The CyberWire Daily Briefing for 3.26.2013
F-Secure offers insight into Dark Seoul's spread through South Korean networks, but attribution remains cloudy. North Korea appears implicated in newly reported attacks on defector organizations operating from South Korea.
Turkish hackers deface McDonald's South Korean Website as part of a campaign against high-profile companies (several in the fast-food sector). The "Tunisian Cyber Army" hacks UPS and exposes customer information. A New Zealand government goof exposes Christchurch earthquake insurance claimants' personal information. Spam impersonates ADP Payroll Invoice emails.
Currently appearing in the wild: a revenant Grum botnet, Lime Pop Android malware, Yontoo (a Windows Trojan now infecting Macs), a new version of the TDL rootkit (abusing Chromium), and vSkimmer point-of-sale malware.
Palo Alto Networks reports that older ports are being exploited as attack vectors (68% of undetected infections, they say, arrive via browsing).
Apple, Mozilla, Novell, and HP address vulnerabilities in their products.
Dark Reading suggests that the protection security tools provide networks should be balanced against the complexity those tools also usually introduce (complexity itself being a major source of vulnerability). The oil and gas sector worries over its vulnerability to cyber attack, and Saudi Aramco warns that Shamoon-like attacks remain a threat.
Australian business media note sales advantages of security clearances. General Dynamics establishes a rapid response service. KEYW prepares more acquisitions.
Security experts mull the value of training and compliance.
US Federal agencies try to recruit cyber talent as early as middle school.
NATO and the US Government struggle toward a consensus on laws of cyber conflict.
Notes.
Today's issue includes events affecting Australia, Belgium, China, Estonia, India, Iran, Republic of Korea, People's Democratic Republic of Korea, NATO, New Zealand, Nigeria, Saudi Arabia, Tunisia, Turkey, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Spear Phishing Cause of South Korean Cyber Attack (Threatpost) It appears that a spear phishing campaign was the genesis for the wiper malware infections that ultimately knocked several prominent South Korean banks and broadcasters offline last week, according to a malware analysis performed by researchers from the Finnish cybersecurity firm F-Secure
South Korean Wipers and Spear Phishing E-mails (F-Secure) News broke last week of a "wiper" malware that affected South Korean banks and broadcasting companies. NSHC Red Alert Team has published a detailed analysis of the malware here. There were several hashes mentioned for the same component, which suggest multiple operations under the same campaign
How South Korean Bank Malware Spread (InformationWeek) Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage
North Korea defector sites report cyber attack (Phys.Org) Specialist anti-North Korean websites and organisations run by defectors in South Korea said they were the victims of a coordinated cyber attack Tuesday. Free North Korea Radio, Daily NK and North Korea Intellectuals Solidarity, all operated by
ADP Payroll Invoice themed emails lead to malware (Webroot) Over the past week, we intercepted a massive ADP Payroll Invoice themed malicious spam campaign, enticing users into executing a malicious file attachment. Once users execute the sample, it downloads additional pieces of malware on the affected host, compromising the integrity, and violating the confidentiality of the affected PC. Detection rate for the malicious attachment:MD5: 54e9a0495fbd5c952af7507d15ebab90 detected by 24 out of 46 antivirus scanners as Trojan
UPS Hacked by Tunisian Cyber Army (eSecurity Planet) Customer names, addresses, e-mail addresses and phone numbers were exposed. Members of the Tunisian Cyber Army recently breached the UPS Web site via a vulnerability in its UPS Customized Envelopes subdomain, which is now offline for maintenance
Blunder exposes 83,000 Kiwi quake claimants' details (HITB) Details of every claimant in the New Zealand Government's Canterbury home repair programme have been disclosed by accident, the country's Earthquake Commission (EQC) said. A spreadsheet emailed by the commission containing claim numbers and addresses of properties could be set to reveal details of from all 83,000 people who have filed 98,000 claims in the wake of the devastating Christchurch earthquake, the commission's chief executive Ian Simpson told New Zealand media this afternoon
XSS Flaw in WordPress Plugin Allows Injection of Malicious Code (Threatpost) Wordpress bugsHardly a week goes by without some new vulnerability in WordPress or one of its components showing up on a mailing list or in a security advisory. This week's first entrant is a newly disclosed flaw in a plugin that displays ad banners on WordPress sites, a bug that enables an attacker to inject malicious Javascript or HTML code on any vulnerable site
Lime Pop Emerges as the Latest Strain of Android Enesoluty Malware (Threatpost) A new variant of Android.Enesoluty, the Android data-stealing Trojan that spreads through spam messages, has recently surfaced in Japan. This time the malware is reportedly being spread through a malicious app, Lime Pop, that disguises itself as a popular game
Grum Spam Botnet Is Slowly Recovering After Takedown, Experts Warn (Softpedia) In July 2012, we learned that Spamhaus, FireEye and CERT-GIB managed to shut down the command and control (C&C) servers utilized by Grum, a spam botnet that was the worlds third largest at the time. A couple of months later, FireEye experts reported that the botnets masters started reinstating its C&C servers. At the time, since there were only a couple of new servers, no major spam-related activities were identified
