The CyberWire Daily Briefing for 6.16.2014
More information appears on recently reported cyber intrusions into US power utility networks: the incursions appear to have been cyber reconnaissance, which is consistent with Department of Homeland Security claims that no damage was found in control systems. One of the hackers mentioned in dispatches is Wang Dong (former nom de guerre "Ugly Gorilla," currently going by "Say Goodbye to my youth") whom regular readers will recognize from US indictments of Chinese PLA officers. Among the utilities affected was that of Madison, New Jersey, a smallish town that manages its own piece of the grid, and therefore an attractive test target.
The World Cup continues to spawn more cyber crime than effective hacktivism, but big sponsors remain on alert. Fans in Brazil to watch the games are advised to be wary of local AC/DC device chargers.
The Australian mining trade press discusses the difficulty of balancing security and operational efficiency, an act all industries will find familiar.
In industry news, Target's new CISO will report to the CIO, and observers differ over whether that will prove an effective organization. The US State Department has turned to bonuses (although it refuses to call them such) in its efforts to lure cyber talent from industry.
NIST 800-53 Revision 5 is likely to place more emphasis on continuous monitoring, and enterprises consider doing the same in anticipation of the new US security standard. Also in the US, the FCC revises its own cyber defense guidance for industry; the FAA pushes avionics cyber security.
Notes.
Today's issue includes events affecting Australia, Bahamas, Belgium, Bolivia, Brazil, China, France, India, Indonesia, Israel, Malaysia, Netherlands, Romania, Russia, Taiwan, United Kingdom, United States, and and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
UglyGorilla Hack of U.S. Utility Exposes Cyberwar Threat (Bloomberg) Somewhere in China, a man typed his user name, "ghost," and password, "hijack," and proceeded to rifle the computers of a utility in the Northeastern U.S.
World Cup big brand sponsors braced for wave of cyber attacks (The Grocer) As The Grocer went to press, World Cup sponsors were bracing themselves for cyber attacks
Cyber criminals cash in on World Cup frenzy (Business Standard) Security solutions firm Kaspersky Lab advises football fans traveling to Brazil to use AC/DC chargers available locally carefully
Security Tips for Football World Cup Fans (Lumension) The FIFA World Cup has kicked off in Brazil, with fans travelling to the country from around the globe in the hope that their country's football team will make it to the grand final
Ransomware "Svpeng" strikes US, leaves Android devices unusable (SC Magazine) Earlier versions of Svpeng impacted mobile users in Russia, stealing card details from customers of major banks. A mobile trojan called "Svpeng," has now been updated to extort Android users in the U.S., researchers warn
Taiwan Hit With Micropayment Fraud via Android Malware (TrendLabs Security Intelligence Blog) In our 1Q Threat roundup report, we noted that the number of mobile malware and high-risk applications reached the two-million mark and is rapidly growing. In our monitoring of the mobile threat landscape, we have recently discovered an Android malware that is spreading fast in Taiwan
10 years since the first smartphone malware — to the day. (Eugene Kaspersky Nota Bene) On June 15, 2004, at precisely 19:17 Moscow time something happened that started a new era in computer security. We discovered the first malware created for smartphones
Scans Quantify Vulnerable OpenSSL Servers (Threatpost) Certain mitigating factors made the recent OpenSSL man-in-the-middle vulnerability a notch or two below Heartbleed in terms of criticality. With that in consideration, it's probably no surprise that patching levels for CVE-2014-0224 aren't as high out of the gate as they were for Heartbleed
Heartbleed & The Long Tail Of Vulnerabilities (Dark Reading) To this day there are still unpatched systems, still hackers scanning for vulnerable systems, and still cyber criminals using Heartbleed every day to break into companies
Biggest, baddest, boldest software backdoors of all time (IT World) These 12 historically insidious backdoors will have you wondering what's in your software — and who can control it
Origin not hacked, EA confirms false alarm (SlashGear) This afternoon there's been a false alarm announcement by a supposed hacker group suggesting they'd breached Origin, lifting thousands of emails and passwords. In fact the emails included in a leak come up in Google searches as far back as several years ago, meaning the list was likely harvested from several already-public lists. EA suggests that "there is no truth" to the idea that there was a hack
Bitcoin security guarantee shattered by anonymous miner with 51% network power (Ars Technica) For the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of the crypto currency's decentralized structure
Stolen USB Drive Exposes 33,702 Calif. Patients' Data (eSecurity Planet) Patients' names, genders, medical record numbers, birthdates and dates and times of service may have been exposed
