The CyberWire Daily Briefing for 3.8.2013

Cyber Attacks, Threats, and Vulnerabilities

An Interview with Syrian Electronic Army hacktivists (E Hacking News) Today, E Hacking News interviewed the famous Syrian hacktivists "Syrian Electronic Army". The Syrian Electronic Army recently hacked Twitter accounts of Fracne24, Qatar Foundation and AFP. Please introduce yourself to EHN readersi'm a Syrian hacker called "The Pro", The leader of special operations department in the Syrian Electronic Army

Hackers Expose U.S. Chemical Weapon False Flag to Frame Syria (Cyberwarzone) Hacked emails from a British mercenary company were posted online, leading to claims Washington was backing a dirty war against Syria in which a chemical attack on Syria could be blamed on the Syrian regime, thereby strengthening the case for immediate intervention on the part of the United States military. British mercenary company, Britam Defence, has since admitted it was hacked but claimed the hacker, who posted his online name as "JAsIrX," had maliciously and cleverly used hacked material to generate forgeries to destroy the company's reputation and make it look like it was involved in shocking behavior

Syrian Rebels' Facebook Video Clowns Obama's Non-Lethal Aid (Wired Danger Room) Obama's going to send the Syrian rebels food and medicine, not weapons. The Syrians retain the right to post their gallows humor to social media

Muslim hackers target US banks in third round of cyberattacks (Global Post) Muslim hackers in the Izz ad-Din al-Qassam Cyber Fighters launched the third phase of their Operation Ababil campaign against US-based banks on Wednesday, making further demands that the YouTube video Innocence of Muslims be removed from the web. Known to many as the Muslim world's Anonymous, Izz ad-Din issued an ultimatum on Tuesday that their distributed denial of service (DDoS) attacks against American banking institutions would continue unless insults against the Prophet Mohammed were removed from YouTube

Heads-Up - Malware attack poses as security warning from Microsoft Digital Crimes Unit (Naked Security) Windows users - do you take your computer's security seriously? If so, you might decide to take prompt action when you receive an email seemingly from the Microsoft Digital Crimes Unit. But that would actually be a big mistake

Websites of Major Czech Banks, Stock Exchange Disrupted by DDOS Attacks (Softpedia) The websites of several major financial institutions from the Czech Republic were disrupted on Wednesday by a series of distributed denial-of-service (DDOS) attacks launched by unknown hackers. The site of the Prague Stock Exchange (BCPP) suffered a similar fate. The public websites of Raiffeisen Bank, Komern Banka, CSOB, and esk spoitelna were targeted, ceskenoviny

Czech Republic baffled by unprecedented cyber assault (Global Post) The Czech Republic has been hit by an unprecedented wave of cyber attacks this week, with investigators stumped over their origin amid concerns they could lead to worse mayhem. "We don't know anything about the motivation for now, because no one has claimed the attacks," Radek Holy, spokesman for the National Cyber Security Centre, told AFP following attacks on media, banks and telecommunications websites."The character of the attacks gives us absolutely no clues about the reasons" behind them, he added. On Monday hackers launched a DDoS (distributed denial of service) attack on leading Czech news websites, blocking their servers with hundreds of thousands of requests

CYBER ATTACKS On BP over 50,000 attempts a day (Cyberwarzone) BP CEO Bob Dudley in an interview with CNBC told we see off over 50,000 attack attempts a day like many big companies. Cyber security is an growing issue around the world, not only with companies but with governments. Its certainly not just china, we have evidence many different people trying to work through our perimeters in the company in terms of securing data I suppose, we're not sure what all the threats are

Chinese hackers targeted a company with access to more than 60 percent of U.S. oil and gas pipelines (Cyberwarzone) Before the devastating attacks of Sept. 11, 2001, it was difficult for most Americans to fathom such a tragedy on U.S. soil. It later became clear that we had not seen the warning signs

Prolexic Mitigates DDoS Attack Against U.S. Utility Company (Dark Reading) Attackers now targeting network infrastructures that cause collateral damage. Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, announced today that it mitigated an attack against a U.S. metropolitan utility company earlier this month. The utility, which provides services to an estimated 420,000 electric, 305,000 water, and 230,000 sewer customers, has engaged Prolexic to provide DDoS protection services

