The CyberWire Daily Briefing 04.10.13

Cyber Trends

Asia a growing target for APTs (ZDNet) The region's growing economic prominence, prevalent mobile device ownership and use of social networks are drawing attention from cybercriminals looking to exploit the situation with APTs. Asia is increasingly a target of advanced persistent threats (APTs) as it rises in global prominence with the presence of multinationals and big local brands planting offices here. The ongoing trends of bring-your-own-device (BYOD) and social networking occurring in companies also contribute to a higher occurrence of such attacks in the region

I'm a Fortune 500 Company and I've Been Hacked (Security Week) One of the more interesting cyber security phenomenons Ive witnessed recently is not only the willingness of CEOs to admit that their company has suffered a breach, but the enthusiasm in which they have shown in making the admission. In what seems like only a short-time ago, company management, often on the advice of legal counsel, had no appetite to discuss issues of cyber security. This was especially the case when it had been compromised

Supply chain the new tempting attraction for hackers (CSO) Intruders finding 'weakest link' the best route into the information treasures of large companies. Verizon made headlines last December when it was revealed that 300,000 customer records had been pinched by a hacker and posted to the Internet. After probing the breach, Verizon declared that none of its systems were breached, no unauthorized person had gained root access to its servers and, because much of the information was out of date, the number of customers affected was only a fraction of the numbers reported

NATO, Eucom Commander Identifies Three Big Issues: Afghanistan, Cyber Security and Syria (Eurasia Review) Looking to the year ahead for NATO and U.S. European Command, the senior commander for both cited three big agenda items: setting conditions for Afghanistan, improving cyber security, and continuing to defend NATOs border with Syria. First, we have to get Afghanistan right as we shift our mission from combat to train, advise and assist, Navy Adm. James G. Stavridis wrote in his command blog posted today. Weve laid the right tracks for the change in early 2015, he noted, working with all 28 NATO nations and other potential partners to define the new mission after 2014

Cyber attacks top threat to national security: US intelligence head (The Hindu Business Line) A senior US official has told lawmakers that they now consider cyber attacks as among the top threats to the national security, even though there is remote chance of any such major attack against critical infrastructure systems during the next two years. In a significant departure from the past, Director of National Intelligence James Clapper, in his unclassified annual threat assessment to the Congress, has put cyber attacks ahead of threat from terrorists, and that from Iran and North Korea

What the heck is a cyber-weapon, anyway? (Quartz) Reuters reports today that the US Air Force has decreed six "cyber tools" as weapons…That's great. So the US Air Force is renaming bits of code as weapons in an effort to wring a little cash out of an already squeezed budget. It's a simple enough tactic (except for vendors of security software, who claim it's the beginning of "a new arms race.") But what does it really mean? When does malicious code stop being a virus and leave the world of biological metaphors to enter militaristic ones? This is tricky

Nobody can be arrogant enough to say we cannot be hacked: Jay Bavisi (Livemint) Jay Bavisi is an information security evangelist and serves on the board of the Global Institute of Information Security Research, a collaborative initiative of the National Security Agency, Department of Homeland Security, private industry and

US will be crushed by state sponsored cyber attack, warns security CEO (ITProPortal) Philip Lieberman, author and CEO of security firm Lieberman Software, believes the US is on the brink of suffering a major cyber attack from another nation state that will severely damage the country's national infrastructure. The security expert has

Legislation, Policy and Regulation

Washington's Secret Weapon Against Chinese Hackers: Appplying the Lessons of Counterterrorism and Counterproliferation in Cyberspace (Foreign Affairs) There are limits to what governments can do about intellectual property theft. It is time to start considering what the private sector can do. After years of pressure, most multinational corporations agreed to build fair labor practices, worker safety, and environmental measures into their supply chains. They should now do the same with intellectual property protections. "The tide of war is receding," U.S. President Barack Obama proclaimed in October 2011, announcing the impending conclusion of the war in Iraq. In the year and a half since, however, the tide of a new type of conflict has been rising -- one that takes place not on land, in the air, or at sea but in cyberspace. Indeed, in the past several months, the Obama administration has called a great deal of attention to the threat posed by cyberattacks and cybertheft, the most ominous source of which appears to be China. Early last month, the national security adviser, Tom Donilon, said that the cybertheft of confidential information and technology from American businesses has been "emanating from China on an unprecedented scale," and General Keith Alexander, the director of the National Security Agency, has previously called such theft "the greatest transfer of wealth in history"

