The CyberWire Daily Briefing 05.21.13

Cyber Trends

Governments should be nervous about Bitcoin, says Rushman (HedgeWeek) Professor Jon Rushman believes that in the long term cyber currencies like Bitcoin could see the end of central banks and foreign exchange and so it is understandable governments are nervous about it. The new virtual currency has become progressively

For cyber-terrorists: 'There's no firewall for stupidity' (KOMO News) The former head of security of Microsoft now consults foreign governments and Fortune 500 companies a with former Department of Homeland Security Secretary Tom Ridge on global cyber threats. "If you could actually look around the country and made a

Digital strongboxes won't solve whistleblower problem for journalists (CSO) Strongbox preserves anonymity at the price of authenticity. Following the news last week that the Department of Justice had secretly obtained records of phone calls made by the Associated Press in an attempt to find an information leak, the New Yorker magazine launched an online scheme to receive sensitive documents and preserve the identity of their sources. The service, called Strongbox, is based on a project developed by Kevin Poulsen, a Black Hat hacker turned magazine editor, and Aaron Swartz, who took his own life in January after an aggressive prosecution of his digital activities by the DOJ

Behind the scenes: Privacy and data-mining (SC Magazine) Every contemporary consumer knows it: There's a fine balance between the convenience that comes with seamless online access and the privacy one can expect to retain in a networked world

Over 45% of IT pros snitch on their colleagues (Help Net Security) Forty five percent of IT workers admit they would snitch you up to the boss if you decide to break corporate rules or access company information that you shouldn't on the network or Internet

Legislation, Policy and Regulation

[New Zealand] Govt asks industry for help to stem security breaches (CSO) Privacy and security breaches lead Department of Internal Affairs to set up special-purpose security panel. IT security firms have been asked to put themselves up for membership of a special-purpose panel to provide security services across all of government

U.S. Congress has questions about Google Glass and privacy (Help Net Security) Members of the U.S. Congress' Bi-Partisan Privacy Caucus have sent an open letter to Google CEO Larry Page, questioning the company's privacy consideration when it comes to Google Glass

Digital Government Strategy: The final countdown (FierceGovernmentIT) Thursday, May 23 marks the one-year anniversary of the Obama administration's unveiling of the Digital Government Strategy, and with that milestone comes an array of deliverables that are due under the strategy

Economic espionage threatens openness in science and technology (FierceGovernment) Efforts to protect scientific and technological advancements from espionage should focus on defining the line between basic research and the development of applied technology, a member of the U.S.-China Economic and Security Review Commission told a House panel May 16

US government seeks input on cybersecurity in wake of Obama's Executive Order (Infosecurity Magazine) Meanwhile, the US House of Representatives is reintroducing the Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House during the last Congress but failed to gain traction in the Senate…In accordance with Section 8(e) of

Avoiding Delays in Sharing Threat Data (BankInfoSecurity) The House passed the Cyber Intelligence Sharing and Protection Act earlier this spring, and there's chatter that the Senate Intelligence Committee will draft its own version of that bill [see House Handily Passes CISPA]. President Obama, in an

Forthcoming House Bill Expected to Codify Role of DHS in Combating Cyberthreats (Bloomberg BNA) Significant progress has been made on a forthcoming House bill to address the Department of Homeland Security's role in helping U.S. companies combat cyberthreats, Rep. Patrick Meehan (R-Pa.), one of the drafters, told BNA May 16

'Going dark' remedy could boomerang to undermine national security (FierceHomelandSecurity) A federal attempt to ensure that Internet communications and services can be wiretapped could undermine national security by making the U.S. government's own communications less secure and by causing hardened communication tools to proliferate among a receptive audience that includes bad guys, says a May 17 paper from privacy advocates and cybersecurity researchers

Cyberattacks call for legislation and open debate (Washington Post) The shadowy world of cybercrime was exposed in the recent federal indictment of eight men accused of manipulating computer networks and ATMs to steal $45 million over seven months. The heist combined sophisticated hacking with street-level hustle. In New York City alone, thieves struck 2,904 cash machines over 10 hours on a single day in February

