The CyberWire Daily Briefing for 12.30.2013
Syria's civil war continues in cyberspace, spilling over onto UN Websites.
AP, Forbes, and AFP (relying on Der Spiegel) report fresh allegations of NSA operations to compromise hardware and monitor traffic over trans-oceanic telecom cables. (A note to Forbes, however: that octopus logo you're featuring in your coverage is an NRO payload mission patch, not an NSA design. Cool logo, by the way, NRO.)
The Black Friday Target point-of-sale compromise is now known to have included customer PINs. Target claims its encryption limits the risk to customers.
In the UK, a Russian cyber criminal hacked BBC servers over the Christmas holiday and sold access on the black market. NatWest bank suffered a denial–of–service attack.
Symantec observes a quiet but large NTP reflection campaign in the wild. Researchers complain that Snapchat's phone number searches are too easy, and thus a threat to privacy. Other researchers report vulnerabilities in SD cards.
In industry news, US companies continue to face surveillance–related headwinds in international sales.
In France, researchers at INRIA report a crypto breakthrough: an algorithm that, for certain classes of problems, efficiently solves the discrete logarithm problem underlying several modern cryptosystems.
A US Federal judge in New York rules, contra his counterpart in the District of Columbia, that NSA surveillance is legal after all. The conflicting rulings will no doubt move the case to the US Supreme Court.
Snowden promises to raise his media profile in 2014; the former head of Britain's MI5 predicts the US will make a deal with him.
Notes.
Today's issue includes events affecting China, France, Germany, India, Italy, Malaysia, Morocco, Oman, Pakistan, Romania, Spain, Syria, Thailand, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Anti Assad Syrian Hacker Hacks United Nations Population Fund Websites for Free Syria (Hack Read) Syrian Hacker Hacks Mali and El Salvador United Nations Population Fund against Syrian Conflict. A Syrian hacker going with the handle of Dr.SHA6H has hacked and defaced two official websites of United Nations Population Fund (UNPF) designated for El Salvador and Republic of Mali. The hacker hacked both websites against ongoing conflict in Arab Republic of Syria, criticizing UN and governments of the world
SEA denies reported FBI claim that hacktivists were phishing (SC Magazine) On the night before Christmas, the FBI was sending out warning notices that the Syrian Electronic Army (SEA) was phishing for usernames and passwords, according to a New York Times report that was quickly denied on Twitter by the pro–Assad hacktivists
Report: NSA Intercepting Laptops Ordered Online, Installing Spyware (Forbes) With each new story we hear of the NSA's spying program, things get a little bit crazier—a little more Hollywood, and a lot more galling
Report: NSA intercepts computer deliveries (AP via the Washington Post) A German magazine lifted the lid on the operations of the National Security Agency's hacking unit Sunday, reporting that American spies intercept computer deliveries, exploit hardware vulnerabilities, and even hijack Microsoft's internal reporting system to spy on their targets
NSA spying on Europe–Asia undersea telecom cables: Report (AFP) The US National Security Agency has collected sensitive data on key telecommunications cables between Europe, north Africa and Asia, German news magazine Der Spiegel reported Sunday citing classified document
UPDATE 4: Target says PINs stolen, but confident data secure (Reuters) Target Corp said PIN data of some customers' bank ATM cards were stolen in a massive cyber attack at the third-largest U.S. retailer, but it was confident that the information was "safe and secure"
Target's Christmas nightmare just got worse: Customer PINs were stolen, too (Quartz) Oh dear. Target just confirmed that encrypted personal identification numbers (PINs) were, in fact, stolen when up to 40 million credit and debit card accounts of its customers were compromised by hackers in recent weeks. That appears to be an about face from a denial the retailer gave Reuters just two days ago
Who's Selling Credit Cards from Target? (Krebs on Security) The previous two posts on this blog have featured stories about banks buying back credit and debit card accounts stolen in the Target hack and that ended up for sale on rescator[dot]la, a popular underground store. Today's post looks a bit closer at open–source information on a possible real–life identity for the proprietor of that online fraud shop
BBC suffers Christmas Day cyber attack from Russian web fraudster (The Mirror) A cyber criminal broke into a BBC computer server then touted access to it for sale to his fellow hackers. Rev0lver or Hack — a known web fraudster
NatWest 'Hit By Fourth Online Banking Glitch' (Sky News) NatWest bank apologises to customers after its online service is disrupted by a denial–of–service attack
NatWest Cyber Attack Causes Alarm for Customers and Insurance Industry (Inquistr) NatWest was hit by a cyber attack that left customers unable to garner access to their online bank accounts. The United Kingdom bank was reportedly the target of a distributed denial of servie (DOS) attack, according to the Mirror. A statement released by the bank maintains that the cyber warfare posed "no risk" to its customers
Privacy lenses pointed at Snapchat for making phone number searches too easy (Naked Security) Security researchers claim that Snapchat, the controversial selfie-sharing picture site, is far too liberal with the phone numbers of its users
NTP reflection attack (Internet Storm Center) Symantec has notice[d] in the last few weeks that there [are] significant NTP reflection attacks. NTP is Network time protocol and it's used to synch the time between client and server, it is a UDP protocol and it's run on port 123
