assistance for the elderly
Google's Digital Attack Map plots DDoS attacks around the world (Graham Cluley) One of the most common attacks seen against a website is a distributed denial-of-service (DDoS) attack, where malicious hackers command botnets of hijacked computers around the world to bombard a particular website with traffic — causing it to fall over
Google fights 'censorship via cyber attack' with Project Shield (Graham Cluley) Having wowed us with its neat, interactive world map of DDoS attacks, Google says it is expanding its DDoS mitigation to help protect free expression online
Technologies, Techniques, and Standards
How To Avoid Breaches Where You Least Expect Them (Dark Reading) In the real world of constrained budgets and limited personnel, prioritization of security resources is a must. Many departments prioritize practices based on the severity of vulnerabilities, the value of a target, and the likelihood of a threat hitting said target. However, the flip side of that is to remember the real world is also a connected one. And as many security experts can attest, enterprises often forget to account for how attacks against the vulnerabilities in less critical systems can jeopardize the crown jewels
Fingerprints are Usernames, not Passwords (From the Canyon Edge) As one of the maintainers of eCryptfs, and a long time Thinkpad owner, I have been asked many times to add support to eCryptfs for Thinkpad's fingerprint readers
Defending Against Crypto Backdoors (Schneier on Security) We already know the NSA wants to eavesdrop on the Internet. It has secret agreements with telcos to get direct access to bulk Internet traffic. It has massive systems like TUMULT, TURMOIL, and TURBULENCE to sift through it all. And it can identify ciphertext — encrypted information — and figure out which programs could have created it
Thinking outside the IT audit (check)box (CSO) More enterprises fight to move their programs from compliance management to security risk management
Passing PCI firewall audits: Top 5 checks for ongoing success (CSO) Tufin's Reuven Harrison shares tips on how to set a sustainable standard for both security and PCI compliance
Wall Street learns from simulated cyber attack (USA Today) Driving home just how serious the growing threat of cyber attacks are on financial markets, the industry stress-tested its trading systems and crisis management responses with simulated malicious attacks in an exercise dubbed 'Quantum Dawn 2'
Cybersecurity in the Work Place (SIGNAL Magazine) When it comes to cybersecurity, companies are only as strong as their weakest link. In most cases, the weakest link can be organizations' own employees. Social engineering, rogue email attachments and access through telecommuting are just a few of the ways cybercriminals can creep into otherwise secure networks
Don't lose control of those fast–breeding endpoints (The Register) So you want to know about security? Well you have come to the right place. I have been here for a while and I can tell you that outside these gates it's full of cowboys, sharks and pirates, none of whom will hesitate to take what is yours and call it their own. The above is is a quote from a brochure I wrote in an attempt to connect with small and medium-sized enterprises (SME) owners and CEOs on the topic of endpoint security
Securing Your Cloud Environment (IT Business Edge) Security in the cloud has been a hot topic for a long time now, yet many individuals and organizations fail to realize the implications of security, while others have not performed enough due diligence to seize the necessary solution. Cloud computing requires controls for addressing threats that jeopardize confidentiality, integrity and availability. The purpose of this article is to delineate existing cloud security implications and determine which cloud archetype is best suited for a particular business case
The IT road to hell (Help Net Security) The past several months have been an unending nightmare for the US government and its allies, as one disclosure after another has caused unimaginable damage to relationships, and has potentially compromised Western security to an extent that we cannot even begin to imagine. We all have our opinions regarding the extent to which government should be allowed to know what we are doing, or what our entitlement is to have full disclosure, but it's probably safe to assume that the majority tend to assume that what is done, and how it is done, is ultimately for our own good. And the same holds true in business. We trust our employers up until the point that we discover that our jobs have been transferred to some offshore company, or have been outsourced to one of the many service providers who appear to offer investors the best ROI