Products, Services, and Solutions

Sourcefire 'Radar For Malware' Goes Beyond Point-In-Time (IT Trends & Analysis) Previously available in the company's FireAmp malware analysis and protection offering, customers were asking for a network version of file trajectory

Bit9, FireEye, Palo Alto Networks team to hit zero-day malware (Network World) Network World - Bit9 has teamed with FireEye and Palo Alto Networks, which each have sandboxing technologies, in order to share information related to zero-day attack code. FireEye and Palo Alto Networks, with its next-generation firewall, each have

Top two-factor authentication tools (CSO) Relying on a simple user ID and password is fraught with peril. That's where two-factor authentication services come into play. We tested 8 two-factor schemes that use soft tokens, which could mean using a smartphone app, SMS text message, or telephony to provide the extra authentication step. The vendors are: Celestix, Microsoft, RSA, SafeNet, SecureAuth, Symantec, TextPower, and Vasco

SAP unveils mobile enterprise apps with consumer feel (FierceMobileIT) Enterprise software giant SAP has unveiled consumer-style apps for the mobile enterprise under the Fiori name. Fiori is a collection of apps that offer a consumer type of user experience for SAP enterprise software for tablets and smartphones, as well as PCs

Mozilla delays plan to block third-party cookies on Firefox browser (Fierce CMO) Mozilla announced it is putting controversial plans to block some third-party cookies by default on its Firefox browser on hold. Instead, the company is giving users the ability to activate the function by choice

Protecting Industrial Control Systems from Electronic Threats (Momentum Press) Aimed at both the novice and expert in IT security and industrial control systems (ICS), this book will help readers gain a better understanding of protecting ICSs from electronic threats. Cyber security is getting much more attention and "SCADA security" (Supervisory Control and Data Acquisition) is a particularly important part of this field, as are Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Intelligent Electronic Devices (IEDs), and all the other, field controllers, sensors, drives, and emission controls that make up the "intelligence" of modern industrial buildings and facilities

EventTracker Unveils Enterprise v7.4 (Virtual Strategy) EventTracker, a leading provider of comprehensive SIEM solutions today announced the general availability of EventTracker Enterprise v7.4 security information and event management (SIEM) solution. This latest release incorporates new collaboration features such as an Electronic Logbook that records incidents, reports, and changes with valuable context, as well as the ability to flag interesting incidents, reports, configuration assessment or change audits that enable IT teams to escalate efficiently

Technologies, Techniques, and Standards

Even SMBs Should Look To Log Management For Security (Dark Reading) A firewall, patch procedure, anti-malware and, possibly, an IDS are a good start. But to detect breaches, small and medium businesses should focus on logging activity and looking out for suspicious behavior

ACMA database keeps finger on Australia's malware pulse (CSO) Australian ISPs and universities are sending more than 10,000 emails a day to warn customers their systems appear to be infected by malware - but as few as one in five is ever read by its recipient, statistics from the Australian Communications and Media Authority's (ACMA's) Australian Internet Security Initiative (AISI) show

Strategies For Improving Web Application Security (Dark Reading) Web applications are the most frequent targets for online hackers -- partly because they are your enterprise's most visible points of entry and partly because they are notoriously fraught with vulnerabilities. At the same time, most enterprises must maintain a Web presence in order to do business, so there's little choice about facing the risk.Being proactive about Web application security should be a top IT priority: When a Web application is taken out, money is lost

Individuals can be identified despite IP address sharing, BT says (Out-law) The internet service provider (ISP) has announced that it is currently piloting technology called Carrier-Grade Network Address Translation (CGNAT) that will see as many as nine different customers share the same IP address.BT said it is trialling CGNAT in a bid to make the most efficient use of existing "IPv4 internet address", which are currently "running out", before new "IPv6 addresses become widely adopted". Doing so will enable fixed-line internet customers to stay connected, it said

How Password Strength Meters Can Improve Security (InformationWeek) Color-coded password-strength meters nudge users to improve the strength of their important passwords, but have little effect on unimportant ones

Why don't risk management programs work? (CSO) When the moderator of a panel discussion at the recent RSA conference asked the audience how many thought their risk management programs were successful, only a handful raised their hands. So Network World Editor in Chief John Dix asked two of the experts on that panel to hash out in an email exchange why these programs don't tend to work