Windows Trojan Found Targeting Mac OS X Users (Security Week) Researchers at ESET have discovered a Trojan that initially focused on Windows users, but appears to be changing direction. The Trojan now has its sights on Mac OS X users, and its actions have prompted Apple to update XProtect with signatures to detect it. The Yontoo Trojan spreads on Windows by pretending to be a video codec
Malware abuses Chromium Embedded Framework, developers fight back (Computer World) A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec. In an effort to temporarily block the abuse, CEF project administrators suspended the framework's primary download location on Google Code. The TDL malware generates profit for its authors by redirecting the victims' search results to websites and services of a dubious nature, by displaying pop-up advertisements for various products and services or by infecting computers with other threats as part of a pay-per-install malware distribution scheme
Researchers uncover vSkimmer malware targeting point-of-sale systems (Computer World) A new piece of custom malware sold on the underground Internet market is being used to siphon payment card data from point-of-sale (POS) systems, according to security researchers from antivirus vendor McAfee. Dubbed vSkimmer, the Trojan-like malware is designed to infect Windows-based computers that have payment card readers attached to them, McAfee security researcher Chintan Shah said Thursday in a blog post. The malware was first detected by McAfee's sensor network on Feb. 13 and is currently being advertised on cybercriminal forums as being better than Dexter, a different POS malware program that was discovered back in December
Palo Alto Pinpoints Older Ports That Are Letting In Malware (CRN) The Palo Alto malware analysis issued Monday found that Web browsing dominated as the source of undetected malware, accounting for 68 percent of total
Unpatched Remote Access Tools: Your Gift To Attackers (InformationWeek) Three-year-old "TeamSpy" espionage campaign should be a wake-up call. Lock down your remote-access tools, or else
Apple's two-factor authentication would not have helped iForgot security hole (InformationWeek) Apple's (NASDAQ: AAPL) new two-factor authentication security for Apple ID and iCloud accounts could not have protected users against a security hole in its iForgot password reset page uncovered Friday, according to security firm Kaspersky Lab. It seems there was a three-day waiting period for the two-factor authentication to take effect, a waiting period that began on Thursday, noted Kaspersky Lab's Anne Saita in a blog
6 Emerging Security Threats, and How to Fight Them (eSecurity Planet) Hackers are nothing if not creative, so it's important for enterprise security pros to educate themselves about emerging security threats like these six. The security threat landscape changes constantly, with malicious hackers developing new ways to compromise your systems as older vulnerabilities are discovered and patched. So it's important to be aware of the threats to enterprise security that are coming over the horizon and heading this way
Major websites hacked leaving users vulnerable (CSO) MSN and NBC vulnerabilities leave 'ransomware' on unprotected PCs. Many Internet users think that so long as you visit well-known websites you'll be safe online. Yet ,recent research from AVG's Web Threats Research Team has identified two cybercrime campaigns coded into some of the internet's most popular sites
Security Patches, Mitigations, and Software Updates
Apple Patches Password Reset Vulnerability (Dark Reading) Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period
Novell GroupWise Messenger import Command Remote Code Execution Vulnerability (Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file
HP Intelligent Management Center mibFileUpload Servlet Remote Code Execution Vulnerability (Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability
Mozilla Foundation Security Advisory 2013-19: Use-after-free in Javascript Proxy objects (Mozilla) Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution
Cyber Trends
Think layers of security is all that? Think again (CSO) Of 1,800 serious malware NSS Labs tested, some always managed to get through -- no matter what combination of protection was used
Putting Out Fires With Gasoline (Dark Reading) Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem
Web trackers are totally out of control (IT World) More than 1,300 tracking companies are following us across the Web. But who they are and what they know is a mystery to most. I'm getting that paranoid feeling again. You know, the one where you think someone or something is stalking you across the Web, watching everything you do and then suddenly just showing up as if their presence was just a random coincidence. Except that this isn't paranoia or coincidence. To be specific, I'm being followed by this ad for Jitterbug phones
Transparency Reports Should Be Standard Practice (Threatpost) Transparency report With less than three full months gone in 2013, Facebook, Apple and Microsoft all have admitted publicly to serious security breaches, something that would have seemed like an elaborate practical joke just a couple of years ago. But the times and the climate have changed, and if you needed more evidence of these facts, it arrived last week in the form of the first Microsoft Transparency Report