Protecting private email on the internet from eavesdroppers (Graham Cluley) Independent security expert Per Thorsheim is the founder and main organiser of Passwordscon, a conference devoted to passwords. In this article he calls for more mail servers to beef up their security - by adopting STARTTLS to prevent email eavesdropping
Security Think Tank: When cyber insurance is right and when it is not (ComputerWeekly) Cyber insurance has existed since the early 1980s, and interest in this area has grown in the past two decades as the use of IT has become more pervasive in businesses. But the cyber-insurance market remains immature, because the risks underlying the coverage are difficult to quantify from an actuarial standpoint
Security Think Tank: Cyber insurance no substitute good security practices (ComputerWeekly) You cannot improve your data protection using insurance products without increasing costs. To get insurance protection you need to have good demonstrable, documented and maintained security practices in place, such as ISO 27001 certification, as well as additional requirements (ISO 9001, ITIL, dedicated skilled security staff etc)
7 Ways to Inspire Kids to Think About Their Online Rep (McAfee) Sometimes before we start talking to our kids it's wise to stop for just a moment and think back. Do you remember when you were growing up and your mom had to dynamite you off the phone because you talked for hours? How about exchanging marathon notes between classes or having a sleepover and talking until morning
Research and Development
Romanian security company Bitdefender has obtained co-financing (Balkan Business News) Romanian security company Bitdefender announced that it has obtained co-financing in value of RON 3.2 million (nearly EUR 720,000) for an innovation project. The financing was granted during the competition of R&D projects The Stimulation of High-Tech Export, under the supervision of the Executive Unit for Financing Higher Education, Research, Development and Innovation
Academia
Raytheon expands math and science education initiatives internationally (Yahoo! Finance) Middle East programs launched as part of global corporate citizenship portfolio
Colleges: High Rate of Infection (Industrial Safety and Security Source) Of all the agencies, businesses and universities in the world, colleges fall victim to malware attacks more frequently, a new report said
Legislation, Policy, and Regulation
Industry, not government, must lead in sharing cyber threats, expert says (Federal News Radio) The government needs to get out of the way of the private sector sharing cyber threat information. So says Jason Healey, the director of the Cyber Statecraft Initiative for the Atlantic Council
Sorry, lobbyists! Europe's post–Snowden privacy reform gets a major boost (Gigaom) The European Parliament's civil liberties committee has endorsed all of Green MEP Jan Phillip Albrecht's suggestions for tougher privacy legislation, reversing much of the lobbying work done by technology firms and the U.S. government before the NSA scandal broke
Nigerian government under fire for expansion of surveillance programs (Privacy International) A sizeable political controversy has engulfed President Goodluck Jonathan's Government in Nigeria, where details surrounding its plans for the total surveillance of Africa's most populous country continue to emerge
Secrecy and lies (The Economist) A tough new law on secrecy has suddenly become controversial. "A paradise for spies" is how a former agent of the Soviet KGB described Japan in the 1980s. Little has changed, though now the politicians and bureaucrats more often pass information to journalists than to foreign agents. But this autumn Shinzo Abe, the prime minister, is trying to stop the leaks by passing a forceful new secrecy law, even as he seeks to pass economic reforms as part of his programme of measures known as "Abenomics". He also wants to legislate for a new national security council in order to centralise intelligence information and speed decisions on national security. New rules on secrecy are needed for it to function well, says the government. The media, fearful for press freedom, are crying foul
Battle for the future of Italy's internet: Protests build against site–blocking law (ZDNet) A copyright regulation set to come into effect next year is drawing the ire of a diverse coalition of activists, lawyers and ISPs
Ethiopia: INSA to Be Reestablished (All Africa) Foreign, Defense and Security Affairs Standing Committee with House of People's Representatives (HPR) discussed with stakeholders on Friday a draft bill providing for the reestablishment of the Information Network Security Agency (INSA)
