The CyberWire Daily Briefing for 3.19.2013
The Internet Storm Center says the Spamhaus Project appears to be undergoing a denial-of-service attack. Anonymous Algeria takes down several hundred Chinese sites. Lacoon Security warns of spyphone malware that surveys data both on and transiting a phone. Hacker "Guccifer" publishes emails on the Benghazi consulate attack from the former US Secretary of State to Clinton consigliere Sidney Blumenthal.
Utilities continue to look for ways of shoring up their cyber security. The catch in Trend Micro's SCADA honeypot highlights the threat: thirty-nine attacks from fourteen nations over twenty-eight days hit two decoy networks.
Telenor is still recovering from what it calls a serious and sophisticated attack. Last week's release of celebrities' personal information, apparently perpetrated by Russian hackers nostalgic for the USSR, is linked to the Zeus kit.
Cyber crime at an Ohio pizza place may not bulk large in the big scheme of things, but an attack on Benny's Pizza in Marysville is disturbing and instructive. Small businesses are targets, it's expensive to recover (Benny's had to bring in forensic experts from Kansas), and attacks exact a heavy toll in law enforcement resources (here, the US Secret Service).
The cyber and SWAT attack on security journalist Brian Krebs (and accompanying hit on Ars Technica) may be traceable to a Connecticut twenty-year-old linked to last year's attack on Wired's Matt Honan.
Google rewards bughunter "Pinkie Pie" for partial inroads against Chrome (which still looks pretty secure).
The Royal Saudi Air Force wants cyber security support for its F-15 Strike Eagles.
Notes.
Today's issue includes events affecting Algeria, China, Israel, Japan, Norway, Palestinian Territories, Russia, Saudi Arabia, Turkey, United Kingdom, and United States..
Palo Alto: the latest from ITSEF 2013
Twenty Critical Security Controls for Effective Cyber Defense (SANS) The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. With the change in FISMA reporting implemented on June 1, the 20 Critical Controls become the centerpiece of effective security programs across government These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact. [Any discussion of compliance should start with an understanding of the Twenty Controls. --The Editors
Federal Information Security Management Act (FISMA) Implementation Project (NIST Computer Security Division) To promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act including… [FISMA is one of the most pervasive and influential compliance-based approaches to information security. --The Editors
National Information Assurance Partnership: Common Criteria Evaluation and Validation Scheme (NIAP) The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have established a program under the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to international standards. The program, officially known as the NIAP Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is a partnership between the public and private sectors. This program is being implemented to help consumers select commercial off-the-shelf information technology (IT) products that meet their security requirements and to help manufacturers of those products gain acceptance in the global marketplace. [NIST and NSA have done some invaluable work to frame the issues of selecting good (from an information assurance point of view) IT products. --The Editors
9 great advantages of technical certifications (IT World) I love being technical, and at least for the foreseeable future, I would like to stay that way. Is it worth the time and money to get a technical certification? Yes it is and this is why. I receive at least one question a week relating to this specific topic. Knowing that this was an important topic to write about, I serendipitously was introduced to Tom Woodring, the co-founder of Boss CBT, and thought it was time to bring this question to the forefront. [Professional certifications make their contribution to the people side of compliance. They receive mixed reviews, but here's an unreservedly positive one. --The Editors
HASTERT, HOEKSTRA AND FINCH: Watching the backs of sentinels resisting cyberattacks (Washington Times) Liability protections safeguard technology that protects the nation. Earlier this month, we celebrated the 10th anniversary of the creation of the Department of Homeland Security. It is worth reflecting on what was created 10 years ago, and the authority imparted to it. The Department of Homeland Security represented the largest reorganization of the U.S. government since the creation of the Department of Defense in the late 1940s, and we crafted the Homeland Security Act so the nation would have at its disposal a flexible, forward-leaning agency. [Brian Finch, one of today's presenters, looks back at ten years of the SAFETY Act. --The Editors