Official urges China-U.S. trust on cyber security (Xinhuanet) A senior Chinese Internet affairs official has called for greater trust between China and the United States in jointly safeguarding cyber security. Qian Xiaoqian, deputy head of the State Internet Information Office, made the remarks while addressing the sixth U.S.-China Internet Industry Forum, which opened here on Tuesday."China and the United States have common interests and common responsibilities in promoting development of the Internet industry and guarding cyber security," he said. Ensuring Internet security has become a global challenge with hacking and online attacks on the rise, which entails concerted responses from the world, according to Qian

Who's Defending America in Cyberspace? (BlackEngineer.com) After selection to the National Security Agency (NSA) Military Fellows Program, she served as a member of the personal staff for the director of the NSA and commander of the United States Cyber Command, later assuming command of the US Army's first

Harden cyber defenses (Bellingham Herald) The Obama administration has ordered improvements in U.S. cybersecurity, and the Pentagon's own Cyber Command unit is taking aggressive countermeasures. We cannot move fast enough to strengthen our cyber protections and defenses. Maybe China

South Korea tightens online transaction security (ZDNet) New measures being rolled out include stepping up payment authentication for online game sites and mobile payment services, and a dedicated app store for financial services to prevent downloads of phishing malware. South Korea is tightening its online and mobile payment systems, as part of efforts to prevent further security breaches."We will reinforce the personal authentication process for online and mobile money transactions, particularly for Web sites that are more vulnerable to fraud payments, said the Financial Services Commission, in a report Tuesday by JoongAng Daily

Prescriptive cybersecurity frameworks 'too early' for Asia (ZDNet) Regulators in the region are still in their infancy developing data protection laws focusing on consumer data protection, and tend to lean toward having a broader principle-based approach. A prescriptive framework whereby regulators issue security best practices for companies to follow, may not work in Asia-Pacific as most countries in the region are still in their infancy of developing data protection laws and still prefer focusing on general rules instead of details when creating regulations. That was the view of panelists in a discussion at the Cyber Liability Insights Conference here Tuesday, as they responded to U.S. President Barack Obama's cybersecurity executive order unveiled on February 2013

Europe Takes Another Step Towards An Open Data Directive (TechCrunch) The EC has been banging the open data drum for a while now, launching its Open Data Strategy for Europe back in 2011. Today another step along the road to liberating government data across the region so that startups can get their hands on it: an EU committee has endorsed plans to modernise the 2003 public information directive to make all non-personal public sector info available for reuse

US Lawmakers Offer Cybersecurity Olive Branch (Security Week) Backers of a cybersecurity bill which stalled in Congress last year offered changes Monday in an effort to ease concerns of privacy and civil liberties activists. The two top lawmakers on the House Intelligence Committee said the panel would meet Wednesday to vote on the Cyber Intelligence and Sharing Protection Act, a measure which passed the House last year but died in the Senate. The lawmakers said they would propose several amendments to the bill, under which internet companies can give the government information about what they see as potential security threats and they are protected from liability for providing the information

House Intel Panel Set to Move Cybersecurity Bill (Newsmax.com) "It does not allow the [National Security Agency] or any other government agency to plug into private networks. Nothing in this bill does anything to sacrifice your privacy or civil liberties." The White House issued a broad executive order in February

Homeland Security top officer to work on UN's new global Internet rules (RT) DHS, Information Technology, Internet, Security, UN, USA. The second-in-command at the US Department of Homeland Security is stepping down as deputy secretary in order to sign-on for a role with the United Nations. But as Jane Holl Lute changes venues

Senator calls for creating fund to compensate victims of cyber attack (Anderson Independent Mail) Sheheen, who lost the governor's race to Haley in 2010 and is rumored to be considering a rematch against her next year, said he has never been involved with a more important issue than the Department of Revenue cyber attack during his 13 years in the

