The CyberWire Daily Briefing for 12.12.2013
Chinese government spokesmen indignantly deny allegations China spied on G20 foreign ministries because, well, who believes those FireEye guys anyway? Actually quite a few do: see especially the "Attribution Analysis" section of FireEye's report on "Operation Ke3chang." Their evidence is admittedly circumstantial, but nonetheless suggestive.
Hacktivists of varying stripes (Islamist, nationalist, anarchist) surface to hit targets in Spain, Mexico, and the US. An Anonymous denial-of-service attack against Mexico's Congress is particularly noteworthy.
Consumers are advised to add keyloggers to their cyber worries over the holidays. Social media also continue to be a channel of retail cybercrime.
An audit warns of cyber vulnerabilities in Australia's State of Victoria's water distribution infrastructure.
Gamers in the UK sustained 11.7M attacks in 2013. F-Secure coins a new term, "sharking," to describe cybercrimes against cardplayers. A Las Vegas casino and hotel visitors' guide Vegastripping.com is breached, with user credentials posted to Pastebin.
Researchers find a banking Trojan using database-as-a-service platforms for its command-and-control traffic.
Amid more reports of tighter IT (and cyber) labor markets, the US Navy and Air Force both move to increase the number of uniformed cyber operators in their ranks.
The UK is announcing today a new requirement for cyber-security certification of government contractors.
Palantir raises $107.5M and is now valued at $9B. Mocana receives significant funding from GE Ventures. Adobe faces investor scrutiny over privacy. BlackBerry pegs its future to enterprise mobility.
Members of the US House introduce the "National Cybersecurity and Critical Infrastructure Protection Act of 2013" with bipartisan sponsorship.
Notes.
Today's issue includes events affecting Australia, China, European Union, Finland, Ireland, Mexico, Morocco, New Zealand, Spain, Sweden, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Beijing rejects latest US hacking accusations (Want China Times) China on Tuesday rejected the accusation by a US computer security firm that Chinese hackers were involved in a cyber attack against European countries before the G20 Summit in September
Operation "Ke3chang": Targeted Attacks Against Ministries of Foreign Affairs (FireEye) Diplomatic missions, including ministries of foreign affairs (MFA), are high–priority targets for today's cyber spies. Large-scale cyber espionage campaigns such as "GhostNet" have demonstrated that government agencies around the world, including embassies, are vulnerable to targeted cyber attacks
Mexico's House of Representatives and Congress Attacked by Anonymous (Softpedia) Hackers of the Anonymous movement have launched distributed denial-of-service (DDOS) attacks against the websites of the Mexico's House of representatives and Congress
TeamBerserk hacktivists use US judge's credit card to buy sex toys for him (Naked Security) TeamBerserk hackers are back. They've sided with a sheriff in the US state of Texas in a dispute over a teacher picking thrown-away school furniture out of the trash, have leaked 23 documents stolen from the judge's computer
Spanish Socialist Workers Party of Murcia gets hacked by Moroccan Islamic Union-Mail (Hackers Post) The online hacktivist group 'Moroccan Islamic Union-Mail' (MIUM) have hacked Partido Socialista Obrero Español de murcia
Consumers Are Warned to Be Wary of Keyloggers to Prevent Identity Theft Over the Holidays and Beyond (Virtual-Strategy) The Identity Theft Council is warning consumers and businesses to be aware of the menace of keyloggers, over the Christmas holidays and beyond. In the aftermath of the recent discovery of more than two million stolen passwords on a hacker server, the prime suspect in the incident was initially a keylogger
Facebook Phishing and Malware via Tumblr Redirects (Internet Storm Center) We got a couple reports of pretty convincing Facebook spam redirecting users to malware and a Facebook phishing site
How cybercriminals efficiently violate YouTube, Facebook, Twitter, Instagram, SoundCloud and Google+'s ToS (Webroot Threat Blog) With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays. This process, largely made possible by the massively undermined CAPTCHA bot vs human verification practice, results in automatically registered accounts, or the persistent data mining of malware-infected hosts for accounting data for social media accounts, continues to scale, allowing both individuals and organizations to
Crypto weakness in Web comment system exposes hate–mongering politicians (Ars Technica) Journalists exploit weakness in Gravatar to identify extremist forum members