Cyber Terrorism and the SAFETY Act (Public Entity Risk Institute) [The SAFETY Act was designed to, essentially, shift the burden of proof in litigation over products designed to protect people and infrastructure from terrorism and its effects. Thus a manufacturer of emergency communication equipment, properly registered and acting in good faith, would be more difficult to sue than otherwise. As terrorism increasingly takes on a cyber coloration, however, it's useful to remember that the Act's protections extend to cyber security products. --The Editors
The Morning Download: Security Concerns Thwarting Innovation (CIO Journal) "Cybersecurity concerns are emerging as an enormous obstacle to innovation. For instance, the Tennessee Valley Authority, which serves nine million customers in eight states, says it won't be able to implement Big Data analytic software for another two years because of concerns the technology could be used by malware to harm its production systems. According to Mark Goff, a systems engineer with the TVA, using Big Data would require pooling data from its offline production grid with data from business computing systems connected to the Internet. But the convergence of data from those systems could create a potential opening for hackers. "Security is without a doubt the biggest obstacle" to a Big Data implementation, Mr. Goff told CIO Journal." [Can a common interest in security encourage rather than impede trade? --The Editors
The Obama Administration and Export Control (JINSA) "On August 31st, 2010, U.S. President Barack Obama outlined the foundation of a new export control system designed - in the words of the White House's press release - to "strengthen national security and the competitiveness of key U.S. manufacturing and technology sectors". The clearly outlined purpose of reforming the export control system is to increase the transparency and decrease the complexity of the current system while decontrolling or altering the control level of items currently situated on the Munitions List." [This 2011 piece on how the Administration has sought to foster trade with Canada holds up well. --The Editors
International experts to debate how nations can tackle cyber threats (O.Canada.com) Fears over digital threats to Canada's critical infrastructure -- concerns that may be misplaced -- are fuelling an arms race that experts believe countries need to better control, especially after the discovery of a powerful online surveillance tool on a Canadian commercial server. [Worth another look as we prepare to listen to Communications Security Establishment Canada tonight. --The Editors
Venture Capital's Role in Security: Why Now is a Great Time to Invest in Security Technology (Bank Info Security) It's a boom time for information security start-ups. But what unique qualities separate winners from losers? Alberto Yepez of Trident Capital describes the role of venture capital in today's market. Yepez says now is an ideal time to invest in new information security ventures because we are in a "perfect storm" that begins with technology shifts to four major platforms: virtualization, the cloud, mobility and social media. [Read this as background to Mr. Yepez's participation in tomorrow's panel on big tech trends in security and privacy. --The Editors
Cyber Attacks, Threats, and Vulnerabilities
Spamhaus DDOS (Internet Storm Center) A few readers have written in offering and asking for information on the Spamhaus Project outage. We have very little confirmed information at this time
906 Chinese and 700 other Websites Hacked by Charaf Anons of Anonymous Algeria (Hackread) #OpIsrael is at its peak as Charaf Anons of Anonymous Algeria adds more spice to it by hacking more 1600 websites from all over the world, where almost 906 websites are belong to China. Some are private, some are educational and some government owned
Using Kernel Exploits to Bypass Sandboxes for Fun and Profit (Threatpost) Researchers and attackers alike are quickly discovering you don't need a fancy Java or Flash exploit to beat application sandboxes. Exploiting an unpatched kernel vulnerability in the underlying operating system, one that's likely to stay unpatched for a long time, will do just fine
GAO: Flaws in IRS Network Could Put Taxpayer Information in Jeopardy (Threatpost) The United States Government Accountability Office (GAO) believes that "serious weaknesses remain" in the ways that the Internal Revenue Service handles its internal network, problems that could directly implicate taxpayer data according to a report the regulatory group released on Friday