Products, Services, and Solutions

NetIQ Bolsters Actionable Security Intelligence With NetIQ Change Guardian 4.0 (Dark Reading) Provides real-time detection and response to unauthorized access and changes to critical files, systems, and applications

Two-factor authentication finally heading to Microsoft Accounts (Ars Technica) Redmond catching up with Google, Facebook, Apple

Google mines Frommer's Travel for social data, then sells the name back (Ars Technica) In case you weren't aware of how valuable friends and followers are

Mozilla Drops Second Beta of Persona Privacy System (Threatpost) Mozilla has pushed out the second beta version of its Persona authentication system . The move is the latest step in the company's campaign to rid the Web of passwords and make it easier for consumers to log on to sites regardless of the browser they're using

McAfee offers whitelisting solution for Android (ITWorld Canada) SELinux, which was produced by the United States National Security Agency, security companies and open source developers, extended the Linux kernel to include a mandatory access control system. This made it more difficult for a rogue program to take

Emerson Network Power ATCA Systems Ready for Deep Packet Inspection (San Francisco Chronicle) Emerson Network Power, a business of Emerson and global leader in delivering scalable embedded computing technology and power supplies for original equipment manufacturers in a wide range of industries, today announced new application-ready platforms for deep packet inspection (DPI) applications

HBGary Unveils Deep Malware Analysis Platform for VDI (eWeek) With Active Defense 1.3, malware analysis is no longer reliant on a physical memory dump saved to disk. ManTech International subsidiary HBGary announced the release of Active Defense 1.3, a platform designed to provide live, runtime memory analysis of concurrent guest operating system sessions in virtual desktop infrastructure (VDI) environments

Skyscape email system gets IL3 accreditation for G-Cloud (Public Technology) Cloud services provider and UK SME Skyscape has announced the IL3 accreditation of its email and collaboration service, based on VMware Zimbra

'Secretbook' Lets You Encode Hidden Messages in Your Facebook Pics (Wired Danger Room) Facebook is a place where you can share pictures of fun things. Now you can encode those images with secret messages that can be concealed from Facebook and the government

5 Facebook Home Privacy Facts (CSO) Last week, Facebook released new software for Android phones called "Home." The software is a set of apps that you can download to put Facebook photos and messaging front and center on your mobile device

Intel doubles speed of Thunderbolt to 20Gbps (FierceCIO: TechWatch) Intel has doubled the speed of its Thunderbolt interface, which was introduced in 2011, to 20Gbps

HP launches Moonshot 1500 with Intel Atom server cartridges (FierceCIO: TechWatch) HP (NYSE: HPQ) on Monday took the wraps off the ultra-low-power HP Moonshot 1500 server enclosure. Designed for hyperscale data centers, the 4.3U server enclosure can accommodate dozens of server cartridges that utilize significantly less energy than conventional servers, while also taking up less space

Google drops WebKit to create its own Blink browser engine (FierceCIO: TechWatch) Google has announced that it will be dropping the WebKit browser engine that the Chrome browser has been based on. Google engineers will instead work on a "fork," or copy, that will be developed as a separate project named "Blink"

Microsoft Dangles Windows 8, Office 2013 SMB Bundle (InformationWeek) One year from the end of Windows XP support, Microsoft offers SMBs 15% off if they upgrade to current versions of Windows and Office simultaneously

AV-Test issues first Windows 8 antivirus solution ratings (Network World) F-Secure, G Data, Bitdefender, Kaspersky, BullGuard and Trend Micro were all ranked with the top score of six regarding protection against brand new and widespread malware infections. Protection against 0-day attacks were up across the board, with the

Bitdefender releases Antivirus Free for Android (Android Community) If you are looking to keep your Android device free of malware and hoping to do so without spending any money, you now have another option to consider. The folks at Bitdefender have recently announced Antivirus Free for Android. The app is available by

LANDesk Acquires VMware Protect Product Family (Dark Reading) Addition of what LANDesk is now calling the Shavlik Protect portfolio expands LANDesk's user-oriented IT management market presence

