The CyberWire Daily Briefing for 3.20.2013
Tensions on the Korean peninsula rise as the North apparently subjects the South to widespread cyber attacks against banks and broadcasters.
A hitherto unknown hacker-cum-researcher uses what he describes as a "harmless botnet" to conduct an Internet census. His methods are of dubious legality, to put it mildly, but his results are interesting: he infected ("harmlessly" [sic]) about 420,000 poorly protected network devices around the world.
T-Mobile's default Wi-Fi Calling is found vulnerable to man-in-the-middle attack. The Chameleon botnet is proving a successful click-fraud tool. Gamma Group's Finfisher lawful intercept tool continues to turn up in surprising places.
A German academic researcher demonstrates that Google and Waze could be exploited in ways that could create (physical) traffic jams in regions that rely on them for navigation. Trend Micro's SCADA honeypots find that attacks on industrial control systems use surprisingly extensive and thorough reconnaissance to prep their exploits.
Spamhaus says it wasn't attacked by Anonymous, but by Russian criminals, which leads one to wonder if this may not be a distinction without a difference. Compare the European police study of how cyberspace affects the evolution of criminal gangs.
China's National Computer Network Emergency Response Technical Team Coordination Center reports a twenty-one percent rise in attacks on government sites in 2012—the Americans, the Chinese government says, are behind most of them.
Amazon will provide the CIA cloud services. KEYW expects its revenues to double, and Barracuda Networks pushes into the K-12 education market. The Common Vulnerability Scoring System gets a makeover.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, Germany, India, Republic of Korea, People's Democratic Republic of Korea, Russia, United Kingdom, and United States..
Palo Alto: the latest from ITSEF 2013
In-Q-Tel: A New Partnership Between the CIA and the Private Sector (Central Intelligence Agency) On 29 September 1999, the Central Intelligence Agency (CIA) was treated to something different. In many of the nation's leading newspapers and television news programs a story line had appeared that complimented the Agency for its creativity and openness. The media was drawn to a small corporation in Washington, DC that had just unveiled its existence and the hiring of its first CEO, Gilman Louie. Mr. Louie described the Corporation, called In-Q-It, as having been formed "...to ensure that the CIA remains at the cutting edge of information technology advances and capabilities." 1 With that statement the Agency launched a new era in how it obtains cutting edge technologies. In early January 2000, the name of the corporation was changed to In-Q-Tel
Department of Defense Strategy for Operating in Cyberspace (US Department of Defense) Cyberspace is a defining feature of modern life. Individuals and communities worldwide connect, socialize, and organize themselves in and through cyberspace. From 2000 to 2010, global Internet usage increased from 360 million to over 2 billion people. As Internet usage continues to expand, cyberspace will become increasingly woven into the fabric of everyday life across the globe
Navy Cyber Power 2020 (US Department of the Navy) This Strategic Plan provides the framework and vision necessary to ensure the U.S. Navy remains a critical insurer of our national security and economic prosperity well into the future. Through the intelligent use of cyberspace, Navy warfighters will bring unique capabilities to the fight in order to achieve superior operational outcomes at the time and place of our choosing. Cyberspace operations are a critical component of Information Dominance, and, carefully coordinated, will provide Navy and Joint Commanders with the necessary elements to achieve and maintain an operational advantage over our adversaries in all domains
Ambassador Kramer: End beneficiaries of the WCIT should be citizens, consumers and society (Mission of the United States, Geneva, Switzerland) Press Conference by Ambassador Terry Kramer, U.S. Head of Delegation, World Conference on International Telecommunications…Ambassador Kramer: David, thank you very much. I'd also like to thank Richard Johns, also from the U.S. Mission, for organizing this. And I'd like to thank all of you for being here. I appreciate you taking the time to talk about an issue that we're taking very seriously and focusing on
Cyber Attacks, Threats, and Vulnerabilities
