The CyberWire Daily Briefing for 12.16.2013
Sahara and Sahel territorial disputes prompt a bit of Moroccan Ghost cyber-rioting against Nigeria.
Yesterday's NSA-themed episode of CBS "60 Minutes" retailed allegations of an unnamed nation's attempt at wholesale bricking of PCs.
As Bitcoin's (and Litecoin's) bubble inflates, cybercriminals step up both theft and special-purpose malware development. A "practical joke" of typical motiveless malice circulating on 4Chan tells the unwary they can activate a secret Mac Bitcoin miner with a simple Unix command. Don't: the command deletes the gullible and greedy's files.
While CryptoLocker and its competitors continue to circulate, signs of a coming ransomware kit appear on the cyber black market. Elsewhere in that black market one can subscribe to a service that rents access to machines compromised by RDPs ("really dumb passwords").
Google reports Gmail now scans inline images for malware. (Gmail's recent change in policy for displaying images hasn't been so welcome: Naked Security tells how to circumvent display-by-default.)
Financial exchanges continue progress toward collaborative cyber defense. Raytheon and Prolexic announce new cyber facilities (and jobs) in Texas and Florida, respectively. Security consigliere Bruce Schneier leaves British Telecom.
In a story that will surprise no one familiar with intelligence history, the New York Times reports on the expanding and unrestricted ambit of French government cyber operations.
UK policy will require corporate focus on supply chain cyber security.
The US intelligence policy review panel report was delivered. It's not yet released, but one recommendation has apparently been rejected: NSA and Cyber Command will retain a common leader.
Notes.
Today's issue includes events affecting China, France, India, Iran, Ireland, Republic of Korea, Morocco, Nigeria, Russia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Moroccan Ghosts Hacks Nigerian Ministry of Finance Website over Sahara Dispute (HackRead) The official website of Nigerian Federal Ministry of Finance has been hacked and defaced by world renowned hackers from Moroccan Ghosts hacking group
NSA alleges 'BIOS plot to destroy PCs' (The Register) Un–named PC maker sought help to defeat un–named nation's PC-bricking plan
Bitcoin Price Hike Spurs Malware, Wallet Theft (TrendLabs Security Intelligence Blog) The past few weeks have been rather exciting for Bitcoin owners and speculators, with prices peaking at over $1200 per BTC. Some commentators — including former Fed Chairman Alan Greenspan — have called Bitcoin prices a "bubble", with a former Dutch central banker comparing it to the tulip mania of the 17th century. Other cryptocurrencies, like Litecoin, have seen similar gains as well
Secret Bitcoin mining hoax risks wiping Mac users' data (Graham Cluley) Everyone likes a laugh, but it's not always quite so funny if you're not in on the joke
Cyber–thieves thriving on ransomware kit (TechRadar) New cyber-criminals seeking success from powerful malware
Safari on Mac OS exposes web login credentials (ZDNet) Kaspersky research shows that Safari, in saving a session for reopening later, stores session information in plain text. This includes usernames and passwords. This problem was fixed in Safari 6.1 and only affects earlier versions
The case of Minerd (Internet Storm Center) I recently ran across an interesting compromised system. While the initial vulnerability compromised was nothing special, compromised credentials, what the system was being used for and one of his persistence technique was a lot less common than I normally see. The system had 3 different backdoors and was used for mining virtual currency
WhatsApp Malware Spam uses Geolocation to Mass Customize Filename (Internet Storm Center) Malicious e-mails usually fall into two groups: Mass-mailed generic e-mails, and highly customized spear phishing attempts. In between these two groups fall e-mails that obviously do more to "mass customize" the e-mail based on information retrieved from other sources. E-mails that appear to come from your Facebook friends, or malware that harvests other social networks like Linkedin to craft a more personalized message
Hackers like Playstation 4 and Xbox One too (Consumer Affairs) Security firm warns new consoles are under cyber attack
Fake VPN Site Serves Up Keylogger (Malwarebytes Unpacked) VPN services have probably never been in more demand with the continued fallout of the Snowden / NSA revelations. They're certainly handy things to have access to in terms of attemping to keep prying eyes out of your day to day business, and everybody should at least consider the ins and outs of jumping on board. That doesn't mean you should let your guard down, however – sometimes trying to make yourself more secure can end up going horribly wrong, as we're about to see
