The CyberWire Daily Briefing for 6.26.2014
As tensions among former Soviet republics persist, Armenian security services allegedly uncover a social media phishing campaign mounted by intelligence organs in neighboring Azerbaijan. Watch for increasing cyber operations in the region; expect, for example, Russia to deniably marshal some low-grade Uzbek cyber muscle against Ukraine.
Iraq's social-media clampdown is being widely evaded by users of mesh-networking app Firechat and censorship circumvention system Psiphon. The government imposed restrictions in response to ISIS's successful use of social media for information operations, but the surge in Firechat and Psiphon seems a grassroots phenomenon not directed by any faction.
State-directed hacking and other pressures aiming to repress speech and local political activity are eroding, observers fear, the "Basic Law" guaranteeing Hong Kong special autonomy within China.
AdaptiveMobile identifies a new mobile worm, "Selfmite," that spreads by SMS and propagates by texting contacts in the infected device's address book.
Self-installed versions of WordPress are found vulnerable to exploitation through a remote code execution zero-day in the latest version of the TimThumb plug-in's Webshot feature.
Be wary of all attachments arriving in unexpected email, even if (especially if) they purport to be judicial summons: they're currently carrying zip files with the Zortob Trojan as a payload. Zortob typically leads to a further Zeus infection.
The debate over a self-defense right to hack back continues, with a Slate op-ed arguing that the difficulty of attribution alone renders such putative rights problematic. NATO still struggles with Article 5's application to cyberspace — perhaps Estonia will offer useful counsel.
Notes.
Today's issue includes events affecting Armenia, Australia, Azerbaijan, China, Estonia, European Union, India, Iraq, Ireland, Italy, Saudi Arabia, Syria, Taiwan, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Armenia's national security agency discloses Azerbaijani spies through odnoklassniki social network (ARKA Telecom) Armenia's national security agency has disclosed many Azerbaijani spies through Odnoklassniki social network, the agency's press office reported on Wednesday
Iraqis use Firechat app to bypass internet block (ComputerWeekly) Iraqis are using three-month old messaging app Firechat to circumvent a government block on access to social media sites amid growing armed conflict in the country
Hacker attacks and pressure from Beijing are killing free speech in Hong Kong (Quartz) When Deng Xiaoping sat down with Margaret Thatcher in 1984 to negotiate the terms of Hong Kong's handover from Britain to China, they hammered out an agreement that became Hong Kong's "basic law" and spelled out how China would govern the "highly autonomous" city. Among the rights accorded to all Hong Kong permanent residents are universal suffrage and freedom of speech, assembly, and demonstration
Indian Govt. websites down; no cyber attack (The Hindu) Some government websites, including those of the Prime Minister's Office, Lok Sabha, Rajya Sabha and key Ministries such as Finance and Defence, experienced outages on Wednesday evening
More on Hacking Team's Government Spying Software (Schneier on Security) Hacking Team is an Italian malware company that sells exploit tools to governments. Both Kaspersky Lab and Citizen Lab have published detailed reports on its capabilities against Android, iOS, Windows Mobile, and BlackBerry smart phones
Invasive Selfmite SMS worm uncovered (Help Net Security) AdaptiveMobile has discovered a previously unknown piece of mobile malware dubbed Selfmite. It spreads via SMS and fools users into installing a worm app which propagates by automatically sending a text message to contacts in the infected phone's address book
TimThumb plugin Webshot zero-day uncovered, WordPress websites at risk (Graham Cluley) Website owners who run a self-hosted installation of WordPress (rather than hosting their site on WordPress.com itself) are being warned about a serious vulnerability that has been discovered in the popular TimThumb plugin
Court summons scam makes a comeback (CSO) The judicial summons you've gotten via email is likely malicious
Google's Nest security warning after researchers show off 60-second hack (WeLiveSecurity) Google's Nest thermostat can be hacked in under a minute, according to a blog post and video posted by GTV Hacker. The hack, to be demonstrated in public at this year's Def Con conference in August, would allow attackers complete control over the device and access to the user's home network
Luuuk Trojan snatches €500,000 from European bank in one week (ZDNet) In only seven days, over half a million euros were stolen from a European bank's customers courtesy of a new banking Trojan campaign
PayPal error shows how NOT to use two-factor authentication (CSO) A possible design error let researchers bypass two-factor authentication on a PayPal account
