The CyberWire Daily Briefing for 3.21.2013
This week's cyber attack on South Korean sites proves a nasty one—it involves data destruction. See the details of Symantec's and Sophos' investigations below. North Korea has certainly done nothing to deflect initial suspicion, but in fact it's not even the prime suspect. Some of the attacks are traced to Chinese addresses, and there's much speculation about a rogue group as the culprit.
Taiwan bulks up its cyber muscle in response to a threat from its cross-strait Chinese neighbor, and Sino-American talks open with a pointed US demand that China disavow recent cyber attacks.
Kaspersky finds some very old espionage malware active in Europe. Nigeria's Foreign Ministry comes under cyber attack, and the BBC's weather Twitter service is hijacked by the Syrian Electronic Army. The Spamhaus denial-of-service attack offers some rare insight into how such an exploit can be stopped: Spamhaus authorizes CloudFlare to speak.
NSS Labs' testing reveals good news about firewalls—they're getting better. A Foreign Policy think piece mulls the transition from "wars of iron" to "wars of shadow and silicon" (but RAND tells the US Congress it should tone down talk about "cyber war").
Bruce McConnell is new interim Deputy Undersecretary for Cybersecurity at the US Department of Homeland Security.
Reports that BlackBerry flunked a UK Communications-Electronics Security Group test were premature. Not only hasn't it flunked, but BlackBerry hasn't even been tested.
A new metric proposes to rank denial-of-service attacks on a severity scale similar to that used for hurricanes. MOOCs get mixed reviews.
Notes.
Today's issue includes events affecting China, Congo, Iran, Republic of Korea, People's Democratic Republic of Korea, Nigeria, Syria, Taiwan, United Kingdom, and United States..
Palo Alto: the latest from ITSEF
Venture capitalists bet big on cybersecurity startups (Cyberwarzone) Last fall, Iran came under suspicion of devastating the computer network of Saudi Arabia oil giant Aramco. Shortly thereafter, Iran was again deemed the culprit behind a slew of massive attacks that took down a string of American banks' web sites… [An outside look at security's attractiveness to VCs. --The Editors
CyberPoint partners with Chinese firm to battle cyber attacks (Technically Baltimore) For cybersecurity firm CyberPoint International -- headquartered in the Inner Harbor -- there's no time like the present to partner with ZTE to make the Chinese firm's line of videoconferencing equipment less susceptible to breaches from hackers. Hackers kicked off 2013 with a wave of cyber attacks, and the world watched as big-name companies had their security breached…From where these attacks come is still unresolved, but some evidence suggests the source is China. In a 70-plus-page report, Virginia-based security firm Mandiant singles out a unit within China's People's Liberation Army, the "Shanghai Group," as being responsible for recent hacks. It's a charge China's foreign minister denies, even as the Obama administration calls on the Chinese government to corral its cyber-criminals… [An example of the sort of Sino-American cooperation in cyber security Admiral Beaman alluded to in his keynote yesterday. --The Editors
Cyber Attacks, Threats, and Vulnerabilities
South Korea: Chinese Address Source Of Attack (USAToday) A cyberattack that caused computer networks at South Korean banks and television networks to crash Wednesday afternoon originated with a Chinese Internet address, South Korea's telecom regulator said Thursday
North Korea Issues Fresh Threat To U.S., South Probes Hacking (Reuters) North Korea said it would attack U.S. military bases on Japan and the Pacific island of Guam if provoked, a day after leader Kim Jong-un oversaw a mock drone strike on South Korea
Untangling the News from South Korea (Internet Storm Center) The morning has brought a lot of links pointing to a number of different computer security incidents coming out of South Korea. It certainly sounds like the end of the world if you lump all together and attribute them to a single actor. However I don't think that is case. Sifting through them I can tease out what appear to be 4 different threads to the story
DarkSeoul: SophosLabs identifies malware used in South Korean internet attack (Naked Security) Computer networks belonging to South Korean TV broadcasters and at least two major banks have been disrupted by what some have suggested was a malicious internet attack originating in North Korea
Symantec finds Linux wiper malware used in S. Korean attacks (CSO) The attacks also targeted Windows computers' master boot records. Security vendors analyzing the code used in the cyberattacks against South Korea are finding nasty components designed to wreck infected computers. Tucked inside a piece of Windows malware used in the attacks is a component that erases Linux machines, an analysis from Symantec has found. The malware, which it called Jokra, is unusual, Symantec said