Hacked Via RDP: Really Dumb Passwords (Krebs on Security) Businesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers. Today's post examines an underground service that rents access to hacked PCs at organizations that make this all-too-common mistake
Cybercriminals Using Targeted Attack Methodologies (Part 1) (TrendLabs Security Intelligence Blog) One of our 2014 security predictions is that cyber criminals will more frequently leverage targeted attack methodologies. Some of these tactics include using spear phishing attacks, as well as well-known vulnerabilities that have been used successfully in targeted attacks
Special Report: The Department of Energy's July 2013 Cyber Security Breach (Department of Energy Office of Inspector General) …In spite of a number of early warning signs that certain personnel-related information systems were at risk, the Department had not taken action necessary to protect the PII of a large number of its past and present employees, their dependents and many contractors. We concluded that the July 2013 incident resulted in the exfiltration of a variety of PII on over 104,000 individuals
Data Stolen From 104,000 Energy Employees Was More Sensitive Than First Thought (Nextgov) Hackers that breached an Energy Department personnel database in July got away with more sensitive data than first disclosed by the government, including some banking information and password security questions of the 104,179 individuals affected, according to internal investigators
UConn Health Center Admits Second Insider Breach This Year (eSecurity Planet) An employee inappropriately accessed 164 patients' medical records
Data Breach Affects Hundreds of Boston Convention Attendees (eSecurity Planet) Still, a Boston Police detective says the breach doesn't appear to have been limited to people who attended conferences at the convention center
Security Patches, Mitigations, and Software Updates
Google Yanks Buried Android Privacy Feature (InformationWeek) Google removes an undocumented App Ops control panel from its latest release, Android 4.4.2, that had let users choose which app permissions to enable
Gmail starts scanning images in emails for malware (Graham Cluley) Google says that Gmail is now scanning inline images to protect users against malware. And it should mean you no longer have to worry about stalkers and internet marketers finding out where you live
Gmail takes image loading out of users' hands — here's how to take it back (Naked Security) Gmail's new default is to automatically display all those HTML glamour shots that marketers desperately hope we'll click on. Does this really help our privacy and security, and how can you turn it off again
Twitter revamps direct–messaging features on iOS, Android (FierceCMO) Twitter has announced an update to its iOS and Android app that boosts the social network's direct-messaging abilities
New ISP customers will have porn filters turned on automatically (Ars Technica) BT newbies will have to actively choose to change the settings
Cyber Trends
Android and Java vulnerabilities to be main targets for cyber criminals in 2014 (Computing) Malware creation will reach a record high in 2014 and Android devices will be the most vulnerable to potential threats
Mobile Security 2014: Predictions (Webroot Threat Blog) The most recent and interesting threats we see are more or less "evolved" forms of previous threats, including those originating from the PC side. People have been "spoofing" parts of apps, such as code, appearance, or digital certificates, since Android malware first started appearing. The MasterKey exploit was a whole new way to modify the app without even having to spoof anything
Internet's sad legacy: No more secrets (NDTV) In technology, that is one of the big lessons of 2013. The National Security Agency and who knows who else have been tracking this or hacking that. China has been breaking into our computers. Google has been sifting through our home networks. Facebook has been tinkering with its privacy settings
Electronic Ghosts (Democracy Journal) A technological approach to cybercrime will only lead to a tech arms race. We need a new plan that starts with figuring out who cybercriminals are
Marketplace
Global Exchanges Forge Cyber Security Alliance (Fox Business) Financial exchanges have giant cyber bull's eyes on them as they represent an opportunity for financially-motivated hackers and ideologically-driven hacktivists
UK Backs Off Contractor–Operated Procurement — for Now (Defense News) Britain plans to adopt a new equipment procurement and support organization in April, but it's not the government-owned contractor-operated (GoCo) plan officials hoped to implement
Huawei cyber security officer John Suffolk on latest global initiatives (Telecom Lead) Huawei's global cyber security officer John Suffolk was in India recently to attend a conference on cyber security aspects