Flaw Leaves EA Origin Platform Users Open to Attack (Threatpost) Five years ago, a pair of security researchers write a book called Exploiting Online Games in which they described a number of ways in which attackers could take advantage of weaknesses in the protection systems for various gaming platforms. Now, with online gaming having emerged as a massive business, other researchers have picked up the ball and begun finding serious flaws. The latest vulnerability to be disclosed is in EA's Origin online game-delivery system, which researchers from ReVuln have shown can be exploited remotely to run malicious code on users' machines
Turkey Contact Point and Central Finance & Contracts Unit websites database leaked by D35m0nd142 (E Hacking News) Two Turkish Government websites found to be affected by critical SQL Injection vulnerabilities. The hacker known as D35m0nd142 has exploited this vulnerability in a such way that he compromised database of those websites. The two affected sites are 'Central Finance & Contracts Unit
Pizza shop targeted in cyber attack (Marysville News) Marysville police, Secret Service continue investigating fraud, theft reports. A report from a private forensic security company says a cyber attack on a popular local restaurant resulted in the thefts of numerous credit and debit card numbers. However, Marysville Police Chief Floyd Golden said it's too soon to tell if the cyber attack on Benny's Pizza is responsible for all the incidents of theft or fraud that have been reported to authorities
Spyphone malware can steal corporate data through MDM platforms, researchers warn (FierceMobileIT) Hackers are inserting spyphone malware into mobile devices and bypassing mobile device management security measures, researchers from Lacoon Security warned last Thursday at the BlackHat security conference in Amsterdam. Mobile devices infected by the spyphone malware are able to conduct surveillance of the data on the device, as well as all communication that passes through the device, Lacoon warned in a report detailing their research
Hacker Begins Distributing Confidential Memos Sent To Hillary Clinton On Libya, Benghazi Attack (The Smoking Gun) Armed with confidential memos to Hillary Clinton that were stolen from the e-mail account of a former White House aide, a hacker has distributed some of the documents to a wide array of congressional aides, political figures, and journalists worldwide. In a series of weekend e-mail blasts, the hacker known as "Guccifer" disseminated four recent memos to Clinton from Sidney Blumenthal, a longtime confidant of the former Secretary of State
Decoy ICS/SCADA Water Utility Networks Hit By Attacks (Dark Reading) ICS/SCADA attackers are out there and actively trying to hack into critical infrastructure systems, experiment shows. It took only a few hours before attackers started to hammer away at two decoy water utility networks stood up in a recent experiment that resulted in 39 attacks from 14 different nations over a 28-day period
Utilities warned about threat of cyberattacks (Daily Republic) California utility officials are warning that hackers increasingly target utilities with cyberattacks that could leave millions of people without electricity, water and other vital services. The California Public Utilities Commission is considering rules to bolster cyber-security protections to prevent potentially devastating attacks, according to the San Jose Mercury News
Infosec boffins meet to plan nuke plant hack response (The Register) Stuxnet gave the world a graphic demonstration just how high the stakes can be when malware hits machinery. This week, the world is starting to plan a response to an even scarier incident, in which an online attack is aimed at a working nuclear or radiological facility. Leading the fight is the International Atomic Energy Agency, which this week hosts an event titled Consultancy Meeting Incident Response Planning for Computer Security Events at Nuclear/Radiological Facilities in its Vienna home
ISP Telenor: Execs Laptops Emptied in Cyber Spy Operation (Security Ledger) The Norwegian telecommunications firm Telenor told authorities in that country that a sophisticated cyber spying operation compromised the computers of leading executives and emptied them of sensitive information, including e-mail messages, computer files and passwords, according to a report Sunday by Aftenposten. Several executives of Telenor were the subjects of extensive, organized industrial espionage, the report said, quoting Telenor Norways director, Rune Dyrlie. The company has reported the incident to Nasjonal sikkerhetsmyndighet or NSM - Norways national security authority as well as Nor-CERT, Norways Computer Emergency Readiness Team and the cyber defense unit Cyberforsvare
Credit report breach has link to Zeus banking malware (Computer World) A website that leaked credit reports of celebrities and government officials last week appears to have a curious link to the malicious banking software known as "Zeus."Scot A. Terban, an independent information security analyst known by his blogging pseudonym Krypt3ia, used a software tool called Maltego to research "Exposed. su," which caused a stir last week by posting personal information and credit reports for Federal Bureau of Investigation Director Robert Mueller and singer Beyonce, among others. The FBI and U.S. Secret Service are investigating
