The CyberWire Daily Briefing for 12.9.2013
A few notes on surveillance open a slow news week.
Google alleges that France's Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has created unauthorized digital certificates for some Google domains. ANSSI says it was a glitch—"human error, which was made during a process aimed at strengthening overall IT security."
Svierges Television reports that Swedish government surveillance of Russian targets (specifically in the energy industry) was significantly an industrial espionage campaign.
The New York Times reports that GCHQ and NSA have been monitoring the MMORGPs (massively multiplayer online role-playing games) Second Life and World of Warcraft. The headline makes the effort sound rather insane ("Elves and Trolls"), but MMORGPs could easily lend themselves to terrorist communication, hence their attractiveness as surveillance targets.
The SANS Institute reports a suspected active Bovnix botnet controller. The Royal Bank of Scotland group remains under sporadic attack—an attempt on NatWest disrupts Ulster Bank's online services. Trend Micro claims to have identified a cyber criminal gang responsible for recent exploits using Ice IX and Zbot. The gang's center is Nigeria, but has international reach.
Religious-themed apps have been seen leaking user data to third parties. Some of this is an "affinity scam"; treat such apps with appropriate circumspection.
Huawei ups its position in the South Korean market. In the US, Ixia completes acquisition of Net Optics, Inc.
The US Administration continues to mull changes to surveillance policy. That policy continues to drive trends toward IT protectionism and autarchy.
Anonymous PayPal DDoS hackers plead guilty.
Today's issue includes events affecting China, European Union, France, Republic of Korea, Nigeria, Russia, Sweden, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Google catches French govt spoofing its domain certificates (ZDNet) Fraudulent certificates were used in a commercial device to inspect encrypted traffic on a private network
Sweden engaged in industrial espionage against Russia — report (Russia Today) Sweden's intelligence agency has not only spied on Russian leadership, sharing intelligence with the NSA, but also apparently engaged in industrial espionage against business targets such as Russia's energy companies, Sveriges Television reports
Spies' Dragnet Reaches a Playing Field of Elves and Trolls (New York Times) Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe
NatWest cyber attack disrupted Ulster Bank website (BBC) Ulster Bank's online services were disrupted for a short time on Friday due to a cyber attack on another member of the RBS banking group
Suspected Active Rovnix Botnet Controller (Internet Storm Center) We have received information about a suspected Rovnix botnet controller currently using at least 2 domains…pointing to the same IP address of 188.8.131.52 (AS 44050)
Bojangles' Restaurants Hacked (eSecurity Planet) In at least one case, the credit card reader was accessed via the restaurant's Wi-Fi network
Made In Oregon Acknowledges Security Breach (eSecurity Planet) The Web site's credit card transaction system was accessed between mid-October and mid-November of 2013
Cyber Crooks Involved in Multiple Cybercriminal Attacks Identified by Trend Micro (Spamfighter News) Security firm 'Trend Micro' has published a new study on the actions of a cybercriminal gang that was involved in multiple crimes that included 419 scams, phishing scandals and attacks that relied on banking Trojans like Ice IX and Zbot
Christian apps sending user data to trackers, advertisers (GMA News) Some religious-themed apps for mobile devices like smartphones and tablets may be engaged in rather unholy activity by sending churchgoers' data to third parties, a security vendor warned
How Threats Disguise their Network Traffic (TrendLabs Security Intelligence Blog) Threats have evolved to try and circumvent advances in analysis and detection. Every improvement by security vendors is met with a response from cybercriminals. Stuxnet, for example, paved the way for the other threat families to use the LNK vulnerability. Using Conficker/DOWNAD popularized the use of a domain generation algorithm (DGA). This is now used by other malware families as well, including ZeroAccess and TDSS
A Virus Of Biblical Distortions (Dark Reading) In the summer of 2010, security researchers serendipitously discovered Stuxnet, a highly sophisticated cyberweapon deeply embedded within Iranian computers. The weapon's main function was to attack the gas centrifuges used by the Iranians for uranium enrichment, believed to be part of an effort to build nuclear weapons in defiance of a resolution by the United Nations Security Council
Linux Worm Targets Embedded Devices (Dark Reading) Attacking a PHP vulnerability patched a year-and-a-half ago, the new outbreak shows the Internet of Things' seams
Airlines fight cyberattacks (Free Lance-Star) Worried that computer hackers attacking banks and media companies could easily shift targets, the airline industry is taking preemptive steps to ensure it doesn't become the next victim