Pwn2Own: IE, Firefox, Chrome and Java go down (Help Net Security) The Pwn2Own competition is underway at the CanSecWest conference in Vancouver, and during the first day of competition Java, IE 10, Firefox and Chrome were successfully "pwned" by various competitors

Security firm finds two zero day IE10 Windows 8 exploits (Neowin) A security firm claims to have found two zero day exploits in Internet Explorer 10 that allowed the company to take over the Windows 8 OS of a Surface Pro tablet

How Facebook Prepared to Be Hacked (Threatpost) When Facebook announced last month that its corporate infrastructure had been compromised through a watering-hole attack against several of its employees, it was major news, both because of the attack itself and because the company had come out and owned up to it. The interesting thing, however, is that this was not the first major problem that the Facebook incident response team had handled. In fact it was the third one in less than a year

Abrupt drop in Symbian malware (Help Net Security) In what may be the only good news for Symbian, F-Secure's latest Mobile Threat Report shows a drop in malware targeting the declining platform to just four percent of all mobile threats detected

Twitter OAuth API Keys Leaked (Threatpost) The OAuth keys and secrets that official Twitter applications use to access users' Twitter accounts have been leaked in a post to Github this morning

Apple marketing chief jabs Android security on Twitter (CNet) Apple marketing chief Phil Schiller has been a semi-regular Twitter user since 2008, though mostly tweets about things like music, movies and sports. But that changed earlier today with a post linking to F-Secure Labs' latest quarterly Mobile Threat report, with a casual mention to "be safe out there." The 29-page report's (PDF) key finding is that malware on Google's Android is getting worse, in part because of the platform's brisk growth and a new variant of malware that spread using SMS."Android malware has been strengthening its position in the mobile threat scene," the report's executive summary said. "In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter

Copyright Troll Suffers Website Attacks (TorrentFreak) Prenda, the lawfirm-that-isnt (or is, theyre not quite sure), may be in for a massive battle for their freedom next week. But their legal careers arent the only things taking a battering this past week, its their website as well. Websites can be the bane of many, and theyve not always been the friend of copyright trolls

Yahoo Mail accounts still hijacked daily (Help Net Security) Email account hijacking has been a big problem for Yahoo Mail users since the beginning of the year, as a number of vulnerabilities have been discovered, shared online and exploited by cyber scammers

Time Warner Cable Hacked, Defaced by NullCrew (eSecurity Planet) It didn't help that the admin password was 'changeme.' NullCrew hackers recently added a defacement page to Time Warner Cable's support Web site. The defacement includes a picture of the "rustled my jimmies" gorilla, along with database information including an admin username and password

Anglo American Platinum Hacked (eSecurity Planet) As part of Operation Green Rights, Anonymous hackers recently published data stolen from South Africa's Anglo American Platinum Limited, which produces approximately 38 percent of the world's annual supply of platinum

Raspberry Pi Hit by Cyber Attack (eSecurity Planet) The organization said the attack came from a botnet that appeared to have 'about a million nodes.' The Web site of the Raspberry Pi Foundation, which promotes the teaching of computer science in schools, was recently taken down by a DDoS attack

Is Cloud PaaS Safe? (eSecurity Planet) Security researchers from Trustwave take aim at Platform-as-a-Service and find security controls to be lacking. The world of cloud based platform-as-a-service (PaaS) is about accelerating time to market for applications. With a PaaS, organizations can get up and running the cloud quickly, but one security researcher

Anonymous Hacks internal server of German studio Constantin Film (Cyberwarzone) Anonymous team called M3du5a hacked into Constantin's internal employee server and published documents and email addresses and business partners names. On AnonNewsDe Twitter account M3du5a post attack was in retaliation for the shut down of illegal filesharing portal drei. bz late last month by German copyright protection group GVU

