The CyberWire Daily Briefing for 2.6.2013
The Federal Reserve discloses that hackers briefly penetrated one of its internal networks. While "critical functions" were unaffected, some data were lost. The exploit may be related to recent hacktivist exposure of commercial bankers' personal information.
Universal plug-n-play (UPnP) flaws remain troubling, and anyone with a router would do well to consider disabling UPnP.
US Federal agencies prepare to furlough workers as budget sequestration approaches. Some contractors are also reducing headcount: Lockheed Martin will shed 350 middle managers through "voluntary layoffs." Mergers and acquisitions also figure in today's marketplace news. CACI says it intends to buy cyber and intelligence support companies. Dell (with help from Microsoft) continues to work on the leveraged buy-out that will take the company private. HP's board is said to be considering breaking up Hewlett Packard.
Indian tech entrepreneurs see opportunity in BYOD security. IBM offers very capable, aggressively priced servers to smaller customers. Microsoft's Surface Pro earns some positive reviews.
The denial-of-service attacks troubling the security-aware financial sector lead industry observers to worry about less-prepared industries' vulnerability. Canadian security experts advise operators of industrial control systems to use of data diodes for network segmentation.
The United Kingdom begins a major program of comprehensive Internet surveillance. The US Congress goes on record in favor of an open Internet. Activists urge going beyond proposed "Aaron's Laws" and reducing the severity of criminal penalties for what they see as relatively benign forms of hacking. The FBI warns attorneys of a coming wave of cyber attacks against law firms.
Today's issue includes events affecting Australia, China, India, Philippines, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Fed says internal site breached by hackers, no critical functions affected (Reuters) The Federal Reserve said on Tuesday that one of its internal websites had been briefly breached by hackers, though no critical functions of the U.S. central bank were affected by the intrusion
OpLastResort: Anonymous Hacks Government Site, Leaks 4,000 Bank Executives Credentials (Hack Read) The online hackavist group Anonymous have claimed to hack the official website of Alabama Criminal Justice Information Center and appear to post login credentials of 4000 bank executives for #OpLastResort, demanding reforms in countrys cyber crime law. The hacked was announced by the hackers on their official Twitter account, leaked data contains details of bank executives such as names, ranks, job titles, IPaddresses, Emails, Zip Codes and encrypted (hash) passwords which was posted on the deface page of the website
Researchers Discovery Data-Stealing Malware That Likes to Nap (Threatpost) Researchers at FireEye's Malware Intelligence Lab say they've found malware that attempts to evade detection with extended sleep calls and uses "the fast flux technique" to hide the attacker's identity
UPnP flaws turn millions of firewalls into doorstops (Naked Security) Researcher HD Moore published a paper last week showing that more than 23 million routers, TVs, cameras and printers are vulnerable to a remote code execution flaw in UPnP
Bypassing Telstra's P2P crackdown is child's play (WA today) It aims to detect P2P traffic using "deep packet inspection" to see exactly what its customers are uploading and downloading. It's roughly the equivalent of
Researchers warn of cyber flaws in Honeywell control systems (Reuters) A widely used system for controlling electricity, heating and other systems inside buildings remains vulnerable to attacks over the Internet, despite warnings from U.S. officials, researchers said on Tuesday. The Niagara control system from Honeywell International Inc's Tridium division are configured to connect to the Internet by default, even though that is not necessary for them to function, two researchers from security firm CyLance said at a security conference in San Juan, Puerto Rico
Cyber attack on Bashas leaves shopper's card info exposed (KVOA Tucson News) The store became the victim of a cyber attack which began in June or July of 2012 and was done by suspects who were able to gain access to parts of their security system used to capture payment information from customers. The highly-sophisticated piece
Wisconsin Medical Clinic Suffers Security Breach (eSecurity Planet) Approximately 2,400 patients' personal information may have been accessed. Wisconsin's River Falls Medical Clinic recently notified approximately 2,400 patients that their personal information may have been accessed
A Flame, Duqu Test-Drive (Dark Reading) Experiment shows how the infamous cyberespionage families can be repurposed--with exceptions--in other attacks. Kaspersky Security Analyst Summit 2013—The big question haunting security researchers and enterprises in the wake of the revelation of Stuxnet and cybersepionage tools Flame and Duqu is whether the malware families can be repurposed and turned against other targets. A security researcher here today shared how that's indeed possible—but with a few limitations