Raytheon opens new San Antonio cyber center (Yahoo! Fianance) New 'Cyber City USA' facility delivers full-spectrum cyber security solutions to DoD customers
Data security firm to create jobs in Fort Lauderdale (Sun Sentinel) Hollywood-based data security firm Prolexic Technologies announced plans late Friday to create 118 jobs and retain 120 jobs in a new 35,000 square-foot space it is leasing in downtown Fort Lauderdale
Dell Launches $300M IT Innovation Fund for Startups (GovConWire) Dell Ventures has invested $300 million to set up a startup fund for entrepreneurs seeking to innovate in new areas of information technology. The Strategic Innovation Venture Fund will be made available to companies involved in big data, cloud computing, storage, next-generation data center, security, mobility and other emerging technologies
Leidos Inks $300M Share Repurchase Deal (GovConWire) Leidos Holdings (NYSE: LDOS) and an unnamed financial institution have reached an agreement for the company to purchase $300 million in outstanding common shares through March 2014
FireEye Up As FBR Forecasts Market Share Gains FEYE (Investor's Business Daily) "As the threat environment evolves and demand for more complex cyber threat prevention increases, we believe FireEye is well positioned to penetrate further
Adobe Systems (Nasdaq:ADBE) Soars on Results, Procera Networks (Nasdaq:PKT) Is a Buy on DA Davidson View (Small Cap Network) Shares of ADBE skyrocketed to a new all time high of $61.09 on intraday trading, after the company reported its financial results
Security guru Bruce Schneier to leave employer BT (The Register) Nothing to do with criticising GCHQ and the NSA, insists telco
Craig Searle Appointed APAC Cyber Lead for BAE Detica (Sys-Con) Craig Searle, a 10-year information security industry veteran, has been appointed cybersecurity lead for the Asia-Pacific region at BAE Systems Detica as the business aims to grow its presence in Asia and Australia
Richard Spires Joins Resilient Network Systems as CEO (GovConWire) Richard Spires, formerly chief information officer at the Department of Homeland Security for nearly three-and-a-half years, has joined San Francisco-based Internet security company Resilient Network Systems as CEO
Doug Wagoner Promoted to SAIC Sector President (GovConWire) Doug Wagoner, who led the project management office at Science Applications International Corp. (NYSE: SAI) responsible for helping carry out the separation into SAIC and Leidos (NYSE: LDOS), has been promoted to sector president at SAIC
Products, Services, and Solutions
Shahpad protects all organizations against cyber attacks (Press TV) In today's world, all the countries have realized the importance of cyber attacks and cyber defense. Wars today are fought with keyboards to the sound of bits. In many instances, cyber wars can leave devastating damages times bigger than a military invasion
Instagram rolls out private messaging (FierceCMO) Facebook's popular photo-sharing app Instagram has added a private-message feature for both iOS and Android that lets users send photo and video messages directly to other users
Technologies, Techniques, and Standards
Fighting Fraud With ID Management (BankInfoSecurity) Most fraud on the Internet is linked to unsecured identities, which is why a new global identification framework is needed, says Paul Simmonds, who heads a coalition working on a framework model
Locking the backdoor: Reducing the risk of unauthorized system access (SearchSecurity) Rampant backdoors in enterprise IT products too often provide unauthorized access to attackers and governments. Learn how to defend against the risks
Preparing your system for telephony denial-of-service attacks (SearchSecurity) Can your organization's telephony system survive a telephony denial-of-service attack? Expert Brad Casey provides pointers for TDoS survival success
Lack Of Planning and Visibility Increases Attack Chaos And Impact Of DDoS Attacks (Dark Reading) Corero survey asked respondents about the effectiveness of their plans to prevent, detect, and mitigate damage of a cyberattack
Online behaviors that increase the risk of identity theft (Help Net Security) PrivacyGuard released the results of a survey aimed at observing and identifying a number of online behaviors that consumers willingly partake in that could put them at risk of fraud and identity theft
Security Expert Unmasks His Scammer (Dark Reading) How a security expert turned the tables on a fraudster trying to '0wn' his pilfered iPhone
Design and Innovation
Easy–to–remember, difficult–to–crack passwords via visual cues (Help Net Security) A group of researchers from Carnegie Mellon University's School of Computer Science believe they might have solved the problem of choosing and, above all, remembering complex and diverse passwords that are simultaneously difficult to crack by attackers