ENISA Threat Landscape 2013 — Overview of current and emerging cyber–threats (ENISA) ENISA releases the 2013's ENISA Threat Landscape (ETL 2013). The ENISA Threat Landscape is a collection of top cyber-threats that have been assessed in the reporting period, ie. end 2012-end 2013. ENISA has collected over 250 reports regarding cyber-threats, risks and threat agents. ETL 2013 is a comprehensive compilation of the top 15 cyber-threats assessed
Credit card data stolen from hundreds of attendees at Boston conventions (Naked Security) The Boston Convention & Exhibition Center denies the security breach happened inside its building, while many convention-goers said they used their credit cards at shops, hotels and restaurants in the Seaport area of the city
Vic water authorities vulnerable to cyber attack (IT News) A state government audit into Victoria's water authorities has revealed much of the critical infrastructure towns and cities rely upon remains vulnerable to electronic attack
How cyber squatters and phishers target antivirus vendors (Help Net Security) Illegal online activities such as phishing and typosquatting are growing at an alarming rate. To understand the issue in detail High-Tech Bridge analyzed 946 domains that may visually look like a legitimate domain (for example replacement of "t" character by "l" character, or mutated domain names such as "kasperski.com" or "mcaffee.com") or that contain typos (e.g. "symanrec.com" or "dymantec.com")
Gamers attacked 11.7m times in 2013 (The Telegraph) UK gamers were hit with with 27,049 hacking attempts between 1 January and November 2013
Finnish Computer Security Company F–Secure Confirms "Sharking" Attacks at EPT Barcelona (Poker News) On Tuesday, F-Secure, an anti-virus, cloud content, and computer security company based in Helsinki, Finland, confirmed that Jens Kyllönen and his friend Henri Jaakkola were the victims of a "Sharking" attack at EPT Barcelona. After performing some tests on the high-stakes pro's laptop, F-Secure discovered that it was infected by a Remote Access Trojan (RAT), allowing the attacker to access Kyllönen's hole cards remotely
Las Vegas Casinos and Hotels guide site hacked, User Accounts Leaked (Hackers Post) Vegastripping.com, a LasVegas casinos and hotels guide site has been hacked. The hacker with the handle @zVapor claimed the responsibility of the hack and published the users credentials on Pastebin
Houston Methodist Hospital Acknowledges Data Breach (eSecurity Planet) 1,300 transplant patients' names, Social Security numbers, birthdates and medical information may have been exposed
Cybercriminals Now Elisting Database Cloud Services (Dark Reading) Database-as-a-service supports a new Trojan-based attack that steals businesses' online banking credentials
Catphishing is a loveless nightmare (Hacksurfer) What is catphishing? This recently coined term refers to false online identities created by Internet scammers to deceive people into a long-term romantic or emotional relationship
Cyber Trends
The Threat Landscape is Like the Curate's Egg, Suggests ENISA (InfoSecurity Magazine) The European Network and Information Security Agency (ENISA) takes an uncommon approach for its Threat Landscape 2013 report. Rather than undertaking or commissioning fresh research, it analyzes the existing reports published through the year: crowdsourcing. And as often proven, crowdsourcing can be remarkably effective
Young professionals exposing workplaces to cyber attack (Help Net Security) Low cyber-threat awareness amongst Gen-Y professionals coupled with blasé attitudes towards cyber security are leaving organizations across the country exposed to attack and data leaks according to ESET
What do people want to hide on their smartphone? (Help Net Security) More than half of Americans (52%) would be embarrassed about friends or family seeing certain files or documents on their smartphone, according to Clean Master
Marketplace
A Future of Failure? (Ford Foundation) The rapid pace of technology innovation and development has had a profound and undeniable impact on all corners of contemporary society. It has changed many of the day-to-day transactions that characterize personal and home life; it has radically reshaped and influenced domestic and global markets; and it has offered the potential to revolutionize how government works at the same time that it challenges the ways in which government protects consumers. A few wellworn statistics only confirm these trends
Navy expands 'cyber warrant' program to attract more tech–savvy sailors (C4ISR & Networks) The Navy is increasing its ranks of cyberwarfare sailors — about 1,000 more could join Fleet Cyber Command by fiscal 2016