Symantec's research on South Korean attacks, in more detail (CSO) Symantec sent us more details on the cyber attacks against South Korea. In addition to the coverage we have today on the cyber attacks against South Korea, I want to use this space to show you some of the raw details Symantec sent me by email yesterday. Here it is: Earlier today we published our initial findings about the attacks on South Korean banks and local broadcasting organizations. We have now discovered an additional component used in this attack that is capable of wiping Linux machines
South Korea cyberattacks hold lessons for U.S. (CSO) It's not the source of an attack that matters, it's how well you are prepared for them. U.S companies and government agencies can learn from the large-scale disruptions that have simultaneously hit several banks and media outlets in South Korea in the last 24 hours. Early analyses by security firms suggest that the attacks were carried out using previously known vulnerabilities and exploits
Cyber Attack Takes Down Computers in South Korea, Motives and Culprit Unclear (Scientific American) Is a cyber attack an act of aggression, or is it merely provocative, on par with a country testing weapons within its own borders, as North Korea did last month with its underground nuclear weapons test? "From a foreign policy perspective, we haven't
South Korea cyber attacks blamed on rogue group, not state spooks (V3) Security vendors Kaspersky and Sophos have downplayed…necessarily evidence of a 'cyber warfare' attack coming from North Korea
South Korea: No Evidence North Behind Cyberattack (Voice of America) South Korean officials say no evidence has been found to blame North Korea for Wednesday's computer network failure in the country
When It Comes To Cyberwarfare, North Korea Is No Newbie (NPR) Who or what caused a takedown of computer systems at banks and broadcasters in South Korea on Wednesday is still a matter of speculation, but suspicion immediately and unsurprisingly fell on Seoul's archenemy to the north
Experts: Iran and North Korea are looming cyberthreats to U.S. (ComputerWorld) Cyberattacks supposedly originating from China have raised alarms in recent weeks, but U.S. businesses and government agencies should worry as much about Iran and North Korea, a group of cybersecurity experts said. China and Russia have significantly more sophisticated cyberthreat capabilities than do Iran and North Korea, but the two smaller countries are cause for concern in international cybersecurity discussions, the experts told a U.S. House of Representatives subcommittee Wednesday
Decade-old espionage malware found targeting government computers (Ars Technica) "TeamSpy" used digitally signed TeamViewer remote access tool to spy on victims. Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe
Taiwan builds comprehensive Internet shield in response to China's 'very severe' cyber attacks (Yahoo News) In response to what Taiwan claims is a growing cyber threat from China, it has set up a unit to create a comprehensive Internet shield against hackers, the country's intelligence chief has said. Tsai Teh-sheng, head of the island's National Security Bureau, described the perceived cyber threat from China as 'very severe', after he was asked to evaluate it in parliament by Kuomintang legislator Lin Yu-fang. According to news24, Tsai said 'the types of their Internet hacking are changing as their targets gradually diversify, ranging from military secrets, high-tech and business secrets to infrastructure'
U.S. Presses China On Breaches (Washington Post) In their first meetings with China's new leaders, U.S. officials this week pushed for an acknowledgment of the unusual nature of cyberattacks originating from China aimed at stealing U.S. corporate secrets to benefit the Asian giant's state-owned enterprises
Cisco inadvertently weakens password encryption in its IOS operating system (CSO) The password encryption scheme used in newer Cisco IOS versions is weak, researchers find. The password encryption algorithm used in some recent versions of the Cisco IOS operating system is weaker than the algorithm it was designed to replace, Cisco revealed earlier this week
Android, iOS bugs expose phones to voyeurs, data thieves (CSO) Lock screen bypass lets intruder dial any number and run any app. The first line of defense against smartphone snoops is a handset's lock screen, but the two largest smartphone makers are having trouble keeping them secure. Bugs were discovered Wednesday in both Android and Apple smartphones
Botnet simulated humans to siphon millions in click-fraud scam (CSO) The sophisticated botnet, dubbed Chameleon, used Flash and Javascript to make site visits appear to be those of a human. A recently discovered click-fraud botnet was costing advertisers more than $6 million per month by simulating human activity in targeting display ads on a couple of hundred websites
