The CyberWire Daily Briefing for 12.3.2013

Cyber Attacks, Threats, and Vulnerabilities

Beware: Online charity scams on the rise (NBC News) 'Tis the season to be jolly. Unfortunately, 'tis also the season for charity scams

Cloned Facebook accounts hit up friends with spam and money requests (Naked Security) The scam hit a TV news station in the US, with attackers scraping photos from reporters' profiles and using them on bogus accounts taken out under their victims' names. Using those fake accounts, they then milked their targets' friend lists to spam out malicious links

Online clothing store Witchery lets customers view — and edit! — each other's personal information (Naked Security) According to a News Limited report, customers visiting clothing retailer Witchery's mobile website were able to get at the PII of other users via a feature called "track my order." Customers could also view every order currently being processed, not just their own

Flaw in Android 4.3 Can Be Exploited to Remove Device Locks with Rogue Apps (Softpedia) Security researchers from Curesec warn that a vulnerability in Android Jelly Bean (4.3) can be exploited by cybercriminals to remove all device locks, such as PINs, passwords, gestures and face recognition

Free shopping voucher offer leads to phishing (Help Net Security) Cybercriminals have been ramping up their efforts as the year draws to a close, and have initiated hundreds - if not thousands - email spam campaigns, trying every approach possible to get users to part with their personal and financial information, or to install malware

How malware could steal sensitive data from an air–gapped computer — via high frequency sound (Graham Cluley) It sounds like a puzzle worthy of a Sherlock Holmes novel

On Covert Acoustical Mesh Networks in Air (Journal of Communications) Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication

Windows XP/Server 2003 Zero–Day Payload Uses Multiple Anti–Analysis Techniques (TrendLabs Security Intelligence Blog) Several days ago, Microsoft released a security advisory disclosing a new zero-day vulnerability in older versions of Windows. It was reported that it was being abused by a malicious PDF file (TROJ_PIDIEF.GUD) to deliver a backdoor (BKDR_TAVDIG.GUD) onto affected systems in "limited, targeted attacks"

Latest XP Zero Day Renews Calls to Move Off the OS (Threatpost) If your organization needed more incentive to move off Windows XP, a new zero-day vulnerability made public recently may be it

Google Nexus Phones Vulnerable to SMS Denial–of–Service Attack (Threatpost) Google is reportedly looking into a problem with the latest versions of Nexus smartphones that could force the devices to restart, lock or fail to connect to the Internet

TeamSpeak Forum Hacked, Serves Malware (eSecurity Planet) Traffic was redirected to a DotCache exploit kit landing page, according to Malwarebytes

Facebook users warned of leaked Snapchat photos phishing threat (Graham Cluley) Leaked Snapchat photos on FacebookFacebook pages claiming to link to leaked photos distributed via the Snapchat smartphone app can be attempting to steal your passwords, according to one security researcher

Huge quantity of Bitcoins stolen from Sheep Marketplace (Help Net Security) Another week, another huge Bitcoin theft. This time, it's the customers of Tor-based underground market Sheep Marketplace who have been left with empty wallets

Did One of the Silk Road's Successors Just Commit the Perfect Bitcoin Scam? (Motherboard) Yesterday, Sheep Marketplace, an anonymous digital narcotics bazaar that grew popular after the shutdown of the Silk Road, announced that it had been robbed of 5,400 bitcoins—the equivalent of $6 million at current exchange rates—and then promptly shut itself down

Virus thieves making 'millions' in Bitcoin ransoms (The Telegraph) Virus which locks all personal data has begun demanding payment in Bitcoins

Legitimate apps bundled up with secret Bitcoin miner (Help Net Security) As the value of Bitcoin continues to rise, a lot of people are trying to cash in on the craze. Some do it legally, by getting their own machines to perform the calculations required, and others try to make other users' machines do it for them