Did Russian hackers reveal a soft spot for the Soviet Union with .su suffix? (Guardian) The hackers that targeted Tiger Woods and Joe Biden chose the .su suffix - part of a long tradition of curious domain names. Despite the dissolution of the Soviet Union a mere 14 months after its ccTLD was allocated, .su has lived on. Suspected Russian hackers last week posted private information apparently belonging to public figures such as Michelle Obama, Joe Biden, Kim Kardashian and LAPD chief Charlie Beck. Much of the media coverage concentrated on the details of the information published, but perhaps the more intriguing detail is that hackers chose to build their site with the domain suffix .su - the suffix for the former Soviet Union
'Cyber attack poses threat to US-China relationship' (Zee News) Terming the cyber attacks originating from China as simply "inexcusable", a top American Senator has said this posed a major threat to the US-China bilateral relationship. "As far as our relationship with China is concerned, the major threat to that relation or cyber attacks which come from China, they are serious. They are huge
The Obscurest Epoch is Today (Krebs on Security) To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I've helped to uncover about those affiliated with the site will come to light. For now, however, I'm content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday
Security Journalists Struck By Cyber Criminals: Researcher hit by hoax that brought a SWAT team to his doo (TechWeek Europe) Technology website Ars Technica and security reporter Brian Krebs have been targeted by cyber criminals. Krebs had his blog knocked offline by a distributed denial of service (DDoS) attack, after his DDoS protection provider Prolexic received a letter claiming to be from the FBI. The letter asked for KrebsOnSecurity.com to be shut down for hosting illegal content and profiting from cyber criminal activity. Later on Thursday, he was the victim of what is known as a SWATing attack. The hackers spoofed Krebs' telephone line, called the local police, claiming to be the security blogger and alleging Russian criminals had broken into his home and killed his wife. The police attempted to call Krebs, but he ignored the calls as he prepared for a dinner party. A SWAT team then descended on his house…When Ars Technica wrote up Krebs' story, the site was hit by a DDoS attack. Krebs believes someone paid for DDoS strikes on his and Ars' websites via the booter.tw forum. The customer database of the website was accessible to all, as long as they knew the right address, Krebs noted on his blog
Same hacker may have targeted Ars, reporter Krebs, and Wired's Honan (Ars Technica) Krebs gets the name of hacker tied to attacks, calls him to discover a 20-year-old. Security reporter Brian Krebs has uncovered some details about one of the people tied to the denial of service attack on his site and the fraudulent 911 call that brought armed police to Krebs' doorstep. It turns out the hacker may have delivered grief to another technology reporter not too long ago: Mat Honan. And, yes, that hacker appears to have used accounts tied to Friday's DOS attack on Ars
Details on the denial of service attack that targeted Ars Technica (Ars Technica) Take a "booter" site survey, earn attacks like ones that targeted Ars, Brian Krebs. Last week, Security Editor Dan Goodin posted a story about the "swatting" of security reporter Brian Krebs and the denial of service attack on Krebs' site. Soon after, Ars was targeted by at least one of the individuals behind the Krebs attack. On Friday, at about noon Eastern Daylight Time, a denial of service attack struck our site, making connectivity to Ars problematic for a little less than two hours
9 classic hacking, phishing and social engineering lies (CSO) Whether it is on the phone, online or in person, here are ten lies hackers, phishers and social engineers will tell you to get what they want
Security Patches, Mitigations, and Software Updates
Google pays $40K to 'Pinkie Pie' for partial hack of Chrome OS (Computer World) Google today said it had paid a researcher $40,000 for a partial exploit of Chrome OS at its Pwnium 3 hacking contest two weeks ago. The researcher, known as "Pinkie Pie," was the only participant who submitted an exploit during the challenge Google ran March 7 at CanSecWest, the Canadian security conference which also hosted the eighth-annual Pwn2Own contest. Two others had been working on Chrome OS exploits for Pwnium, said Google, but neither wrapped up in time, even after the contest deadline was extended