Cybercrime ignorance is a serious risk (Help Net Security) Organizations who fail to recognize the threat posed by cyber crime are putting the livelihoods of stakeholders and customers at serious risk, and those organizations that regularly suffer breaches need to be publicly named and shamed with severe consequences for serial offenders, according to Simon Bain, founder of Simplexo
Software Vulnerabilities Lead to Internal Security Problems: Kaspersky (eWeek) Kaspersky Lab points the finger at legitimate software applications for being at the root cause of cyber-security incidents
IT security pros often seen as 'innovation killers,' says ADP's IT security chief (NetworkWorld) In keynote ADP's V. Jay LaRosa says IT security folks should avoid just saying no; work directly with business managers to help them innovate
Deltek: Federal Cyber Spending to Hit $11.4B By 2018 (GovConWire) A new Deltek report predicts that federal contracted spending on cybersecurity will reach $11 billion by fiscal year 2018, $2.4 billion more than fiscal 2013 figures
Lockheed doesn't expect problems over NSA leaks (NewTalkZB) A major US defence company isn't expecting problems for its business as a result of the Edward Snowden NSA leaks
Huawei Deal in S. Korea Worries US Lawmakers (eWeek) Two senators say Huawei's participation in a South Korean networking project raises security concerns in the United States
Cyber Security Executives Raise More Than $327,000 for Children (PRWeb) TDI finds success in first ever White Hat Gala, raising money to support patients at Children's National in Washington
Briefs: Ixia, On Assignment (San Fernando Valley Business Journal) Ixia announced that it has completed its planned acquisition of Net Optics Inc., a network monitoring software company in Santa Clara
Microsoft's anti–NSA encryption pledge raises questions (Naked Security) Microsoft logo courtesy of ShutterstockEarly on in NSA-gate, Microsoft was looking at a laundry list of headlines concerning its collusion with US intelligence operations
Microsoft fails to mention Skype in promises to protect users from NSA surveillance (NetworkWorld) When Microsoft pledged to protect users' privacy and security from government snooping, the company mentioned 'major communications' yet failed to mention Skype at all
Products, Services, and Solutions
HP, VMware, Google cashing in on end of support for Windows XP (ComputerWorld) Microsoft, as we all know by now, formally announced that it will wash its hands off XP as soon the month of April is torn off the 2014 Calendar. Not only did this announcement lead Microsoft to commission a study, whose results threatened multi-crore losses for Indian banks but it also led them to use the popular micro-blogging site Twitter to warn users off XP with a #SwitchfromXP hashtag
Technologies, Techniques, and Standards
How can I keep API keys out of source control? (Ars Technica) If you want to use a free source control service, there are still a few options. I'm working on a website that will allow users to log in using OAuth credentials from the likes of Twitter, Google, etc. To do this, I have to register with these various providers and get a super-secret API key that I have to protect with pledges against various body parts. If my key gets ganked, the part gets yanked
BYOD Should Begin with Business Case (eSecurity Planet) Despite the risks of not making security policies central to enterprise BYOD and mobility programs, many organizations are ignoring this best practice
Experts Offer Advice For Developing Secure Cloud Applications (Dark Reading) Building security into the application development process has always been a challenge. The reality of cloud computing, however, introduces new hurdles that need to be identified and overcome
Want better passwords? Follow the lead of 1Password and make it easier for people (CSO) As the spate of password breaches continues, the challenge is how quickly news of each new attack fades into the background as noise. It makes it even harder to connect with people and convince them to take action. Shift to providing value to others by guiding them on when and how to act -- by sharing information and tools from experts who already invested the time to make it understandable and actionable
Research and Development
Can the DOD tap gamers to prevent cyber attacks? (SF Gate) A new iPad game allows users to play botanist, cataloging plant life on the imaginary island of Miraflora by identifying patterns in flowers
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names (CSEWeb UC San Diego) Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on a combination of cryptographic protection and a peer-to-peer protocol for witnessing settlements. Consequently, Bitcoin has the unintuitive property that while the ownership of money is implicitly anonymous, its flow is globally visible
Legislation, Policy, and Regulation
Building walls in the cloud (Global Post) When former NSA Edward Snowden leaked secrets of the US agency's massive surveillance operations this summer, he prompted a global review of just how secure electronic data is
Obama to soon propose NSA surveillance changes (USA Today) President Obama's proposed changes to National Security Agency surveillance rules are likely to come this month