NatGas Cybersecurity getting a lot more Visibility (Smart Grid Security) Thanks to colleague H. Chantz for spotting this article and sending this way. As has been the case quite a bit this year, once again we are in the realm of SCADA/Control System security. William Rush of the Gas Technology Institute states it plainly, if somewhat dramatically: Anyone can blow up a gas pipeline with dynamite
Hackers hit energy companies more than others (Fuel Fix) Energy companies faced more targeted malware attacks in a six-month period last year than businesses in any other field, with hackers sometimes breaking into systems to steal geologic and financial data, according to a Houston network security firms research. Alert Logic is releasing a report Tuesday detailing the incidence of attacks on its customers in different industries and the digital weapons hackers used in their attempts to infiltrate systems from April 1 to Sept. 30 last year. FuelFix examined the report ahead of its general release
Cyberattack risk high for oil and gas industry (Fuel Fix) In the months since a virus ripped through 30,000 of Saudi Aramcos computers, the worlds largest oil company has become the canary of the industry, warning others of the serious threats already lurking on their systems. Although the attack did not disrupt Saudi Aramcos oil and gas operations, the companys top man warned, in a recent interview with FuelFix, that the risk to the industry remains high. Chief Executive Officer Khalid Al-Falih said that despite aggressive efforts by Saudi Aramco and others to guard against online threats, operations throughout the energy industry will remain in danger unless all companies adopt strong Internet security measuresWhat happens to one company affects us all, Al-Falih said
Marketplace
JIE not an attempt at DISA domination, says DISA official (FierceGovernmentIT) The Joint Information Environment is not an attempt by the Defense Information Systems Agency to take over all the Defense Department's data centers, said Tony Montemarano, DISA director of strategic planning and information. The JIE is "not about DISA controlling the world, DISA ueber alles," he said. "The military departments have got formidable capabilities…it makes no sense to turn them off." He spoke March 25 at ACT-IAC event in downtown Washington, D.C.
Security clearance a sales weapon (Parramatta Sun) Technology organisations are realising that government security certification can open doors to the wider business world. Typically, certification by the Australian government's intelligence agency, Defence Signals Directorate, is used to enable suppliers to work with top-level government agencies, but some are also using it as a marketing tool to build trust and increase sales to the private sector
Small Suppliers Must Beef Up Security (Dark Reading) As larger companies shore up their defenses, attackers have changed their focus to the smaller companies that supply goods and services to enterprises, in hopes of gaining access to the larger targets' networks and data. The trend appears to be gaining steam. In the first half of 2012, small businesses alone accounted for 36 percent of all targeted attacks, up from 18 percent at the end of 2011, security firm Symantec said in July
General Dynamics Sets Up Cybersecurity Rapid Reaction Force (Motley Fool) General Dynamics (NYSE: GD ) is advancing the war on cyber hackers. The company's Fidelis Cybersecurity Solutions (FCS) unit this morning announced the recent opening of a new cybersecurity facility in Columbia, Md., where it has assembled a network defense and forensics team to help public and private clients "combat advanced cyber attacks by assessing their security posture; designing, building and managing a security infrastructure that is capable of discovering and containing advanced threats; and responding to sophisticated attacks quickly and effectively when they occur"
Deal weavers (Deal Pipeline) Defense technology and cybersecurity company KEYW Holding Corp. continues to scour the M&A field for acquisition targets. KEYW, of Hanover, Md., has made a name for itself in the defense and cybersecurity world due in part to a unique style of dealmaking, a distinctive corporate culture and operating on the cusp of a cutting edge and highly dynamic sector. While the company has gone on a strong acquisition tear for the past two years, it has done so without participating in a single auction. Rather, it has found targets through an extensive network of contacts and long-term partnerships delicately coaxed into existence through the web spun by its executives
Firms Partner to Curb Cyber Crime (This Day Live) An indigenous firm, Proxinet Communications is partnering an American company, FireEye Incorporation, in a bid to help curb cyber crimes in the West African region. The move was disclosed recently in Lagos at a press briefing by the FireEye Regional Sales Director, Middle East, Turkey and Africa, Mr. Ray Kafity
CACI to Design Natl Defense University War Games (GovConWire) CACI International (NYSE: CACI) has won a position on a potential three-year contract to help the National Defense University develop curriculum and other classroom instruction programs such as war games. The indefinite-delivery/indefinite-quantity contract contains two base years and an option year, with a $21 million ceiling value, CACI said Monday. NDUNational Defense University's aims to help
Products, Services, and Solutions
