The CyberWire Daily Briefing for 3.11.2013
Security researchers, among them Arbor Networks and Crowdstrike, note that the Izz ad-Din al-Qassam Cyber Fighters' denial-of-service campaign against US banks is too well-funded to be written off as simple hacktivism. The attacks have evolved in sophistication (largely through the addition of automated malware toolkits) and appear to be motivated in part by a desire to demonstrate a cyber attack capability. Crowdstrike speculates that the Cyber Fighters are connected to Hamas, which runs counter to earlier suspicion of Iran.
Australia's Reserve Bank (comparable to the Bank of England or the US Federal Reserve) sustained a cyber attack over the weekend and is currently recovering and locking down security. The Bank says the exploit used "Chinese-developed" malware, although today's reports stop short of attributing the attack to the Chinese government. China meanwhile continues to denounce Mandiant's report of a PLA campaign against Western news services as a smear, complains about US hacking of Chinese systems, and calls for an international regime governing Internet espionage. (The SANS Institute huffs on the other side that Mandiant's report revealed too much, compromising sources and methods.)
The vexed Sino-American relationship in cyberspace—not quite enemies but not fully partners either—comes in for more examination as US Cyber Command and NSA head General Alexander prepares to testify before Congress tomorrow.
Many companies lack a BYOD policy, but Intel not only has one, it's so pleased with it that the company is expanding employees' BYOD options.
Privacy advocates see legislation pending in Texas as a bellwether.
Notes.
Today's issue includes events affecting Australia, China, European Union, Finland, Germany, India, Iran, Russia, Turkey, Uganda, United Arab Emirates, United States, and and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
Size, Funding of Bank DDoS Attacks Grow in Third Phase (Threatpost) The resumption this week of distributed denial of service attacks against major U.S. banks brought not only more cost and disruption to financial institutions trying keep online services available, but it also raised new questions about the funding and true motives behind the attacks
Australian central bank computers hacked (Emirates 24/7) Computer networks at the Reserve Bank of Australia have been hacked, officials said Monday, some reportedly by Chinese-developed malware searching for sensitive information. The central bank revealed the attacks after investigations by The Australian Financial Review found multiple computers had been compromised by malicious software seeking intelligence
Reserve Bank escapes cyber attack (The World Today) The Reserve Bank is in the midst of a security crackdown over a cyber attack that exposed potentially sensitive internal information. The attack involved a series of emails carrying what's been described as "malicious payload" targeted at senior RBA staff
China calls for global hacking rules (The Age) China issued a new call on Saturday for international "rules and cooperation" on internet espionage issues, while insisting that allegations of Chinese government involvement in recent hacking attacks were falsified as part of an international smear campaign. The remarks, by Foreign Minister Yang Jiechi, were China's highest level response yet to intensifying accusations that the Chinese military may be engaging in cyber espionage
Beijing's foreign minister rejects hacking accusations of Mandiant (China Post) Yang Jiechi is the highest-level Chinese official to comment on the claims made in a widely endorsed report last month by U.S. cybersecurity firm Mandiant which traced hacking attacks to a Chinese military unit based in Shanghai. Although he did not
China accuses U.S for hacking 2200 of its Computers in last 2 months (Hack Read) China's Computer Networks Emergency Response Coordination center is the top internet security agency in China. Xinhua on Sunday, reported as, CNCERT says Foreign based hack attempts against the Chinese computer networks in Seriously Increasing. It additionally said that half of the hack-attacks were made by United States which repeatedly blamed for escalating cyber-attacks against US industrial and governments network and security systems
Obama rejected tough options for countering Chinese cyber attacks two years ago (Washington Times) Meanwhile, China recently issued a veiled threat to the United States about U.S. accusations of Chinese military cyber espionage. China told U.S. officials that continued U.S. public accusations of cyber espionage would render future bilateral discussions unproductive during recent U.S.-China talks following the release of a security firms report linking the Chinese military to cyber spying. On plans to deter Chinese cyber attacks, senior administration officials turned down a series of tough options designed to dissuade China from further attacks that were developed over a three-month period beginning in August 2011
