The CyberWire Daily Briefing 06.30.14

Summary

By The CyberWire Staff

The Twitter-savvy insurgents of ISIS/ISIL have proclaimed a caliphate in the swath of territory it controls in Iraq and Syria. Rivals and enemies (including its more mainstream cobelligerents in al Qaeda) don't swallow this, but the proclamation has prompted two responses of interest to those concerned with cyberspace. First, Anonymous tries to grab a headline by promising an operation against ISIS supporters (prominently among whom Anonymous numbers Saudi Arabia). Second, Qatar and Iran discuss cooperation against ISIS and in support of the embattled Iraqi government. Any such cooperation would have a strong cyber element.

The Syrian Electronic Army counters ISIS indirectly, with an attack on Israeli Defense Forces sites calculated for locally crowd-pleasing effect.

New banking malware, "Emotet," is sniffing data transmitted via HTTPS. So far most infections are reported in Germany, but users in Asia and North America have also been affected.

Sophos Labs offers more information on "Andr/SlfMite-A," an Android worm spreading by SMS.

ICS-CERT warns that Havex industrial control system malware has appeared in three vendors' update installers (details available from US-CERT's secure portal).

A study of "emotional contagion" (conducted by researchers at Facebook, Cornell, and the University of California San Francisco on Anglophone users of Facebook's News Feed) attracts considerable attention, mostly negative. Was there informed consent? Proper human subject research review?

Microsoft responds to Canada's anti-spam law by stopping email security updates. Some observers think this passive aggressive, but the law is clearly having unintended consequences.

eWeek offers an overview of cyber threat-intelligence sharing communities.

Notes.

Today's issue includes events affecting Canada, European Union, Germany, Iran, Iraq, Israel, Malaysia, Qatar, Saudi Arabia, Syria, United Kingdom, United States.

We'll be taking Friday off as we observe the US Independence Day holiday. The CyberWire will resume normal publication on Monday, July 7.

Selected Reading

Cyber Trends

Why security awareness matters (Help Net Security) In this interview, Paulo Pagliusi, CEO at MPSafe Cybersecurity Awareness, talks about the value of security awareness and how it influences the overall security posture of an organization

Legislation, Policy and Regulation

Steinmeier urges clearer regulations in NSA-inspired US-German 'cyber dialogue' (Deutsche Welle) The German lower house of parliament has canceled its contract for Internet usage with US company Verizon, announcing the move on the first day of a special "cyber dialogue" conference tied to the NSA espionage scandal

Surveillance cooperation with US goes back years (The Local (Denmark)) Newly-obtained documents reveal that Denmark has been "in good company" with American intelligence agencies since the 1990s

New N.S.A. Chief Calls Damage From Snowden Leaks Manageable (New York Times) The newly installed director of the National Security Agency says that while he has seen some terrorist groups alter their communications to avoid surveillance techniques revealed by Edward J. Snowden, the damage done over all by a year of revelations does not lead him to the conclusion that "the sky is falling"

Groups Target Hill Votes On NSA Bills (Broadcasting and Cable) EFF, Sunlight grading legislators on privacy legislation

Groups fear bill would allow free flow of data between private sector and NSA (Computerworld) Cybersecurity Information Sharing Act of 2014 is a big threat to individual privacy, say privacy groups

US National Security Agency releases murky transparency report (The Inquirer) Clear as mud. The United States National Security Agency (NSA) has released its first transparency report

Striking a cyber balance between state, federal authorities (Federal Times) Say you're a public utility and you're under cyber attack. Who do you call? Local authorities? State government offices? The feds? The best option isn't always clear

24th AF hosts ANG GO Cyber Summit (Lompoc Record) Air National Guard leaders from across the country gathered in San Antonio June 4-6 for the ANG General Officer Cyber Summit

EXCLUSIVE Obama Poised to Yank Top Military Intel Pick (Foreign Policy) The Obama administration is poised to abandon its pick to run the sprawling Defense Intelligence Agency amid two ongoing investigations into whether programs she had overseen have been marred by questionable and potentially illegal spending, according to administration officials and congressional sources with knowledge of the matter

Malaysia Should Set Up Cyber Command Centre, Says Expert (Bernama) Malaysia needs to set up a cyber command centre to coordinate actions by the authorities and industry players in facing cyber attacks, suggested an expert in information security

Saudi king sacks deputy defence minister — royal court (Reuters) Saudi Arabia's King Abdullah sacked the deputy defence minister on Saturday less than two months after he was appointed, the state news agency reported

Iran, Qatar to cooperate against 'terror' (Daily Star) The leaders of Shiite Iran and Sunni Qatar vowed Sunday to cooperate to fight "terrorism in the region", President Hassan Rouhani's office reported as Iraqi forces counter a militant onslaught

Products, Services, and Solutions

Barracuda NG Firewall extends support for Microsoft centric deployments (Telecom Tiger) Barracuda Networks, on Friday announced the availability of new capabilities supporting Microsoft deployments in the areas of Windows Remote Desktop Services, virtualization and public cloud

