The CyberWire Daily Briefing 07.21.14

Summary

By The CyberWire Staff

Fighting in Gaza intensified over the weekend, accompanied by both Palestinian and Israeli information operations in social media. These aside, cyber operations in the conflict are so far apparently confined to jamming (by Israel) and website defacements (by Palestinian sympathizers).

Ukraine's SBU releases more intercepted phone conversations linking Russia with the insurgents' shoot-down of MH17. Russian security is observed altering Wikipedia pages to deflect blame for the atrocity (toward the Ukrainian government; few seem convinced).

Observers speculate that fighting in Gaza and Ukraine will prompt wider cyber warfare. Russian incursions into various Western networks, particularly diplomatic and energy sector networks, suggest that Russia at least has engaged in some battlespace preparation, but so far both conflicts have seen more information operations than classic cyber attacks. The destruction of MH17 has spawned both inflammatory pranks (hijacking sites to report bogus news reports that the US President's Air Force One had been shot down over Russia) and criminal scams (click trolling using #MH17 as phishbait).

MIT Technology Review warns of the risks posed by network-based steganography: Duqu's use of jpegs to transmit hidden information back to command-and-control servers is cited as an early example.

TrendLabs offers examples of smart meter attack scenarios — the sort of exploit one might encounter as the power grid is increasingly Internet-connected.

The market for insurance against cyber attack is, by consensus, growing rapidly, but insurers continue to grope toward credible actuarial methods in this unfamiliar space.

Investigators remain uncertain about attribution of the 2010 Nasdaq cyber attack.

Notes.

Today's issue includes events affecting European Union, Hungary, India, Israel, Netherlands, Palestinian Territories, Romania, Russia, South Africa, Spain, Ukraine, United Kingdom, and United States.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Fresh threat to critical infrastructure found in Havex malware (V3) A dangerous open-platform communication (OPC) scanner that could be used to launch cyber attacks against critical infrastructure areas has been discovered in a variant of the Havex malware

Havex, It's Down With OPC (FireEye) FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as "Fertger" or "PEACEPIPE"), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufacturing sectors

Funny Facebook video scam leaves unamusing Trojan (Help Net Security) A new funny video spreading on Facebook leaves a not-so-hilarious Trojan in its wake on users' computers, according to research by Bitdefender. The malware, believed to originate from Albania, can access a large amount of data from the user's internet browser

The dangers of social media (DVIDS) A Marine is using social media when a female he does not recognize sends him a friend request. He enjoys meeting new people, so he accepts her request. They begin to chat and soon decide to meet. Before they meet, she tells the Marine he must contact, a man who knows the woman. The man tells him he must pay money or the Marine and his family and friends will be in danger

How cyber attacks ran rampant at the 2014 World Cup (AppsTechNews) After a month of fierce competition, exciting matches, and phenomenal goals, the 2014 World Cup in Brazil has finally concluded. While Germany is celebrating another impressive victory and the world looks back on what turned out to be a thrilling tournament, it's also important to look at some of the less than fantastic behind-the-scenes details

Chip and PIN security no panacea against payment card fraud (TechTarget) In June 2011, Alex Gambin had his wallet stolen while on the Spanish island of Mallorca. A few minutes later, unauthorized charges of more than $1,800 were made to his HSBC credit card, despite the fact that his card contained a security chip designed specifically to prevent that kind of theft and that any transactions should have required a personal identification number

Significant Deficiencies Found in Treasury's Computer Security (Nextgov) Weaknesses in Treasury Department computer systems that track federal debt are severe enough to disrupt accounting, according to a government audit

FDIC Made Progress in Securing Key Financial Systems, but Weaknesses Remain (GAO) The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent or deliberate misuse, improper modification, unauthorized disclosure, or destruction

Goodwill Industries probes possible payment card breach (ComputerWorld) Federal authorities and payment card industry fraud units notified Goodwill on Friday

Students hack Tesla Model S, make all its doors pop open IN MOTION (The Register) Toot the horn, too

Bulletin (SB14-202) Vulnerability Summary for the Week of July 14, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

How Apple iOS MAC address spoofing affects location-based services (TechTarget) Apple iOS 8 will add a MAC address spoofing feature to iPhones and iPads for wireless privacy. It could interfere with Wi-Fi location-based services used by many consumer-facing businesses

Cyber Trends

Study examines the problems with metadata and file sharing (CSO) A study by Workshare, a company focused on secure file sharing applications, says that 68 percent of the 800 professionals surveyed failed to remove metadata before sharing documents

Workaholic Brits expose sensitive data by taking their devices with them on holiday (ITProPortal) A survey of 1,000 UK consumers by ESET found that 44 percent of respondents will be taking their work-enabled mobile device abroad this year. While 67 per cent of respondents will carry work-related data on the mobile device they take on holiday; over a third admit to having no security on the device what-so-ever to protect the data

Marketplace

Cybersecurity startups to bank $788 million (CNN Money) Online privacy is on the tips of everyone's tongues these days, and investors are rushing to pour money into cybersecurity startups. Venture capital firms are expected to funnel $788 million into early-stage cybersecurity startups this year

IBM-Apple Deal: Turning Point for Banks? (BankInfoSecurity) Experts weigh pros, cons of broader Apple device use

Activist Investor Pushes EMC to Break Up (Wall Street Journal) Elliott Management says spin-off of VMware would boost stock price