Twitter Verification Has More To Do With Being Good At Twitter Than With Identity (TechCrunch) Twitter has done a great job at keeping the whole "blue badge" verification process a mystery. If curiosity eats away at you like it does me, you're in luck. A new video from comedians Hari and Ashok Kondabolu, featuring Anil Dash who has around 500k followers, shows the magical transformation from start to finish
Fingerprints Instead Of Credit Cards? YC-Backed PayTango Aims To Make Payments Work Through Biometrics (TechCrunch) As a mechanism for payment, the credit card remains just as hardy as ever. It has so far defied the threat of mobile phones, and less plausibly, QR codes, among many other forms of payment. One YC-backed startup is betting that fingerprints and other forms of biometric identification may be the payment method of the future though. Called PayTango, they're partnering with local universities
Brocade adds new FC management tools (IT World Canada) Update to Network Advisor has new monitoring and visualization capabilities to make Brocade fabrics more reliable. There's also a new 96-port FC switch. Let's face it: running a storage area network isn't the glory side of IT. But with a few tools it can be easier
Technologies, Techniques, and Standards
Lieberman Software Survey Reveals Staff Ignore IT Security Directives - Even If They Were to Come From the CEO (Dark Reading) More than 80% of IT security professionals believe that corporate employees deliberately ignore security rules
Security damn well IS a dirty word, actually (The Register) Sysadmin blog An interesting feature popped up on Ars Technica recently; website journo Nate Anderson discusses how he learned to crack passwords. The feature is good; good enough for to me to flag it up despite that journalistic competition thing*. That said, the feature gently nudges - but does not explore - a few important points that are increasingly critical to consider in the context of any serious discussion about IT security
Arguments Against Security Awareness Are Shortsighted (Dark Reading) When I read Bruce Schneier's recent blog basically stating security awareness is a waste of resources, I perceived a general misconception about the fundamental concepts of security awareness that are actually very critical to the discipline of awareness and security as a whole. This misconception actually highlights why many security awareness programs suck. Bruce uses the term "security awareness training." There is a very distinct difference between "Security Awareness" and "Security Training." Security training provides users with a finite set of knowledge and usually tests for short-term comprehension
Don't Make Users A Security Punching Bag (Dark Reading) Too many security pros today take it upon themselves to blame dumb users for all of the security ills befalling IT organizations, particularly when users fall for phishing and other email-based attacks. But many of todays most advanced attacks are through web channels and are so well-designed that even the most advanced training techniques may not teach users how to detect them. According to many security pundits, it is time to stop with the blame game and look in the mirror."I honestly don't see the value of employees being listed as the weakest link, mainly because humans are the ones doing everything to begin with
MISSION IMPOSSIBLE: 4 Reasons Compliance Is Impossible (Dark Reading) Compliance, like security, is not a constant. It happened again. I heard a boastful manager tell the CEO the job was finished and with great confidence brag to his boss their organization was fully compliant. The CEO nodded with increasing approval, mentally embracing the idea that his worries on the matter were behind him for good. No money-grubbing consultant was going to fool him about "risks," and technical managers would no longer dare ask for larger budgets for compliance needs. In his mind, the task had now been addressed and the goal reached, never to look back again
Anatomy of a 'feature' - should JavaScript be allowed to change a web link after you click on it? (Naked Security) A young web coding enthusiast from Manchester, UK, recently published a thought-provoking hackette intended to highlight the risks of relying only on "look before you click." Paul Ducklin wants to know what you think of it
IPv6 Focus Month: IPv6 over IPv4 Preference (Internet Storm Center) Initially, most IPv6 deployments will be "Dual Stack". In this case, a host will be able to connect via IPv4 and IPv6. This brings up the question which protocol will be preferred, and if multiple addresses are possible, which source and destination address are used. RFC 6724 describes the current standard how addresses should be selected, but operating systems and applications, in particular browsers, do not always obey this RFC
Banks join forces to develop open standard for electronic OTC trading (Finextra) A group of leading sell-side banks has set up a working group that will work towards the creation of an open industry standard protocol for client and trader enablement on electronic trading platforms. Currently, enabling clients to trade with dealers on OTC electronic platforms is a manual process, requiring a significant amount of rekeying of data from internal dealer systems onto those of the venues. In January investment banks came together to try and fix the problem, launching the Trading Enablement Standardization Initiative (Tesi) and vowing to work with execution venues and other stakeholders to create a tighter integration between the dealer systems and the venues.