Tech Companies Outline More NSA Reform Demands (TechCrunch) Before Congress's holiday recess, Silicon Valley's major tech companies have renewed calls for surveillance reform. Executives from Google, Apple, Yahoo, Microsoft, Linkedin, Twitter, and (TechCrunch parent company) Aol have put their weight behind the Reform Government Surveillance coalition, publishing an open collective letter to Congress and
Morale hits new low at NSA after Snowden leaks (Voice of Russia) Morale at the US spying service, the National Security Agency (NSA) has hit a new low as staff believe they have not received the full support of President Obama. Although he defended the agency following the leaks of whistleblower Edward Snowden - now in Moscow - he has failed to make a visit to the NSA HQ
Intel Contractors Give Millions to Lawmakers Overseeing Government Surveillance (Kitsap Sun) In response to documents leaked by former National Security Agency contractor, Edward J. Snowden, the congressional committees in charge of overseeing the government's intelligence operations have come to the defense of the surveillance and data collection programs, and the agencies that administer them. The House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence have rejected attempts to reform the programs while advancing legislation to bolster their legal status and providing a funding boost to the National Security Agency
Litigation, Investigation, and Law Enforcement
FBI surveillance malware in bomb threat case tests constitutional limits (Ars Technica) "Internet link" targeting suspect's Yahoo account used to track his Web movements
Source: The FBI can spy on you by turning on your webcam (State Column) Apparently the National Security Agency (NSA) is not the only government agency capable of spying on Americans
Agencies collected data on Americans' cellphone use in thousands of 'tower dumps' (Washington Post) Federal, state and local law enforcement agencies conducting criminal investigations collected data on cellphone activity thousands of times last year, with each request to a phone company yielding hundreds or thousands of phone numbers of innocent Americans along with those of potential suspects
NSA Defends Global Cellphone Tracking Legality (AP via Hispanic Business) The National Security Agency on Friday said its tracking of cellphones overseas is legally authorized under a sweeping U.S. presidential order. The distinction means the extraordinary surveillance program is not overseen by a secretive U.S. intelligence court but is regulated by some U.S. lawmakers, Obama administration insiders and inspectors general
Rand Paul: I'll Take Privacy Fight to Supreme Court (NewsMax) Sen. Rand Paul, R-Ky., says it is time the country re-examines the Constitution's Fourth Amendment in light of recent revelations that the National Security Agency is mining data from millions of cellphones worldwide
Lawmaker Says Snowden May Testify Before EU Parliament (NPR) A European lawmaker says former NSA contractor Edward Snowden is set to testify before a civil liberties committee of the European Parliament later this month
'Anonymous' hackers in PayPal DDoS attack plead guilty (IBN Live) A group of 13 defendants who had been charged in a cyber attack on PayPal's website pleaded guilty and admitted to the December 2010 attack over PayPal's suspension of WikiLeaks accounts
The spying game: Companies monitor activists because they can (Grist) Back in the '40s, my grandmother lost her scholarship to college after the school found out she had attended a meeting run by a communist organization. Whoever made the call that my grandmother was a communist rabblerouser no longer deserving educational subsidy was clearly acting on bad intel. It would be hard to think of a more terrible communist than my grandmother: She loved playing the stock market
How business can shed light on the 'dark net' (CNBC) Law enforcement agencies around the world have been calling on the tech industry to help eradicate the so-called "dark net" – the hidden, unregulated online marketplace for counterfeit goods, drugs, hitmen and child abuse
For a complete running list of events, please visit the Event Tracker.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
Cylance Talk: Risk Does Not Equal Threat (Arlington, Virginia, USA, Dec 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work, time delays and operational cost in prioritizing what's really important. Identifying the risks that are true threats to the organization is critical. Join Cylance's Chief Knowledge Officer, Dr. Shane Shook along with industry experts Bob Bigman (President of 2BSecure and former CSO for the CIA) and Ulf Lindqvist (Program Director at SRI International) for a rousing round-table discussion on how your organization can determine what is a real threat, and what is merely a risk.
cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, Dec 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction of user activity or the isolation of malicious code. Most computer incident response teams have preferred tools for such acquisition that are part of their standard operating procedures invoked during live response or evidence acquisition. We all use these tools, but how many of us can describe how they work? This talk takes a deeper look at the differences found in those memory image files tied directly to the specific tools and techniques used in the acquisition process.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.