The CyberWire Daily Briefing 04.02.13

Summary

By The CyberWire Staff

Israel expects (and prepares for) "OpIsrael," a campaign Anonymous hacktivists threaten to launch this week.

South Korea also raises its cyber defense readiness as tensions with the North increase. Hacktivists without apparent connection to either North or South released username and password combinations they claim to have extracted from North Korean news and propaganda site Uriminzokkiri ("Our Nation").

Symantec notes that last month's MBR Wiper (the name "Dark Seoul" apparently hasn't stuck) attacks against South Korean media, financial, and energy firms resembles a 2011 campaign that began with denial-of-service, then progressed to data destruction. TrendMicro draws three lessons from MBR Wiper: platforms as well as devices are targets, auto-updating is now being exploited, and security products themselves are now attacked.

US authorities warn that telephony denial-of-service attacks (apparently the work of criminals, not states or hacktivists) are now hitting emergency services. Ransomware gains credibility with victims by inspecting and using their browser history.

US-CERT offers an appreciation of DNS amplification attacks, along with some recommendations for protection. Such attacks appear to be trending upward in frequency, sophistication, and severity.

China's Ministry of Commerce expresses displeasure with the US Government's new stringent vetting requirements for Chinese IT equipment—they're "discriminatory." The strictures appeared in the continuing resolution President Obama signed last week. Huawei and ZTE are thought most affected.

Registration for US Cyber Challenge opened last Friday: the contest is open to high school and college students. The state of Illinois begins a program to prepare its citizens for cyber jobs.

Notes.

Today's issue includes events affecting China, France, Germany, India, Israel, Italy, Japan, Republic of Korea, People's Democratic Republic of Korea, Netherlands, Spain, United Kingdom and the United States.

Selected Reading

Cyber Trends

DoS attacks expose enterprise infrastructure vulnerabilities (Net-Security) Lurking in the shadows for nearly a decade, DoS and DDoS attacks are making a resurgence. Several high-profile assaults on the world's leading financial firms and other industries have recently been experienced. And attacks are increasing in frequency, data volumes and application specificity

Complex malware and BYOD drive mobile security (Net-Security) Mobile malware has advanced to a new level of sophistication as smart devices continue to gain ground. The number of unique mobile threats grew by 261% in just two quarters. Increasingly complex malware is taking advantage of a wider range of mobile functionalities to exploit vulnerabilities on the device and in the network

Legislation, Policy and Regulation

'India must wake up to cyber-terrorism' (First of a two-part series) (Newstrack India) India has seen many such attacks on its critical installations and the misuse of social media and Internet has brought home the threat of cyber-terrorism, which cyber security experts say the country is poorly equipped to handle. Experts believe the

Japan and the US Need to Operationalize Cybersecurity Cooperation (World Politics Review) Washington's reluctance to share sensitive information in the absence of robust information assurance is just one of the reasons Tokyo needs to establish a

Products, Services, and Solutions

Security or censorship? AT&T bans obscene passwords (We Live Security) Most security professionals have enough to deal with thanks to insecure passwords but AT&T seems to want its users to keep them clean, too. The password restrictions page for AT&T users says, The password cant contain the words password, admin, pa$$w0rd or other common words. The password cant contain obscene language

Light Point Security launches first malware-defense product (bmore) Light Point Security LLC this year expects to launch its first product, Light Point Web Enterprise, a secure web browsing solution for company networks. The startup is collaborating on commercializing the product with Northrop Grumman Corp. through a program at the University of Maryland, Baltimore County incubator in Catonsville

Technologies, Techniques, and Standards

Using Dependency Modeling For Better Risk Decisions (Dark Reading) Q&A with Open Group executives who are evangelizing a new standard for dependency modeling to help with IT risk management and beyond. In the world of IT security, risk management requires decisions to be made based on a wide range of variables. The problem is that these variables are often nested and interconnected to such a degree that without some rigorous planning, a flowchart based on their dependencies could quickly look like an MC Escher drawing. Add in the real-time information flow put out by a lot of technology devices that determine these variables at any given moment, and it becomes quite the task to factor everything in with any degree of discipline

Anatomy of a bug - misplaced parenthesis threatens NetBSD's random numbers (Naked Security) Oh, frailty, thy name (with apologies to [William {The Bard}] Shakespeare) is parenthesis. What a difference a misplaced bracket makes! As our friends at The Register reported last week, the NetBSD coders recently patched a programming bug in their kernel that affected the sanctity of the operating system's random numbers

Marketplace

China slams U.S. for discriminating against nation's tech vendors (Computer World) China has slammed a new U.S. funding law that increases scrutiny of information technology purchases from the country, and said it could severely damage the mutual trust between the two nations. "The contents of the U.S. congressional act sends a very wrong signal, and could directly affect normal trade between Chinese enterprises and U.S. business partners," the country's Ministry of Commerce said in a statement on Friday. The funding law, signed by President Barack Obama last week, includes a provision stating that U.S. authorities will vet all IT system purchases made by select federal agencies, including the Commerce and Justice Departments, NASA, and the National Science Foundation