The FBI TOR Exploit (Infosec Institute) The Tor network is an anonymizing network that allows people to browse the web and access other services without being traced. As part of this network, there is the so-called "darknet," servers accessible only through Tor, which host a variety of services from forums to e-mail

Anonymous hacks and defaces Interpol Honduras and State Police websites against electoral fraud (Hack Read) The online hacktivist group 'Anonymous Honduras' has hacked and defaced 6 high profile Honduras government ministries websites against the alleged fraud in country's presidential elections. Hacked websites belong to Interpol Honduras, two websites of National Police of Honduras, Superintendent of Public Alliance, Honduras, Ministry of Culture and Zolitur Island under Ministry of Tourism

Data Breach at Maricopa Community Colleges Affects 2.4 Million Students, Employees (eSecurity Planet) The exposed data includes employees' Social Security numbers, driver's license numbers and bank account numbers, and students' academic information

90,000 patients' info exposed in hospital malware attack (Help Net Security) Personal information of some 90,000 patients of two Seattle hospitals has been compromised after an employee opened an email attachment that contained malware

URM Says Cyber Attack Has Been Blocked; Credit/Debit Card Use Resumes (KHQ) In a press release issued Monday night, URM Stores said they have put enhanced security measures into place to block the cyber-attack that focused on stealing vital customer information. URM says customers may now resume using credit, debit, EBT, and gift cards in all member stores

Bashmobs: Using Social Media to Organize Disruptive Activity (Cyveillance) As mobile devices and texting became common in the early 2000s, people realized they could be used to encourage a large group to meet in a coordinated manner, particularly in cities, giving rise to the modern phenomenon known as the "flash mob". At first, flash mobs were a fun way for people to organize a choreographed performance or event that to random spectators, appeared to materialize out of thin air

Security Patches, Mitigations, and Software Updates

D–Link patches critical vulnerability in older routers (Help Net Security) D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October

Cyber Trends

Snowden's legacy and the NSA of everything (ZDNet) The revelations of US surveillance have changed everything and nothing about our perception of the internet

How much cyber attacks could cost an average home user (CIOL) The average cost of multimedia files that a user might lose from a device as a result of a cyber attack or other damage is estimated at $418, according to this year's Consumer Security Risks Survey, conducted by B2B International and Kaspersky Lab

Shopping convenience overrides security concerns (Help Net Security) Tripwire announced the results of a survey on mobile security and holiday shopping. The survey was conducted by Dimensional Research and OnePoll from November 18-20, 2013, and evaluated the attitudes of 1,400 consumers in the U.S. and U.K

The Foreign Policy Essay: Erik Gartzke on "Fear and War in Cyberspace" (Lawfare) Cyberwar is all the rage, and with it questions on what new technologies mean for society and—Lawfare specialties—the implications of these changes for surveillance, privacy, intelligence, and the laws of war. However, we may have rushed to explore the trees without looking at the overall forest

FBI details major trends in cyber attacks against SMB's (Trend Micro Simply Security) In my discussions with partners and customers across the globe, I often hear comments and statements that SMB's (Small and Medium-Size Business) aren't a big enough target to be the focus of a cyber attack

Cloud Providers Reveal More Big Data Analytics To Enterprises (Dark Reading) Simpler is better for many companies, but an increasing number of firms want access to more data

Study: 340,000 New Malicious Websites Detected In Past 30 Days (Dark Reading) Creation of new malware, spam, and phishing sites growing at unprecedented rates, report says

Encryption ethics: Are email providers responsible for privacy? (Pando Daily) Ex–National Security Agency (NSA) employee Edward Snowden's various leaks — the most recent being a slide showing that the NSA infected 50,000 of computer networks with remote–controlled spyware — confirm that state intelligence agencies around the world have been collecting and analyzing people's behavior online for years

Marketplace

BlackBerry tells customers that it's not dead—yet (Ars Technica) "We are here to stay," promises CEO John Chen