Hollywood Targeted by Chinese Hackers (Hollywood Reporter) At least one Burbank studio has been hacked, experts say, and piracy is rampant in "a culture of copying." Have Chinese hackers invaded Hollywood's computers, as they have the systems of Facebook, Apple, The New York Times and more than 100 other major Western entities? While some studio sources say no, cybersecurity experts tell THR another story

Warning to Hollywood: Chinese Hackers Want Your Secrets (Guest Column) (Hollywood Reporter) Hollywood should be on notice: It's not just the Pentagon and CIA that are victims of hackers. They're targeting more and more private companies. A recent report from American cybersecurity firm Mandiant linked the Chinese government's People's Liberation Army to massive, sustained intrusions into corporate networks. The report, which traced many attacks to the PLA's Shanghai-based Unit 61398, was devoured in Washington and Silicon Valley. But Hollywood mostly has shrugged off Chinese cyberspying as someone else's problem

Security Patches, Mitigations, and Software Updates

Microsoft to Ship 7 Bulletins in March Patch Tuesday Release (Threatpost) Software giant Microsoft plans to ship seven bulletins in the March 2013 edition of Patch Tuesday. Four of the bulletins are receiving high-severity, critical ratings. Three of the four critically rated bulletins that affect Microsoft Windows, Internet Explorer, Silverlight, Office, and Server Software could lead to remote code execution while the final critically rated bulletin could allow for privilege elevations

Cyber Trends

China, Russia clamp down on internet, says US (Sydney Morning Herald) China and Russia are buying increasingly powerful surveillance technologies to intercept communications and try to take control of the internet, a senior US official has said. Alec Ross, the US secretary of state's senior adviser for innovation, said on Thursday that new players such as Thailand and Ukraine would determine the future shape of the internet by deciding whether to open up globally or operate more closed national "intranets". His comments further demonstrate the lack of agreement over how the internet will be regulated after an attempt to establish a global governance policy collapsed last year

Cypherpunk rising: WikiLeaks, encryption, and the coming surveillance dystopia (The Verge) In 1989, when the internet was predominantly ASCII-based and HyperCard had yet to give birth (or at least act as a midwife) to the world wide web, R.U. Sirius launched Mondo 2000. Id say it was arguably the representative underground magazine of its pre-web day, William Gibson said in a recent interview. Posterity, looking at this, should also consider Mondo 2000 as a focus of something that was happening

More Info on Recent ICS-CERT Advisories (Chemical Facility Security News) ICS-CERT has been busy this week. They updated an alert on Tuesday and issued two advisories yesterday. In two of those three actions there were some interesting questions raised about some of the information provided, or not provided in their documents. Since then some additional information has been made available

EPRI to AMI vendors: Attacks are coming (Intelligent Utility) Advanced metering infrastructure (AMI) brings a lot of positives: more accurate information, real-time data, two-way communication, a smarter connection. Unfortunately, it also brings a large potential negative: Every new AMI end point is a possible attack point that utilities now have to defend. Thinking about this issue, the Electric Power Research Institute (EPRI) recently released a report, Intrusion Detection System for Advanced Metering Infrastructure, put together with the help of the University of Illinois at Urbana-Champaign and supported by data and research from UCAIug SG Security Working Group and reviewed by several utilities

The SCADA security challenge (Help Net Security) One of the less well-known aspects of information technology – but arguably one of the most critical to modern businesses – is the SCADA platform

Marketplace

Cybersecurity offers commercial opportunity, but also stokes trade tensions (EurActiv) The European Commission wants new cybersecurity rules to spur industrial growth by turning Europe into a showcase for lucrative security products, but the use of cybersecurity as a proxy for protectionism is also stymieing trade. The European Commission last month launched its over-arching Cybersecurity Strategy, including measures to ensure harmonised network and information security across the EU. Whilst consultations were under way on this last June the EU executive simultaneously launched an action plan for the security industry

GSA sets March 25 deadline for FedRAMP 3PAO applications (FierceGovernmentIT) The General Services Administration will beginning March 25 no longer accept new or re-submitted applications for organizations applying to become Third Party Assessment Organizations, a key component of the Federal Risk and Authorization Management Program