A DHL delivery which is nothing but malware - Windows users warned of email attack (Naked Security) Have you received an email from DHL about a failed package delivery? Please remember to be on your guard. Cybercriminals are once again up to their old tricks
Nigerian Ministry of Foreign Affairs, 3 Other Government Sites Hacked (Softpedia) Pakistani hackers of the Pak Cyber Eaglez group have breached and defaced four Nigerian government websites. The targets, according to HackRead, are the sites of the Ministry of Foreign Affairs, the National Planning Commission
BBC Weather's Twitter account is hijacked by Syrian Electronic Army (Naked Security) The official Twitter account used by the BBC's weather team has been hijacked by Syrian hackers. Fortunately, they don't seem to be using it to spread malicious links - but are instead trying to spread political messages about Syria instead
Electronic Medical Record Vendor Admits Security Breach (eSecurity Planet) In a recent letter sent to the New Hampshire State Attorney General's Office, laywers for Massachusetts' Lawrence Melrose Medical Electronic Record, Inc. (LMMER) stated that two New Hampshire residents' protected health information and personal information may have been exposed. Still, as Government Health IT's Erin McCann notes, it's not clear how many Massachusetts residents may have been affected
Guerilla researcher created epic botnet to scan billions of IP addresses (Ars Technica) In one of the more audacious and ethically questionable research projects in recent memory, an anonymous hacker built a botnet of more than 420,000 Internet-connected devices and used it to perform one of the most comprehensive surveys ever to measure the insecurity of the global network. In all, the nine-month scanning project found 420 million IPv4 addresses that responded to probes and 36 million more addresses that had one or more ports open. A large percentage of the unsecured devices bore the hallmarks of broadband modems, network routers, and other devices with embedded operating systems that typically aren't intended to be exposed to the outside world
Vulnerabilities Continue to Weigh Down Samsung Android Phones (Threatpost) Attackers have long had an affinity for having their way with Android phones, but the hammer seems to have really come down over the last few months when it comes to devices manufactured by Samsung
Why Watering Hole Attacks Work (Threatpost) Information security is littered with bad analogies. And none sounds sillier than a watering hole attack, which plays off the tactic that dominant animals use when stalking food by loitering at a watering hole. Rather than chase their prey, a lion will wait for prey to come to it. Hackers are doing the same thing to a great degree of success. Rather than using a spear phishing email campaign to lure prey to them, hackers are infecting vulnerable sites of a common interest to their targets, and then redirecting them to malware and more badness
The DDoS That Knocked Spamhaus Offline (And How We Mitigated It) (Cloud Flare) At CloudFlare, we deal with large DDoS attacks every day. Usually, these attacks are directed at large companies or organizations that are reluctant to talk about their details. It's fun, therefore, whenever we have a customer that is willing to let us tell the story of an attack they saw and how we mitigated it
Security Patches, Mitigations, and Software Updates
Facebook plugs Timeline privacy hole (Naked Security) Facebook gets another blow from Europe v. Facebook, which discovered a flaw in the latest timeline redesign that allowed for unintended viewers to see all events a user has attended
Cyber Trends
Wade Williamson on Malware Trends (Threatpost) Dennis Fisher talks with Wade Williamson of Palo Alto Networks about the use of compromised FTP accounts in targeted attacks and malware campaigns, and how attackers are adapting their techniques
Why the public sector is still catching up with proactive cybersecurity (GCN) Historically, the United States has been a reactive government when addressing cybersecurity. We typically wait for a problem or breach to occur and then find a solution when its absolutely necessary. In the past, the need for increased cybersecurity measures was mostly considered an expensive annoyance among those in government
Next-generation firewalls are actually getting better (GCN) Independent testing company NSS Labs recently released a second round of tests on next-generation firewalls and found that firewalls are improving, both in security effectiveness and throughput speeds. We were pleasantly surprised to see that the vendors who returned from last year are performing better, NSS research director Frank Artes said of the second round of comparative tests. They are taking steps in remediating issues identified in earlier evaluations