S. Korea Hit by Cyber Attack, Tensions With North Rise (Businessweek) A possible cyber attack shut down computer networks at some of South Korea's largest banks and broadcasters, prompting the government to investigate links with North Korea amid heightened tensions on the peninsula
Botnet uses hacked devices to scan the internet (H-online) A previously unknown hacker has undertaken a census of the web. To perform his "Internet Census 2012" he infected around 420,000 poorly protected embedded devices with what he describes as a harmless bot, named Carna. "Poorly protected" in this case means that either no login credentials were required or standard credentials such as "root:root" or "admin:admin" were able to gain entry
T-Mobile Wi-Fi Calling Feature Susceptible to Man-in-the-Middle Snooping (Threatpost) The default "Wi-Fi Calling" feature on T-Mobile devices that lets milllions of Android users make phone calls over a wireless Internet connection contains a vulnerability that could be exploited to perform man-in-the-middle (MiTM) attacks
Chameleons, botnets and click fraud (Naked Security) A botnet called "Chameleon" is said to be generating more than $6 million a month through bogus clicks on online adverts. Find out more about how click fraud works
FinFisher found everywhere, more complexity and ready for mobile (SecurityAffairs) Many times we discussed about the fact that FinFisher was discovered in the wild, the use of popular spyware has been abused by governments and intelligence agencies all around the world. The spyware is for law enforcement and government use, but it seems to be preferred for those regimes that desire to monitor representatives of the opposition. FinFisher is considered powerful cyber espionage malware developed by Gamma Group that is able to secretly spy on targets computers intercepting communications, recording every keystroke and taking the complete control of the host
Hacker Maxney Hits German Avast Reseller (eSecurity Planet) Approximately 20,000 user names, encrypted passwords, e-mail addresses, and complete payment details were published online. The Web site of German Avast reseller Procello was recently breached and defaced by Maxney, a member of the Turkish Ajan Hacker Group. Cyber War News reports that Maxney published admin login details with encrypted passwords, along with information on approximately 20,000 user accounts, including user names, encrypted passwords, e-mail addresses, account information, and complete payment details in clear text
Microsoft: Hackers obtained high-profile Xbox Live accounts (CSO) The company said attackers used 'several stringed social engineering techniques'. Several high-profile Xbox Live accounts for former and current Microsoft employees were compromised by attackers using social engineering techniques, the company said late Tuesday. "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use," the company said in a statement. "Security is of critical importance to us and we are working every day to bring new forms of protection to our members"
Email Addresses Leaked in ABC Hack Utilized to Spam Users (Softpedia) A number of Australians whose details became exposed after the data breach that affected ABCs Making Australia Happy TV series website are complaining that theyve started receiving unsolicited newsletters from Ausboots, a company that providers Ugg boots. According to The Sydney Morning Herald, some of the recipients of the Ausboot March newsletter said they had provided their email addresses on the Making Australia Happy website. The data was leaked by the hacker on February 27 and the newsletter was sent out around one week later
Anonymous Hackers Launch OpVatican, Italian Websites Defaced Video (Softpedia) Not everyone is thrilled about the election of Pope Francis. Anonymous hackers have initiated OpVatican, a campaign that represents a form of protest against the oligarchs from the Catholic Church. We want to clarify that here we won't attack the Catholic faith, but if to the decrepit and corrupt leaders who govern betraying their own principles that they preach and their faithful parishioners, the hackers stated
Scam of the day: More fake CNN e-mails (Internet Storm Center) This one made it past my (delibertly porous) spam filter today. We don't cover these usually, as there are just too many of them (I just got another facebook related one while typing this). But well, from time to time its fun to take a closer look, and they make good slides for awareness talks
How hackers could cause traffic jams (FierceCIO: TechWatch) Hackers could conceivably manipulate vehicular traffic on roads in regions that rely on navigation systems from Google and Waze, according to a German researcher at the BlackHat Europe conference