Mocana Extends Lead In Enterprise Mobile App Security (Dark Reading) Mocana MAP 2.4.2 includes a raft of new app security automation policies, bug fixes, and performance enhancements

SunGard Availability Services Introduces Managed Vaulting For NetApp, Delivering End-To-End Data Protection (Dark Reading) Managed Vaulting for NetApp is delivered as a fully managed, online backup service

Technologies, Techniques, and Standards

How simulated attacks improve security awareness training (Net-Security) Wombat released a new report that discusses how simulated phishing attacks can be an effective security awareness and training tactic to help companies educate employees how to avoid growing cyber security threats. This report gathers and analyzes the front line observations of security leaders from the major vertical sectors -- such as finance, manufacturing, health, and entertainment - who have used a relatively new approach to user awareness: simulated attack training

Comment: Why Hire a Hacker? (InfoSecurity) Some organizations employ hackers to prevent criminals from hijacking their systems. But many are still afraid to hire a hacker and are not sure what 'type' of hacker they should recruit. AlienVault's Dominique Karg looks at what kind of hacker an organization should employ and what their knowledge can offer in terms of increased security

The state of cloud encryption: From fiction to actionable reality (CIO) This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach. The risks of data privacy, residency, security and regulatory compliance remain significant barriers to cloud adoption for many enterprises. While encryption seems like an obvious solution, historically the technology produced usability issues for cloud applications

Companies should ban Facebook Home, experts say (CSO) Social network's new overlay for Android smartphones 'would be the first thing I would block on my network,' said one security adviser. Facebook Home, the new app that replaces the home screen on an Android smartphone, should be banned from corporate networks to avoid unnecessary security risks, experts say. Facebook introduced Home on Thursday aiming to give its 1 billion users the option of always staying connected with friends and family through their Android phones. The app, set for release next week, sits on top of the operating system and becomes the phone's user interface. The UI is heavily focused on making it easy to interact with other Facebok users. While that may be great for the social network's avid fans, the app's dominance is a nightmare for corporations that have a bring-your-own-device (BYOD) policy for employees…The first problem is the unknown. Because security professionals outside of Facebook have not tested the app, no one knows whether it contains vulnerabilities that a hacker could use to install malware

Father of SSH working on new version of crypto standard (CSO) The Secure Shell (SSH) cryptographic network protocol that's supported in software for server authentication and machine-to-machine communications is headed for a significant update. "There will be a new version of SSH," says Tatu Ylonen, CEO of SSH Communications Security, pointing to the IETF draft document that's recently been made available for public review. Co-authored with others, including NIST computer scientist Murugiah Souppaya, this third version of SSH has a focus on key management and could be set by early next year

A Guide to Negotiating and Assuring Cloud Services (Continuity Central) How can an organization safely adopt cloud services to gain the benefits they provide? The easy availability of cloud services has sometimes led to line of business managers bypassing the normal procurement processes to obtain cloud services directly without any consideration of the governance and risks involved. There is a confusing jungle of advice on the risks of cloud computing and how to manage these risks. This guide provides the top tips to negotiating and assuring cloud services

Marketplace

Advanced Capabilities Required for Future Navy Warfighting (SIGNAL) The U.S. Navy must develop a broad range of advanced technologies and capabilities to counter a growing threat to its information dominance. By the year 2028, adversaries could prevent the Navy from carrying out it mission unless the sea service incorporates major intergrated technology advances

Security Job Market Rocking, But Pressures Rise (Dark Reading) At the RSA Conference in February, Department of Homeland Security deputy undersecretary for cybersecurity Mark Weatherford stressed the need to develop more cybersecurity talent in the U. S. Good IT security professionals are in high demand, he told attendees. "What's the unemployment rate for a good cybersecurity person? Zero," Weatherford said, adding that government agencies and the private sector were stealing the best people from each other

Proofpoint Makes Acquisition, Taps Into SMB Aecurity (Dark Reading) Proofpoint Essentials is a suite of SaaS security and compliance solutions specifically designed for distribution across MSPs and dedicated security resellers