TASC: Shared Intelligence Is Essential to Resilient Cybersecurity (MarketWatch) "By integrating a complete picture of the cyber-scape from focused and tailored…director of cyber intelligence in TASC's Infrastructure Protection and
Silicon, Iron, And Shadow (Foreign Policy) The wars of the 21st century will be dominated by three overlapping types of conflict: Wars of Silicon, Wars of Iron, and Wars in the Shadows. The United States must design a new readiness and investment strategy in order to effectively deal with all three. Yet today it continues to pour scarce resources chiefly into its sphere of long-held dominance -- Wars of Iron. This is a potentially disastrous mistake, but one that can be corrected if we act now
Mobile app blacklisting on the rise, says Citrix (FierceMobileIT) More enterprises are blacklisting mobile applications, such as Angry Birds, Facebook (NASDAQ: FB), DropBox and YouTube, according to Citrix's (NASDAQ: CTXS) Enterprise Mobility Cloud Report that was released on Wednesday. A full 18 percent of enterprises are app blacklisting in the fourth quarter of 2012, an 11 percent surge from the previous quarter. Enterprises tend to blacklist--that is prohibit--apps that they feel pose a threat to data or network security, such as apps that sync and share files outside the corporate network, or apps that distract workers, such as video games and social media
Marketplace
The Sequester Is An Overhaul Opportunity (Wall Street Journal) The federal government's personnel system is a perfect first target. Despite its persistent failure to perform, the system is impervious to reform. Hiring still takes too long, promotions come fast and easy with time on the job, and all but a handful of employees are rated fully satisfactory or better in the annual appraisal charade. Too few poor performers are ever fired, and too many managers play favorites throughout it all
Senate Passes Government Funding Measure (Washington Post) A short-term funding measure to keep the government operating beyond the end of this month cleared the Senate on Wednesday and is awaiting final passage in the House on Thursday to avert a shutdown
House Panels Press Agencies Over Their Sequestration Plans (Washington Post) Lawmakers examined agency cost-saving plans and members of both parties accused each other of having things backward in the sequester blame game during hearings Tuesday of the House Committee on Oversight and Government Reform
New White House Plan Would Cut $100 Billion From Defense (Defense News) The White House is preparing to submit a fiscal 2014 federal budget that would partially offset across-the-board sequestration cuts by reducing the Pentagon budget by $100 billion, but not until later this decade, according to a senior defense official and budget documents
Fort Meade Outlines Details on Furloughs (Patch.com) "We want to acknowledge the difficulties and frustrations many employees are experiencing as we work through these difficult times," said, John Moeller, deputy garrison commander at Fort Meade. "The most important part about implementing the furloughs
DHS Appoints Bruce McConnell Interim Undersecretary of Cybersecurity; Michael Chertoff Comments (Executive Biz) The Department of Homeland Security has appointed Bruce McConnell as its interim deputy undersecretary for cybersecurity, according to an FCW article. He succeeds Mark Weatherford who spent 16 months in the position and will move to the Chertoff Group May 1, which is founded by former DHS secretary Michael Chertoff
John Gorman joins MacAulay-Brown's national security team (Washington Business Journal) His responsibilities include increasing the company's presence at Fort George G. Meade in Maryland. Gorman will also focus on supporting clients at the U.S. Cyber Command, National Security Agency and Defense Information Systems Agency, among the
Hewlett-Packard shareholders to board: Time to shape up (Quartz) Hewlett-Packard shareholders just reelected the entire board, but several directors, including chairman Ray Lane, barely squeaked through. He received only 59% of the vote, according to preliminary figures. Two other long-serving HP directors, John Hammergren and G. Kennedy Thompson, got 54% and 55%, respectively
Products, Services, and Solutions
Google's Schmidt Says Chrome & Android Will Remain Separate — But Don't Be Fooled: Two Years Ago He Confirmed They Will Merge (TechCrunch) Google's Eric Schmidt has said Mountain View will keep its two OSes, Android and Chrome, separate after all, according to a Reuters report. Schmidt, who is in India attending an IT event called Big Tent Activate Summit, said the two operating systems will remain separate products but apparently also said there could be more "commonality" between them