Cyber attacks by "entities" within China and Russia caused "extensive illicit intrusions into U.S. computer networks", report says (Ground Report) "Specifically highlighting China and Russia as being of particular concern, Director Clapper suggested `entities within these countries are responsible for extensive illicit intrusions into U.S. computer networks and theft of U.S. intellectual property", the report said. Contained within the pages of a 2013 unclassified Senate report ( 113-007 ) were details of a series of cyber attacks launched against the United States in 20011, possibly 2012
After General Alexander, Obama should split the NSA to make us all safer (The Guardian) The NSA's aggressive pursuit of Big Data has not only invaded our privacy, but also left us more vulnerable to cyber attack
The NSA's Excuses Don't Hold Up (Defense One) The basic government defense of the NSA's bulk-collection programs—whether it be the list of all the telephone calls you made, your email address book and IM buddy list, or the messages you send your friends—is that what the agency is doing is perfectly legal, and doesn't really count as surveillance, until a human being looks at the data
White House on French NSA complaint: 'all nations' spy (Global Post) The White House on Monday brushed off France's complaints about new allegations of eavesdropping by a top US espionage agency, saying "all nations" conduct spying operations
Mexico condemns alleged NSA hacking of president's email (ComputerWorld) The Mexican government has condemned newly reported spying activities of the U.S. National Security Agency against the country's former president while he was in office
Mexican Government Shocked to Learn the U.S. Spies they Let into the Country Were Spying on Them (Slate) There doesn't seem to be any let-up in the scoops coming out of Edward Snowden's NSA files. Over the weekend, in addition to a Le Monde report alleging that the U.S. intercepted more than 70 million French phone calls, an article in Der Spiegel reported that the NSA had hacked into the e-mail domain used by former Mexican President Felipe Calderon and his cabinet and monitored the cell phone communications of current President Enrique Pena Nieto while he was a candidate
Litigation, Investigation, and Law Enforcement
To Move Drugs, Traffickers Are Hacking Shipping Containers (Motherboard) The scheme sounds like a work of near science fiction. But police in the Netherlands and Belgium insist its true, and say they have the evidence to prove it: two tons of cocaine and heroin, a machine gun, a suitcase stuffed with $1.7 million, and hard drive cases turned into hacking devices
Online child abuse study examines nasty new trends including sextortion (Naked Security) A European study into the commercialisation of child sex abuse online suggests that sexual images and videos shared between youngsters may become a major target for traffickers, who are using increasingly aggressive tactics to gain remote power over vulnerable kids
Edward Snowden is no traitor (Washington Post) What are we to make of Edward Snowden? I know what I once made of him. He was no real whistleblower, I wrote, but "ridiculously cinematic" and "narcissistic" as well. As time has proved, my judgments were just plain wrong. Whatever Snowden is, he is curiously modest and has bent over backward to ensure that the information he has divulged has done as little damage as possible. As a "traitor," he lacks the requisite intent and menace
British Hacker Sentenced to Jail for Using Stolen Credentials for Online Shopping (Softpedia) 25-year-old Andrew Morgan of Immingham, UK, has been sentenced to three years and eight months in prison for stealing account credentials which he used to purchase goods worth £70,000 ($112,000 / €82,600) from various online stores, including Amazon and eBay
MoJ fined £140K for EMAILING privates of 1,000 inmates (The Register) Bewildered families of 3 lags mailed data by SAME clerk in 3 SEPARATE mistakes
How FBI brought down cyber–underworld site Silk Road (USA Today) Criminals who prowl the cyber-underworld's "darknet" thought law enforcement couldn't crack their anonymous trade in illegal drugs, guns and porn. But a series of arrests this month, including the bust of the black market site Silk Road, shows the G-men have infiltrated the Internet's back alley
Inside Anonymous: LulzSec hacker 'Topiary' talks life on a small Scottish island and how he was caught (TNW) "'Conspiracy to commit computer misuse with intent to disrupt or impair the operation of a computer or computers'," commenced Jake Davis in front of a packed auditorium at Wired 2013. "This is what I was sent to prison for." If that just made you blurt out 'huh?', you're not the only one. "Don't worry if you didn't understand that sentence, because neither do I and neither does anyone else in the entire world," he continued
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, Oct 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.