Mandiant APT1 report reveals too much information (SC Magazine UK) The Mandiant report on the alleged Chinese state-sponsored hacking group APT1 has revealed too much information about its tactics, according to industry experts. Speaking to SC Magazine, SANS Institute instructor and cyber security expert at Secure
Kaspersky firewall bug can lock up entire OS (FierceCIO: TechWatch) A flaw found in Kaspersky Internet Security 2013 renders it susceptible to a remote attack that can completely freeze the underlying operating system. A specially created IPv6 packet to computers running the security software will trigger the bug. The vulnerability also exists in any Kaspersky product that includes the firewall functionality. In a disclosure on the Full Disclosure mailing list, security researcher Marc Heuse wrote: "A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor is the system able to perform any task
German Avast Distributor Hacked, Security Firm Says Its Not an Official Website (Softpedia) On Sunday, Maxney of the Turkish Ajan hacker collective, announced that he had managed to breach a distributor website that apparently belonged to Avast Germany (avadas. de). The hacker defaced several domains, including the homepage and the forum, service, typo3 and kundecenter subdomains
Revenue Department websites come under cyber attack (The New Indian Express) The Kerala Revenue Department has come under the attack of cyber criminals with two of its websites defaced by the hackers. The websites of the Commissionerate of Land Revenue and the Directorate of Survey and Land Records were hacked on Sunday
Pricey crime kit adds 'McRAT' Java zero-day four days after patch (CSO Magazine) In less than one week, the high-priced commercial exploit kit known as "Cool" has added an exploit for the Java zero-day flaw affecting Web browser plugins that Oracle patched last Tuesday. The makers of Cool may have illustrated why it costs $10,000
Pwn2Own ends with Adobe Flash, Reader and Oracle Java exploits (Help Net Security) Day two of the Pwn2Own competition at CanSecWest was again successful for French Vupen security, as they succeeded in exploiting Adobe Flash on Internet Explorer 9 on Windows 7 by chaining togethe
GitHub Hit With A DDoS Attack, Second In Two Days, And 'Major Service Outage' [Update: GitHub Back Up, No Data Breached] (TechCrunch) Services on code-sharing site GitHub have been disrupted for over an hour in what started as a "major service outage" because of a "brief DDoS attack." This is the second DDoS attack in as many days and at least the third in the last several months: Yesterday, GitHub also reported a DDoS incident. And in October 2012, the service also went down due to malicious hackers
Malware peddlers exploit death of Hugo Chavez (Help Net Security) As predicted, the death of such a well-known and controversial politician as the Venezuelan President Hugo Chavez has been exploited by cyber criminals to lead users to malware
Facebook's in-house drills were crucial for smooth response to watering hole attack (Help Net Security) Facebook was the first company to admit publicly to have been affected by the recent watering hole attack that started with a compromised forum site popular with mobile developers. Their security
Meet the men who spy on women through their webcams (Ars Technica) The Remote Administration Tool is the revolver of the Internet's Wild West. "See! That s**t keeps popping up on my f**ing computer!" says a blond woman as she leans back on a couch, bottle-feeding a baby on her lap. The woman is visible from thousands of miles away on a hacker's computer. The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman's screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun. He enters a series of shock and pornographic websites and watches them appear on the woman's computer
Security Patches, Mitigations, and Software Updates
Mozilla and Google Patch Browser Flaws Used in Pwn2Own (Threatpost) Within less than 24 hours of the vulnerabilities being used and disclosed to them, both Mozilla and Google have issued patches for flaws employed by participants in this week's Pwn2Own contest at CanSecWest here