Betstar Chooses Prolexic DDoS Mitigation Services (Sacramento Bee) Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, announced today that Betstar (Betstar.com.au), a popular online betting site located in Australia, has engaged Prolexic to provide DDoS protection and mitigation services. Betstar offers Internet betting on Australian and international sports and racing

Malcovery Security and Internet Identity (IID) Announce Cyber Forensic Big Data Collaboration and Strategic Reseller Partnership (San Francisco Chronicle) Companies focus on bringing first and only combined 'take down' and intelligence solutions for phishing

IP protection startup Inquisitive Systems gets 500,000 pounds to battle APTs (CSO) ZoneFox offers realtime IP monitoring. Promising Scottish security startup Inquisitive Systems has been handed APS500,000 ($750,000) by angel investors to boost development of its innovative ZoneFox system designed to protect firms from the threat of having sensitive IP assets stolen by hackers. Spun out in 2010 from Edinburgh's Napier University

VMware Opening New Public Sector Office (ExecutiveBiz) VMware is opening a new public sector office in Reston, Va. this week to accommodate more employees and provide a briefing center for current and potential clients

How the Apple Confrontation Divides China (The Atlantic) Not everyone in China is proud of the way their government handled a recent fight with the tech giant

Project Moonshot: Can New Server Line Revive HP? (InformationWeek) HP says its Moonshot servers are a major advance, comparable to the transition from UNIX servers to x86. But will they be enough

Research and Development

Advancing secure communications: A better single-photon emitter for quantum cryptography (Eureka! Science News) For quantum cryptography to work, it's necessary to encode the message -- which could be a bank password or a piece of military intelligence, for example -- just one photon at a time. That way, the sender and the recipient will know whether anyone has

Security Patches, Mitigations, and Software Updates

Adobe Security Bulletins Posted (Adobe.com) Today, we released the following Security Bulletins: APSB13-10 – Security update: Security Hotfix available for ColdFusion, APSB13-11 – Security updates available for Adobe Flash Player, APSB13-12 – Security update available for Adobe Shockwave Player

HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of Information (HP Support) Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC Standard and Enterprise Editions), HP Intelligent Management Center for Automated Network Manager (ANM), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM). The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS), remote code execution, and remote disclosure of information…HP has provided the following software updates to resolve these vulnerabilities here

Microsoft's Patch Tuesday Load for April 2013 (CSO) Microsoft releases nine security updates -- two for critical flaws in Internet Explorer and Remote Desktop Client

Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates (Threatpost) UPDATE - In an unexpected turn, Microsoft's monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago

Patch Tuesday leaves Internet Explorer zero day untouched (CSO) There are only two Critical security bulletins this month, but a recently discovered Internet Explorer zero day remains vulnerable

Cyber Attacks, Threats, and Vulnerabilities

Israel Says Mass Cyber Attack Ongoing, Damage Negligible (Security Week) A mass cyber attack by hacker groups targeting Israel which began Saturday continued on Monday, but the damage was negligible, the Shin Bet domestic security agency said."As of noon on Monday, the state of alert continues and the efforts and activity to prevent the cyber attacks that began on Saturday night are ongoing," the agency said in a statement. It said the Shin Bet and other agencies responsible for cyber security had "managed to locate and prevent attacks aimed at harming many websites and ISPs serving civilians

Israeli takes over OpIsrael hacktivist website (Jerusalem Post) Anti-Israel hackers succeeded in temporarily bringing down the website of the Prime Ministers Office and of the Likud Party, the Avnet Information Security and Risk Management company said Tuesday morning. The [Prime Ministers Office] site is suffering from an attack on its connection between the database and the web server, Avnets Roni Becher said. At this stage, we dont know how the attack was carried out exactly, and what can be done to defend against it

Al-Mayadeen: Syrian Electronic Army SEA joins the electronic attacks on Israel (Islamic Invitation Turkey) Al-Mayadeen: Syrian Electronic Army SEA joins the electronic attacks on Israel