Cloud Connect (Chicago, Illinois, USA, Oct 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.
cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, Oct 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend. This non-technical presentation explores the typical cyber risk environment, considers the proper balance and likely effectiveness of threat deterrence, vulnerability mitigation, and consequence management to reduce cyber risk, and examines the current and evolving roles of government agencies and the private sector in addressing the problem. Backed by powerful, real-world examples of threat actor tactics, this presentation will help managers develop a better understanding of how their current security approach is most likely to succeed or fail over time, and what strategies are the most likely to shift the advantage to the good guys. cybergamut is co-hosting this event with the Maryland Chapter of InfraGard.
Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, Oct 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest updates in Cyber Security Awareness. This is an excellent and unique opportunity to meet IT personnel from USNORTHCOM, NORAD, Army Space Command, USSPACECOM, and the 21st Space Wing all in one day.
Hack.lu 2013 (Luxembourg, Oct 22 - 24, 2013) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.
STEM family night returning to Arundel Mills (Arundel Mills Mall, Maryland, USA, Oct 23, 2013) The Fort Meade Alliance is hoping to spark interest in future engineers and doctors at their third annual STEM family night Wednesday at Arundel Mills mall.
Joint Federal Cyber Summit 2013 (Washington, DC, USA, Oct 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished through keynote speakers on both days, along with numerous targeted breakout sessions (including a session with a federal CISSO panel), hands on live demonstrations, and industry exhibits.
NSU's 12 Simple Cybersecurity Rules For Your Small Business (Fort Lauderdale, Florida, USA, Oct 24, 2013) In this presentation twelve simple and inexpensive techniques for protecting small businesses from cyber threats will be discussed. While complex and expensive solutions exist to improve the security of information technology most of these products are not designed for the specific needs of small businesses. The techniques that will be discussed in the presentation are designed to address the most common threats encountered by small businesses without requiring significant expertise and expense. RSVP at the link.
BREAKPOINT 2013 (Melbourne, Australia, Oct 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, Oct 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.
FIRST Energy Symposium (Leesburg, Virginia, USA, Oct 28 - 29, 2013) Recent reports have shown that the Energy Sector has seen a large increase in the reported number of cyber attacks. The need to protect against threats and improve upon incident management has never been greater. Many control systems are already networked and are target of sophisticated attacks. Organizations will benefit from having a specialized team to work on detection and handling of cyber attacks, analyzing incidents and sharing information with other security organizations. The FIRST Symposium will focus on lessons learned from attacks and technology and sector specific security aspects. Strong emphasis will be given to organizational issues like creation and operation of incident response teams.
SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, Oct 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.
RSA Conference Europe (Amsterdam, the Netherlands, Oct 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning 10 hours, attend the educational and networking event that builds your knowledge and furthers your career.
Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, Oct 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall..
NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, Oct 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.
Ahead of the Threat: Driving Innovation for Cyber Security (Bethesda, Maryland, USA, Oct 30, 2013) Sponsored by the Tech Council of Maryland, this conference will feature a presentation by Sondra L. Barbour, Lockheed Martin Information Systems & Global Solutions (IS&GS) Executive Vice President, will discuss the importance of understanding the adversary and staying ahead of the threat. Moving beyond the government, the need for intelligence-driven defense is becoming more critical across commercial industries such as oil and gas, finance and healthcare. The escalating landscape of cyber-attacks is forcing companies to take a closer look at their security posture to protect their assets, intellectual property and their customers' personal information.
TrustED 2013 (Berlin, Germany, Nov 4, 2013) In this workshop we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia, research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. In this context we particularly are interested in the participation of industry representatives.
OKTANE 1 (San Francisco, California, USA, Nov 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your employees more productive and secure, OKTANE13 will keep you up to date with the latest enterprise technology.
MIRcon 2013 (Washington, DC, USA, Nov 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile -- Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.