The quest to make encryption accessible to the masses (Wired) It's been two years since Nadim Kobeissi unleashed his user-friendly, feline-themed chat software, Cryptocat. At the time, Kobeissi felt that there wasn't exactly a great deal of enthusiasm for his program. "Two years ago not a lot of people cared," he comments. But times have changed. "Now a lot of people care"
Research and Development
DARPA Cracks Radio Incompatibility Problem Once and for All (Wired) After more than 10 years of war in Iraq and Afghanistan, the Pentagon's research group has announced a new system that could help U.S. troops and multinational forces communicate — a problem that frequently plagued the countries' cooperation in the field
Thinking in Silicon (MIT Technology Review) Picture a person reading these words on a laptop in a coffee shop. The machine made of metal, plastic, and silicon consumes about 50 watts of poweras it translates bits of information—a long string of 1s and 0s—into a pattern of dots on a screen. Meanwhile, inside that person's skull, a gooey clump of proteins, salt, and water uses a fraction of that power not only to recognize those patterns as letters, words, and sentences but to recognize the song playing on the radio
Academia
Pensacola State pushes for cyber–research center (Pensacola News Journal) College's president sees collaboration on Naval intelligence
College CIOs Wrestling with Cyber Security Threats (US News) For chief information officers (CIOs) at most colleges and universities, vulnerabilities in their network infrastructure that are susceptible to external threats are often the highest priority. However, according to Inside Higher Ed, the problem of internal network security is becoming more prevalent
University of Utah students explore ethics of 'big data' (Deseret News) University of Utah students who gathered Friday to hear a panel discussion on the ethics of "big data" were asked if any of them had consented to the iTunes user agreement
Legislation, Policy, and Regulation
France Broadens Its Surveillance Power (The New York Times) For all their indignation last summer, when the scope of the United States' mass data collection began to be made public, the French are hardly innocents in the realm of electronic surveillance. Within days of the reports about the National Security Agency's activities, it was revealed that French intelligence services operated a similar system, with similarly minimal oversight
UK firms to be "encouraged" to adopt upcoming security standard (Naked Security) The UK government has released two reports looking at the progress of its Cyber Security Strategy so far, with details of plans going forward, including a new security standard for businesses hoping to get government contracts
Obama weighs spying recommendations (CNN) President Barack Obama must decide in the coming weeks how to rein in the vast spying powers of the federal government without putting Americans' safety at risk, a task he's said would result in new "self-restraint" at the National Security Agency
Cyber Command Job to Stay with NSA Director (Threatpost) Since its inception in 2009, the U.S. Cyber Command has been run by the director of the National Security Agency. The two organizations are intertwined and even share the same space in Maryland. The continuous leaks of NSA documents this year has led some politicians and critics to argue that the two should be separated, but it appears that the Obama administration has rejected this idea
This Rumored Recommendation for NSA Reform Is a Horrible Idea (Slate) The rumored recommendations made by a presidential task force on the National Security Agency's surveillance efforts include some sensible suggestions—like more direct oversight by the White House of certain sensitive programs. But according to the early reports, the recommendations may also include one deeply misguided and troubling idea to divide the agency and thereby handicap its ability to perform both its defensive and offensive roles
In 2014, NSA to Face Winds of Change (Voice of America) The U.S. National Security Agency has made dozens of changes in its operations and computer networks to prevent the emergence of another Edward Snowden, including potential disciplinary action, a top NSA official said on Friday, as a White House review panel recommended restraints on NSA spying
Bamford: Public backlash — not Congress — will rein in NSA spying (The Salt Lake Tribune) Experts say civic engagement, use of privacy tools will curb unchecked surveillance
Don't be fooled by the 60 Minutes report on the NSA (The Verge) Tonight's episode of 60 Minutes featured what CBS promised was an unusual inside look at the secretive National Security Agency, but instead offered a routine look at the agency's propaganda with no critical voices