Domino's Pizza Database Hacked, 650,000+ Customer Records Stolen (HackRead) A group of hackers going with the handle of Rex Mundi breached into the database of Domino's Pizza websites in France and Belgium and ending up with access to more than 592,000 records of French customers and 58,000 records of Belgians
French Hospital's Computer "Bug" Trashes a Fortune in Perfectly Good Drugs (IEEE Spectrum) Last week saw another wave of healthcare-related IT malfunctions, problems, and issues being reported. This time, we turn our focus to a controversy currently capturing the attention of the French press: the startling admission by administrators at the university hospital in Rennes that perfectly good drugs and other medical supplies are being trashed as a result of technical issues with its relatively new automated pharmacy system
Bulletin (SB14-167) Vulnerability Summary for the Week of June 9, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime (US-CERT) The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code, cause a denial of service, or conduct clickjacking attacks
Microsoft strips some Windows 7 users of IE11 patch privileges (ComputerWorld) Mandate similar to the one put in place for Windows 8.1 Update
Microsoft promises better privacy, updates service level pledge but there's a small catch (TechTimes) From now on, when you log on to Outlook.com, Office.com, Bing, MSN, OneDrive, or any of a dozen other Microsoft services, security and privacy are things you don't have to worry about. Or so Microsoft claims, according to a newly revised "Services Agreement" that's big on words like "privacy," "transparency" and "simplicity"
Cyber Trends
Why Reset the Net falls short in protecting you from surveillance (Phys.org) A year on from Edward Snowden's revelations around state sponsored mass surveillance programs, some of the major players in the online and technological world (including Google, Mozilla, Twitter and Reddit) have launched the Reset the Net campaign
Four tips to overcome the cyber threat to the mining industry (The Ferret) Organisations in the mining sector face a new and important challenge as they balance the drive for operational and environmental efficiency against the emerging risk of cyber attack
British firms 'not taking mobile security seriously', says Samsung (ComputerWorld via CSO) Lack of visibility of mobile losses and thefts, says research from the company
The privacy attitudes of 15,000 consumers from 15 countries (Help Net Security) Spanning 15 countries and 15,000 consumers, the the EMC Privacy Index reveals consumers hold viewpoints on privacy that vary widely by geography and the type of activity engaged in while online
Children prey to cyber-crime; majority of parents don't feel so (Indian Express) Negative online experience refers to experience someone posting private/intimate content without permission
Large-scale tests with self-driving cars to hit Dutch roads (IT World) The Netherlands wants to be a front-runner of self-driving cars in Europe
Marketplace
Target top security officer reporting to CIO seen as a mistake (CSO) Experts worry that the retailer's chief executive and board may not get a complete picture on the company's security, if the CISO does not report directly to them
China's Huawei trains Indonesian ICT students (Xinhua via GlobalPost) China-based telecommunications giant Huawei held a commencement ceremony for Indonesian information and communications technology (ICT) students on Friday, seeking to transfer ICT skills to the largest Southeast Asian country through its training program
ZTE to Support Telkom Indonesia in Java Backbone Network Upgrade (Wall Street Journal) ZTE Corporation ("ZTE") (H share stock code: 0763.HK / A share stock code: 000063.SZ), a publicly-listed global provider of telecommunications equipment, network solutions and mobile devices, is pleased to support Telkom Indonesia in Java backbone network upgrade to deliver a 10-fold capacity increase in most of the network and will enable a superior user experience to subscribers
Booz Allen Hamilton Sees Revenues Declining, but Hold On for the Ride (Wall Street Cheat Sheet) Booz Allen Hamilton Holding Corporation (NYSE:BAH) is an interesting company, and it makes a hefty profit. It provides management consulting, technology, and engineering services in the United States
Raytheon broadens tech offerings as market shifts (Washington Technology) Whether a threat is kinetic or cyber, or comes from a terrorist group or a rogue nation, Raytheon offers the technologies to provide the U.S. government and other nations with the technologies to alert them to the threat and enable them to take action to neutralize the threat
Raytheon: 6 Different Insiders Have Sold Shares During The Last 30 Days (Seeking Alpha) Summary: 6 insiders sold Raytheon stock within one month. The stock was not purchased by any insiders in the month of intensive selling. 3 of these 6 insiders decreased their holdings by more than 10%
An Extra 14 Percent Keeps Cyber Pros at State — Just Don't Call It a Bonus (Nextgov) It's hard to lure hacker fighters from the lucrative private sector to the government, but once they join the State Department, they typically stay, a top department cyber official says. Dangling cash incentives helps