SD Cards Aren't As Secure As We Think (TechCrunch) The hardware hacker Bunnie Huang gave a talk at the Chaos Compute Club Congress where he offered some good news and some bad news. The good news? SD cards contain powerful, handy micro controllers that are useful to hackers and hobbyists. The bad news? SD cards are woefully insecure
Computers stolen from Calif. EDD facility, personal info compromised (SC Magazine) An undisclosed number of individuals may have had personal information compromised after a secured California Employment Development Department (EDD) facility was broken into and computers containing Unemployment Insurance (UI) records were stolen
W.J. Bradley Mortgage Capital Admits Insider Breach (eSecurity Planet) A former loan officer took clients' credit reports, Social Security numbers, bank account information, tax information and other personal data
OpenSSL suffers apparent defacement (Internet Storm Center) Update 29 DEC: Per OpenSSL.org, re: web site defacement, "Investigation in progress, more details to follow." While now recovered and seemingly back to normal…appears to have been defaced
Cyber Trends
Will next–generation encryption technology affect healthcare? (HealthITSecurity) While some of its predictions were outside of healthcare's scope, there were a few that concentrated on new cryptography technologies that work while
Cybercrime Trends 2013 — Year in Review (Webroot Threat Blog) It's that time of the year! The moment when we reflect back on the cybercrime tactics, techniques and procedures (TTPs) that shaped 2013, in order to constructively speculate on what's to come for 2014 in terms of fraudulent and malicious campaigns, orchestrated by opportunistic cybercriminal adversaries across the globe. Throughout 2013, we continued to observe and profile TTPs, which were crucial for the success, profitability and growth of the cybercrime ecosystem internationally, such as, for instance, widespread proliferation of the campaigns, professionalism and the implementation of basic business/economic/marketing concepts, improved QA (Quality Assurance), vertical integration
Data Mining on the Side of the Angels (Wired) Here's what Patrick Ball wants the technology world to know: Data, by itself, isn't truth. Even big data. But data plus a little bit of science can get you close
Marketplace
Foreign clients fear sensitive data is not safe (The Independent) A survey by the Cloud Security Alliance, an industry standards organisation in the US, predicted the Prism programme could cost cloud computing
RSA's Deal With The NSA Reflects A General Mistrust (TechCrunch) Here's how it works when a big company believes that its power is in its girth: They enter this bizarre world that leads them to believe that what comes from their PR organs is enough to float their troubles away. It's all about denial and avoiding any potential shareholder backlash. And so we come to the sad state of affairs at RSA, the security division of EMC
Seagate to Buy Xyratex, Operate Enterprise Data Storage & Computing Tech as Standalone Entitity (GovConWire) Seagate has agreed to a deal to acquire Xyratex in an effort to strengthen the supply and manufacturing chain for the hard disk drives it produces, the two companies said
CACI CEO promises to pursue larger contracts (The Washington Post) As the government services market reshapes, Kenneth Asbury, chief executive of CACI International, said he is reforming the contractor to match
Technologies, Techniques, and Standards
Internet Of Things May Strangle Enterprise Bandwidth (InformationWeek) The Internet of Things is poised to bring a flood of WAN traffic and new Internet–enabled devices to enterprise WANs. Be sure your corporate network is ready for it
Using Geolocation Artifacts and Timeline Analysis to Solve the Case: A Digital Forensics Case Study (Forensic Focus) Pre–incident: a sixteen–year–old female and 29–year–old male meet on Facebook. The male is pretending to be eighteen and using a fake name. He uses grooming techniques to establish a bond with the female and convinces her to meet him in person. Using Yahoo! webmail, an email is sent from the male to the female, who has a Gmail account, with the map of the meeting location attached. The female uses Google maps on her computer to get directions to the meeting location, and then leaves the house to meet the male
Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases (Forensic Focus) It is difficult to underestimate popularity of Skype. Hundreds of millions of people use Skype every day, generating a lot of potential evidence
Windows 8 File History Analysis (Forensic Focus) File History is a new backup service introduced in Windows 8. By default this feature is off and to turn it on, the user has to select a backup location — either a network drive or external storage media. Thus, it does not allow the user to use the same disk. File History backs up files of the Libraries, Desktop, Contacts and Favorites folders. There is an option to exclude any folder(s) that users don't want to backup. Notice that File History is unable to backup your folders synced with cloud storage service(s)
Bitcoin Forensics Part II: The Secret Web Strikes Back (Forensic Focus) In last week's post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st. Well, just over a month later and Silk Road is back online. It only took a day and they already had over 20,000+ users on the site
Man In The Middle Attack: Forensics (Forensic Focus) Yes, that's right! Mr. Upset did not post 'I am hating my new job' as it appears in Figure 2 [see link to full article below for images], instead he wrote 'I am loving my new job'. Then how did it happen and who did it? This article aims at addressing these questions. We fabricate a case where a person is an object of a Man In the Middle Attack and subsequently analyze victim's device to corroborate the facts and trace the perpetrator