Israeli hi-tech firm to launch Energy Cyber Security Center (Jerusalem Post) Aiming to tackle threats to infrastructure around the globe, the company plans to launch its Energy Cyber Security Center in Hadera on September 15

Vectra Networks Recognized by CRN as a 2014 Emerging Vendor (Digital Journal) Vectra Networks, the leading innovator in real-time detection of in-progress cyber-attacks, today announced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel

Netskope Recognized as a 2014 Emerging Vendor by CRN (Broadway World) Netskope, the leader in cloud app analytics and policy enforcement, todayannounced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel

Prof. Bruce Porter, Chairman of the Dept. of Computer Science at UT Austin, Joins SparkCognition Advisory Board (Digital Journal) SparkCognition, the world's first Cognitive Security Analytics company, announced that eminent Artificial Intelligence researcher and Chairman of the Department of Computer Science at the University of Texas at Austin, Prof. Bruce Porter, will be joining the company's Board of Advisors

Products, Services, and Solutions

Townsend Security Brings Two Factor Authentication to Leading IBM i Security Solutions (IT News Online) Townsend Security, a leading authority in data privacy solutions, today announced that their leading IBM i security solutions now support two factor authentication. This major update allows organizations to reduce the security weakness of relying on passwords as their only authentication mechanism

Kiwi business boost as WatchGuard's IT security rules the roost? (TechDay) "If IT is difficult then you're doing it wrong," says Dave Wilson, Business Development Manager at iT360, an outsourced IT department service in New Zealand

Design and Innovation

EFF invites hackers to test, secure its Open Wireless Router (Help Net Security) The Electronic Frontier Foundation (EFF) has released Open Wireless Router, an experimental alpha release of wireless router software that is meant to improve some and add new capabilities to existing routers

Legislation, Policy, and Regulation

White House urged to articulate new standard for vital cybersecurity (Inside Cybersecurity) The White House should vow to prevent cyber risks from undermining the U.S. government's decisions and actions on fundamental national security policy, according to an independent study by a key administration adviser

U.S. Chamber mounts a push for Senate information-sharing bill (Inside Cybersecurity) Seeking to improve the odds for action in the Senate, the U.S. Chamber of Commerce today is urging Majority Leader Harry Reid (D-NV), Minority Leader Mitch McConnell (R-KY) and all other senators to take up the cybersecurity information-sharing bill passed recently by the Intelligence Committee

New York To Bitcoin Startups: Get Permission Or Get Out (TechCrunch) Bitcoin allows people to build financial technology without asking for permission, but if New York state has its way, this won't be the case for long

Can New York's BitLicense Prevent Another Mt. Gox Catastrophe? (BayPayForum) The release of proposed digital currency business regulations by the New York Department of Financial Services (NYDFS) has raised numerous questions, many of which focus on the threat to innovation in the space and the impact on broader adoption. Yet one question that may be worth considering is this: will these regulations stop another Mt. Gox catastrophe?

Iran's Ruling Elite Embrace Facebook, While Ordinary Citizens Are Arrested Over It (Slate) On July 13, Iran's official state news agency reported that eight people had been sentenced to a combined term of 127 years in prison for their activities on Facebook. The eight youths reportedly were charged with "acting against national security, spreading propaganda against the establishment, insulting the sacred, and insulting the heads of the Islamic Republic." The Iranian judiciary has not revealed the identities of those sentenced, or the particulars of this offensive activity. Iranian activists both in and outside the country seem to know almost nothing more about the case

Litigation, Investigation, and Law Enforcement

Identifying cyber-criminals is No. 1 challenge, high-profile lawyer says (Pittsburgh Tribune) Federal investigators in Pittsburgh indicted Russian Evgeniy Bogachev on hacking charges last month, but used only nicknames for four other hackers in a related civil suit

IRS gives full account of lost Lerner emails (Politico) The IRS declared under oath and penalty of perjury on Friday that Lois Lerner's hard drive is irrecoverable after being wiped clean by tech staff and recycled with an outside contractor, according to a court filing

6 questions about the IRS's missing emails, from IT experts (Washington Post) Did the IRS intentionally lose e-mails to cover up potentially incriminating communications relating to the agency's targeting controversy, or did the records go missing because of bad technology management?

Spionage-Angriff auf Siemens in Österreich (Kronen Zeitung) Mitten in die Diskussion um NSA-Agenten und die Wiener US-Botschaft platzt jetzt ein echter Wirtschaftskrimi: Siemens Österreich soll Opfer einer Spionage-Attacke geworden sein. Ein Ex-Manager soll seinem Nachfolger Geld für ein gut gehütetes Betriebsgeheimnis geboten haben. Es geht um einen Riesenauftrag und Hunderte Arbeitsplätze

League of Legends hacker was making over $1,000 per day (Tweaktown) Shane 'Jason' Duffy was making over $1,000 per day as a League of Legends hacker

Industry Events

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.

Seminar: Cybersecurity Framework for Protecting our Nation's Critical Infrastructure (Marietta, Georgia, USA, Jul 22, 2014) The Automation Federation and Southern Polytechnic State University will co-sponsor the "Cybersecurity Framework for Protecting our Nation's Critical Infrastructure." a free seminar from 8 a.m. to noon July 22 in the Joe Mack Wilson Student Center (Building A) Theater. It is meant to educate area business and manufacturing leaders on the value and importance of the recently launched US Cybersecurity Framework.

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, Aug 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, Aug 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities

Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.

BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.

DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.

Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.

Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.

SEACRYPT 2013 (Vienna, Austria, Sep 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.