AF Cyber Command bulks up, slims down (Defense Systems) The Air Force Cyber Command is bulking up and slimming down at the same time, planning to add a couple thousand airmen to its workforce by 2016 while simplifying its architecture as part of the military's move to the Joint Information Environment (JIE)
Firms will need cyber "badge" to win some British government business (Reuters) Britain will announce on Thursday that firms wishing to bid for certain areas of government procurement will have to meet a new standard demonstrating basic levels of cyber security
Executive Spotlight: Rick Nadeau on How SRA Became a Private Company and the Role of a GovCon CFO (ExecutiveBiz) Rick Nadeau serves as chief financial officer at SRA International where he is responsible for the long-term financial picture of the company
Exelis to Spin Off Military and Government Services Business (Defense News) McLean, Va.-based contractor Exelis, itself a 2011 spin off from ITT, announced Wednesday that it would be spinning off its military and government services business focused on facilities management, logistics and network communications
CIA–backed Palantir Technologies raises $107.5 million (Reuters) Palantir Technologies, the data-mining company that is partly backed by the Central Intelligence Agency, has raised another $107.5 million, according to a filing
Mocana Receives Strategic Investment from GE Ventures (Security Week) Mocana, a provider of security solutions for embedded and mobile devices, today announced that it has received a strategic investment from GE Ventures
BlackBerry's future could lie in enterprise mobility services (V3) This year has been something of a rollercoaster ride for BlackBerry, as the smartphone maker launched its next-generation handsets based on a brand new operating system in a bid to reclaim market share it has lost to Apple and Android devices over the past couple of years
Can Adobe 'photoshop out' privacy concerns? (Marketplace) Adobe releases its fourth-quarter earnings Thursday after the market close. The company's earnings slightly beat the consensus of analysts' estimates in the third quarter
Juniper exec Muglia abruptly quits (InfoWorld) Executive vice president Bob Muglia leaves the networking company shortly after new a CEO is named
Products, Services, and Solutions
NetFort Introduces LANGuardian V12 (Consumer Electronics Net) NetFort Technologies, a leading developer of innovative software for monitoring activity on computer networks, today announced the availability of LANGuardian version 12, a significant new release of its flagship network monitoring software product
Technologies, Techniques, and Standards
November Data Breaches: Learn from Others' Mistakes (eSecurity Planet) In this first of two parts, we look at what security professionals can learn from data breaches that occurred in November 2013
Banks shouldn't rely on mobile SMS passcodes, security firm says (ComputerWorld) As mobile banking grows, malicious Android applications are increasingly intercepting one-time passcodes
Browser Fingerprinting via SSL Client Hello Messages (Internet Storm Center) Encrypted traffic has long been a challenge for network monitoring. But even if traffic is encrypted, there is still plenty of information that can be extracted. In this little example, we are looking at "SSL Hello" messages. These messages are sent by the client to initiate the SSL connection. They include a number of parameters that may vary depending on the SSL library used or the SSL clients preference
Firms Eliminate Embedded Code To Foil Targeted Attacks (Dark Reading) Security providers are developing technology to strip out, or render unusable, any potential code in popular file formats
7 Habits Of Highly Secure Database Administrators (Dark Reading) Most organizations could still stand for improvement in database security best practices, according to IOUG survey
What Is Homomorphic Encryption? (NoVASec) I was listening to an older episode of Risky Biz (282) where they were discussing the concept of homomorphic encryption and how it can be applied to secure cloud computing. Basically, this type of operation involves performing computing operations on data while its encrypted rather than having to decrypt it first. It's obvious to see the application of this technology for use in the cloud
Energy–efficient bcrypt cracking (Help Net Security) Bcrypt is a password hashing scheme based on the Blowfish block cipher. It was designed to be resistant to brute force attacks and to remain secure despite of hardware improvements
Survey: Hadoop still isn't reliable or secure enough (VentureBeat) Hadoop, that ecosystem of open-source tools for storing and analyzing large quantities and many kinds of data, is spawning more and more companies. Some offer commercial support or consulting assistance for Hadoop. Others provide analytics software for understanding data sitting in Hadoop. But Hadoop itself is free