Database Security Restart (Dark Reading) I'd mentioned a couple posts back that I was being asked to jump start database security programs for several companies. Some large enterprises, some small, but the basic problem is the same: They need to get a handle on the current security situation and plan how to improve across the board. So in concept this is pretty simple, just figure out where they want to be, and build a plan to get there. In reality, getting consistency across the company is a big challenge. Each firm has some exiting tools to automate the mundane security tasks, but the quality of the tools and resources varies greatly, as does the lever of security and compliance requirements. Fundamentally they all have the same basic question: "Where do I start?" To form a plan, let's start with three basic questions
Who has responsibility for cloud security? A Network World roundtable (Network World) The Cloud Security Alliance provides some great guidance in this area, and the cloud computing security working group is expanding all these models, and ultimately these responsibilities need to be contractually assigned during the procurement process
Investigating evidence of hack useful for protection: Trend Micro (ARN) Security vendor sees value in investing the evidence left behind by cyber criminals in protecting against attacks. If businesses are not looking for that evidence regularly within their networks, there is a risk that the intruder will go undetected, according to Trend Micro strategic markets VP, Blake Sutherland
Big Data Debate: Will Hadoop Become Dominant Platform? (InformationWeek) Will Hadoop become the hub from which most data management activities will either integrate or originate? Two big data experts square off
Design and Innovation
European Innovation Varies by Country (IEEE Spectrum) In the aftermath of financial crisis, German enterprises lead the pack in investing in the future
Security Manager's Journal: R&D's new security lab is a promising step (ComputerWorld) The R&D department will have a sandbox for testing the company's software products. For once, security isn't last. It's a great thing when a security manager doesn't have to go into battle mode every time a new corporate initiative emerges. When other departments show signs that they aren't putting security last, I can relax a bit. But just a little bit. Even in those cases, I want to have input
The US can battle wealth inequality by letting startups IPO earlier (Quartz) We are holding back the middle class in America. But it's not for the reasons you think, and the culprits are not those most people think of. Rather, the US government has systematically cut the middle class out of the most important wealth creation opportunity for the next 50 years. Through a series of byzantine regulations, the government has made it virtually impossible for working Americans to enjoy the fruits of America's greatest strength: innovation
With Big Data, we are creating artificial intelligences that no human can understand (Quartz) Computer systems currently base their decisions on rules they have been explicitly programmed to follow. Thus when a decision goes awry, as is inevitable from time to time, we can go back and figure out why the computer made it. For example, we can investigate questions like "Why did the autopilot system pitch the plane five degrees higher when an external sensor detected a sudden surge in humidity?" Today's computer code can be opened and inspected, and those who know how to interpret it can trace and comprehend the basis for its decisions, no matter how complex
Research and Development
Mobile location data identifies individuals (The Register) One of the arguments in favour of anonymous mobile location tracking, nanely that it doesn't provide enough information to identify individuals, has been slapped down by a US-Belgian study. An anonymous trace of one phone's movements, plus a small amount of external data, can pick out one person out of millions
Academia
Luring Young Web Warriors Is a Priority. It's Also a Game (NY Times) In the eighth grade, Arlan Jaska figured out how to write a simple script that could switch his keyboards Caps Lock key on and off 6,000 times a minute. When friends werent looking, he slipped his program onto their computers. It was all fun and games until the program spread to his middle school
The Department of Homeland Security Would Like to Talk to Your Hacker Teens (BetaBeat) Football team doesn't look so cool now, huh? (They still look cool.) The high school years! It's hard being the Department of Homeland Security. Foreign agents are constantly trying to slip inside the D.H.S.'s computer systems. But America's hotshot hackers either go for the private sector ($$$) or somewhere you can go on the offensive, like the N.S.A. (which, let's face it, sounds super-badass). So, according to the New York Times, the agency, desperate for recruits, is now making like a college football program and hunting for recruits at high school hacking competitions