DPRK behind cyber attack on ROK: Yonhap (China Daily) The Republic of Korea's government on Wednesday made a formal confirmation that the Democratic People's Republic of Korea (DPRK) was behind the March 20 cyber attack that paralyzed computer networks at banks and broadcasters

Probe says North Korea behind cyber attack: Seoul (AFP) An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined North Korea's military intelligence agency was responsible, officials said on Wednesday. The probe into access records and the

'Significant holes' in Justice Ministry website (Radionz) The Labour Party says a second person has come forward alerting it to what it calls significant holes in the Ministry of Justice's website. The ministry shut down parts of the website on Tuesday after Labour MP Clare Curran said she was approached by a whistleblower who had accessed ministry passwords and databases through a search engine on the site. Ms Curran, the party's information technology spokesperson, said the information provided included a password to an online payment system and she informed the Justice Ministry and its minister, Judith Collins

Linkless Italian phishers quote Shakespeare in an attempt to defeat security products (Naked Security) O, frailty, thy name is insecure pet supply website operators... Spammers think quoting Hamlet is a way to help them steal usernames and passwords - but they're wrong

Malware-flingers target gullible corporate bods with office printer spam (The Register) Sneaky cybercrooks are disguising links to malicious sites in spam emails posing as messages from Hewlett-Packard ScanJet printers. The attack takes advantage of the fact corporate users often receive emailed messages from scanners and multi-function printers located in their own offices, which contain attachments of the scan that the device has just completed. In this case the scam messages contain links to a site hosting malware

Facebookers Targeted with Fresh Phishing Technique (SPAMfighter News) Trend Micro warns that cyber-criminals, by executing one fresh phishing e-mail campaign, are attacking members of Facebook. According to it (Trend Micro)

Spam botnet-for-hire used to deliver Android malware (CSO) Development marks a new post-startup phase in the Android malware business, on par with that of malicious tech targeting Windows. The world's largest spam botnet has recently been found sending bogus email with links to the Stels Android Trojan, an indication that the malware business on mobile devices is leaving startup mode

Trends In Mobile Device Threats (Dark Reading) Mobile attack vectors are becoming lucrative for the bad guys. Is your enterprise ready to stop them? Attacks on enterprise networks have gotten more sophisticated as attackers seemingly target every new technology as soon as it becomes available. The rapid adaptation comes for many reasons, but a primary one is that security professionals have become adept at protecting their network perimeters with next-generation firewalls and intrusion-prevention systems. These perimeter protections leave attackers with a smaller attack surface, forcing them to look for new avenues

Trusted Kernel Exploit Used to Unlock Motorola Android Devices (Threatpost) A researcher looking for a way to jailbreak locked down Motorola Android devices found a loophole in hardware-embedded security system to do just that

Midwest BankCentre warns customers of security breach (STL Today) Midwest BankCentre has learned of a security breach affecting some customers' personal information late Monday afternoon, the bank announced on its website. The bank immediately told the Secret Service, which is investigating. The bank reports it has no evidence its security system was breached, but it has asked a forensic firm to investigate the source of the breach, including all of the bank's vendors

Ubisoft takes download service offline after breach (CSO) The company said no personal information was compromised in the attack. Ubisoft Entertainment said Wednesday it took its Uplay download service offline until it fixes an issue that reportedly allowed hackers to download games, including one yet to be released

Kirkwood Community College website suffers security breach (E Hacking News) Kirkwood community college on Monday announced that cyber criminals has breached the college website(kirkwood. edu) and accessed personal data of students who applied to take credit classes in the last 8 years. The college said sophisticated hackers originated from an international IP address accessed the website on March 13,2013 and gained access to archived application information from Feb 2005 until March 13, 2013

Vudu video service resets customer passwords after hard drives theft (CSO) Vudu said credit card information was not saved in full on the drives. Walmart's video service Vudu has reset its customers' passwords after it found that hard drives were among items stolen from its office

ING says latest internet banking problems due to its own measures (Dutch News) Problems with internet banking experienced by ING clients on Tuesday morning have now been solved, the finanacial services group said in the early afternoon. Customers were unable to make internet payments for some 90 minutes because of 'measures the bank is taking to prevent breakdowns', news agency ANP reported. ING online services were disrupted at least twice last week, on Friday because of a cyber attack.'After the incidents of last week, measures are being implemented to prevent disruption to services in the future,' the bank said