Twitter Hack Is A Cautionary Tale, Experts Say (Dark Reading) Sophisticated attack on Twitter points up need for better detection, better authentication. Twitter's disclosure of a breach affecting some 250,000 users is a warning to enterprises that they need to rethink their malware detection and authentication strategies, experts say. The social networking giant revealed in a blog post that it had discovered a data compromise potentially exposing approximately 250,000 users' account information to the eyes of a sophisticated attacker
You're nobody until somebody in China hacks you (InfoWorld) It's not just U.S. politicians who hate the media -- turns out our frenemies in the Far East do too. At the very least, they like to keep an extremely close eye on the activities of my journalistic colleagues. This week both the New York Times and the Wall Street Journal reported that they've been infiltrated by cyber spies, almost certainly acting as agents of the People's Republic of China
How the Dots Connect Hacks to Chinese - Suspicion Grows Even with No Smoking Gun (Healthcare info Security) Proof that China is behind a string of highly publicized cyberattacks against elite media sites isn't definitive. But the circumstantial evidence that the Chinese government and military are behind many cyberattacks seems highly credible, according to a paper issued by Mandiant. Mandiant is the IT security company hired by the likes of The New York Times, the State of South Carolina and countless others that have been hacked, and want to know who's behind these breaches and what to do to prevent such attacks
Cyber attack signup deadline approaching fast (SCNow) Time is running out for South Carolinians to take advantage of the one year of free credit monitoring being offered by the state government as a result of the cyber attack that exposed more than 3.8 million citizens' private
Security Patches, Mitigations, and Software Updates
Faulty Kaspersky Update Blocks Internet Access (eSecurity Planet) Some users will need to disable the Web Anti-Virus component in order to resolve the issue. A flawed Kaspersky Endpoint Security update recently blocked Windows XP users from accessing the Internet
DDoS Attacks Spur Concerns Over Infrastructure Weaknesses (Dark Reading) The ongoing distributed denial-of-service attacks on banks have some security professionals worried about the attacks moving to other, less prepared, industries
SCADA, ICS Bug Brokering Mirrors IT Vulnerability Market (Threatpost) The world of SCADA and industrial control system vulnerabilities is starting to mirror that of IT security, not only in the demonstration and exploitation of zero-day vulnerabilities, but in the brokering of flaws and exploits between hackers and organizations interested in buying research
The 4 most likely reasons you were hacked (InfoWorld) (In the good old days, most hacking was performed by young males looking to boost their self-esteem. Nowadays, almost all hacking and malware is carried out with criminal intent. Yet for some reason, people who get hacked or are infected by malware still treat the problem as if it were a mere annoyance, as if they'd been infected by a virus from 1998
10 Mobility Trends CIOs Should Watch (InformationWeek) Tablets will lose steam, BYOD will become ubiquitous and mobile rollouts will get less expensive, says Yankee Group analyst
Lockheed Will Seek Voluntary Layoffs (Washington Post) Facing potentially deep cuts to government spending, Bethesda-based Lockheed Martin plans to eliminate up to 350 mid-level manager positions through voluntary layoffs over the next few months
Federal Agencies Being Readied For Furloughs (Washington Post) Sequestration is like a train rolling quickly downhill. It has not reached the land of across-the-board budget cuts yet, but the Obama administration is preparing employees for that destination, even as the president looks for a sidetrack
ManTech Promotes Louis Addeo to Corporate Development EVP, Daniel Keefe to Technical Services President (Govconwire) ManTech International (NASDAQ: MANT) has promoted Louis Addeo, president and chief operating officer of the technical services group, to EVP for corporate development and strategic acquisitions
CACI Looks to Acquire Healthcare, Cyber and Intell Companies (Govconwire) CACI International President and CEO Dan Allen told analysts on January 31, the company will continue acquisitions to strengthen the health care, cyber, and intelligence businesses for 2013, reports Jill Aitoro for the Washington Business Journal
HP board is studying whether to break up the company (Quartz) The Hewlett-Packard board is studying a break-up of the US tech company among several options the directors are considering to obtain maximum value for shareholders, people familiar with the matter said. The HP directors have discussed the details of a possible breakup scenario, but also the merits of the company staying whole, since a recovery seems to be slowly taking hold and its share price has gained steam since it fell below $12 last November, the people added. In January, the stock went above $17 and has been trading around $16.50 in recent days
Dell Goes Private: What's Next? (InformationWeek) Dell is going private with the help of $2 billion from Microsoft. Going forward, how much will Microsoft influence operations?