Does the Sequester Threaten These Defense Stocks? (Motley Fool) Another trend to watch in defense is cyber security. We've seen Raytheon, General Dynamics, and Northrop Grumman all make acquisitions related to cyber

GTSI Name Changes To Unicom Government (GovConWire) Systems integrator Unicom Global has rebranded its subsidiary GTSI as part of a move to consolidate its corporate entity and management operations

Lockheed, Microsoft Wrap Up EPA's Office 365 Cloud Move (GovConWire) Lockheed Martin and Microsoft have finished migrating the Environmental Protection Agency to a Microsoft Office 365 collaboration and communication cloud infrastructure

Bill Lochten Joins Software AG Govt Solutions As National VP (GovConWire) Bill Lochten, former managing director of Information Builders' federal systems group, has joined a Software AG subsidiary as national vice president. In his new role at Software AG Government Solutions, he will oversee the enterprise software company's sales to its U.S. federal government clients and business partners

Might a big Splunk deal validate big data? (FierceBigData) A lot has been made about the potential for a bubble in all the investment dollars flowing into big data. Most of the investment appears to be rather sensible and not overly aggressive. But ever since reports began surfacing earlier this year about IBM (NYSE: IBM) preparing a takeover bid for data analysis firm Splunk, and other companies such as Oracle (NASDAQ: ORCL) preparing to make similar offers, the question begins to get very real. Can a company with approximately $200 million in revenue really be worth $4 billion? Is that the kind of valuation that causes groans

Products, Services, and Solutions

Bank of China HK secures transaction with new tools (Computer World) Bank of China Hong Kong has deployed VASCO and i-Sprint security tools to secure online transactions and banking services, said the project's system integrator Automated Systems on Thursday. According to Automated, the solutions deployed by BOCHK include i-Sprint's Strong Authentication (2FA) and VASCO's DIGIPASS 270 and VACMAN core authentication engine to verify a customer's online identity and secure online transaction with data signing capabilities

Deutsche Telekom Worldmap shows live cyber attacks (Sicherheitstacho) This Portal shows statistics of the early warning system of Deutsche Telekom. The corresponding sensors are operated from Deutsche Telekom and Partners. Overview of current cyber attacksAttacks on the different sensors (Honeypots) will be displayed in realtime on the world map

SolarWinds Alert Central: Free tool for managing IT alerts (Help Net Security) SolarWinds announced a first full-featured yet free product, SolarWinds Alert Central. IT pros can now centralize multi-system IT alerts in a single, consolidated view, give team members access to

4 free tools to simulate a cloud connection (InfoWorld) Linux-based WAN emulation tools can help you decide whether your planned cloud migration is the right move

Technologies, Techniques, and Standards

Using Intelligence Against Companies That Benefit From Cyberspionage (Dark Reading) 'Naming and shaming' the ultimate beneficiaries of stolen trade secrets can work. Identifying the human or actor behind a targeted attack -- a.k.a. attribution -- has been hotly debated over its relevance. But knowing and confirming your attacker could be a key element of ultimately making cyberespionage more costly for nation-states like China, some security experts say

Stop Building Identity Houses On Sand (Dark Reading) Jericho Forum puts forward its vision of a new identity paradigm at the RSA Conference. Basically the receiving system that doesn't see this card says this has got a higher grade of intelligence behind it and a higher grade of authentication." In his talk Simmonds talked about the Global Identity Foundation, a non-profit bootstrap effort that he says his group hopes will spur industry players into building a stronger foundation for identity around a core identifier backed by some sort of cryptography and biometrics foundation that can be federated across multiple identity personas online

United Kingdoms ICO Publishes BYOD Guide (Softpedia) A study performed by YouGov for the UK Information Commissioners Office (ICO) shows that while 47% of adults use their personal mobile devices for work activities, less than 30% of them are provided with guidance on how to utilize them without putting sensitive information at risk. As such, the ICO has published a new guide which details the risks organizations must consider if the decide to allow their employees to use their personal devices for work-related tasks. The rise of smartphones and tablet devices means that many of the common daily tasks we would have previously carried out on the office computer can now be worked on remotely