Industry Veterans Join AlgoSec to Support Strong Growth in the Security Policy Management Market (IT Business Net) AlgoSec, the market leader for Security Policy Management, today announced the expansion of its executive team with the appointments of Eli Adler as General Manager of EMEA, Bruno Weinberger as Vice President of Strategic Alliances and Shelly Sarid as Vice President of Finance. The new executives will help drive the company's business model and growing market presence. In the first five months of 2014, the company continued on its track of fast growth, securing several 7-digit deals with global financial institutions, retailers and managed service providers
ZeroFOX Appoints Two New Vice Presidents to Lead Global Sales Teams (PR.com) ZeroFOX, The Social Risk Management Company™, today announced the appointment of two new vice presidents, Pano Paschaloudis and Stephen Weis, to augment the company's leadership team and further develop and execute its comprehensive sales vision to foster high volume revenue and dynamic sales growth
Products, Services, and Solutions
Stalker: A creepy look at you, online (CNN Money) While you were having a latte and hunting for a Tinder date on your local coffee shop's open Wi-Fi, you were giving away your personal information. Want to know how much? Stalker will tell you
Kaspersky, Telef—nica join forces to improve cyber protection (Daily Express) Kaspersky Lab has announced a new strategic cooperation agreement with Telef—nica, to provide its customers worldwide with cyber-security services
Tenable Integration with Threatgrid Enhances Detection of Persistent Malware (Crowdsourcing.org) Tenable Network Security®, Inc., the leader in continuous monitoring of vulnerabilities, threats and compliance, announced its latest new source of threat analytics through an integration with ThreatGRID's malware analysis and threat intelligence solution. This integration enhances Tenable's dynamic library of known threats from the industry's top 25 antivirus vendors, improves accuracy and reduces the time to detect advanced malware that bypass traditional security controls
Scots firm creates way to hide internet footprint (Scotsman) In the age of Big Brother and the prying eyes of the National Security Agency and its allies, it is billed as a way of reclaiming the internet for ordinary people
Votiro Incorporates Spear Phishing Protection Into Its Cloud-Based Sanitization Service (Digital Journal) New protection against email-based attacks extends the usability of Votiro's free service
Google's after your health data with 'Google Fit' service (Naked Security) Google's about to jump into the growing fitness data marketplace — a mosh pit that consumer advocates are already calling a privacy nightmare — to wrestle with Apple and Samsung for the data created by fitness trackers and health-related apps
Spamhaus readies new antimalware data feeds (IDG via CSO) The data feeds will make Spamhaus' Domain Block List more effective and versatile, the organization said
Technologies, Techniques, and Standards
NIST Security Guidance Revision: Prepare Now (InformationWeek) NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until next year to close your security gaps
Does iOS malware actually exist? (ZDNet) There actually has been some iOS malware, but it's shockingly rare. It's all thanks to Apple's rigid control over app distribution
Hacked restaurant chain goes back to the 1970s, to protect itself from hackers (Hot for Security) Security blogger Brian Krebs was the first to blow the whistle earlier this week on a serious data breach at the US-based P. F. Chang's China Bistro chain of restaurants
What's the leading cause of data loss? (Help Net Security) HDD crashes more than doubled in the last four years, prevailing as the most common cause of data loss according to customer data provided by Kroll Ontrack
Design and Innovation
Booz Allen Holds 'Combustion Chamber' Competition as Catalyst for Employee Thinking (ExecutiveBiz) Booz Allen Hamilton had five teams cross the firm pitch their best ideas for helping clients solve problems to a panel of judges during a series of presentations at the firm's "Combustion Chamber" event June 5
DARPA Builds 3D Display Platforms for Cyber Mission Planning, Adversary Tracking Activities (ExecutiveGov) The Defense Advanced Research Projects Agency has designed two military platforms that aim to help warfighters organize cyber operations and track adversaries in a large-scale digital environment
Soldiers Could Use 'Plan X' to Combat Cyber Attacks (Headlines and Global News) The Defense Advanced Research Projects Agency (DARPA) is developing a project called 'Plan X' to help soldiers combat cyber attacks
Research and Development
The age of the quantified family is upon us (Quartz) We're one step closer to the quantified household. University of Virginia associate professor of computer science, Kamin Whitehouse, is leading a team that's designing the software to make it possible. "We need to not just be users of the internet of things, we need to also be objects in the internet of things," Whitehouse told a Massachusetts Institute of Technology digital summit last week