Attacks on SCADA, ICS Honeypots Modified Critical Operations (Threatpost) With antiquated gear running the country's industrial control systems that oversee critical infrastructure, it's no shock attackers targeting SCADA networks do their fair share of reconnaissance looking for weak spots in that equipment
Anonymous DDoS Attack Report Bogus, Spamhaus Says (InformationWeek) Anti-spam service Spamhaus Tuesday dismissed reports that its site was targeted by the hacktivist collective Anonymous. The Anonymous attack campaign was first reported by Softpedia, which said the attackers had declared the Spamhaus Project to be "an offshore criminal network of tax circumventing self-declared Internet terrorists pretending to be 'spam' fighters." But in a statement published Tuesday titled "Softpedia publish false story of Spamhaus," Spamhaus claimed that the "Softpedia news site was today conned by a spammer into publishing a false article" about the distributed denial of service (DDoS) attack. "The DDoS attack carried out against the Spamhaus website over the weekend was carried out by a Russian criminal malware gang and NOT by Anonymous," it said
China sees 21 percent jump in hacked govt sites in 2012 (ZDNet) China witnessed a spike in hacking activities, particularly against government Web sites, in 2012, with the United States identified as the largest source of these attacks. A Xinhua report Tuesday cited the findings of the National Computer Network Emergency Response Technical Team Coordination Center (CNCERT), which revealed 16,388 Web pages in China were hacked last year. Of these, 1,802 were government Web sites and this represented a jump of 21
Mandiant: Chinese hacker unit attempted to clean up online presence (The Hill) An elite unit of Chinese hackers that allegedly waged a massive cyber-espionage campaign against U.S. companies has attempted to clean up their online presence after being identified in a public report by information security firm Mandiant. Since the release of the report last month, top administration officials have called on China to take urgent steps to crack down on hacker attacks and curb the siphoning of intellectual property from American companies. After outing the hacker unit in its report, Mandiant executives said Tuesday that the Chinese hackers have taken steps to clean up their tracks and have largely stopped their activity
New breed of organized criminals aided by Internet, says Europol (CSO) A new breed of organized crime group is emerging in the European Union, greatly aided by the Internet, Europol reported on Tuesday. In its "EU Serious and Organized Crime Threat Assessment," Europol identified 3600 organized crime groups operating in the EU. Drug dealing is still king among the organizations, the report noted, but the groups are also turning to crimes that exploit the current poor economic climate and the Internet."While they're still involved in the drug trade, they are turning more to cyber crime," Beth Jones, a senior threat researcher at SophosLabs, told CSO
Three-quarters of security professionals plug in a randomly-found USB stick (SC Magazine) More than three-quarters of IT security professionals pick up and plug in USB sticks that they find. According to a survey by AhnLab of 300 professionals at last month's RSA Conference, 78 per cent of respondents would plug in a USB flash drives that they found abandoned or lying around
Security Patches, Mitigations, and Software Updates
Windows 7 SP1 and Windows Server 2008 R2 SP1 Being 'pushed' today (Internet Storm Center) Microsoft will start pushing Service Pack 1 for Windows 7 as well as Windows Server 2008 R2 as of today [1][2]. As usual, the service pack includes a few enhancements and bug fixes in addition to security patches. If you are up to date on patches, the service pack will only add the additional features
Google fully implements security feature on DNS lookups (CSO) Google will validate signatures on DNSSEC-enabled records. Google has fully implemented a security feature that ensures a person looking up a website isn't inadvertently directed to a fake one. The Internet company has run its own free public Domain Name System (DNS) lookup service, called Public DNS, since 2009. DNS lookups are required to translate a domain name, such as www.idg.com, into an IP address that can be called into a browser
Apple iOS 6.1.3 Fixes Evasion Jailbreak Bug, WebKit Flaw (Threatpost) Apple has patched a handful of security vulnerabilities in iOS, including a bug that was used for the latest iPhone jailbreak tool, called Evasion. Apple iOS 6.1.3 has patches for six vulnerabilities, including the screen lock bypass bug and a flaw in WebKit that can be used to execute arbitrary code