How to Protect Your Small Business Against a Cyber Attack (CNBC) The Seattle hacker drove a black Mercedes. He owned a Rolex. He liked to frequent a downtown wine bar. While it's easy to think of cyber criminals as faceless, digital pickpockets in far-flung countries, the reality is that they are among us. In one notorious case, a bandit and his gang of cyber crooks compromised at least 53 Seattle-area small and medium-size businesses between 2008 and 2010, stealing enough data to cause $3 million in damages to the companies, their employees and their customers

How to blunt spear phishing attacks (Network World) According to Allen Paller, director of research at the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing. In other words, somebody received an email and either clicked on a link or opened a file that they weren't supposed to. For example, Chinese hackers successfully broke into computers at The New York Times through spear phishing. So, what are the steps that IT execs can take to protect enterprise networks from spear phishing

Design and Innovation

Cloud Shield, Twine's Gateway To The Full-Blown Internet Of Things (FastCoDesign) If you're not afraid of hacking together a bit of code and plugging tiny wires into a credit-card-sized circuit board, you probably already know what an Arduino is. If not, here's the short version: An Arduino is a little electronic brain you can program to do interesting interactive stuff, like dim the lights in your living room when you turn on your TV. It lets you turn dumb objects (or environments) into smart ones

The Wrong Way to Discuss New Technologies (Slate) As illustrated by anti-noise campaigns from the early 20th century. There are many awful ways to respond to technological change, but succumbing to technological defeatism is certainly one of the worst. Technological defeatism—a belief that, since a given technology is here to stay, there's nothing we can do about it other than get on with it and simply adjust our norms—is a persistent feature of social thought about technology. We'll come to pay for it very dearly

Academia

High School Students Compete in National Cyber Defense Competition (AFA) CyberPatriot V will culminate next week with the National Finals Competition on March 14-16 at the Gaylord National Resort and Convention Center in National Harbor, MD. After three impressive preliminary rounds for which over 1,200 teams registered, just 28 teams remain, and will compete for top honors in the All Service and Open Division categories. Secretary of the Air Force Michael B. Donley will be the Keynote Speaker at the National Finals Competition Awards Banquet on Saturday evening. Awards will be presented by Maj. Gen. Suzanne M. Vautrinot, Commander, 24th Air Force, and Kathy Warden, Corporate Vice President and President, Northrop Grumman Information Systems

Cybersecurity program trains students for future (Daily Trojan) An innovative cybersecurity program established in fall 2003 has grown exponentially. The Viterbi School of Engineering's master's degree program for computer science with a specialization in computer security, which was established to help combat the growing threat of cyber attacks, is one of the country's first programs focused on producing specialists in protecting and defending information and information systems

Legislation, Policy, and Regulation

Telecom seeks critical infrastructure status for IT vendors (CSO) The Obama administration excluded the information technology (IT) industry from its definition of the nation's critical infrastructure, giving them immunity from security-related requirements unless changed by Congress. While this is good for tech companies, the telecom industry is crying foul, saying IT businesses should share any regulatory burden. The tech industry's exclusion, the result of lobbying by the Software & Information Industry Association, was included in President Barack Obama's executive order, issued last month

SEC sets out new tech rules (Finextra) The Securities and Exchange Commission has approved new rules governing IT policies and procedures at 'key market participants', in an effort to better insulate the markets from vulnerabilities posed by systems technology issues. The SEC's proposal called Regulation SCI would replace the current voluntary compliance program with enforceable rules. It will apply to self-regulatory organisations, alternative trading systems, plan processors, and certain exempt clearing agencies

Will Jurisdictional Fight Slow Down CISPA's Momentum? (Techdirt) Thanks to a fair bit of propaganda making the rounds, it feels like CISPA -- the cybersecurity bill that seeks to obliterate privacy protections without explaining how that will increase our security -- is on a bit of a fast track towards approval. However a bit of a stumbling block may have popped up. Congressional Representatives Bennie Thompson and Yvette Clarke -- the ranking members on the Committee on Homeland Security and the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies -- have suddenly realized that all of this is happening without their support