BlackBerry could benefit from NSA snooping (FierceMobileIT) Apple products losing out among European governments. The scandal around the National Security Agency (NSA) could work to the benefit of Canadian firm BlackBerry, especially among foreign governments

Cyber–security firm Prolexic to be sold for $370 million (Sun-Sentinel) A cyber-security firm in Hollywood is being sold to a Boston-area tech company for $370 million

Scrub–a–dub–dub: Akamai and Prolexic in the tub (Scurosis) They say it is better to be lucky than good. I seem to test that theory on a daily basis. Just yesterday I ranted about the need for multi-layer DoS defenses, mostly by poking at a Prolexic white paper advocating the opposite. I alluded to the reality that most customers wouldn't run all their traffic through a scrubbing center, so they need on-premise defenses as well (so a multi-layer system)

Intel Makes Another Acquisition: Hacker League, A Platform For Hackathons, Is Now A Part Of Mashery (TechCrunch) Intel's acquisition spree continues apace, with the latest being made to augment one of its other recent acquisitions. It is buying Hacker League, a popular platform for managing hackathons, which will be incorporated with the API management company Mashery

Israeli hacking school trains cyber warriors (NDTV) Hadera: Three hooded hackers hunch over their computer screens in the control room at Israel's new state-of-the-art "Cyber Gym", where IT and infrastructure company employees train to defend against cyber-attacks

MongoDB startup hired by Aadhaar got funds from CIA VC arm (The Economic Times) Two weeks ago, Max Schireson, chief executive of MongoDB, a New York-based technology startup, was in New Delhi to sew up a very important contract for his company — with the Unique Identification Authority of India (UIDAI)

Cylance Selected as SINET 16 Innovator (SYS-Con Media) Cylance, Inc., a global provider of disruptive cybersecurity products and services that reinvent the way organizations prevent advanced threats, today announced that it has been selected as a SINET 16 Innovator. Cylance will present its unique approach to advanced threat detection and prevention through use of complex mathematical models during the SINET Showcase 2013

Huawei decides to exit the US market over cyber espionage concerns (TechSpot) Chinese networking and telecommunications equipment provider Huawei is calling it quits in the US. CEO Ren Zhengfei recently told French news site Les Echos that it wasn't worth it for his company to get in the middle of US / China relations and as such, they have decided to exit the US market

Google Brings The Telethon Online With First–Ever "Hangout–a–thon" (TechCrunch) On Tuesday – aka Giving Tuesday - Google will repurpose its video broadcasting service called Google+ Hangouts to help host an online "Hangout-a-thon" that aims to connect those interested in making charitable donations with a worthy cause of their liking

Cisco Employees Line Up to Participate in #GivingTuesday (Cisco Blogs) Forget about fighting crowds on Black Friday and maxing out your credit card on Cyber Monday. Join a movement that matters and kick off the giving season with #GivingTuesday on December 3. Just post or tweet about how you give back on any social media channel and use the hashtag #GivingTuesday

Innovative New Product from CyberPoint Offers Secure and Convenient Coverage for Consumers Operating in Public Spaces (Sacramento Bee) CyberPoint International, LLC, a global provider of cyber security services, solutions, and products, announced today the release of its newest consumer protection product. Code named "T," this innovative new product integrates a powerful network of fibers enabling secure and convenient coverage for consumers operating in public spaces. T comes complete with an easy-to-use alerting system designed to proactively protect consumers from the daily threats they encounter. As the latest addition to CyberPoint's Anti-Malwear line, T also ensures that others know you have a sense of humor. Take a look at T

Products, Services, and Solutions

Etisalat steps into cyber threat debate (Gulf News) Company offers Norton security software to eLife customers in partnership with Symantec

Blue Coat launches advanced threat protection solution in India (CIOL) Blue Coat Content Analysis System with malware analysis blocks known threats, as well as detects and analyzes both zero-day and advanced malware