Cyber Trends
Sophos warns of mobile security dangers from BYOD (V3) Cyber security firm Sophos recently warned of the dangers of corporate email on bring your own device (BYOD) gadgets. In a recent blog, the group warned that the move to a BYOD infrastructure requires firms to be extra-vigilant in terms of security. Sophos cybersecurity specialist Ross McKerchar says that in order to properly protect a firm's systems IT admins must be prepared to lower usability on mobile devices
The Internet is a surveillance state (CNN) I'm going to start with three data points. One: Some of the Chinese military hackers who were implicated in a broad set of attacks against the U.S. government and corporations were identified because they accessed Facebook from the same network infrastructure they used to carry out their attacks. Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement, was identified and arrested last year by the FBI. Although he practiced good computer security and used an anonymous relay service to protect his identity, he slipped up. And three: Paula Broadwell,who had an affair with CIA director David Petraeus, similarly took extensive precautions to hide her identity. She never logged in to her anonymous e-mail service from her home network. Instead, she used hotel and other public networks when she e-mailed him. The FBI correlated hotel registration data from several different hotels -- and hers was the common name
Marketplace
The Saudi air force wants to protect its newest planes from cyber attack (Foreign Policy) The U.S. Air Force is looking for someone to help the Royal Saudi Air Force keep its fleet of brand new F-15SA Strike Eagles safe from cyber attack. Remember, the Saudis bought 84 Boeing-made Strike Eagles in December 2011 as part of a mammoth weapons buy. Deliveries of the new jets are slated to start in 2015. Like other 21st century fighter jets, the newest Strike Eagles are tied to computer networks that could be vulnerable to hacking
Chesapeake warns of cyber attack risks (Tulsa World) Chesapeake warns of cyber attack risks. By ADAM WILMOTH NewsOK.com. Published: 3/19/2013 2:30 AM Last Modified: 3/19/2013 2:30 AM. OKLAHOMA CITY - Chesapeake Energy Corp. warned investors Monday about potential cyber attacks. Included in
ThreatTrack Security, Inc. Launches To Compete With FireEye In Advanced Malware Detection (Dark Reading) GFI Software spins security business Unit into a separate company. ThreatTrack Security Inc. - formerly the Security Business Unit of GFI Software - today launched operations as an independent company dedicated to the analysis, detection and remediation of advanced malware threats. ThreatTrack Security enables organizations to identify and prevent Advanced Persistent Threats (APTs), targeted attacks and sophisticated malware designed to evade the traditional cyber-defenses deployed by enterprises, government agencies, and small and medium-sized businesses (SMBs) around the world
KEYW plans to double revenue in face of sequester (Capital Gazette) As the nation faces the sequester, Hanover cyber-security firm KEYW Corp. plans to double its revenue to $500 million by 2015. KEYW is targeting massive commercial sector growth to achieve its goal. In 2012, 96 percent of its revenue came from government contracts. By the end of 2015, it plans to generate more than $75 million from its commercial business. It wants about 30 percent of the projected $250 million revenue increase to come from non-government business
BYOD fuels enterprise demand for mobile security in Japan (FierceMobileIT) The mobile security market in Japan is predicted to reach 10.3 billion yen, or $108 million, in 2016, compared with 3.7 billion yen, or $39 million, in 2011, a 22.9 percent compound annual growth rate, according to research firm IDC. Demand in the Japanese corporate market is being driven by the deployment of antivirus software and other mobile security measures, along with mobile device management products, to address the BYOD trend
Lunarline Named One of Top Businesses by DiversityBusiness (MarketWatch) Lunarline, a leading cyber security and privacy company, has recently been acknowledged by DiversityBusiness.com as one of the Top 100 Disabled Veteran Owned Business (#47) and Top 100 Privately Held Business in Virginia (#69)
Becoming a malware analyst (Help Net Security) There are few jobs in this industry that seem as appealing and interesting to me as that of a malware analyst. In my mind, these professionals were waking up each day to continue a complex game not unlike the Glass Bead Game from the eponymous novel by Herman Hesse - a pure pursuit of the mind that makes connections where there are seemingly none, all for the sake of solving intricate puzzles in order to satisfy their curiosity and cravings for intellectual challenges. But I was wrong!