Cautious Optimism over Google DNSSEC Deployment (Threatpost) Google's announcement that its Google Public DNS resolution service now supports DNSSEC is being applauded, but experts caution that despite Google's high profile, this only puts a slight dent in a larger issue
6 software and driver update utilities compared (IT World) If you dismissed update utilities as something only for home users (as I did until recently), now might be the time to take a second look
IPOMS : Chinese Internet Public Opinion Monitoring System (Cyberwarzone) Founded in China software company (Knowlesys) provide an Internet Public Opinion Monitoring System(IPOMS) is used to collect information from Internet news, forum and BBS, blog, microblogs, SNS websites and websites. Knowlesys system can collect web pages with some certain key words from Internet news, topics on forum and BBS, and then cluster these web pages according to different event groups. Furthermore, this system provides the function of automatically tracking the progress of one event
The first smartphone made in Africa is a farce—along with Congo's commitment to tech (Quartz) News of the first African-designed smartphone release caused a lot of excitement last year. And so it should have: Africa is, after Asia, the largest mobile phone market in the world and entrepreneurs and inventors see great opportunity. But the announcement of a smartphone made in Congo turned out to be untrue: The phones actually had been made in China all along. Our willingness to believe the story, though, warrants as much examination as its apparent fabrication
Trusteer and Group-IB to Fight Eastern European Cybercrime Rings (MarketWatch) Trusteer and Group-IB will combine their knowledge and discoveries of underground "for hire" cyber fraud services including "money-mule" rings
Procera Networks Launches Content Intelligence Solution (MENAFN) Procera Networks, Inc. (NASDAQ: PKT), the global intelligent policy enforcement company, today announced the availability of the PacketLogicTM Content Intelligence solution, a groundbreaking enhancement to its Deep Packet Inspection (DPI) technology. The ContentLogic solution is the first networking product of its kind, capable of correlating the categories of content consumed by broadband subscribers for up to 100 million URLs with minimal performance impact to any of the PacketLogic Real-Time Enforcement systems. A single PL20000 system can replace several racks of competing content categorization or filtering solutions, in addition to performing Intelligent Policy Enforcement
UK agency denies reports that BlackBerry 10 flunked its security test (FierceMobileIT) In response to a report by The Guardian newspaper, the United Kingdom's Communications-Electronics Security Group agency said that it has "not yet performed an evaluation" of the BlackBerry 10 platform's security. The newspaper had earlier reported that the BlackBerry 10 platform and BlackBerry Balance software, which separates work and personal workspaces, had flunked a security test conducted by the CESG. The CESG evaluates and certifies the security of IT products for the U.K. government. The group said it expects to issue a mobile platform guidance, including an assessment of the BB10's security, this summer
Pentagon Swears It Isn't Abandoning BlackBerries for iOS Devices (Wired) The Pentagon's mobile device plan is just getting off the ground. And contrary to rumors, it doesn't involve abandoning BlackBerry
Technologies, Techniques, and Standards
Monitoring And Reporting IT Security Risk In Your Organization (Dark Reading) To implement a risk-based approach to security, you must be able to gauge and report risk. Here are some tips on how to do it right
New Metric Would Score The Impact, Threat Of DDoS To An Enterprise (Dark Reading) Taking a page from the metrics used to rank tornadoes and software vulnerabilities, attack-mitigation firms look to find a better measure of denial-of-service attacks than bandwidth and duration
Wipe the drive! Stealthy Malware Persistence - Part 3 (Internet Storm Center) This is my third post in a series called "Wipe the Drive – Stealthy Malware Persistence". The goal is to demonstrate obscure configuration changes that malware or an attacker on your computer can leave behind to allow them to reinfect your machine. Hopefully this will give you a few more arrows in your quiver during the next incident when you say "we need to wipe the drive" and they say "don't waste my time". We will pick up the conversation with techniques number five and six. If you missed the first four techniques you can read about those here
If we don't want to be like the Iranians and get Stuxnetted, take these 4 steps (Foreign Policy) It's Wednesday, and that means another story about the looming threat of cyberattack, how vulnerable the United States and its infrastructure is, how bad the Chinese are, how to retaliate, etc. But what seems to be left out of the discussion is what can practically be done about it (beyond scolding bad people). The first thing that should be done is to shrink surface area for attack. What does this mean