Legislation, Policy, and Regulation
Bill to safeguard critical infrastructure introduced in House (GSN) Members of both political parties introduced on December 11 a bipartisan piece of legislation, H.R. 3696, the "National Cybersecurity and Critical Infrastructure Protection Act of 2013" (NCCIP Act)
Advisory Panel Offers Suggestions To Strengthen US Cybersecurity, But Is The Government Capable Of Change? (TechDirt) The President's Council of Advisors on Science and Technology (abbreviated unfortunately as PCAST) has just released a report dealing with the nation's hottest topic since terrorism: cybersecurity. The report's writers include a host of professors from a variety of scientific pursuits, along with a few corporate figures from the tech world, including Google's Eric Schmidt and Microsoft's Craig Mundie
Sweden's Intelligence Agency has Access to NSA's XKeyscore system (InfoSecurity Magazine) Sweden has sometimes been called the 'Sixth Eye' - referring to the English-speaking Five Eyes SIGINT alliance — suggesting a close working relationship between Sweden's FRA and the NSA and GCHQ. New documents suggest that it has access to the XKeyscore tool, and has helped in the Quantum hacking program
Exactly What the State Says to Deceive You About Surveillance (The Atlantic) Remember when multiple Obama Administration figures said the NSA doesn't collect cell-phone location data? It turns out that wasn't true
NSA director defends surveillance programs as necessary (USA Today) National Security Agency Director Keith Alexander said Wednesday that "there isn't a better way'' to help defend the country from potential terror threats than the ongoing and controversial bulk collection of telephone records involving millions of Americans
Will NSA cut it out if Congress passes no–bulk-spying bill? "Depends" (Ars Technica) DOJ lawyer says they'll wait for a court interpretation of any new law
The NSA is out of control and must be stopped (The Verge) The National Security Agency is breaking trust in democracy by breaking trust in the internet. Every day, the NSA records the lives of millions of Americans and countless foreigners, collecting staggering amounts of information about who they know, where they've been, and what they've done. Its surveillance programs have been kept secret from the public they allegedly serve and protect. The agency operates the most sophisticated, effective, and secretive surveillance apparatus in history
A spat over Justice Department national security job (CNN) President Barack Obama's pick for the Justice Department's national security prosecutor is expected to be among several nominations to move in the coming weeks as Senate Democrats start wading through the presidential appointments backlog built up amid partisan fights
Litigation, Investigation, and Law Enforcement
NZ judge: Kim Dotcom is likely still being spied upon (Ars Technica) Dotcom heard a conversation with his attorney played back over a phone call
Backpacker stripped of tech gear at Auckland Airport (New Zealand Herald) A backpacker coming home for Christmas had every bit of electronic equipment stripped from him at the airport
German prosecutor: still weighing NSA probe (AP via Imperial Valley Press) Germany's chief federal prosecutor says he hasn't decided whether to open an investigation into alleged surveillance by the U.S. National Security Agency but is suggesting that he's skeptical
A UK citizen has sued Microsoft for leaking Prism private data to the NSA (Hack Read) A UK citizen has sued Microsoft for leaking PRISM private data to the NSA. A UK court will be carrying out an action trail for a case that has been filed by a British Citizen. The reason is that the private data of a UK citizen has been leaked or given to NSA by Microsoft. Now the court will test whether Microsoft has the right of disclosing such private information to the intelligence agency
Man Who Hacked US Government Systems Sentenced to 18 Months (Softpedia) 24-year-old Andrew James Miller, who admitted earlier this year to hacking and selling access to the systems of various US government and other high-profile organizations, has been sentenced to 18 months in prison. He will also have to pay a $25,000 (€18,000) fine
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.
FloCon2014 (Charleston, South Carolina, USA, Jan 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.
cybergamut Tech Tuesday: Malware Reverse Engineering - An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, Jan 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.
Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, Jan 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.