Marketplace

The imperative for device management is key to the DOD's mobility plan (Defense Systems) In the wake of a scathing internal Defense Department review of the Armys commercial mobile device use, pressure is mounting on the Defense Information Systems Agency to find solid footing for mobile device management that will allow military personnel secure access to defense applications and data over government-issued devices

Common Ground: The U.S. Army's Col. Charles Wells on Integrating Intel (DefenseNews) Col. Charles Wells is the program manager for the Army's Distributed Common Ground System, the service's effort to integrate all streams of intelligence. There has been controversy in the past, driven by a link-analysis software company, Palantir, which was reportedly favored by some Army units. Capitol Hill even weighed in on Palantir's behalf

Let the NDAA fight begin - Deprogramming the reprogramming request (Politico) Sexual assault, BRAC and sequestration are set to dominate the discussion as the House Armed Services Committee this week kicks off its annual defense authorization bill process. On Wednesday, the subcommittees on strategic forces, intelligence, seapower and personnel are scheduled to hold their markups. On Thursday, the subcommittees on readiness and tactical air and land forces are scheduled to hold theirs…Cybersecurity: Texas Rep. Mac Thornberry, the leader of the emerging threats panel that oversees much of the committee's cyber work, specifically said his focus early would be money and manpower. Thornberry explained the "main issues are going to revolve around funding," particularly as U.S. Cyber Command under Gen. Keith Alexander works to recruit new offensive and defensive cyber teams

Commerce CISO: Cybersecurity is about more than technology (FierceGovIT) With the goal of building a cadre of highly-skilled cyber security experts, the Commerce Department tripled role-based training completion in three years and implemented an award-winning personally-identifiable information training program department wide

DHS cyber has problems with hiring, not retention, says Stempfley (FierceGovIT) The Homeland Security Department doesn't have a cybersecurity personnel turnover problem so much as a hiring problem, said Roberta Stempfley, acting assistant secretary of the office of cybersecurity and communications, during a May 16 House hearing

Cassidian wins UK Parliament security contract (CBR) As per the deal, Cassidian will provide ICT services for an initial period of three years. EAD's security and defense unit Cassidian has secured a contract from the British Parliament to provide ICT (information communication technology) security services to protect the ICT environment from cyber attack

3 Things Tumblr Brings Yahoo (InformationWeek) Yahoo is making a billion-dollar play for Tumblr -- and for increased relevancy

VMware Hybrid Cloud Plans: Time For Amazon Answer (InformationWeek) VMware doesn't like the degree to which customers and partners have been implementing cloud using its products. Will it compete with Amazon

Reuters: Clearwire minority shareholders to reject Sprint takeover offer (FierceMobileIT) Clearwire's (NASDAQ: CLWR) minority shareholders are expected to reject a buyout offer from majority shareholder Sprint (NYSE: S), according to analysts consulted by Reuters

Could Silver Lake walk away from Dell deal? (FierceFinance) Most in the industry believe that the dismal state of Dell's earnings strengthens Michael Dell's hand when it comes to the leveraged buyout offer he and Silver Lake have on the table. The deal for $13.65 looks richer and richer as the company's operating prospects tumble

Dell Kills Project To Build Out Public Cloud, Sends Layoff Notices (TechCrunch) Dell has decided not to build out its public cloud and will instead rely on partners such as Joyent to provide infrastructure services. A source close to the matter said layoff notices at the company went out on Friday. The group had more than 300 people in it. It is not known who was laid off or offered other jobs in the company. A spokesperson said Dell would not comment about personnel issues

Websense Signs Definitive Agreement To Be Acquired By Vista Equity Partners (Dark Reading) Websense, Inc. (NASDAQ: WBSN) a global leader in protecting organizations from the latest cyber-attacks and data theft, today announced that it has entered into a definitive agreement to be acquired by Vista Equity Partners ("Vista"), a leading private equity firm focused on investments in software, data and technology-enabled businesses