CIA Chief Confirmed After Debate Over Drones (Washington Post) The filibuster culminated in the Senate confirmation of John O. Brennan to be director of the CIA by a vote of 63 to 34. But it scrambled the usual partisan landscape in the Capitol, with some Republican lawmakers attacking Paul for criticizing the president, while liberals and Democrats praised him

STRATCOM boss talks cyber with Killer Apps (Foreign Policy) Remember, in this role he's not only in charge of the nation's nuclear forces, he's also the military's top cyber officer since U.S. Cyber Command falls under STRATCOM. It's worth pointing out that he's been dealing with cyber professionally for almost

Cyber Command Adapts to Understand Cyber Battlespace (Department of Defense) Since the Defense Department officially made cyberspace a new domain of warfare in 2011, experts in the public and private sectors have been working to make that inherently collaborative, adaptable environment a suitable

Cyber threat requires special bomber deterrent force, says DSB task force (FierceGovernmentIT) A Defense Science Board task force says the Defense Department should segregate a portion of its military force away to ensure it has the capability to complete missions in the event of a catastrophic cyber attack. A partially declassified task force report, dated January 2013, charges that current DoD cyber efforts are fragmented, and that in any case, a defense-only strategy against top-tier attacks created by states capable of introducing vulnerabilities through the supply chain, or of launching a combined cyber and kinetic attack, is fated for failure. As a result, any successful cyber strategy must include deterrence, the report says--including the threat of launching nuclear weapons

Litigation, Investigation, and Law Enforcement

Sentencing of World's Most Attractive Hacker Postponed to April 19 (Softpedia) The sentencing of Russian national Kristina Svechinskaya, known as the worlds most attractive hacker, has been postponed for the second time this year. The sentencing was initially scheduled for January 11, but it was later moved to March 1, and now to April 19, RAPSI News reports. Although she has been named a hacker, Svechinskaya hasnt really got anything to do with hacking, except for the fact that she worked as a money mule for a criminal organization that used the ZeuS Trojan to steal money from the bank accounts of US citizens

International Network Of On-Line Fraudsters Dismantled (Europa) Finnish law enforcement authorities, working closely with the European Cybercrime Centre (EC3) at Europol, have dismantled an Asian criminal network responsible for illegal internet transactions and purchasing of airline tickets. As a result of this successful operation, two members of the criminal gang, traveling on false documents, were arrested at Helsinki airport. In addition, around 15 000 compromised credit card numbers were found on the criminals seized computers

Feds take (baby) steps to fight fraud with analytics (Computer World) Government agencies have begun, tentatively, to mine their vast stores of data for the public good. If anybody has big data, it's the federal government. Data about government grants. Records of payments to Medicare providers. Information about workers' compensation claims. Financial data on public companies. Demographic data from the U.S. Census

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

SINET IT Security Entrepreneurs' Forum (ITSEF) 2013 Underscores Growing Importance of Public-Private Cybersecurity Collaboration (Palo Alto, California, USA, Mar 19 - 20, 2013) 7th annual collaborative event set for March 19-20 at Stanford University. The Security Innovation NetworkTM(SINET), an organization focused on the advancement of cybersecurity innovation through public-private collaboration, today announced that it has finalized the 7th Annual SINET IT Security Entrepreneurs' Forum (ITSEF) program to include a keynote by Vice Admiral Gerald R. Beaman, Commander of the U.S. 3rd Fleet. In addition, prominent cybersecurity leaders from the U.S. Federal Government, Norwegian National Security Authority (NSM), Communications Security Establishment Canada (CSEC), Visa, Kleiner Perkins Caufield Byers, SAIC, CrowdStrike Services, Pacific Gas & Electric, Good Technologies, US Cyber Command and others will participate at this event taking place at Stanford University on March 19-21. ITSEF is supported by the Department of Homeland Security, Science & Technology Directorate.

AFCEA Belvoir Industry Days 2013 postponed (, Jan 1, 1970) Budget directives and fiscal constraints have postponed this event indefinitely. We'll keep you posted should it be rescheduled.