AxCrypt. It's Good And Bad News. (Gizmo's Freeware) Last week I recommended that you take a look at Cryptainer if you need a replacement for the now-defunct TrueCrypt encryption product. A handful of people have suggested that another free program, AxCrypt, is also a suitable replacement, and I promised to take a look at it. So here goes

Panda Security Launches Panda Advanced Protection Service (IT News Online) Panda Security has launched Panda Advanced Protection Service (PAPS), a new managed service for monitoring applications which uses a disruptive approach as opposed to the traditional system of detecting malware based on blacklists

Exclusive: A review of the Blackphone, the Android for the paranoid (Ars Technica) Custom-built with privacy in mind, this handset isn't for (Google) Play

Technologies, Techniques, and Standards

EC touts standardised cloud SLAs for European businesses (CloudPro) EU guidelines will provide a silver-lining for those struggling to migrate cloudwards

Cisco Web Security and the Health Insurance Portability and Accountability Act (HIPAA) (Cisco Blogs) Spurred by the Health Insurance Portability and Accountability Act (HIPAA), which outlined a set of standards and guidelines for the protection and transmission of individual health information, as well as the subsequent amendment to address standards for the security of electronic protected health information, customers often ask me the following questions

Ethical hacking: Getting inside the minds of cyber criminals (CSO) Just when you think you've got yourself all covered on the security front, an attack comes out of nowhere and bites you on the arse. You think to yourself: How did I not see that coming?

Security Compliance Primer and Buying Guide (eSecurity Planet) Security compliance is a complex and sometimes onerous task. Here we offer advice on best practices that can help, along with a guide to available tools

Marketplace

Threat-Intel Sharing Communities Spring Up to Aid Network Defenders (eWeek) Security technology companies are offering an expanding menu of choices for corporate network defenders who want to keep up on the latest cyber-threats

Lockheed Martin develops hybrid cloud for Air Force (C4ISR & Networks) Lockheed Martin is developing a hybrid cloud that will enable the U.S. Air Force to migrate to a cloud-based system. Lockheed claims that this will offer lower costs, better service and greater agility for 800,000 Air Force users

Keeping pace with cyber training (C4ISR & Networks) Report after report continues to surface warning about the shortage of properly skilled cyber security resources. Last year, the DHS inspector general reported that the National Cybersecurity and Communications Integration Center "does not have sufficient resources to provide specialized training to incident responder." The report documented that between 2009 and 2013 only 10 of the 22 (or about 45 percent) analysts had the needed technical training

ZeroFOX Supports Maryland Tech Workforce as Member of the Central Maryland IT/Cyber Consortium (PR.com) ZeroFOX, The Social Risk Management Company™, announced that the Central Maryland IT/Cyber Consortium has been awarded an implementation grant through EARN (Employment Advancement Right Now) Maryland. The grant funds will be used to develop an innovative workforce development program and provide Marylanders with hands-on training and education through apprenticeships at partner companies

BlackBerry Swipes At Android Security (InformationWeek) In response to Google I/O announcements, BlackBerry criticizes Android's lack of security. On point, or sour grapes?

Research and Development

The Space-Based Quantum Cryptography Race (MIT Technology Review) Europe and China are gaining the upper hand in the race to bounce perfectly secure messages off satellites in low Earth orbit

Security Patches, Mitigations, and Software Updates

Google Drive update fixes data-leaking flaw (Help Net Security) Google has fixed a security issue that made some of the files stored on Google Drive and shared with friends or colleagues via a direct link potentially reachable by unauthorized third parties, and calls users to remove previously shared documents

Microsoft stops email notification services (CSO) On Friday, Microsoft told security notification subscribers that the service would halt operations on July 1

Microsoft Kills Security Emails, Blames Canada (Krebs on Security) In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company's recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Hacktivists Prepare For Strike Against ISIS 'Supporters' (Forbes) The hacktivist group Anonymous is planning to launch a series of digital attacks against nations it accuses of funding or arming the radical Islamic terror group ISIS

Israeli Defense Forces official Blog Hacked by Syrian Electronic Army (HackRead) Syrian Electronic Army has made a major comeback by hacking and defacing the official blog of Israel Defense Forces (IDF) yesterday

Banking malware sniffs out data sent over HTTPS (Help Net Security) Careful online banking users can sometimes spot that something is amiss when malware installed on their computer pops up phishing pages or adds fields to legitimate banking forms. But the Emotet banking malware doesn't bother with that, and sniffs out data sent over secured connections instead

Exploiting wildcards on Linux (Help Net Security) DefenseCode released an advisory in which researcher Leon Juranic details security issues related to using wildcards in Unix commands. The topic has been talked about in the past on the Full Disclosure mailing list, where some people saw this more as a feature than as a bug

How does a rogue ad network function? (Help Net Security) It's a well known fact that a considerable chunk of Internet traffic is bogus, made by infected computers that visit sites and click on adverts chosen by malicious actors