Apple sneaks Safari update into Snow Leopard (CSO) Another clue that Apple's changed its support lifecycle, and will keep OS X 10.6 alive a while longer. Apple quietly updated Safari on Snow Leopard last week, refreshing the browser to v. 5.1.8 and providing more proof that it intends to support OS X 10.6 much longer than usual. Apple last week silently updated the aged Safari 5 browser for Snow Leopard to version 5.1.8, more evidence that the company intends to support the 2009 operating system for an unusually long time
Ruby on Rails Patches DoS, XSS Vulnerabilities (Threatpost) The developers of Ruby on Rails, the popular web app framework, released four new versions of the product yesterday, complete with fixes for a series of vulnerabilities that could have lead to denial of service attacks and XSS injections. Four vulnerabilities in total are addressed in versions 3.2.13, 3.1.12 and 2.3.18 of Rails, according to a post to the company's blog on Monday. "All versions are impacted by one or more of these security issues," according to the post
Security problem with Java unlikely to be resolved soon (FierceCIO: TechWatch) Fed up with the seemingly endless stream of security flaws discovered in Java? Despite efforts by Oracle to respond faster when resolving vulnerabilities that crop up on the Java platform, don't expect the problem to let up any time soon, according to security researchers and security vendors. This was reported by PC World, which spoke with them about the many Java exploits that have surfaced recently. Ironically, many of the issues identified in Java violate Oracle's (NASDAQ: ORCL) own secure coding guidelines for Java, according to Adam Gowdiak, founder of security research firm Security Explorations
Cyber Trends
Botnet Business Booming (Dark Reading) Some dismantled botnets rank in the top ten most prevalent as old bot malware gets repurposed, according to new Fortinet report. If there's one thing we've learned about botnets, it's that old botnets die hard--if at all. And one-third of the top 10 botnets identified by Fortinet are nearly 10 years old, underscoring the difficulty of truly eradicating these easily built armies of infected machines
The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal (infosec island) It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.' I'm not saying there aren't a few companies that are focused on detecting the bad guys once they're already in, but it's rare to see because it's tougher. Mandiant, FireEye and a few others are on this crusade and are getting lots of press…so it's time to retire the castle analogy because quite frankly, the castle that is today's enterprise, has no walls
India's Web growth a ticking spam bomb (ZDNet) India has yet again been called out as the world's top contributor of spam, with state-owned telecom BSNL identified as the biggest individual culprit. According to his dissertation "Internet bad neighbourhoods" published earlier in March, University of Twente PhD candidate Giovane Csar Moreira Moura argued that, similar to crime in the real world, a high percentage of illegal Internet attacks in the country were perpetrated from a concentrated area. Specifically, malicious attacks originated from a small cluster of IP addresses that were part of neighbouring networks
Cyber Security: A View from China (EEO) The world is becoming more and more reliant on information technology, but China must face up to the reality of just how much of its IT infrastructure in key fields such as finance, energy, and telecommunications relies on foreign technology. Data centers at China's four major state-owned banks, and many city commercial banks, depend on equipment from the U.S. based Cisco Systems. Cisco also holds more than 70 percent of the market share when it comes to the systems that help China's financial industry operate
New Cold War? China-USA Economic Espionage War Escalates (Worldcrunch) The day before, US cyber security firm Mandiant Corp had published a 74-page ... time working in a US company is Dongfan Chung, a former Boeing engineer
Cyber attacks: Why government agencies are potential targets (Government Security News) According to the 2013 Trustwave Global Security Report, the retail industry emerged as the top target for cyber attacks in 2012, surpassing the food and
Marketplace
Congress Stands In Way Of Cuts, DoD Says (Army Times) Amid accusations that the Defense Department still has bloated budgets and protects them by hyping the potential harm of even modest cuts the Pentagons top financial officer said big cuts are in fact being made and more are coming