Cloud app logins reused in piracy scam (ComputerWeekly) Software piracy will remain prevalent even as more applications are delivered over the internet in a software-as-a-service subscription model, according to the BSA Global Software Survey
eBay breach spoils business (Durango Herald) Local retailer had to lay off workers
Riverside County Regional Medical Center suffers data breach (CSO) I have to admit that stories about data breaches are becoming as common as days that end in "y"
Data accessible on all Giant Eagle staffers due to employee portal issue (SC Magazine) All employees with Pennsylvania-based supermarket chain Giant Eagle are being notified that, due to an issue, their personal information — including Social Security numbers — could have been accessed by anyone properly logged into the MyHRConnection Team Member portal
Cyber Trends
Chris LaPoint on Info Security and Automation in Government IT (ExecutiveBiz) Information security may be one of the key areas in government information technology that needs automation through continuous monitoring, Chris LaPoint, SolarWinds vice president of product management, said Monday
The Right to Bear Denial-of-Service Attacks (Slate) Do we need a Second Amendment in the cyber world? Maybe the only thing Americans agree on anything when it comes to the Second Amendment is that the "right of the people to keep and bear arms" is all about guns and gun control. We're very used to seeing that language invoked around incidents of gun violence. So it was striking to see the logic of the National Rifle Association applied to a completely different context in a piece about cybercrime in the New York Times on June 21, in which Jeffery Stutzman, the vice president of the cybersecurity intelligence sharing consortium Red Sky Alliance, is quoted as saying, "I do really believe there should be a Second Amendment right in cyber"
Despite data breaches, data security remains a low priority for many companies (Internet Retailer) Although 72% of information technology executives say their companies suffered a data breach in the past 12 months, only 51% say securing confidential data is a high priority
Survey: 25 Percent of Breaches Go Undetected for More Than 24 Hours (BusinessWire) Tripwire survey finds that 40 percent of retail and financial organizations say it takes two to three days to detect a breach
Organizations Blind to Location of Sensitive Data Says New Research Report (Informatica) Informatica Corporation (Nasdaq:INFA), the world's number one independent provider of data integration software, today announced the availability of a new research report by the Ponemon Institute LLC, entitled, The State of Data Centric Security. Based on a global survey of more than 1,500 IT and IT security professionals, the study reveals how organizations understand and respond to data security threats in today's information-everywhere world
Are Social Media Giants Betraying Your Trust? (ComputerWorld) Revelations about the National Security Agency's widespread surveillance of online activity has roused the ire of social media firms, but it also reveals the extent to which these companies are at least partially to blame. How much of this personal data would be available if these companies weren't collecting and mining it for profit in the first place?
Hackonomics: Cybercrime's cost to business (ZDNet) How much does getting hacked actually cost a business? Looking closely at the cyber black market's cost factors is worrying, but offers insight into keeping crime's cost low
Alexander: Cyber Security Pros Face Uphill Battle (Dark Reading) Former NSA chief says rapid growth of data, malware will challenge security teams in coming years
Marketplace
Ex-NSA Chief Will Give Bankers What They Deserve (Money News) General Keith Alexander, the now-retired National Security Agency (NSA) director who was once Edward Snowden's boss, hung out his consulting shingle this month. His IronNet CyberSecurity firm already has a hot prospect: the Securities Industry and Financial Markets Association (SIFMA)
CIA's CIO: Working with private sector can be a "clash of cultures" (Washington Post) Almost a year after awarding a cloud computing contract to Amazon Web Services, Central Intelligence Agency chief information officer Doug Wolfe on Tuesday said the agency is still adapting to working with the private sector on IT projects
VCs Pour Money Into Security Software Startups as Huge Hacks Pile Up (Wired) Last year was the worst ever for data breaches, so it's little surprise that VCs poured $829 million into security software in 2013. They want to protect financial, defense, and pharma industry data from hackers so that secret business operations stay secret
Crowdsourcing Finding Its Security Sweet Spot (Threatpost) Pulling in security help on a project has traditionally meant either hiring more full-time help, or bringing in an outside consultant. Enterprises and vendors alike, however, are starting to really go outside the perimeter these days and are taking advantage of crowdsourcing
Startup Spotlight: FortyCloud's Multi-layered Cloud Security (eSecurity Planet) Israeli startup FortyCloud recently opened a U.S. office to grow its business, which focuses on helping companies secure data in the public cloud