Dell's Gigantic Tax Dodge (Slate) The biggest leveraged buyout since the financial crisis is more about accounting than business strategy
Products, Services, and Solutions
The Microsoft Surface Pro Proves That The PC Is Back (TechCrunch) I come bearing glad tidings. After decades of OEM malaise, a constant parroting of the speeds and feeds mantra, and an aesthetic that was formulated in the back room of a dingy Staples office supply store, the PC is really back. In short, the Surface Pro is so good that it could drive Windows 8 adoption with enough force to make people reconsider Microsoft's odd new OS. Microsoft bet the farm on
Indian vendors answering BYOD security needs (ZDNet) While business in India are adopting BYOD and consumerization of IT, the ecosystem is not devoid of security challenges. Airtel's Dynamic Mobile Exchange Solution promises a solution though. Several organizations these days allow, as well as encourage, employees to bring their own smartphones, tablets, and laptops to work
Intel introduces new series of mSATA SSDs (FierceCIO: TechWatch) Intel has unveiled a new series of mSATA solid-state drives that is about one-eighth the size of a typical 2.5-inch SSD. Equipped with 25nm MLC flash storage, the 525 Series SSD sports a SATA 6 interface and weighs just 10 grams. According to Infostor, data on the drive is kept safe with the use of built-in 128-bit AES encryption
IBM Fights Rivals With Aggressive Power Server Prices (InformationWeek) IBM entry-level Power 7+ servers now start at $6,000. Netezza analytics platform successor challenges EMC, Oracle and Teradata
Technologies, Techniques, and Standards
Backup Databases: The Data Security Achilles Heel (Dark Reading) The same sensitive information on production databases resides on backups—protect them accordingly. If production databases contain regulated information or valuable intellectual property, it follows that backup copies of those data stores carry the same risky information. And yet, while many organizations spend the time and investment in hardening live databases, they frequently fail to adequately protect their backup databases
Shortcomings of anti-phishing blacklisting (dwaterson) Blacklisting is the most common form of anti-phishing protection. It is used by internet browsers as well as by popular internet security suites to protect against phishing attacks. Blacklisting has serious shortcomings
Partners Healthcare: A New Culture - Breach Leads to New Privacy, Security Efforts (Healthcare Info Security) In the aftermath of a major breach incident, Partners Healthcare in Boston is taking a series of steps to change the corporate culture to emphasize the importance of privacy and security. Jennings Aske, who oversees both information security and privacy at Partners, says the time has come to adjust outdated programs."We as an organization have come to the conclusion that programs that we built for initial HIPAA compliance really aren't sufficient for the sorts of threats that we deal with now," Aske says in an interview with HealthcareInfoSecurity
Defending Industrial Control Systems with Data Diodes (Synergist Scada) As a follow-up to our most popular article blog article of 2012: Next Generation Firewalls for Industrial Control and Automation Systems (ICAS) Security we have created a three part article on another method of secure network separation Data Diodes:Part 1 - Defending Industrial Control Systems with Data DiodesPart 2 Data Diodes and Security in the Real WorldPart 3 Building Your own Data Diode with Open Source SolutionsAlthough we do not see many of these used here in the Oil and Gas industry in Calgary Alberta, we believe they are a highly-effective and underutilized method of secure network segmentation
Research and Development
Amateur effort finds new largest prime number (CNET) A Missouri professor, one of a team of nearly 100,000 volunteers, has found a highly unusual 17-million digit number -- and brought a prime-hunting project closer to a $150,000 prize. The Great Internet Mersenne Prime Search (GIMPS) project has scored its 14th consecutive victory, discovering the largest prime number so far. The number, 2 to the power of 57,885,161 minus 1, is a digit that's 17,425,170 digits long. That's big enough that if you want to see the full text, you'll have to brace yourself for a 22.5MB download
Legislation, Policy, and Regulation
US Congress: (Other) governments shouldn't mess with the Internet (Ars Technica) New bill would make it official US policy to promote a "global free Internet"