Anatomy of an Android SMS virus — watch out for text messages, even from your friends! (Naked Security) SophosLabs just brought to our attention an item of malware of a sort you don't often see these days

Warning signs corporate computers could be talking to cloud-based malware (CSO) Experts weigh in on detecting malware talking to corporate computers from a cloud service provider

ICS Malware Found on Vendors' Update Installers (Threatpost) Malware targeting industrial control systems has infected the update installers belonging to three known industrial control vendors, according to an advisory from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)

Benjamin F. Edwards Co. Discloses Data Breach Affecting Customers (Forbes) The brokerage house, Benjamin F. Edwards & Co., disclosed yesterday that they had suffered a data breach due to an unknown intruder

Experimental evidence of massive-scale emotional contagion through social networks (PNAS) We show, via a massive (N = 689,003) experiment on Facebook, that emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness. We provide experimental evidence that emotional contagion occurs without direct interaction between people (exposure to a friend expressing an emotion is sufficient), and in the complete absence of nonverbal cues

Facebook's 'creepy' secret study: Were you a target? (Emirates 24/7) Secretly manipulated feelings of 700,000 users to understand "emotional contagion"

Facebook is learning the hard way that with great data comes great responsibility (Quartz) Facebook released the results of a study where its data scientists skewed the positive or negative emotional content that appeared in the news feeds of nearly 700,000 users over the course of a week in order to study their reaction. The study found evidence of "emotional contagion," in other words, that the emotional content of posts bled into user's subsequent actions

Facebook's massive psychology experiment likely illegal (BoingBoing) Researchers from Facebook, Cornell and UCSF published a paper describing a mass-scale experiment in which Facebook users' pages were manipulated to see if this could induce and spread certain emotional states. They say it was legal to do this without consent, because Facebook's terms of service require you to give consent for, basically, anything

The Numinous Veil Of Ignorance (TechCrunch) I seem to be on the wrong side of the Facebook experiment issue. I'm referring to the news which broke recently that Mark Zuckerberg himself (no, not really) conducted an experiment in 2012 to test whether influencing what a user sees in turn affects what they post. If they were shown more negative material, for example, did they become more negative? The answer is yes. The conclusion? Facebook seems able to influence our moods (well, sort of)

Bulletin (SB14-181) Vulnerability Summary for the Week of June 23, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Litigation, Investigation, and Enforcement

Ex-NSA chief under scrutiny over speculated secrets leak (ZDNet) Irony aside, a lawmaker has pointedly reminded former NSA chief Keith Alexander that selling classified information is a felony

MP demands inquiry into secret psych tests on Facebook members (The Times) An MP has called for an investigation into how social networks manipulate their users after learning of research by Facebook that proved it could alter its customers' mood

Joint Statement From the Office of the Director of National Intelligence and the Department of Justice on the Declassification of Renewal of Collection Under Section 501 of the Foreign Intelligence Surveillance Act (IC on the Record) On March 28, 2014, the Director of National Intelligence (DNI) declassified and disclosed publicly that the U.S. government had filed an application with the Foreign Intelligence Surveillance Court (FISC) seeking renewal of the authority to collect telephony metadata in bulk, and that, on March 28, 2014, the FISC renewed that authority. The DNI also announced that the Administration was undertaking a declassification review of the FISC's March 28th Primary Order

The Law's Vital Role in America's Intelligence Debate (Real Clear Defense) In his essay, "National Security Lawyers a National Security Threat," Marshall Erwin disparages national security lawyers for, in his view, putting the nation's security at risk. In the process of doing so, Erwin inadvertently makes a compelling case for why national security lawyers play a vital role in helping to guide those who make and execute national security policies

Facebook's facing a losing battle to protect users' privacy (Naked Security) Composite. Image of data privacy courtesy of Shutterstock. Last year, prosecutors in Manhattan held Facebook up by the ankles and shook out personal data on 381 users — a mugging that Facebook so far hasn't had any luck in fighting

Design and Innovation

Anonymous Social Messaging Discovers That Location Matters (TechCrunch) Apparently secrets are better if you share them with those closest to you — geographically

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

INSCOM Cyber Day (Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber) is collocated with INSCOM. This event will provide industry vendors the opportunity to showcase the latest cyber products and demos to the Fort Belvoir INSCOM community in a one-day tradeshow.

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.

Seminar: Cybersecurity Framework for Protecting our Nation's Critical Infrastructure (Marietta, Georgia, USA, July 22, 2014) The Automation Federation and Southern Polytechnic State University will co-sponsor the "Cybersecurity Framework for Protecting our Nation's Critical Infrastructure." a free seminar from 8 a.m. to noon July 22 in the Joe Mack Wilson Student Center (Building A) Theater. It is meant to educate area business and manufacturing leaders on the value and importance of the recently launched US Cybersecurity Framework.

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, August 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities

Passwords14 (Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.

BSidesLV 2014 (Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.

DEF CON 22 (Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

South Africa Banking and ICT Summit (Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.