The Next Big Thing You Missed: This Man Wants to Clean Your Dirty Bitcoin Laundry (Wired) Marco Crispini set out to build a Bitcoin exchange — a place where people could buy and sell the world's most popular digital currency — but then he realized just how difficult that would be

Technologies, Techniques, and Standards

Even in the Quietest Moments… (Internet Storm Center) I recently had a migration from one internet uplink to another to do for a client. As with many organizations, they have about 40% of their workforce at head office, and 60% (and sometimes more) of their workforce operating remotely, so taking the Firewall and especially the VPN services offline is a very big deal. There is no good time to take things down given that their sales force has people in just about every time zone, there are just times that are "less bad" than others

Applied Crypto Hardening (Better Crypto) This guide arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for conguring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age

Kenneth van Wyk: Enjoy your trip, but protect the data you take with you (ComputerWorld) International travel can require some pretty strong security measures if your devices contain sensitive information

Eight tips for more secure mobile shopping (CSO) With the holiday shopping season upon us, users who are shopping using mobile devices need to take the proper steps to protect themselves and sensitive corporate data

Research and Development

D–Wave's Year of Computing Dangerously (IEEE Spectrum) After a year of outside investigation, questions remain about a controversial quantum computer

Academia

Standardized tests discriminate against the next Einsteins and Teslas (Quartz) At 16, Albert Einstein wrote his first scientific paper titled "The Investigation of the State of Aether in Magnetic Fields." This was the result of his famous gedanken experiment in which he visually imagined chasing after a light beam. The insights he gained from this thought experiment led to the development of his theory of special relativity

Legislation, Policy, and Regulation

UN: Mass Surveillance Violates Universal Human Rights (Threatpost) The United Nations has joined the growing chorus of people, organizations and activists denouncing government mass surveillance of citizens without cause and says that such programs are a violation of basic human rights

More on the (Alleged) Global Right to Privacy (Lawfare) Over at EJILTalk!, Marko Milanovic has a five-part series considering the possibility of a global right to privacy against government surveillance Milanovic's posts are in part a response to posts by Ben and me, so I thought I would offer just two quick thoughts in response

Proposed Canadian cyber law — anti–bullying or pro–snooping? (Naked Security) Proposed legislation referred to as the "Protecting Canadians from Online Crime Act" is said to be aimed at preventing cyber-bullying, but does this law go too far

Japan's Secrets Bill Turns Journalists Into Terrorists (Bloomberg Opinion) Shinzo Abe owes Xi Jinping a debt of gratitude

EU to Encourage Cooperation on Drones, Cyber Security (Bloomberg) European Union leaders will call for more coordination on cyber security and unmanned aircraft when they meet in Brussels this month, according to a Dec. 2 draft of summit conclusions

Spy agency chiefs to face MPs in public (Dominion Post) New Zealand's top spooks face a barrage of questions from MPs today as Parliament's intelligence and security committee is held in public for the first time

Federal cyber security policy (finally) begins to gel (Baltimore Business Journal) A framework for the federal government's approach to protecting the nation's critical infrastructure from cyber threats has emerged, writes Steve Charles. Comprehensive cyber security legislation heated up, but never really came to a boil. It will probably stay on the back burner for a while. Yet a framework for the federal government's approach to protecting the nation's critical infrastructure from cyber threats has emerged

NSA employees received talking points for Thanksgiving dinner (Russia Today) If a politically-charged dinnertime debate sidelined your Thanksgiving, don't blame the National Security Agency. New documents have surfaced suggesting the NSA sent their employees home for the holidays with pre-determined talking points

Whistlehackers in the age of surveillance (Yahoo! News) "We're going to have to make some choices as a society," Barack Obama observed back in June

South Africa: Watching the Watchers — the Case for the Moral Superiority of Hackers, Leakers and Citizen Watchdogs (All Africa) Edward Snowden, Chelsea (Bradley) Manning and Julian Assange have all attained legendary status amongst citizens' rights advocates