Philippines extends suspension of cybercrime law (ZDNet) Country's Supreme Court decides to prolong "until further orders" the temporary restraining order placed on the controversial Cybercrime Act of 2012, which was to expire on Wednesday. The Supreme Court of Philippines has extended the temporary restraining order (TRO) on the controversial Cybercrime Prevention Act of 2012 until further notice. According to GMA News Online's report Tuesday, the decision to extend the 120-day TRO on the implementation of the law had been reached during the magistrates' meeting
UK wants surveillance devices to monitor Web traffic with services such as Facebook, Twitter (Washington Post) The U.K. plans to install an unspecified number of spy devices along the countrys telecommunications network to monitor Britons use of overseas services such as Facebook and Twitter, according to a report published Tuesday by Parliaments Intelligence and Security Committee. The devices referred to as probes in the report are meant to underpin a nationwide surveillance regime aimed at logging nearly everything Britons do online, from Skype calls with family members to visits to pornographic websites. The government argues that swift access to communications data is critical to the fight against terrorism and other high-level crime
Litigation, Investigation, and Law Enforcement
Computer Fraud and Abuse: Let's Go Beyond the 'Aaron' in Aaron's Law (Wired) How do we explain to a young person who hacked their school's website that they might be imprisoned for five years? Yet if they had physically destroyed the web server with a hammer, they would have faced no more than
FBI Again Warns Law Firms About the Threat From Hackers (ridethelightning) The FBI began warning law firms that they were being targeted by hackers back in 2009. That warning was repeated at LegalTech last week by the FBI's Mary Galligan, the special agent in charge of cyber and special operations for the FBI's New York Office. As Law Technology News reported, Galligan was blunt, saying, "We have hundreds of law firms that we see increasingly being targeted by hackers." The word "hundreds" should give law firms pause
Social network Path fined $800,000 over app privacy issue (IT Proportal) Almost a year after social networking app Path came under fire for uploading users' mobile address books without permission, the company has agreed to settle Federal Trade Commission (FTC) charges. The settlement, according to the FTC, requires Path to establish a comprehensive privacy program and obtain independent privacy assessments every other year for the next 20 years. The photo-sharing app landed in hot water in early February 2012 when a developer discovered that it snagged names, numbers, addresses, birthdates, email addresses, and Facebook and Twitter usernames from his phone's address book, without approval
Social media aids law enforcement in catching criminals (Kypost) There are two main ways police solve crime. The first is when they witness someone committing a criminal offense. The other involves the help from those who they are sworn to protect and serve."The public is definitely our eyes and ears," said Grant County Sheriff Chuck Dills
18 Accused by U.S. of $200 Million Credit Card Fraud (Bloomberg) A crime ring based in New Jersey created thousands of fake identities to obtain 25,000 credit cards and steal more than $200 million in one of the largest scams of its type, the Justice Department said. Eighteen people engaged in a conspiracy to create thousands of false identities and credit profiles, burnish their creditworthiness, and take large loans that were never repaid, according to a Federal Bureau of Investigation arrest complaint unsealed today in federal court in Newark, New Jersey
Patent Trolls Pursue Midsize Companies (InformationWeek) Non-practicing entities, also known as patent trolls, find midsize companies make ideal targets for infringement claims. Online retailer Ashford.com is fighting back
Calling General Counsel to the Front Lines of Cybersecurity (Corporate Counsel) As President Barack Obama studies how the U.S. military should respond to an increasing number of cyber attacks against public and private institutions, general counsel would be wise to examine their own companies' situations
For a complete running list of events, please visit the Event Tracker.
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
NRO Winter Way Forward Conference (Chantilly, Virginia, USA, Feb 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, Apr 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.