Sources: Amazon and CIA ink cloud deal (FCW) In a move sure to send ripples through the federal IT community, FCW has learned that the CIA has agreed to a cloud computing contract with electronic commerce giant Amazon, worth up to $600 million over 10 years
Disconnect: Defunding EnergySec/NESCO & Promoting Info Sharing (Digital Bond) EnergySec experienced an unhappy holiday season last December as a significant number of the employees were let go, reduced their hours, deferred pay or shifted to unpaid volunteer status. These were people at all levels of the organization from the CEO, who included himself on the list, on down. Basically this unique, ground-up information sharing organization serving the electric sector had its legs cut out. The reason, they lost the government funding to keep a large part of the team working
Hanover Cyber Firm Expects to Double Revenue (Patch.com) KEYW is in the business of protecting data systems from cyber threats. Its latest product offering, according to The Capital, is Project G, which includes
DHS Selects Xacta IA Manager Suite of Products (Fort Mills Times) Along with the Xacta IA Manager suite, Telos and partner International Computing Systems, Inc. will provide information assurance training and continuous
CACI Forms New C4ISR Solutions and Mission Systems and Services Business Groups to Pursue Strategic Growth Opportunities (MarketWatch) CACI International Inc CACI +0.29% today announced that effective April 8, 2013, the company will form two new business groups, C4ISR (command, control, communications, computers, intelligence, surveillance, and reconnaissance) Solutions and Missions Systems and Services, to pursue strategic growth opportunities across all its markets
Barracuda Networks Further Extends Reach into Education Market (San Francisco Chronicle) New Product Enhancements and Pricing Programs Designed to Meet the Unique Requirements of K-12 Organizations. Barracuda Networks, Inc., a leading provider of security and storage solutions, today announced a combination of pricing programs and product enhancements that further extend the company's reach into the education vertical. The new programs and enhancements are intended to help K-12 education customers address the mounting IT challenges resulting from increasing network traffic, more stringent regulatory requirements, higher awareness of online student safety, and vast numbers of mobile devices being used both on and off the campus
Savvy Cyber Kids Announces Partnership With U.S. Department Of Homeland Security Stop.Think.Connect. Campaign (PR Newswire) Savvy Cyber Kids announced today that it has joined the U.S. Department of Homeland Security (DHS) Stop.Think.Connect. Campaign's National Network, forming a partnership that will promote cybersecurity awareness to children nationwide
NJVC and mLogica Announce Strategic Partnership (Sacramento Bee) mLogica now is the prime go-to-market member of the NJVC strategic managed…Cyber Security, Data Center Services, IT Services and Print Solutions
Jim Finn Joins CSC As Corporate Comm VP (GovConWire) Jim Finn, a former IBM (NYSE: IBM) executive, has joined Computer Sciences Corp. (NYSE: CSC) as vice president of corporate communications. Finn will be based in CSC's Falls Church, VaDepartment of Veterans Affairs. headquarters and report to Peter Allen, executive VP of global sales and marketing, PRWeek US reports. Brittaney Kiefer writes Finn will lead
Damballa Executive to Present Session on Advanced Threats at Future of Cybersecurity 2013, London (Business Wire) Damballa, the recognised experts in advanced threat protection, today announced that Adrian Culley, technical consultant, will be speaking at the Future of Cyber Security 2013 conference in London on March 21 at 13:00 GMT. During this one-day conference, leaders driving the UK's critical strategic defenses will brief organisations on how to protect themselves, their employees and their customers
Products, Services, and Solutions
Vaultive And Intellect Security Partner to Deliver Data Centric Encryption And Security For Cloud Applications (Dark Reading) Partnership to address concerns about email as a service and other applications delivered as a cloud-based service
Make forgotten passwords a distant memory with myIDkey (CSO) The myIDkey biometrically secure password manager could change the way you deal with your passwords