Bloomberg hires former IBM chief Palmisiano to conduct data privacy probe (Finextra) The review follows revelations last week that Bloomberg journalists had snooped on clients by monitoring page views and log-ins by traders using its desktop data terminals.In a statement, Bloomberg says that Palmisano will immediately probe the company's current practices and policies for client data and end user information, including a review of access issues. He will be assisted by the law firm Hogan Lovells and consulting practice Promontory Financial Group in his investigation

Cyber Attacks, Threats, and Vulnerabilities

Pakistan Organisations Targeted By Massive Indian Cyber Operation (TechWeekEurope UK) A large, lengthy cyber attack allegedly carried out from within India has been uncovered, with most of the targets of the espionage operation based in Pakistan, where government bodies have been hit. Investigations into the attack infrastructure were

Peculiar malware trail raises questions about security firm in India (CSO) Security firm Norman, investigating cyber-espionage-related to a Norwegian telecom company, the Pakastani government and others, says a lot of its findings lead to the word

Attack on Telenor was part of large cyberespionage operation with Indian origins, report says (CSO) Security researchers uncovered an active large-scale cyberespionage operation of Indian origin that started several years ago. A recent intrusion on the computer network of Norwegian telecommunications company Telenor was the result of a large cyberespionage operation of Indian origin that for the past few years has targeted business, government and political organizations from different countries, according to researchers from security firm Norman Shark

Large cyber espionage emanating from India (Help Net Security) Norman Shark uncovered a large and sophisticated cyber-attack infrastructure that appears to have originated from India. The attacks, conducted by private threat actors over a period of three years and still ongoing, showed no evidence of state-sponsorship but the primary purpose of the global command-and-control network appears to be intelligence gathering from a combination of national security targets and private sector companies

Don't Fear the Hangover - Network Detection of Hangover Malware Samples (RSA FirstWatch) Today, Norman and Shadowserver released a paper that revealed a large attack infrastructure in which they detailed an ongoing campaign, running as far back as September 2010. This campaign, reportedly run out of India, used spear-phishing attacks and multiple strains of malware to breach targets of interest and extract data

Cyber espionage campaign uses professionally-made malware (Help Net Security) Trend Micro researchers have discovered a new, massive cyber espionage campaign that has been hitting as many as 71 victims each day, including government ministries, technology companies, academic research institutions, nongovernmental organizations and media outlets

Securo-boffins uncover new GLOBAL cyber-espionage operation (The Register) Government ministries, technology firms, media outlets, academic research institutions and non-governmental organisations have all fallen victim to an ongoing cyberespionage operation with tendrils all over the world, according to researchers. Infosec researchers have uncovered SafeNet in as many as 100 countries. SafeNet targets potential marks using spear-phishing emails featuring a malicious attachment that exploits a Microsoft Office vulnerability that was patched last year

Targeted Espionage Attack Borrowing from Cybercriminals (Threatpost) The Safe cyberespionage campaign includes elements of malware and coding from a professional cybercrime software development team

Safe - Tools, Tactics and Techniques (Internet Storm Center) Trend Micro published a report last week on a spear-phishing emails campaign that contain a malicious attachment exploiting a Microsoft Office vulnerability (CVE-2012-0158). This paper identified specific targets: Government ministries, Technology companies, Media outlets, Academic research institutions, Nongovernmental organizations

Ronald Deibert: Waging the cyber war in Syria (National Post) Another day, another hacker exploit. Only this time the perpetrator was not Anonymous or LulzSec or any of their hacker sympathizers

Facebook and 8 Twitter Accounts of The Telegraph News Hacked by Syrian Electronic Army (HackRead) Once again the world renowned Syrian Electronic Army has successfully target yet another media group, this time the official Facebook and 8 Twitter accounts of UK based The Telegraph News have been hacked

Syrian Electronic Army hacks FT site and Twitter feeds (ITProPortal) The Financial Times is the latest publication to fall victim to hackers who align themselves with the regime of Syrian President Bashar-al-Assad. "Various FT blogs and social media accounts have been compromised by hackers and we are working to resolve the issue as quickly as possible," the @FTPressOffice Twitter account said