Out-running the leopard: Dodging targeted attacks in cyber-space (TechRepublic) There is an old joke about two men being chased by a leopard: one stops to put his training shoes on, the other says; theres no time for that, you will never be able to run faster than the leopard, the first man replies, it is only you I need to run faster than! Doing better than your competitor used to be a sound enough principle for most IT security. When many attacks were random and any old weakness in a given organisations defences was sought out, just being better protected than the next businesses was enough to confer an advantage
Research and Development
What Comes After the Computer Chip? Quantum Computing Holds Much Promise. (Slate) In 1965, Gordon E. Moore, the founder of Intel, noted that the number of components in integrated circuits had doubled every year since their inception in 1958 and predicted that this annual doubling would continue for at least another ten years. Since that time, the power of computers has doubled every year or and a half, yielding computers which are millions of time more powerful than their ancestors of a half century ago. The result is the digital revolution that we see around us, including the Internet, iPhones, social networks, and spam
Academia
Cyber-bullying proposals win support, raise legal questions (Miami Herald) Complicating matters, most cyber-bullying takes place outside of school…said Bob Harris, an attorney for the Panhandle Area Educational Consortium
MOOCs Are Here To Stay, Profs Say (InformationWeek) Professors who teach massive open online courses predict they will reduce the cost of higher ed -- but should MOOCs offer credits
The dirty little secret of online learning: Students are bored and dropping out (Quartz) Online education has been around for a long time. But massive open online courses are finally making it respectable. Maybe even cool. Let's not forget, though, that they are still experiments. And despite being "massively overhyped" (even in the eyes of their most dyed-in-the-wool supporters), they are not actually having a massive impact on students yet. So let's review what we've learned so far. Because if online education is going to be useful for learners, then it's time for online learning to grow up
Legislation, Policy, and Regulation
UK institutionalizes preference for open source over proprietary IT (FierceGovernmentIT) National government agencies in the United Kingdom are to "use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages," according to a beta version of the Government Services Design Manual, published March 14
Tone Down the Cyberwarfare Rhetoric, Expert Urges Congress (Wired) As the nation spent this week pondering the wisdom of its decision to invade Iraq a decade ago, a witness urged Congress on Wednesday to consider more carefully how the United States will respond to a cyber 9/11 should one occur and to weigh carefully the use of strong statements that could force the nation to respond forcefully to a cyberattack, whether doing so is wise or not. Referring to last weeks announcement by the U.S. director of national intelligence that cyberattacks were the biggest threat the nation faced, Martin Libicki, senior management scientist at the RAND Corporation, told the House Homeland Security Committee that making strong statements about cyberattacks tends to compel the United States to respond vigorously should any such cyberattack occur, or even merely when the possible precursors to a potential cyberattack have been identified. Having created a demand among the public to do something, the government is then committed to doing something even when doing little or nothing is called for
Under CISPA, Who Can Get Your Data? (infosec island) Under CISPA, companies can collect your information in order to "protect the rights and property" of the company, and then share that information with third parties, including the government, so long as it is for "cybersecurity purposes." Companies aren't required to strip out personally identifiable information from the data they give to the government, and the government can then use the information for purposes wholly unrelated to cybersecurity such as "national security," a term the bill leaves undefined. One question we sometimes get is: Under CISPA, which government agencies can receive this data? For example, could the FBI, NSA, or Immigration and Customs Enforcement receive data if CISPA were to pass