Apple Finally Fixes App Store Vulnerabilities (Threatpost) Apple has fixed several App Store security issues that first arose last summer, but it hasn't explained why it took so long to start encrypting communications using public Wi-Fi networks. A Google researcher working on his own time discovered in July 2012 that Apple was serving up data over an unencrypted HTTP connection, leaving its Apple App Store customers open to attacks from anyone using the same public network. Six months later, the company finally flipped on the encryption
7 security bulletins for Patch Tuesday next week (FierceCIO: TechWatch) Microsoft (NASDAQ: MSFT) has announced seven security bulletins for the Patch Tuesday for March 2013 next week. The seven vulnerabilities affect all versions of Microsoft Windows, as well as Mac OS X, courtesy of a patch for Visio and Microsoft Office Filter Pack. Four of these bulletins are tagged as "critical," including the one for Office
Cyber Trends
In Cyberwarfare, What Is An 'Imminent' Threat? (Washington Post) When Gen. Keith Alexander, the head of the Pentagon's Cyber Command, comes to the Hill on Tuesday, he will probably be asked to describe his plans for building a military force to defend the nation against cyberattacks
The Coming Cyber Attack that Could Ruin Your Life (The Fiscal Times) "An adversary looking to cause chaos could pick any part of critical infrastructure, from banking to power to health care," said Jeffrey Carr, chief executive officer of Taia Global, a cyber security firm. "All of those are vulnerable to cyber attack
Why The US Is Not In A Cyber War (Daily Beast) And while the recently relaunched House Intelligence Committee's Cyber Intelligence Sharing and Protection Act CISPA is carefully worded to acknowledge the centrality of the Department of Homeland Security to its information-sharing process, concerns
Marketplace
Sri Lanka ICT Agency to Hold Seminars on Securing State Websites (Softpedia) After the recent series of hacker attacks, which are said to have impacted around 500 sites, Sri Lankan authorities have come to realize the importance of properly securing government websites. According to Colombo Page, the Sri Lanka Information Communication Technology Agency (ICTA) will hold a series of seminars and awareness programs to teach the administrators of government sites how to protect them against cyberattacks. The seminars, conducted by the countrys Computer Emergency Response Team (SLCERT), will focus not only on the protection of state-owned websites, but they will also include the private sector, to teach companies how to protect sensitive information
Forensics lab for computer crime opened in Kampala (Monitor) With computer aided theft now becoming rampant in the country, a private hacking forensics consulting company has opened a laboratory to train Ugandans in cyber security. According to Mr Mustapha Mugisa, one of the consultants at Summit Consulting, their forensics laboratory will give Ugandans world class specialised training that otherwise would have required them to go and get it from the US. They have partnered with the International Council of Electronic Commerce Consultants, the owners and creators of the famous Certified Ethical hacker and Computer Hacking Forensics Investigator
Study: Protests Of U.S. Contracts Rarely Result In Reversals (Washington Post) Formal protests of U.S. government contracts rarely help companies win a reversal of those awards, according to a study by President Obama's former procurement chief
$875M computer center coming to Fort Meade (CapitalGazette.com) With a completion date set for 2015, the National Security Agency is close to starting construction on a new High Performance Computing Center, set to be built on the former golf course at Fort Meade. With a price tag of nearly $875 million, the center
Raytheon, Lockheed to Get U.S. Secrets for Cybersecurity (Bloomberg BusinessWeek) Lockheed Martin Corp. (LMT) and Raytheon Co. (RTN) are vying with telecommunications companies to defend banks and power grids from computer attacks, in a program that gives them access to classified U.S. government data on cyber threats
Verizon Wins BPA to Provide Cloud Services to USDA (The New New Internet) Verizon has won a blanket purchase agreement to provide cloud computing products and services to the Agriculture Department aimed at helping USDA manage resources and meeting federal mandates
David Heebner Named General Dynamics Info Systems Group Head In Exec Shuffle (GovConWire) David K. Heebner, executive vice president and group executive of General Dynamics' (NYSE: GD) combat systems unit, has been appointed group executive of the information systems and technology group
Chantilly's TASC, Inc. Appoints Chief Technology Officer (Chantilly Patch) Keith Littlefield, former chief information officer at National Geospatial Intelligence Agency, named to position. TASC, Inc., located at 4805 Stonecroft Blvd., in Chantilly, has appointed Keith Littlefield , former chief information officer at the National Geospatial-Intelligence Agency (NGA), the company's chief technology officer