Cyber Squared Inc. Named "Hottest Bootstrap" Company in the Washington D.C. Area by NVTC (Digital Journal) Cyber Squared Inc. won the "Hottest Bootstrap" award at the 13th Annual Northern Virginia Technology Council's (NVTC) Hot Ticket Awards held on Tuesday, June 24, 2014 at Redskins Park in Ashburn, VA. Cyber Squared is a global provider of threat intelligence and security technology solutions and is the company behind the leading threat intelligence platform, ThreatConnect™
Products, Services, and Solutions
"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids… (Naked Security) In the Hitchhiker's Guide to the Galaxy, cool and well-informed space travellers (hoopy froods, in the vernacular) always know where their towels are. Now, owners of Samsung Galaxy phones, notably the S5, can take frood-like control over their devices, thanks to a hoopy new tool called Towelroot
HackPorts — Mac OS X Penetration Testing Framework and Tools (Kit-Ploit) HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a 'super-project' that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines
ThreatTrack Security Enables Enterprises to Assess their Exposure to any Malware Threat (Broadway World) ThreatTrack Security today released ThreatAnalyzer 5.1, the latest version of the company's fully customizable dynamic malware analysis solution. ThreatAnalyzer enables organizations to recreate their entire application stacks including virtual and native environments in which to detonate malicious code and discover how malware will behave on their networks. By executing files and links within ThreatAnalyzer, cybersecurity professionals can completely and accurately quantify their risk and exposure to Advanced Persistent Threats (APTs), targeted attacks and Zero-day threats designed to evade signature-based defenses
Defence-grade fingerprint security on KNOX for Android mobiles (ComputerWeekly) Samsung Electronics and Google have teamed up to confirm that part of the Samsung KNOX technology will be integrated into the next version of Android
Panda Security Stop APTs with Cloudy Big Data (PR.com) Panda Advanced Protection Service (PAPS) is a managed service for monitoring applications which uses a disruptive approach as opposed to the traditional system of detecting malware based on blacklists. The new service provides continuous monitoring and visibility of all actions performed by applications on the network
Serco Introduces UK-Based Cyber Training Program (ExecutiveBiz) Serco has launched new program that aims to allow U.K.-based organizations to test their cybersecurity in a secure environment
ForeScout CounterACT Secures BYOD Program for Long Road Sixth Form College (IT Business Net) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced that Long Road Sixth Form College in Cambridge has selected ForeScout CounterACT to ease the roll-out of its bring your own device (BYOD) program by providing real-time visibility of what is connected to the network
Technologies, Techniques, and Standards
Cybersecurity Lessons from Former FBI Director (Insurance & Technology) Robert Mueller describes how security initiatives within the Bureau are applicable to financial services
Stop Targeted Attacks Dead in Their Tracks with an Incident Response Team (Trend Micro: Simply Security) The thrilling and terrifying thing about working in the cyber security industry is the rate at which threats evolve. It seems like just yesterday we were talking about large scale worm outbreaks like Conficker and Storm. Infecting corporate and personal machines in their millions, these big name attack campaigns garnered plenty of headlines and caused a fair amount of disruption. But what has increasingly taken their place is far worse, and requires a much different, cross-organizational response
Are lost IRS e-mails "unbelievable"? Not really (Ars Technica) Bad "best practices" in government IT mean that lost e-mails are no surprise
Design and Innovation
Bitcoin has a future, but maybe not as a currency (CBC News) Champions and critics agree that the underlying software has many uses
Research and Development
A Search Engine for the Era of Apps (MIT Technology Review) A new kind of search engine will make it possible to search inside the apps on your phone
Navy and DISA Test Over-the-Air CAC Activation of Smartphones (Nextgov) The Navy and Defense Information Systems Agency have begun testing software that transmits employees' credentials to popular brand smartphones to verify they are military members, according to a U.S. Marine Corps communications chief
Academia
Ireland's leading teenage programmers to compete in Taiwan (Silicon Republic) After several rigorous selection rounds of the All Ireland Programming Olympiad (AIPO), four young secondary students have been selected to represent Ireland for the 2014 International Olympiad in Informatics (IOI) in Taiwan
Legislation, Policy, and Regulation
US to extend privacy protection rights to EU citizens (The Guardian) EU and human rights and privacy groups welcome pledge, which follows pressure in wake of Snowden revelations