Firebox Training Embraces Cyber School Training with Simple Instructor Led Virtual Classroom Infographic (San Francisco Chronicle) Firebox Training has created a new infographic that quickly explains the advantages of attending an Oracle, Java or XML training course online via the Firebox Cyber School. While online training is not a new concept, the added elements of flexibility and the concept of a virtual classroom can be a challenge to quickly explain. The new infographic explains the features and advantages of taking an online course via Firebox Training's Cyber School. The graphic was specifically designed to show a visual concept of how the structure of Firebox training works both on-site and in a virtual environment
Report: Blackberry BYOD-ware fails UK gov security test (The Register) The CESG describes itself as "the UK Government's National Technical Authority for Information Assurance" and its role means it "protects the vital
Kratos Introduces Cybersecurity Assessment Service (NASDAQ) With cybersecurity legislation soon requiring the application of NIST Information Assurance (IA) standards for all US critical infrastructure
CompTIA Advanced Security Practitioner Certification Earns DoD Approval (IT News Online) Mastery Level Security Credential Part of DoD's Information Assurance Workforce Improvement Program. CompTIA, the leading provider of vendor-neutral skills certifications for the world's information technology (IT) workforce, said today the CompTIA Advanced Security Practitioner (CASP) certification is now included in the U.S. Department of Defense Information Assurance Workforce Improvement Program
Technologies, Techniques, and Standards
On Security Awareness Training (Dark Reading) The focus on training obscures the failures of security design. Should companies spend money on security awareness training for their employees? It's a contentious topic, with respected experts on both sides of the debate. I personally believe that training users in security is generally a waste of time and that the money can be spent better elsewhere. Moreover, I believe that our industry's focus on training serves to obscure greater failings in security design
Five Hurdles That Slow Database Security Adoption (Dark Reading) There are a number of factors that contribute to uneven adoption of database security technology in the enterprise—most of them center around complexity
Security-Bug Rating System Gets A Makeover (Dark Reading) The Common Vulnerability Scoring System will be moving to its third iteration next year, aiming to make the rankings more objective and add more ratings to increase accuracy. In 2005, three companies--Cisco, Qualys, and Symantec--announced the Common Vulnerability Scoring System (CVSS) as a way to rank the security impact of software flaws and the potential risks they posed to companies
IPv6 Focus Month: The warm and fuzzy side of IPv6 (Internet Storm Center) Protocols like IPv6 and IPv4 suffer from two very different types of security issues: Oversights in the specification of the protocol and implementation errors. The first one is probably the more difficult one to fix as it may require changing the protocol itself and it may lead to incompatible implementations. The second one isn't easy to avoid, but at least we do have some decent tools to verify the correct implementation of the protocol. In implementing protocols, developers usually try to stick to the specifications, and implement the "robustness principle" (RFC 1122) which is sometimes also referred to as Postel's law after Jon Postel. In short, the principle stipulates that a protocol implementation should stick close to the specification in sending data, but should be very forgiving in accepting data. This principle makes robust interoperability possible, but also leads to many security issues. For example, in many cases an IDS may not consider data because it is "out of spec" but the host will still accept it because it will try to make things work. Or on the other hand, an IDS may consider a host to be more forgiving then it actually is
Breach Response: What's Missing? - Experian's Michael Bruemmer, Attorney Ronald Raether (Data Breach Today) Most organizations today have breach response plans. But far too few test these plans before an incident occurs. Experts Michael Bruemmer and Ronald Raether discuss the essentials of breach response
Report Stops Short of Backing ISP Cyber-Security Rules (PC Mag) An FCC advisory group has released a report with recommendations for how communications companies can best handle cyber-security threats, but ISPs were reportedly successful in getting some of those suggestions watered down before publication. The Communications, Security, Reliability, and Interoperability Council (CSRIC) this month released a report that basically covers the best practices companies might implement to guard against hackers