Privacy Protection for Documents Stored in the Cloud Gets DoJ Nod (Network World) The Department of Justice is giving a qualified endorsement of an update to a 1986 privacy law that leading cloud-service providers, public-interest groups and others argue is woefully out of step with the current methods of sending and storing communications. In testimony before a House subcommittee on Tuesday, Elana Tyrangiel, acting assistant attorney general at the DoJ's Office of Legal Policy, affirmed the Obama administration's support for an overhaul of the Electronic Communications Privacy Act (ECPA) to provide stronger privacy protections for Webmail, documents stored online and other cloud services. Google, Microsoft and Facebook Join Reform AdvocatesAdvocates of ECPA reform, including tech heavyweights like Google, Microsoft and Facebook, point to incongruities in the law concerning the ways that law enforcement authorities can access personal communications
The American Cyber Warriors Assemble (Strategy Page) U.S. Cyber Command (USCYBERCOM) recently announced that it was forming more offensive cyber-teams and would have at least 40 of them within two years. Within the next three years over sixty defensive cyber teams will be formed, to provide defensive skills and expertise where needed most. Each team will have a mix of experienced software engineers (including civilian contractors) and personnel with skills but not much experience. The teams of a dozen or so people will benefit from Cyber Command intelligence and monitoring operations, as well as a big budget for keeping the software library stocked with effective tools (including zero day exploits, which are not cheap at all). Cyber Command also has contacts throughout the American and international software engineer community. This can provide crucial expertise when needed. The effectiveness of these teams will vary a great deal because one highly skilled Internet software whiz on a team can make a huge difference
Warning On Focus Of Spy Agencies (Washington Post) A panel of White House advisers warned President Obama in a secret report that U.S. spy agencies were paying inadequate attention to China, the Middle East and other national security flash points because they had become too focused on military operations and drone strikes, U.S. officials said
House Oversight and Government Reform approves FISMA amendments act (FierceGovernmentIT) The House Oversight and Government Reform Committee unanimously approved March 20 a bill that would modify statutory federal cybersecurity program requirements. The bill (H.R. 1163), which would need approval by the full House and the Senate before it could become law, would amend the Federal Information Security Management Act. The House approved the same legislation in April 2012 but the Senate did not advance it beyond committee
Litigation, Investigation, and Law Enforcement
Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core (Dark Reading) If courts were to reverse $13 million in fines levied by Visa against the retailer, it could take a lot of wind out of PCI's sails
British Government Bolsters Anti-Cybercrime Measures (informationWeek) The British state is introducing a new initiative to fight organized online crime: Cyber Crime Reduction Partnership (CCRP). The program will provide a new forum in which U.K. law enforcement, the computer industry and academia can regularly come together to tackle cybercrime more effectively. Security Minister at the Home Office James Brokenshire, who is responsible for U.K. national security and counter-terrorism policy, announced the move at a cybersecurity briefing hosted by the British Computer Society/The Chartered Institute for IT
Keys denies giving Tribune login credentials to Anonymous (CNet) Matthew Keys, the deputy social media editor at Reuters who was recently indicted of charges of conspiring with Anonymous, has denied allegations he fed information to the hacktivist group that led to the defacement of the Los Angeles Times Web site. Prosecutors alleged last week that Keys, a former Web producer for the Tribune Company, which owns the Los Angeles Times, handed over login credentials and passwords for the network of his former employer to members of the hacker group a couple of years ago. The site's defacement involved the changing of an article's headline, byline, and sub-headline to include the name "CHIPPY 1337," according to the indictment
New Jersey IT Administrator Admits Hacking Mayors Email Account (Softpedia) Experts have often pointed out that insider threats can be just as dangerous as a sophisticated attack coming from outside the organization. An incident that occurred in Hoboken, a city in Hudson County, New Jersey, is a perfect example. 46-year-old Patrick Ricciardi, the chief IT officer for the mayors office, has pleaded guilty to hacking into the email accounts of the mayor and other staff members in an attempt to intercept communications
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, Apr 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.
SANS Cyber Threat Intelligence Summit (Washington, DC, USA, Mar 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.