Products, Services, and Solutions
Despite new security in Galaxy S4, BlackBerry remains king (CSO) BlackBerry ups ante with cross-platform management for managing the use of corporate data and apps across Apple iOS and Android devices
Fear of Facebook: 7 free apps that guard your privacy (IT World) Facebook users are constantly being told that their privacy is under siege. Here are seven apps that can help secure your personal data
Bradford Networks Integrates With the FireEye Platform to Deliver BYOD Security Solutions (MarketWatch) The FireEye platform unifies many security technologies to help enterprises modernize their security strategies, helping to stop today's new breed of cyber
Technologies, Techniques, and Standards
How To: Chrome Browser Privacy Settings (Threatpost) The Web browser is the primary portal through which the vast majority of connected users access and interact with the Internet. Each browser has its own security and privacy settings and those settings have an enormous impact on the nature of the relationship between users' data and the services they encounter online. Google's Chrome browser has extensive, easy to navigate privacy settings that let users manage everything from digital certificates to location tracking to "Do Not Track" requests
Your password is the crappiest identity your kid will ever see (Dark Reading) Ever watch an episode of Mad Men and see everyone smoking? Some kid in 2045 will look at their parent and say - did you really have to enter a password that many times? Its easy to go back a few decades or centuries, look at the past and say - "geez how could they have been so stupid/racist/unhealthy/shortsighted?" Watch Mad Men and see Don Draper downing a half dozen martinis at lunch and smoke heaters all day, what were you thinking Don? Its easy to find fault
Security Implications Of Big Data Strategies (Dark Reading) Big data can introduce new access challenges -- and new security vulnerabilities -- to your organization. Here are some tips for keeping data safe
Does Your Security Data Mesh With Risk Metrics? (Dark Reading) Normalizing security data spewing from tools across the enterprise is a key step in creating a consistent set of metrics to use in managing risk. With so much data streaming real-time from network logs, vulnerability managers, infrastructure monitoring tools and security appliances across the enterprise, sometimes one of the most difficult first steps IT risk managers must make in developing a security metrics program is in indexing that data into a set of consistent risk scoring that makes sense in the board room
Using Removable Storage Safely in a BYOD World (eSecurity Planet) The GM of Imation's security unit says BYOD and removable storage need not create a security risk - at least not for enterprises with a plan. Many enterprises restrict or even outright ban the use of removable storage devices to help protect the loss of data. Yet those policies can seem unnecessarily prohibitive to employees working in a BYOD
IPv6 Focus Month: What is changing with DHCP (Internet Storm Center) Among the different methods to configure IPv6 addresses, most managed networks will likely stick with DHCP. DHCPv6 however is a bit different then DHCPv4. We will summarize here some of the basic differences between DHCPv4 and DHCPv6. DHCPv4 is often used to manage a limited address pool. This problem is not going to be an issue in IPv6, and as a result, the focus of the protocol changes to provide address management and renumbering of hosts. DHCPv6 is also a complete rewrite of the protocol. A lot of the old BOOTP parameters are gone, and the DHCPv6 packet is a simple type-length-value format packet without many of the fixed fields present in DHCPv4
SANS Institute's Professor Highlights Ways To Improve Intrusion Detection (Source Security) As network speeds increase with new technologies and demand, real time packet inspection is simply not sufficient to deal with cyber-attacks. According to Dr. Johannes Ullrich, Dean of Research and a faculty member of the SANS Technology Institute, "Faster networks are making it harder for intrusion detection techniques to keep up with the threats. Instead organisations need to turn to a wider set of data gathering techniques to be able to spot attackers"
Academia