Anonymous 'gold bugs' to hack oil, national sites (Times Of Israel) Hacker group Anonymous has been pretty tight-lipped about its political beliefs with operations in the organizations name conducted against Western democracies, authoritarian countries like China, and Muslim countries like Egypt, Syria, and Iran. And, of course, Israel.But one thing has become clear in the lead-up to its next major hacking attack: Anonymous members are gold bugs, people who believe that the yellow metal is the proper method for the exchange of goods and services and advocate

Saudi Arabia's government websites hacked (CBR) Interior ministry website was also brought down for an hour. Several KSA government websites have faced 'coordinated and simultaneous' cyber attacks, from the overseas in recent days

Bangladesh Air Force Career website's database hacked by @1923Turkz (E Hacking News) A hacker has managed to gain access to the database server of the official career website of Bangladesh Air Force and leaked the accounts' login credentials. "Joinbangladeshairforce.mil.bd", serves as a portal for applying for Air Force, is reportedly breached by the hacker using the online name @1923Turkz. The SQL injection vulnerability in the website gave him the opportunity to break in.The database breach was announced in his twitter account along with the link to the accounts leak

Chinese hackers resume attacks on U.S. targets (CSO) Shame campaign by Obama administration fails to deter cyber bandits. For the last three months or so, the U.S. government and some of its defense contractors have engaged in a war of shame on China to pressure it to cool its cyber-attacks on U.S. targets. The campaign appeared to be yielding results, but it seems that Chinese hackers were only catching their breath. The notorious Unit 61398, also known as the "Comment Crew,"--an elite cyber unit linked by U.S. security firms to the China's People's Liberation Army (PLA)--has renewed its raids on U.S. entities using different techniques, the New York Times reported Sunday

Chinese Hackers Gained Access To U.S. Data Via Google (Washington Post) Chinese hackers who breached Google's servers several years ago gained access to a sensitive database with years' worth of information about U.S. surveillance targets, according to current and former government officials

Attacks from China: A survival guide (CSO) Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat

Opinion varies on action against Chinese cyberattacks (CSO) New cyberespionage attack by People's Liberation Army prompts calls for action such as sanctions, but experts are mixed on best response. Security experts agree that the U.S. government should take stronger action against Chinese cyberattacks, but exactly what those measures should be varies widely. The issue of cyberespionage on the part of China made headlines once again on Sunday, with The New York Times reporting that a cyberunit of China's People's Liberation Army resumed stealing data from U.S. companies and government agencies after a three-month hiatus

Island Nation's Web Domain Now Paradise for Spammers (TechNewsWorld) Security professionals were blindsided by this development -- a new domain that's become a haven for spammers. PW used to belong to Palau, a tiny island country in the Pacific Ocean. Now it's owned by someone else who's been selling it at discount prices. Antispam vendors are now working to update their filters, and the original registrar is assisting in their efforts

Jumcar. From Peru with a focus on Latin America (SecureList) "Jumcar" is the name we have given to a family of malicious code developed in Latin America - particularly in Peru - and which, according to our research, has been deploying attack maneuvers since March 2012

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach (Naked Security) The call has gone out to Yahoo Japan's 200 million users to change their passwords, after the company warned that it suspected hackers had managed to access a file containing 22 million user IDs

CNN Hacked (eSecurity Planet) Hacker Reckz0r leaked nine admin user names and encrypted passwords, and claims to have published four fake articles on the site

Remote Code Injection Vulnerabilities Discovered in iOS Apps (Threatpost) Multiple vulnerabilities have been discovered in both File Lite and File Pro, two file management applications created by Perception Systems for iOS, currently available on Apple's App Store

CVs and sensitive info soliciting email campaign impersonates NATO (Webroot) Want to join the North Atlantic Treaty Organization (NATO)? You may want to skip the CVs/personally identifiable information soliciting campaign that I'm about to profile in this post, as you'd be involuntarily sharing your information with what looks like an intelligence gathering operation

Form-grabbing rootkit sold on underground forums (Help Net Security) There seemingly no end to the automated tools that aspiring cyber crooks can buy on underground forums. The latest of these discovered by Webroot's Dancho Danchev is "Private Grabber", a commercial