NSA Chief Asked for Documentary to Get Support for Surveillance Programs (Softpedia) CBS aired a documentary about the NSA that's full of the agency's propaganda and Edward Snowden slamming. The show, called "60 Minutes," was hosted by a correspondent who actually worked for the intelligence apparatus at one point in his career
What's wrong with '60 Minutes'? (Politico) CBS's "60 Minutes" has had a terrible year: Lara Logan's now-retracted Benghazi report was the sort of blackmark that will take the news-magazine years to live down. Charlie Rose's interview with Amazon founder Jeff Bezos, about his drone delivery plans, was panned as fawning and promotional
'60 Minutes' Is Getting Shredded For Its 'Embarrassing' Report On The NSA (Business Insider) "60 Minutes" is getting slammed for a controversial, one-sided report on the National Security Agency and leaker Edward Snowden on Sunday night
NSA installs new system controls in wake of Snowden leaks (IT News) The US National Security Agency has made dozens of changes in its operations and computer networks to prevent the emergence of another Edward Snowden, including potential disciplinary action, a top NSA official said on Friday, as a White House review panel recommended restraints on NSA spying
Why Fed Cybersecurity Reboot Plan Fails To Convince (InformationWeek) Does a presidential commission's hodgepodge analysis and suggestions for improving federal cybersecurity tells us anything we didn't already know
Top Management and Performance Challenges Facing the Department of Justice — 2013 (US Department of Justice, Office of the Inspector General) Attached to this memorandum is the Office of the Inspector General's (OIG) 2013 list of top management and performance challenges facing the Department of Justice (Department), which we have identified based on our oversight work, research, and judgment. We have prepared similar lists since 1998. By statute this list is required to be included in the Department's Agency Financial Report
FTC Wants to Be Enforcer of Data Security (CIO) Despite growing push back from some companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation's enforcer of data security standards
Deborah Lee James Confirmed as Air Force Secretary (GovConWire) The Senate voted Friday to confirm Deborah Lee James, president of Science Applications International Corp.'s (NYSE: SAI) technical and engineering sector, as the next secretary of the U.S. Air Force
Litigation, Investigation, and Law Enforcement
The Government Really Isn't Sure What Snowden Took (TechCrunch) Out this morning in the New York Times is a stark tale: The United States' intelligence apparatus has little idea what Edward Snowden took, despite spending half a trying to find out. As the full scope of what Snowden absconded with likely can't be known, the government is forced to operate on its toes, unsure of what might be coming next. And that could be anything. From the phone
An NSA Coworker Remembers The Real Edward Snowden: 'A Genius Among Geniuses' (Forbes) Perhaps Edward Snowden's hoodie should have raised suspicions. The black sweatshirt sold by the civil libertarian Electronic Frontier Foundation featured a parody of the National Security Agency's logo
IBM Sued by Its Own Shareholder for Cooperating with the NSA (HackRead) It seems as if those business which bowed down in front of NSA are now facing a backlash. That's what we can see from several tech giants and business institutions who cooperated with the American National Security Agency (NSA) for its spying and surveillance project PRISM
Military set to unveil outcome of probe into cyber command (Yonhap) The defense ministry is expected to announce the interim results this week of its investigation into the cyber warfare command's alleged smear campaign against the opposition candidate during last year's presidential poll, a source said Sunday
The real story on the PrivateSky takedown. (CertiVox) With the story about our PrivateSky takedown now public, I want to take the opportunity to clarify a few points in various articles that have appeared since yesterday covering the story
Sextortionist Hacker Sentenced to 5 Years in Prison (eSecurity Planet) Prosecutors described Karen 'Gary' Kazaryan as a 'sexual cyber terrorist'
The Pirate Bay's domain hopping tour takes it to Peru's .pe (ZDNet) After two brief stop overs in domain space controlled by tiny islands, The Pirate Bay has docked in Peru
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.
FloCon2014 (Charleston, South Carolina, USA, Jan 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.
cybergamut Tech Tuesday: Malware Reverse Engineering - An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, Jan 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.
Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, Jan 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.