Cyber Hygiene with the Top 20 Critical Security Controls (MS ISAC) In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater. However, in order to be as secure as possible, we need to use good cyber hygiene — that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices
Design and Innovation
These Adorable Robots are Teaching Kids to Code (Fast Company) Say hello to Yana and Bo, two robots who want to teach your five–year-old to write code. The newly crowdfunded Play–i system uses music, animation, and stories to teach kids ages 5 to 12+ to program their new robot friends—and have fun in the process
Research and Development
French Team Invents Faster Code–Breaking Algorithm (Communications of the ACM) A team of French mathematicians and computer scientists has made an important advancement in the field of algorithms for breaking cryptographic codes. In a certain class of problem, the new algorithm is able to efficiently solve the discrete logarithm problem that underlies several important types of modern cryptosystems
Legislation, Policy, and Regulation
Lawmakers dispute Snowden's declaration of victory (The Reporter) Members of Congress said Sunday they weren't impressed with Edward Snowden's recent publicity blitz calling for an end to mass surveillance and declaring that he's already accomplished his mission
NSA targets foreigners, catches Americans (USA Today via the Marshfield Herald) You may have heard this before: the United States is a country of immigrants. Given that so many of us are foreign–born or the children of people from other countries, how should we respond to the recently revealed programs of mass warrantless NSA surveillance, and in particular the repeated governmental assurances that the Internet communications being collected and searched are only those of "foreigners"? After all, many of us were foreigners not that long ago
Bitcoin Exchanges Shut Down in India After Government Warning (Wired) Bitcoin is once again feeling the squeeze from government regulators. This time, the crunch comes in India, where multiple online exchanges have suspended operations following a warning against the digital currency from the country's central bank and, according to a
Litigation, Investigation, and Law Enforcement
Federal judge: National Security Agency's bulk collection of data is legal (CNN) The National Security Agency notched a much-needed win in court, after a series of setbacks over the legality and even the usefulness of its massive data collection program
Verdict for National Defense (The Wall Street Journal) A federal judge rules that collecting metadata is constitutional. Well, what do you know. Maybe the National Security Agency's collection of telephone metadata doesn't violate the Fourth Amendment or any relevant statute. You wouldn't know this from the left–libertarian political clamor of recent weeks, but on Friday federal Judge William Pauley delivered a much–needed reality check. Judge Pauley, a Bill Clinton appointee, rebuffed a challenge from the American Civil Liberties Union and ruled that the program to "find and isolate gossamer contacts among suspected terrorists in an
Is the NSA's Spying Constitutional? It Depends Which Judge You Ask (The Atlantic) Two recent rulings draw diametrically opposed conclusions about the same set of facts
Edward Snowden plans to be more active in the media in 2014 (TNW) You're likely to see and hear more from Edward Snowden, the man who blew the whistle on the NSA's controversial spying techniques, next year, according to one of his advisers
US will make deal with Edward Snowden, claims former MI5 head Dame Eliza Manningham Buller (The Independent) A former head of Britain's Security Service MI5 believes that whistleblower Edward Snowden will be offered a deal by the United States in exchange for agreeing to halt any further leaks of government material
WikiLeaks' Assange: Sysadmins of the World, Unite! (Wired) Faced with increasing encroachments on privacy and free speech, high-tech workers around the world should identify as a class and fight power together, said WikiLeaks founder Julian Assange on Sunday
New Fund to Support Snowden–like Whistleblowers (Wired) A new foundation to support whistleblowers is being launched by former British intelligence agent Annie Machon, whose resignation and revelations about U.K. spying activities in the 1990s sparked controversy echoing this year's NSA news
8 People Arrested in Spain for Role in $45M / €33M Cybercriminal Scheme (Softpedia) Authorities in Spain have arrested a total of eight individuals — six Romanians and two Moroccans — for their alleged involvement in the massive cyber heist involving compromised credit cards issued by the Bank of Muscat in Oman, and the National Bank of Ras Al–Khaimah (RAKBANK) in the United Arab Emirates
FloCon 2014 (Charleston, South Carolina, USA, January 13 - 16 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, from January 13 to 16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques
NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
cybergamut Tech Tuesday: Malware Reverse Engineering: An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, and various other nodes, January 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value–proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better–informed judgments on how to improve their response and remediation protocols
Cybertech: Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-–day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action–oriented outputs to fuel voluntary principle–driven consensus–based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
FloCon 2014 (, Jan 1, 1970) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.
cybergamut Tech Tuesday: Malware Reverse Engineering: An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (, Jan 1, 1970) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.
Cybertech: Cyber Security Conference and Exhibition (, Jan 1, 1970) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.