Intel is actively considering candidates for CEO from outside the company (Quartz) Intel is showing how serious it is about tackling the big challenges it faces by actively considering outside candidates for the company's next CEO. If one of them is selected, it would be the first time the world's largest chip maker has gone with an outsider for its top job
Google will cut 1,200 more jobs at Motorola Mobility (IT World) Motorola Mobility is cutting 1,200 staff, in addition to a reduction of 4,000 staff it announced in August, to focus on high-end devices
Technologies, Techniques, and Standards
Five Ways To Better Hunt The Zebras In Your Network (Dark Reading) For the cybercriminal lions out on the Internet, your company is full of zebras. Defenders should not just protect the herd, but pay attention to those who stray, experts argue
Cerberus, White Courtesy Phone, Please (Dark Reading) Why you need two opposing styles of monitoring. Remember what I wrote last time about the danger of assumptions and bias in security monitoring? Well, forget what I said. No, not really. But there's another way to look at it. The purposes of monitoring can be many and varied; one of the big ones, of course, is catching the intruder
Building dependencies on free apps and services is bad practice (ZDNet) How many times have you seen free services disappear, switch to non-free, restrict you too much or have no value--even free of charge? I've seen it more than I want to admit to. I came up with the idea for this post when researching information for a post that a reader requested on free and inexpensive VPN services
Helping users make better security decisions by design (Naked Security) As a technically minded individual I fall into the same trap as many others. I obsess over implementation and every tiny detail when designing something, often everything but how users will interact with my creation. Nearly ten years ago I was asked to help design the Sophos Email Appliance
15 percent of companies have no BYOD policy (Help Net Security) ThreatMetrix announced results of a study that surveyed U.S. business managers and IT executives within retail and financial services organizations on their level of cybersecurity planning and fraud
Intel expanding BYOD program (FierceCIO: TechWatch) Intel (NASDAQ: INTC) is apparently having some success with its BYOD, or Bring Your Own Device, program, as reported by Computerworld, Indeed, Intel CIO Kim Stevenson says employees recorded savings of about 57 minutes per employee, per workday with its BYOD program last year. It is unclear how this was recorded, though the company is sufficiently pleased that it is expanding its BYOD program
Academia
Bill Gates: Schools are at a 'technology tipping point' (IT World) The growing use of handheld devices and social media among students is creating a technology tipping point for schools that could completely break down the barriers between teaching platforms within five to 10 years, Bill Gates said Thursday
Cyber Defense Competition Trains Next Generation for Cyber Warfare (WCSH6) In today's technological world everything can be done online or on a smartphone. Many of us do not think twice when we log onto our computers, but behind the scenes there is a group of people fighting to make sure our most private information stays private. The annual Northeast Collegiate Cyber Defense Competition puts college students against some of the nation's best hackers to ensure the next generation is ready for anything
NCC crowd learns about cyber security from U.S. Department of Homeland Security (Lehigh Valley Live) Password1 is the most common password in the United States. That's something that makes Kristina Dorville cringe. Dorville, outreach and awareness director for the National Cyber Security Division of the U.S. Department of Homeland Security, is spearheading the department's Stop.Think.Connect campaign aimed at educating people how to surf the Internet without leaving themselves open to cyber attack
Legislation, Policy, and Regulation
Cyber Marines (Marine Corps Times) Buried in an unmarked office, within a nondescript business park just miles from Fort Meade and the National Security Agency, resides what is perhaps the Marine Corps most secretive organization
Two Texas Bills Could Shape Mobile Privacy (Threatpost) Two bills introduced in Texas this week could refine mobile privacy in the state and tweak how law enforcement can request sensitive information from cell phones going forward