Think your Skype messages get end-to-end encryption? Think again (Ars Technica) If you think the private messages you send over Skype are protected by end-to-end encryption, think again. The Microsoft-owned service regularly scans message contents for signs of fraud, and company managers may log the results indefinitely, Ars has confirmed. And this can only happen if Microsoft can convert the messages into human-readable form at will

Conversations with a Bulletproof Hoster (Krebs on Security) Criminal commerce on the Internet would mostly grind to a halt were it not for the protection offered by so-called "bulletproof hosting" providers - the online equivalent of offshore havens where shady dealings go ignored. Last month I had an opportunity to interview a provider of bulletproof services for one of the Web's most notorious cybercrime forums, and who appears to have been at least partly responsible for launching what's been called the largest cyber attack the Internet has ever seen

Legitimate online services enable DDoS-attacks-for-hire sites (IT World) A recent expose shines a light onto the strange world of "booter" or "stressor" web sites which offer DDoS-attacks-for-hire

Inside the "PlugX" malware with SophosLabs—a fascinating journey into a malware factory (Naked Security) Join SophosLabs Principal Researcher Gabor Szappanos (Szappi) as he takes you on a fascinating journey into the PlugX malware factory

Academia

Maryland professors weigh up cyber risks (Financial Times) Their research has received funding from the National Security Agency in the US and the Department of Homeland Security awarded the pair a $666,000 grant at the end of last year. According to Prof Gordon, this support stems from federal government

Litigation, Investigation, and Enforcement

U.S. Lawyer Booted From Russia for (Allegedly) Refusing to Serve as Kremlin Spy (Wired) There are at least two fail-safe ways to get yourself kicked out of Russia. One way is getting caught spying on Russia. The other way is being asked to spy for Russia and refuse

American engineer's death suicide or cyber-espionage? (CBS) The death of an American computer engineer, Shane Todd, in Singapore has created quite a stir. His parents contend he was murdered, but authorities say it was suicide. The mystery seems to have links to the dark world of cyber-spying and could possibly involve China. Rick and Mary Todd traveled from Montana to Singapore to prove that their son was actually the victim of a web of international cyber-espionage

Reporter Deemed "Co-Conspirator" in Leak Case (Secrecy News) In a startling expansion of the Obama Administration's war on leaks, a federal agent sought and received a warrant in 2010 to search the email account of Fox News correspondent James Rosen on grounds that there was probable cause the reporter had violated the Espionage Act by soliciting classified information from a State Department official

Feds Tracked Reporter's Movements, Personal E-Mail in Criminal Conspiracy Investigation (Wired) In an effort to unmask a leaker who fed a reporter classified information about North Korea, FBI investigators tracked the journalist's movements in and out of a government building, obtained copies of his phone records and personal e-mails

Obama administration mistakes journalism for espionage (Washington Post) The Obama administration has no business rummaging through journalists phone records, perusing their e-mails and tracking their movements in an attempt to keep them from gathering news. This heavy-handed business isnt chilling, its just plain cold.It also may well be unconstitutional. In my reading, the First Amendment prohibition against abridging the freedom ... of the press should rule out secretly obtaining two months worth of the personal and professional phone records of Associated Press

DAP complains to MCMC over blockade on its websites, videos, FB, social media networks (Malaysia Chronicle) DAP is lodging an official complaint to MCMC today on the Internet blockade to DAP sites, videos hosted on youtube.com, DAP's facebook accounts, DAP MP's blogs and news portals. On 2nd May 2013, MCMC released a statement reported in the mass media stating, "Preliminary investigations indicate no such restrictions by ISPs as alleged by certain quarters". This is in response to an earlier report by Malaysiakini to MCMC

Police arrest Anonymous suspects in Italy (CSO) Italian police arrested four suspected hackers Friday, accusing them of having taken control of the Italian branch of the Anonymous network. The alleged hackers, aged between 20 and 34, were placed under house arrest near the northern cities of Bologna, Turin and Venice, and in the southern town of Lecce

Design and Innovation

Jailed hacker designs device to thwart ATM card skimming (Help Net Security) A Romanian hacker that has been jailed for his involvement with a criminal gang that planted ATM skimmers and stole card information has designed a new device aimed at preventing the very same type of