Northrop Grumman Foundation Awards Scholarships to CyberPatriot V Winners (GLobe Newswire) The Northrop Grumman Foundation, presenting sponsor of the Air Force Association's (AFA) CyberPatriot program, presented $50,000 in scholarships this weekend to students on the winning teams of the CyberPatriot V National Finals Competition, helping the nation's future cyber defenders further their education
Legislation, Policy, and Regulation
Bill would force agencies to take proactive security approach (CSO) Bipartisan House bill would require feds monitor computer systems for cyberthreats and perform regular threat assessments
Army Chief: Winlink Stays (eHam) Army MARS has no intention of abandoning Winlink 2000 as a tool for emergency communications, Chief Stephen Klinefelter says in a message sent to civil agency users and MARS members explaining the network realignment currently underway. He said that the changes in frequency assignments are required by regulations governing use of military channels. In updating the frequency matrix, he said, it was discovered a number of network nodes had been using unauthorized frequencies
NSA had cyber-attack authority since 1997 (The Week Magazine) You wouldn't really know it from reading press accounts about cyber-warfare, but the National Security Agency has been the executive agent for precisely that capability since 1997, according to newly declassified documents. "Executive agent" is the
Issa proposes governmentwide adoption of new IT acquisition evaluation criteria (FierceGovernmentIT) A revised draft of Rep. Darrell Issa's (R-Calif.) federal information technology reform bill would introduce governmentwide a new evaluation criteria for IT contracting proposals and backs away from some of the mandatory commodity IT frameworks Issa originally proposed
Litigation, Investigation, and Law Enforcement
California duo charged with selling ready-to-hack Point-of-Sale systems to Subway branches (Naked Security) A pair of former Subway franchisees from California have been charged with cyberfraud against their former fellows. The DoJ alleges they sold pre-compromised PoS systems that allowed them to plunder gift card credits from afar
Japan MPD to give cybercrime lessons (Yomiuri) The Metropolitan Police Department will hold lectures on cybercrimes for investigators at local police stations to prevent wrongful arrests, it has been learned. The decision came after four men were wrongfully arrested last year after their remotely controlled computers, which had been infected with a virus, sent threatening messages. The lectures will be given by technical officers trained at the MPD as cybercrime technology specialists
Florida confirms cyber attack on voting systems (V3) Authorities in Florida have announced that a voting fraud incident in last year's elections was partially the work of a cyber attack. A grand jury investigating fraud in Miami-Dade County reported that during last year's Summer primary election an
Judge Illston's national security letters ruling hardly a threat to national security (FierceGovernmentIT) The changes implied or described by federal Judge Susan Illston to national security letter law that would make the program constitutional, in her ruling finding current law to be unconstitutional, are hardly a threat to national security
iPad Hacker Weev Gets Prison Time (Mashable) Infamous iPad and AT&T data hacker Andrew Auernheimer, better known as "Weev," is going to jail. He will spend three years and five months in prison for accessing an AT&T public web server and obtaining thousands of email addresses he then shared
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANSFIRE 2013 (Washington, DC, USA, Jun 15 - 22, 2013) SANS will return to the Hilton Washington, Washington DC, June 15-22, with our top courses. Each evening, the ISC handlers will share riveting talks on their most interesting experiences and newest cyber hazards. These special presentations are free to everyone who pays for a course at SANSFIRE 2013.
HITECH 2013 (Minneapolis, Minnesota, USA, Jun 24 - 27, 2013) HITECH is the hospitality industry's largest annual trade show. We list it here because this year's edition will concetrate on cyber security for hotels, restaurants, and other hospitality businesses.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit (Washington, DC, USA, Mar 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.