Litigation, Investigation, and Law Enforcement

Dutch privacy watchdogs: "Google spins an invisible web of our personal data without our consent." (IT ProPortal) Dutch privacy watchdogs have concluded that Google's privacy policy is in breach of the Dutch data protection act

Internet firms ordered to block file–share sites (The Independent) THREE major music companies have been granted orders which will allow internet service providers here to block access to a file-sharing website as part of efforts to prevent "wholesale copyright theft" on "a grand scale"

Man sentenced to probation for cyber attack on Koch Industries (KAKE) A Wisconsin man has been sentenced to two years federal probation and ordered to pay $183,000 in restitution for taking part in a cyber-attack on Koch Industries. The attack was sponsored by the computer hacking group known as Anonymous

700 Domains seized by ICE, Europol and Hong Kong Customs on Cyber Monday (InfoSecurity Magazine) This year's Cyber Monday, traditionally the start of the holiday online shopping season, marked the end of it for more than 700 websites involved in selling counterfeit merchandise – all seized in a joint operation between ICE (297), Europol (393) and Hong Kong Customs (16)

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Anti–Malwear T Giving Tuesday Happy Hour (Baltimore, Maryland, USA, Dec 3, 2013) In honor of Giving Tuesday, CyberPoint is hosting a happy hour today, Tuesday, December 3, from 4-7pm at James Joyce (616 S. President Street, Baltimore, MD 21202) in Harbor East. If you'd like to join us, we encourage you to wear your Anti-Malwear T-shirt and get some free appetizers (provided by CyberPoint) along with James Joyce's happy hour drink specials ($1 off beers, $3.50 rail drinks and $5 house wines). If you plan to be there, and you haven't yet got the stylish Anti-Malwear coverage the T delivers, you can purchase your very own during happy hour for only $20 (and half of that, friend, $10 US, to do the math for you, goes to Giving Tuesday, so step right up and make it a double).

Strengthening the NIST Cyber Framework Against Advanced Threats (Washington, DC, USA, Dec 5, 2013) NIST's Cybersecurity Framework has tremendous value for risk management and defines best practices to block known threats. This discussion will share intelligence about campaigns by sophisticated cyber threat actors that have targeted critical infrastructure companies and discuss how well the Framework stacks up against advanced and new, unknown threats.

Cylance Talk: Risk Does Not Equal Threat (Arlington, Virginia, USA, Dec 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work, time delays and operational cost in prioritizing what's really important. Identifying the risks that are true threats to the organization is critical. Join Cylance's Chief Knowledge Officer, Dr. Shane Shook along with industry experts Bob Bigman (President of 2BSecure and former CSO for the CIA) and Ulf Lindqvist (Program Director at SRI International) for a rousing round-table discussion on how your organization can determine what is a real threat, and what is merely a risk.

NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.

Cyber Training Forum at NGA (Springfield, Virginia, USA, Feb 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence Community, and Industry. The CSTF will include keynotes, breakout sessions, and cyber security demonstrations from industry.

Nellis AFB - Technology & Cyber Security Expo (Las Vegas, Nevada, USA, Feb 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.

Kirtland AFB - Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA) - Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base. This is the only yearly event officially sponsored by AFCEA at Kirtland AFB. The goal of this expo is to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.

Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.

SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.

World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.

ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.

cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, Dec 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction of user activity or the isolation of malicious code. Most computer incident response teams have preferred tools for such acquisition that are part of their standard operating procedures invoked during live response or evidence acquisition. We all use these tools, but how many of us can describe how they work? This talk takes a deeper look at the differences found in those memory image files tied directly to the specific tools and techniques used in the acquisition process.

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.

ACG® New York Cyber Security Investor Conference (New York, New York, Dec 11, 2013) The ACG New York Cyber Security conference will feature experts in Cyber Security that will enable you to understand the opportunities for investment in a number of areas that constitutes Cyber Security. IT security spending will be $639 billion by 2023 — a tenfold increase.

Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.