Top Banks Offer New DDoS Details - Citi, Chase Among Banks Reporting Attacks in SEC Filings (Bank Information Security) Increasingly, U.S. banking institutions are reluctant to acknowledge - much less discuss - the ongoing distributed-denial-of-service attacks against their online services. Perhaps that's because they're concerned that consumers will panic or that revealing too much about the attacks could give hacktivists information they could use to enhance their DDoS abilities. But in recent regulatory statements, the nation's largest banks are candid about DDoS attacks and their impact

Slide Show: 8 Egregious Examples Of Insider Threats (Dark Reading) Unlike large customer information data breach cases that are publicly announced due to disclosure laws, many of the most intriguing insider theft, sabotage, and fraud cases never see the light of public scrutiny because companies would rather not air their dirty laundry if they don't have to. But these cases can offer valuable lessons on how insiders can be a threat in future situations. That is why the folks at the CERT Insider Theft Center work with private sector firms and law enforcement authorities to discretely study insider cases for the benefit of the industry. Since 2001, CERT has studied more than 800 cases

Academia

Holden student joins Cyber Corps (The Landmark) Norwich University officially entered the National Science Foundation's Cyber Corps on Feb. 6 with the presentation of a certificate of participation to the university. The distinction identifies Norwich as a center of excellence in computer information assurance education, and qualifies the Vermont college to receive scholarship money in a NSF program called Scholarship for Service

Litigation, Investigation, and Enforcement

Kim Dotcom and More Than 80 Others Illegally Spied on in New Zealand (TorrentFreak) Between December 2011 and January 2012 the spies of New Zealands GCSB monitored Megaupload founder Kim Dotcom and his associate Bram van der Kolk. Since both have New Zealand residency that surveillance was illegal and in February the High Court gave Dotcom permission to sue the government for damages over the affair. But when you open up a can of worms some tend to crawl out and today there have been yet more revelations

Why Bitcoin 'millionaires' could accidentally become tax felons (Quartz) If you're an American who bought bitcoins at around $80 less than a month ago and sold them today for around $237, congratulations! You may be on your way to accidentally committing tax fraud. That's because you'll run afoul of authorities if you don't report what you made on bitcoin as capital gains, the same way you report gains made on most assets sold at a profit, argues Karl Denninger, who is sometimes credited as one of the founders of the Tea Party movement

CIA claims no electronic data mining thanks to legal loophole (RT) It appears that the Central Intelligence Agency has been taking advantage of a legal loophole to avoid submitting reports on cyber surveillance, based on a 2007 definition of "data mining" established during the last Bush administration

LulzSec hackers plead guilty, admit attacks on CIA, SOCA, Sony and others (Naked Security) Southwark Crown Court in London has heard that three members of the LulzSec hacking gang have chosen to plead guilty to charges that they launched distributed denial of service (DDoS) attacks against a series of organisations including the CIA and the UK's Serious Organised Crime Agency

High Technology Crime Investigation Association Announces Partnership With U.S. Department of Homeland Security Stop.Think.Connect. Campaign (MarketWatch) The High Technology Crime Investigation Association (HTCIA) announced today that it has joined the U.S. Department of Homeland Security (DHS) Stop.Think.Connect. Campaign's National Network, forming a partnership that will promote cyber security awareness to industry, university, and government organizations nationwide

Google Seeks Allies Against Patent Trolls (InformationWeek) Along with BlackBerry, EarthLink and Red Hat, Google is urging the Federal Trade Commission to limit "privateering"

Design and Innovation

UK to host global cybersecurity centre (Net-Security) Foreign Secretary, William Hague, has announced plans to open the Global Centre for Cyber Security and Capacity Building at the University of Oxford something that he refers to as a beacon of expertise. The government will invest 1m into the centre over the next two years, with the objective of helping countries around the world to develop the required technologies, skills and strategies to deal with evolving online threats

The CyberWire Daily Briefing for 4.10.2013