Hagel To Address 'Strategic And Fiscal Challenges' (DefenseNews.com) Chuck Hagel will deliver his first major speech as U.S. defense secretary Wednesday where he will focus of the strategic and fiscal challenges facing the Pentagon

Governor Quinn Launches Cyber Challenge (eNews) Governor Pat Quinn today was joined by the Cyber Aces Foundation to announce the Illinois Governor's Cyber Challenge, a statewide competition that will fill mission-critical jobs in the emerging cybersecurity workforce. The announcement is part of Governor Quinn's agenda to increase public safety and help Illinois residents find employment. The Cyber Challenge is designed to provide a pathway of learning and workforce training for Veterans and students

Bullish on big data? Better make a plan. (FCW) Are you bullish on big data? Then your agency better get a big data strategy in place - and if that strategy does not outline at least one specific problem to solve, a timeline for success and measurable metrics to gauge progress, it's probably a waste of time and taxpayer dollars

Law Firms Tout Cybersecurity Cred (Wall Street Journal [subcription required]) When Nationwide Mutual Insurance Co. discovered in October that a hacker had breached its systems and stolen personal details of roughly one million people, it put the internal probe in the hands of a law firm, rather than one of the forensic investigators typically retained for such incidents

DHS CIO Richard Spires on voluntary leave from position (FierceGovernmentIT) Homeland Security Department Chief Information Officer Richard Spires has voluntarily elected to take leave from his position due to reasons protected by privacy law, DHS officials said April 1

Robbins-Gioia, Inc., Appoints Alma Cole Vice President of Cyber Security (PR Web) Prior to his role as the CSSO, he led the Department of Homeland Security (DHS) Security Operations Center, responsible for cyber incident response and continuous security monitoring of the DHS trusted internet connections, DHS OneNet wide area network

Bryan Martin Named SRA Cyber, Privacy VP (GovConWire) Bryan Martin, a former cybersecurityMeasures taken to protect a computer or computer system against unauthorized access or attack. executive at ManTech International (NASDAQ: MANT), has joined SRA International as vice president of cybersecurityMeasures taken to protect a computer or computer system against unauthorized access or attack. and privacy. He will lead SRA's cyber practice and

KEYW Names Deborah A. Bonanni to Board of Directors (MarketWatch) Bonanni retired from public service in 2012 as the Chief of Staff of the National Security Agency. "We are pleased to have Deborah join KEYW's Board of Directors," commented Leonard Moodispaw, President and CEO of KEYW Corporation

SRA International brings on new VP of cybersecurity, privacy (Washington Business Journal) Bryan Martin has joined SRA International, Inc. in Fairfax as vice president…technology officer for the Mission, Cyber & Intelligence Solutions group

Research and Development

News in Brief: Quantum cryptography takes flight (Science News) Quantum cryptography has entered the friendly skies. A precise beam of photons sent from an airplane allowed researchers on the ground to create a nearly unbreakable encryption key to protect information. The experiment, reported March 31 in Nature

Cyber Attacks, Threats, and Vulnerabilities

Israel braces for massive cyber-offensive (The Times of Israel) Hackers around the world are plotting to strike Israel's online presence in a coordinated cyber-attack later this week. The effort, known as "OpIsrael," which is being organized by hacktivist group Anonymous, aims to target the 100 largest websites in

Anonymous Hackers Sit on 15,000 User Records from North Korean Site Uriminzokkiri (Softpedia) With tension rising between North Korea and anyone who'll listen to them, it seems that some enterprising hackers took it upon themselves to fight for freedom in the country, by infiltrating many of its local networks. As proof, the allegedly Anonymous-connected hackers have published a small sample of alleged username and password combinations that they've allegedly extracted from the North Korean site Uriminzokkiri. Uriminzokkiri, which is translated as Our Nation, is a North Korean news and propaganda site, located in China

Symantec Links South Korean Cyber-Attack To 2011 Incident (TechWeekEurope UK) The attacks that disrupted operations at several South Korean banks, broadcast companies and energy firms have technical similarities that may link the digital campaign to a series of DDoS (Distributed Denial of Service) attacks in 2011, security firm

Three Lessons from the South Korea MBR Wiper Attacks (TrendMicro) Last week, we posted some detailed information about the actions that the March 20, 2013 MBR wiper attacks took against systems in South Korea. Today, Id like to take that and some additional information that has come out about the incident and draw some conclusions about what lessons this attack teaches us. When we look at the South Korean attacks three specific lessons come out of what weve seen:Post-PC attacks arent just about devicesAuto-updating infrastructure is a viable targetSecurity and infrastructure products are targets tooThere is an overarching theme to these lessons: when we say targeted attacks it means not just targeted in terms of who a spear phishing email is sent to start the attack

South Korea prepares for cyber warfare (Salon) The announcement follows last month's hacking attack that brought down the servers of two major banks in Seoul. South Korea's defense ministry announced Monday it would start preparing for cyber warfare, increasing forces and developing different deterrence scenarios in conjunction with the United States. The announcement follows last month's hacking attack that brought down the servers of two major banks and three broadcasters in Seoul. The identity of those behind the attacks in March is still under investigation, though there has been some speculative finger pointing at North Korea