Design and Innovation
India's World Startup Report Is Released And The Future Of Technology Looks Bright For The Country (TechCrunch) Wrapping your brain around technology trends here in the United States, or even just in Silicon Valley, is a chore. Figuring out the trends and who the major players are in an emerging market like India is 10 times as difficult. Bowei Gai, former LinkedIn employee by way of his company CardMuncher being acquired, has done just that under his World Startup Report umbrella
Who's to blame for see-through yoga pants and horse-meatballs? The independent republic of the supply chain (Quartz) Each week brings new revelations in the scale of the European horse meat scandal and yesterday came news of faulty, too-sheer yoga pants, but there is a common theme: the complexity of untangling the supply chains of producers, distributors and vendors spanning a dozen countries. From Romanian abattoirs to IKEA in the Czech Republic to frozen lasagna meals in Britain's Tesco grocery stores, the process of tracing the origins of the horse meat, conducting food safety tests, and enforcing standards has overwhelmed regulators, laboratories, consumers, and food vendors. When HSBC's airport jet-way campaign featured a panel that read, "In the future, the food chain and supply chain will merge," this is surely not what it had in mind
Research and Development
SSL Co-Author Reflects on Crypto Success and Failure (eSecurity Planet) What's wrong and what's right with SSL? Nearly two decades after he helped write SSL 3.0, Paul Kocher is looking to hardware for security
Legislation, Policy, and Regulation
Israel creates cyberwar unit in Defense Ministry (World Tribune) Israel has overseen efforts to develop advancedcyberwarfare capabilities. The Defense Ministry has established a center to promote solutions tocounter cyber threats. The new cyber center was assigned to the ministrys Defense Development Directorate to coordinate efforts by Israeli companies
SC Senate committee advances cyber-security bill (Charlotte Observer) A South Carolina Senate committee has advanced a measure that creates more oversight of public agency computer systems following the massive breach of the state's tax collection agency. The bill that received unanimous approval Tuesday centralizes responsibility of cyber-security and helps residents exposed by last fall's hacking into tax filings. It would put a chief of computer security in charge of a new technology division
NATO Group To Publish Rules For Cyber Warfare (Huffingtonpost) Even cyberwar has rules, and one group of experts is putting out a manual to prove it. Their handbook, due to be published later this week, applies the practice of international law to the world of electronic warfare in an effort to show how hospitals, civilians and neutral nations can be protected in an information-age fight."Everyone was seeing the Internet as the `Wild, Wild West,'" U.S. Naval War College Professor Michael Schmitt, the manual's editor, said in an interview before its official release. "What they had forgotten is that international law applies to cyberweapons like it applies to any other weapons
Dear govt cyber-ninjas, try NOT to KILL PEOPLE. Love from the lawyers (The Register) A NATO-backed manual that attempts to pull together all the bits of international law regarding the "hostile use" of the internet has prohibited attacks against civilian targets. According to the legal experts who helped draw up the manual, attacks in cyberspace should avoid anything that might affect civilian targets such as hospitals, dams and nuclear power plants. The manual was compiled by an independent group of legal scholars, lawyers, academics and technical experts who gathered up all the existing relevant norms in existing international law as a guide for legal advisers to military and state bodies, law students, academics and law firms, although the manual itself is not an official document and does not reflect NATO doctrine or policy
Cyber hacking on the agenda for US, China talks (NdTV) U.S. Treasury Secretary Jack Lew will meet new Chinese President Xi Jinping on Tuesday at a critical time in relations between the world's two largest economies, with cyber hacking, the Chinese currency and market access high on the agenda for talks. The meeting will be Xi's first with a senior foreign official since he was formally elected as president by China's parliament on Thursday. It is also Lew's first major trip since his confirmation, indicating the importance of the relationship