Lunarline Renews Cybersecurity Partnership with UMD (MarketWatch) Lunarline, Inc. today announced they will continue their partnership with the University of Maryland (UMD) establishing collaborative activities in cybersecurity for a second year. The partnership promotes cybersecurity education, research, and technology development through the Maryland Cybersecurity Center (MC2). UMD and Lunarline plan to leverage each other's resources, expertise, and unique perspectives to develop innovative cybersecurity expertise and technology solutions
Warrior to Cyber Warrior Graduates Its First Cohort Of Cyber Security Students (IT News Online) Lunarline, a cyber security company, and Echo360, the leader in active learning and lecture capture solutions
Legislation, Policy, and Regulation
Tallinn Manual Interprets International Law in Cyberwar Context (Threatpost) When nations eventually adopt ground rules for conflict in cyberspace as they apply in an actual kinetic war, the Tallinn Manual on the International Law Applicable to Cyber Warfare, is likely to be their key reference material in doing so
U.S. Gov't: Laws of war apply to cyber conflict (Foreign Policy) [Free registration required.] A NATO initiative by which legal experts have articulated laws for the cyber battlefield -- is set to make its stateside debut. But the United States says it is already ahead of the document's recommendations: it insists the existing laws of war are sufficient to govern the use of cyber weapons."Existing international law applies to cyberspace just as it does in the physical world," said Christopher Painter, the State Department's coordinator for cyber issues, during a forum at George Washington University last Thursday. "That is a very important concept
State Department pushes for international norms of cyber conduct (FierceGovernmentIT) While the use of sanctions isn't completely out of the question, the State Department's primary role in U.S. cybersecurity policy is to establish and promote international norms of acceptable conduct in cyberspace, said a department official during a March 21 hearing of the House Foreign Affairs subcommittee on Europe, Eurasia and emerging threats. The department is particularly keen on spreading the idea that the theft of intellectual property is not acceptable behavior in cyberspace, said Christopher Painter, coordinator of the State Department's office of cyber issues. Some governments are naturally in line with U.S. thinking on cyber policy issues
On Iran and Pre-Emptive Cyber Attacks (infosec island) Early in February of 2013, many news outlets came out with articles about the US Government having a 'secret legal review' on the use of its cyber-arsenal. This legal review concluded that the US government could launch a cyber attack against a threatening nation if the country needed to defend itself. Essentially it boils down to 'legitimately' having the power to order a pre-emptive cyber attack, even though only the President himself can authorise such an attack
DRDO's Zero Day (Financial Express) As our most sensitive defence information undergoes the throes of a targeted cyber attack, Mehak Chawla examines the threats facing our critical information infrastructure and how technology can take control
Our Internet Surveillance State (Schneier) One: Some of the Chinese military hackers who were implicated in a broad set of attacks against the U.S. government and corporations were identified because they accessed Facebook from the same network infrastructure they used to carry out their attacks. Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement, was identified and arrested last year by the FBI. Although he practiced good computer security and used an anonymous relay service to protect his identity, he slipped up
Litigation, Investigation, and Law Enforcement
MMS Is Not an Illicit File-Sharing Service, Appeals Court Says (Wired) The Multimedia Messaging Service is not an illicit file-sharing protocol, a federal appeals court ruled, setting aside Monday a complaint from an MMS-greeting-card supplier that claimed the nation's largest telecoms helped consumers infringe via MMS texting
Chinese Citizen Guilty Of Data Theft (Washington Post) On Monday, Sixing Liu, a Chinese citizen who worked at L-3's space and navigation division, was sentenced in federal court here to five years and 10 months for taking thousands of files about the device, called a disk resonator gyroscope, and other defense systems to China in violation of a U.S. arms embargo
No Skype traffic released to cops or spooks, insists Microsoft (The Register) Microsoft's Skype subsidiary didn't hand over any user content to law enforcement, according to the software giant's first ever report on how it deals with official requests for data. As previously reported), Microsoft's transparency report revealed that Redmond received 75,378 requests from law enforcement agencies worldwide last year, involving 137,424 user accounts
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, Apr 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on April 11 & 12 at their offices in Pittsburgh to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, Apr 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.