DHS, FBI warn over TDoS attacks on emergency centers (CSO) Telephony denial-of-service attacks on the rise against public and private organizations. Federal law enforcement officials are reporting a rise in attacks in which the telephone lines of emergency call centers are flooded with bogus calls by extortionists whose demands for cash are refused

Ransomware leverages victims' browser histories for increased credibility (Computer World) The authors of police-themed ransomware have started using the browsing histories from infected computers in order to make their scams more believable, according to an independent malware researcher. Ransomware is a class of malicious applications designed to extort money from users by disabling important system functionality or by encrypting their personal files. A particular variation of this type of threat displays messages masquerading as notifications from law enforcement agencies

Washington State Dept. of Social and Health Services Suffers Security Breach (eSecurity Planet) The Washington State Department of Social and Health Services (DSHS) recently announced that a private contractor's laptop containing the confidential and personal health information of 652 DSHS clients was found to have been stolen on February 4, 2013 (h/t PHIprivacy. net). The laptop, which belonged to Dr. Sunil Kakar, was recovered in a pawn shop 10 days later

Alert (TA13-088A) DNS Amplification Attacks (US-CERT) A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic

US-CERT Warns about DNS Amplification Attacks (eSecurity Planet) A common DNS misconfiguration was at the core of last week's massive DDoS. Now the U.S. government is providing guidance on how to fix the problem

Using Customer Premise Equipment to Take Over the Internet (Threatpost) It's the ultimate what-if scenario: What if an attacker could own all the customer premises equipment (CPE) doled out by ISPs such as routers and modems? Would it be trivial with available scanning equipment and other tools to find vulnerable gear, and then modify and re-upload the firmware to be able do anything such as control Web traffic, launch DDoS attacks, or even disconnect large blocks of machines from the Internet? The answer to those questions, and several related ones, appears to be yes

Army Practices Poor Data Hygiene on Its New Smartphones, Tablets (Wired Danger Room) The Army absolutely loves its new Android, iOS and Windows smartphones and tablets. Just not enough to properly secure the sensitive data it stores on them. A spot check of mobile devices used by the Army at its West Point military academic and its corps of engineers shows inconsistent and outright poor data security. The Pentagon inspector general has found that the smartphones and tablets the Army buys at local electronics stores often aren't configured to protect sensitive data, leaving it to individual users to safeguard their data

Academia

U.S. Cyber Challenge Calling All Future Cyber Defenders To Compete! (PR Newswire) The National Board of Information Security Examiners (NBISE), through the U.S. Cyber Challenge (USCC) initiative, today announced its qualifying CyberQuests competition - an entertaining and challenging online contest open to high school and college students who will compete against their peers across the country for an invitation to one of several Summer Cyber Camps being offered this summer. Registration opens March 29th

Litigation, Investigation, and Enforcement

Brits, Germans, French, Dutch, Spanish and Italians ALL to probe Google (Register) Google faces possible legal action from six different data protection regulators in Europe - including the British Information Commissioner - after the advertising giant failed to comply with an order to make changes to its privacy policies

Utah data breach victims told to ignore credit monitoring solicitations (Salt Lake Tribune) Utahns swept up in last years health data breach may be getting conflicting information about credit monitoring. The state Department of Health is offering another year of fraud protection to the 280,000 whose Social Security numbers were stolen by hackers. Its supposed to kick in automatically for those who already signed up with Experian

Canadian Doctor Suspended for Privacy Breach (eSecurity Planet) The College of Physicians & Surgeons of Alberta recently found Dr. Deanne Watrich guilty of unprofessional conduct for accessing the electronic health records of three people with whom she had no doctor/patient relationship…The investigation followed complaints filed by three people in December 2010 claiming that their personal health records had been accessed without their consent

Russian government selectively blocks site access (CNet) The country is taking advantage of a new law signed last year that requires major Web sites to restrict that material officials find objectionable. The Russian government has turned to censorship on the Web. According to the New York Times, the government is utilizing a new law, which the Russian parliament approved in July and which took effect in November, that allows the government to selectively censor Web pages within its borders because of content that it believes is illegal or harmful to children

Security policies must address legal implications of BYOD (Tech Republic) The legal principle, Ignorance of the law excuses no one effectively eliminates, I didnt know as a defense. In that case, I might as well plead guilty to having some major I didnt know going regarding the very real legal pitfalls embedded in BYOD (Bring Your Own Device). To get un-ignorant, I asked David Navetta, attorney and founding partner of the Information Law Group, for his advice

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will be forthcoming on the event site. All job-seekers should be US citizens with cyber security or IT experience. A security clearance is not required, but preferred.

INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of data and visual knowledge in the hands of users.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

HITBSecConf2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.

SANS Northern Virginia 2013 (Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, April 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on April 11 & 12 at their offices in Pittsburgh to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Cyber Guardian 2013 (Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.

A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, April 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.

Infosecurity Europe (London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.