Is Canada sending mixed messages on cyber security? (ipolitics) How is Canada doing when it comes to cyber security? Lately Canadians have become accustomed to hearing about Chinese hackers more than others that they tried to break into federal departmental and House of Commons computer systems or that Chinese cyber espionage was at least partly responsible for Nortels downfall. Recently, a U.S. report pointed to a single building in Shanghai (occupied by Unit 61398 of the Peoples Liberation Army) as being the epicentre of sustained cyber attacks on targets in the U.S., Canada and Britain
Lawmakers call for greater protections from e-surveillance (ComputerWorld) If U.S. law enforcement agencies agree to changes in electronic surveillance law to better protect the privacy of stored email and documents, they want several changes in return, including a requirement that email and cloud service providers hold onto records longer. Representatives of the U.S. Department of Justice and the Tennessee Bureau of Investigation told U.S. lawmakers Tuesday that they could accept some changes to the 1986 Electronic Communications Surveillance Act (ECPA), after several members of the U.S. House of Representatives Judiciary Committee called for changes in the law that would require law enforcement agencies to get court-ordered warrants to obtain emails and other electronic documents stored for more than six months
Justice Department Backs Closing Loophole For Government E-mail Snooping (Threatpost) The U.S. Justice Department on Tuesday joined a chorus of privacy advocates supporting changes to a 1986 law that currently allows the government to review some emails without a warrant. The Electronic Communications Privacy Act was created before commercial e-mail existed, let alone became a primary form of communications. As currently written, the ECPA allows U.S. law enforcement to read someone's emails with just a subpeona from a federal prosecutor if the email is older than six months or is already opened
Maintaining The Mission (Washington Post) The National Security Agency (NSA), home to America's code makers and code breakers, recently celebrated its 60th anniversary. Tom Fox spoke with the agency's deputy director, John Inglis, about this unique defense agency and its goals for the future
Three days of reckoning for mHealth regulations (FierceMobileHealthCare) Today begins the first of three days of hearings held by the House Energy and Commerce Committee to consider the weighty issue of how the U.S. Food and Drug Administration should regulate mobile medical applications. It is a central question that has far-reaching consequences for a mobile healthcare industry still trying to get off the ground
Litigation, Investigation, and Law Enforcement
How Weev's Long Prison Term Makes You More Vulnerable (Wired Business) As a blogger at Gawker, I helped Weev's Goatse Security expose a major AT&T security hole affecting iPad users. Now I'm revolted to find he's been turned into a scapegoat for corporate sloppiness
Is it ever acceptable for a journalist to hack into somebody else's email? (Naked Security) Is it ever acceptable for a journalist to hack into somebody else's email? It's an interesting question - and one that has recently come to the fore because of the alleged hack by Sky news journalist Gerard Tubb. As Naked Security reported last year, Sky News correspondent Gerard Tubb managed to gain access to an email account belonging to John Darwn - the so-called "Canoe Man" who faked his own death as part of a complex fraud involving his wife
Police cybercrime unit make arrest in Tilon banking malware case (Finextra) In the early hours of 19 March, officers from the Police Central eCrime Unit (PCeU) and the Serious Organised Crime Agency (SOCA) attended an address in Benhurst Gardens, South Croydon and arrested a man, aged 36, for conspiracy to defraud and drug offences. The PCeU and SOCA Cyber are conducting joint operations in anticipation of the setting up of a single National Cyber Crime Unit, as part of the new National Crime Agency (NCA). The NCA will go live in October this year, subject to the passage of legislation through Parliament
Florida Election Cyber Attack: First Known Case in U.S. Won't Be the last (PolicyMic) For the first time in United States history, an election, however small, was under a cyber attack and quite possibly could have changed the outcome of the election. These attacks will continue. The Miami Herald, which first reported the irregularities
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit (Washington, DC, USA, Mar 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.