Estonia Builds on Lessons Learned After Cyber Attack (SIGNAL) The Baltic nation sets a course for defending against or even preventing future digital assaults
Report underlines China's cyber security challenges (Xinhua via Global Post) Cyber security is the most important issue that China has to address in developing its new media, according to a report released Wednesday by the Chinese Academy of Social Sciences
U.S. Ambassador Baucus says China hacking threatens national security (Reuters via the Chicago Tribune) Cyber theft of trade secrets by China is a threat to U.S. national security, U.S. Ambassador to China Max Baucus said on Wednesday in the first major public address of his tenure, warning that Washington would continue to pressure Beijing
NATO Has No Article 5 Guidelines for Cyber (SIGNAL) The Atlantic alliance still is working to define what constitutes an online attack
FIghting Cybercrime: Strategic Cooperation Agreement Signed Between ENISA and EUROPOL (EUROPOL) ENISA and Europol today signed a strategic cooperation agreement at Europol's headquarters in The Hague, to facilitate closer cooperation and exchange of expertise in the fight against cybercrime
U.S.-Germany Cyber Bilateral Meeting and Cyber Dialogue (Imperial Valley News) The Governments of the United States and Germany will hold a Cyber Bilateral Meeting in Berlin, Germany on June 26, 2014
Senior DHS official weighs in on cyber legislation (FCW) The Department of Homeland Security's Larry Zelvin is the latest administration official to call for legislation to strengthen DHS's hand in detecting and thwarting cyber threats
Cybercom Chief: Partners Vital to Defending Infrastructure (American Forces Press Service) Building partnerships among the federal government, the private sector and academia is vital to bringing together capabilities in the defense of critical infrastructure, the commander of U.S. Cyber Command said yesterday
Cyber Not Ready for Service Designation (SIGNAL) Officials say the United States will not see an independent cyber force in the foreseeable future
Air Force to add up to 1,440 employees to San Antonio cyber mission (My San Antonio) The Air Force will expand its cyber mission in San Antonio, bringing up to 1,440 troops and civilian workers to the city this fall
Litigation, Investigation, and Law Enforcement
NSA says it has no record of Snowden challenging spying (The Hill) The National Security Agency says it has not been able to find a single recorded case where former contractor Edward Snowen raised complaints about the agency's operations. The claim, revealed in response to a Freedom of Information Act request from investigative reporter Jason Leopold, undercuts Snowden's claim that he raised concerns with his superiors before leaking top-secret spy agency documents to the press
Your Privacy Is Now At Risk From Search Engines — Even If The Law Says Otherwise (Forbes) Last week the European Union's Court of Justice ordered Google to grant people the right to be forgotten, giving people the ability to have themselves removed from search results that are "inadequate, irrelevant, or no longer relevant, or excessive in relation to the purposes for which they were processed"
This is what you'll see when Google removes 'Forgotten' search results (Engadget) It was only a matter of time until it happened, but Google has now started removing search results from its listings as part of the European Commission's "Right to be forgotten" ruling. The Wall Street Journal reports that the company started implementing the blocks earlier today, weeks after it first started allowing individuals to request that the search giant remove listings that turned up against searches for their own names. Google says it has begun notifying successful applicants that their requests have been accepted, and we're already noticing some high-profile searches are displaying removal notices
Motion to dismiss filed in NSA spying class action (Legal Newsline via the Washington Examiner) The defendants have filed their motion to dismiss in a lawsuit that alleges the National Security Agency conducted surveillance and intelligence-gathering programs that collected data from American citizens
UK police forces fail to impress in ICO audit (ComputerWeekly) Only one out of 17 UK police forces audited by the Information Commissioner's Office achieved the highest possible assurance rating for compliance with UK data protection laws
Queensland man charged over Bitcoin theft (ITNews) Accused Riot Games hacker nabbed again. A 21 year-old Queensland man who was charged with hacking US games developer Riot Games earlier this year has been charged again for stealing around $110,000 worth of Bitcoin during the attack
Serial hacker Cameron Lacroix gets four year jail term after taking plea bargain (Naked Security) A serial hacker with a long history of computer offences has pleaded guilty to computer intrusion and access device fraud charges, accepting a sentence of four years in jail in return for his plea
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.