Iran is sealing off the web as it rolls out a domestic intranet (Quartz) Iran cut off access to most virtual private networks (VPNs) in what appears to be a final step toward implementing its "halal" intranet, an entirely domestic version of the internet controlled by the government
US citing national security in censoring public records more than ever since Obama's election (Newser) Nearly half the Pentagon's 2,390 denials last year under that clause came from the National Security Agency, which monitors Internet traffic and phone calls worldwide. "FOIA is an imperfect law, and I don't think that's changed over the last four years
Cyber Command Adapts to Understand Cyber Battlespace (Patch.com) Brett T. Williams, director of operations at U.S. Cyber Command, described how Cybercom is using the Internet and other aspects of the cyber environment to execute its mission. "The challenge we have is that the Internet was never designed for military
Janet Napolitano: DHS Prioritizing Future Cyber Attack Prevention (ExecutiveGov) Homeland Security Secretary Janet Napolitano told a Senate committee Thursday that DHS is focusing on preventing future cyber attacks over combating current cyber incidents, Nextgov reports. Aliya Sternstein writes Napolitano was addressing a question
Litigation, Investigation, and Law Enforcement
FTC Goes After Text-Message Spammers (Dark Reading) The Federal Trade Commission filings go after 29 defendants sending 180 million phony text messages promising free gift cards
Gang of Cyber Criminals Arrested For Stealing $7 Million From Exchange Companies in Dubai (voiceofgreyhat) Yet again another infamous gang of cyber criminals who were behind the hack of more than $7 Million from exchange companies in Dubai get busted by the Dubai Police. The special Criminal Investigation Department (CID) of Dubai Police were behind these criminals for a long time, and after a certain period they successfully managed to track down and crack the cyber crime ring. Major General Khamis Matter Al Mazeina, acting chief of Dubai Police, said on last Sunday that a gang of Asians and Africans work with hackers in order to enter different websites and systems of different companies here in Dubai in order to transfer money inside and outside the countr
Asian network of on-line card fraudsters dismantled (Help Net Security) Finnish law enforcement authorities, working closely with the European Cybercrime Centre (EC3) at Europol, have dismantled an Asian criminal network responsible for illegal internet transactions
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Critical Security Controls International Summit (London, England, UK, May 1 - 2, 2013) The SANS Institute will be hosting the Critical Security Controls International Summit in London from May 1st to May 2nd at the London Hilton on Park Lane hotel. The Summit focuses on the Critical Security Controls that the British government's Center for the Protection of National Infrastructure describes as the "baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defense.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
Google and University of Maryland Cybersecurity Seminar (College Park, Maryland, USA, Mar 14, 2013) Dr. Ari Juels, Chief Scientist of RSA, The Security Division of EMC, and Director of RSA Laboratories, will discuss "Aggregation and Distribution in Cloud Security." His talk will feature information on cloud computing and virtualization, a key supporting technology. Cloud computing offers flexibility and agility in the placement of resources. Certain risks, however, arise from cloud services' tendency to aggregate sensitive data and workloads. He will discuss side-channel attacks resulting from the co-location of disparate tenants' virtual machines (VMs) on hosts and the vulnerabilities posed by databases aggregating the authentication secrets, e.g., password hashes, of numerous users. Conversely, cloud computing offers new opportunities to distribute data. Dr. Juels will also describe a new, research-driven RSA product that splits sensitive data across systems or organizations, removing the single points of compromise that otherwise naturally arise in cloud services.
Department of Homeland Security 6th Annual Industry Day (Washington, DC, USA, Mar 18, 2013) The Department of Homeland Security (DHS) will be hosting its 6th Annual Industry Day to provide advanced acquisition planning information to industry. DHS Industry Day will consist of two sessions, the morning session will be procurement-centric with an emphasis on procurement issues, policies and programs. The afternoon session will be Chief Information Officer (CIO) IT-centric. Both sessions will provide acquisition information concerning specific program areas.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit (Washington, DC, USA, Mar 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.