Legislation, Policy, and Regulation
Snowden effect changes US-China dynamic on cybersecurity (South China Morning Post) The whistle-blower's revelations of the extent of NSA spying gave Beijing a stronger hand in negotiations on the issue of cybersecurity
Mending fences in Brazil after Snowden leaks (USA TODAY) Liliana Ayalde couldn't have picked a worse time to start her job as U.S. ambassador to Brazil
Bahamas Expects Official Response from US Addressing Spying Claims (Atlanta BlackStar) Foreign Affairs Minister Fred Mitchell said Wednesday that the Bahamian government will ensure that its relationship with the United States remains intact even if it discovers the controversial allegation that its National Security Agency (NSA) is recording and storing audio from every cellphone conversation in the Bahamas is true
New evidence US drug body spied on Bolivia, Venezuela (GreenLeft) In a May 19 article on US government spying for The Intercept, Ryan Devereaux, Glenn Greenwald and Laura Poitras publish leaked documents that show the US government may have used the Drug Enforcement Administration (DEA) to aid National Security Agency (NSA) spying on US citizens and non-citizens in foreign countries
FCC unveils 'new regulatory paradigm' for defeating hackers (Washington Post) In recent months, the Federal Communications Commission has quietly worked to expand its role among federal agencies charged with protecting the nation's networks from cyberattack. On Thursday, the agency sought to take the lead again, unveiling a new regulatory model aimed at helping phone companies and other telecommunications firms defend themselves from malicious hackers
FAA Orders Boeing to Protect Airplanes from Cyber Attacks (eSecurity Planet) Proposed special conditions require Boeing to 'ensure that the airplanes' electronic systems are protected from access by unauthorized sources'
Obama-Congress intelligence pipeline broken (Politico) The Senate's spy watchdogs are abuzz over what lawmakers describe as a low point in relations with the Obama administration and its intelligence policymakers
What the Departure of Eric Cantor Means for National Security (Roll Call) Everyone is still digesting the fallout from this week's surprise primary election defeat of Majority Leader Eric Cantor, R-Va., but the part related to its effect on national security and foreign policy is pretty well-chewed, enough to examine it as a whole
Willie May to Officially Become Acting Director at NIST (ExecutiveGov) Patrick Gallagher steps down as National Institute of Standards and Technology chief this week and Willie May will formally assume the acting director role with the standards body
Transportation Department Looks To Regulate Navigation Apps (TechCrunch) The Department of Transportation is angling for regulatory control over navigational apps as a part of the Obama administration's proposed transportation bill, which is expected to pass later this year
House of Lords sets up Digital Skills Select Committee (ComputerWeekly) The House of Lords has set up a select committee on digital skills
Litigation, Investigation, and Law Enforcement
Stockman asks NSA for Lois Lerner metadata after IRS claims 'glitch' erased all incriminating emails (Bay Area Citizen) Congressman Steve Stockman Friday asked the National Security Agency to turn over all its metadata on the email accounts of former Internal Revenue Service Exempt Organizations division director Lois Lerner for the period between January 2009 and April 2011
Judge orders DOJ to turn over FISA surveillance documents (IDG via CSO) The agency failed to justify keeping the 66 pages of documents secret, the federal judge said
Ruling Raises Stakes for Cyberheist Victims (Krebs on Security) A Missouri firm that unsuccessfully sued its bank to recover $440,000 stolen in a 2010 cyberheist may now be on the hook to cover the financial institution's legal fees, an appeals court has ruled. Legal experts say the decision is likely to discourage future victims from pursuing such cases
U.S. officials scrambled to nab Snowden, hoping he would take a wrong step. He didn't. (Washington Post) While Edward Snowden was trapped in the transit zone of Moscow's Sheremetyevo Airport last year, U.S. officials were confronting their own dearth of options in the White House Situation Room
French Senator Optimistic on Possible Asylum to Edward Snowden (Prensa Latina) French senator Catherine Morin-Desailly was quite optimistic regarding the request to appoint a French citizen of honor and grant asylum to US former National Security Agency analyst Edward Snowden
How to 'double your money on PayPal!' and why you should NOT try it (Naked Security) You can double your money by bilking PayPal with a loophole in its terms of service, according to a Romanian man convicted in 2012 of temporarily blocking the systems of the US Army, Pentagon and NASA. Cernăianu Manole Răzvan, who has published under his hacker handle TinKode in the past, was released a few months after Romanian law nabbed him
Chinese gov't reveals Microsoft's secret list of Android-killer patents (Ars Technica) Microsoft crows about transparency, but it didn't reveal this list of 310 patents
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.