The CyberWire Daily Briefing 08.04.14
Minor cyber rioting occurs in a non-Ukrainian corner of the former Soviet near abroad, as Armenian hacktivists respond to border skirmishes with defacements of Azerbaijan websites. (The defacement text leads one to wonder despairingly if low young-adult American English is now irreversibly the script kiddies' international lingua franca.)
Russian news agency RIA-Novosti reports it sustained a denial-of-service attack this weekend. No attribution, yet.
The trade press mulls Recorded Future's report on al Qaeda's post-Snowden coms. The Base has changed its crypto, failed to resolve the tension between branding and security (to the detriment of security), and shifted away from Apple to Android (which Apple Insider says represents bad news for Android users).
Japanese households suffer a wave of malicious home-router traffic responsible for 4.8 million outages since the spring of this year.
Mozilla developers' passwords and email addresses may have been inadvertently exposed to harvesting by cyber criminals.
FireEye reports on "Pitty Tiger," allegedly a Chinese APT group whose directing intelligence remains obscure. Pitty Tiger has been active since 2008, and shown interest in the international aerospace sector as well as all things Taiwan.
Crimeware continues its evolution: Synology drives are affected by SynoLock, a dedicated strain of Cryptolocker; "Backoff" spreads across point-of-sale systems; Citadel gets improved, post-removal access capabilities.
Black Hat USA is underway, with exploit demonstrations in full swing: registry-infecting malware, avionics hacks via in-flight entertainment, BadUSB, Dropcam snooping vulnerability, and wireless automobile unlocking.
New Zealand's PM faces surveillance questions. US Senators still outraged over CIA network monitoring.
Notes.
Today's issue includes events affecting Armenia, Azerbaijan, China, Ireland, Israel, Japan, New Zealand, Palestinian Territories, Russia, Taiwan, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Armenian hackers attack Azerbaijan websites amid border clashes (HackRead) A group of Armenian hackers going with the handle of Monte Melkonian Cyber Army (MMCA) have claimed to conduct cyber attack on Azerbaijani cyber space that includes defacement of several websites and a DDoS attack up to 300GB
RIA Novosti Website Hit by Cyber Attack (RIA Novosti) RIA Novosti's website has fallen foul of a distributed denial-of-service (DDoS) attack by hackers, the agency's IT specialists reported on Sunday
Terrorists Pivot on Communication Strategies in Wake of Snowden Leaks (VPN Creative) The intelligence firm Recorded Future has revealed they they have been tracking a sharp increase in the number of cryptographically-concerned apps being downloaded and distributed for the Android operating system, and that by using IP locater services, were able to discern that a large percentage of those new downloads were coming out of countries in the Middle East known to contain radical Islamic groups who train and harbor the terrorist elite
Big Data Firm Says It Can Link Snowden Data To Changed Terrorist Behavior (KERA News) For nearly a year, U.S. government officials have said revelations from former NSA contract worker Edward Snowden harmed national security and allowed terrorists to develop their own countermeasures. Those officials haven't publicly given specific examples — but a tech firm based in Cambridge, Mass., says it has tangible evidence of the changes
Al-Qaeda prefers Android over Apple's iOS (Apple Insider) Apple's iOS has taken majority market share in education, government and the enterprise, but Google's Android has become the favored mobile platform among Al-Qaeda operatives
New cyber-attack sends data through home routers (Yomiuri Shimbun via the Japan News) A new type of cyber-attack that sends a huge amount of data to Internet service providers' servers via home routers has caused Internet outages in at least 4.8 million households since spring, The Yomiuri Shimbun has learned
Thousands of Mozilla developers' emails, passwords exposed (Help Net Security) Email addresses and encrypted passwords of tens of thousands of Mozilla developers were accidentally exposed and might have been harvested by malicious individuals, Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager at Mozilla announced on Friday
Facebook iPhone 6 scams - how NOT to get sucked in (Naked Security) How badly do you want an iPhone 6 when it comes out?
"Pitty Tiger" Threat Actors Possibly Active Since 2008: FireEye (SecurityWeek) Researchers at FireEye have analyzed the operations of the advanced persistent threat (APT) group dubbed "Pitty Tiger," and determined that it might have been active since as far back as 2008
Synology gets infected with SynoLcker ransomware strain (Slashgear) Synology's NAS drives are really getting popular. You can gauge that by the fact that it now has its own specific Cryptolocker strain. This ransomware encrypts data on the user's drive with a key that only the perpetrator knows, who then tries to extort money from the poor unsuspecting user in exchange for getting access to his or her own files
US warns of 'Backoff,' latest entry into POS malware market (ZDNet) US Homeland Security has warned businesses to stay on their guard against a newly-detected strain of point-of-sale malware
Citadel Malware Variant Allows Attackers Remote Access, Even After Removal (Threatpost) When hackers have compromised a valuable computer, maintaining persistence on that machine is the key to maintaining access to its resources and stored assets
'White Label' Money Laundering Services (Krebs on Security) Laundering the spoils from cybercrime can be a dicey affair, fraught with unreliable middlemen and dodgy, high-priced services that take a huge cut of the action. But large-scale cybercrime operations can avoid these snares and become much more profitable when they're able to disguise their operations as legitimate businesses operating in the United States, and increasingly they are doing just that
Computers still vulnerable to hackers of start-up codes (Reuters via ABS CBN) A multi-year effort to prevent hackers from altering computers while they boot up has largely failed because of lax application of preventive steps, researchers say, despite disclosures that flaws are being exploited
Registry-infecting reboot-resisting malware has NO FILES (The Register) Anti-virus doesn't stand a chance because there's nothing for it to scan
Hacker says to show passenger jets at risk of cyber attack (Reuters) Cyber security researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems
"BadUSB" — what if you could never trust a USB device again? (Naked Security) Imagine if you had to throw away your USB devices after letting someone else use them
Is your Dropcam live feed being watched by someone else? (IDG via CSO) Dropcam, the popular video monitoring camera, bills itself as "super simple security." But a pair of researchers plan to show at the Defcon hacking conference later this week how a Dropcam could be a weak point
Watch This Wireless Hack Pop a Car's Locks in Minutes (Wired) Shims and coat hangers are the clumsy tools of last century's car burglars. Modern-day thieves, if they're as clever as Silvio Cesare, may be able to unlock your vehicle's door without even touching it
Microsoft security sandbox for IE: Still broken after all these years (Ars Technica) Four years later, a key IE defense against drive-by attacks is still easy to bypass
Dublin university students targeted in cyber attack (Independent) Students in one of the country's largest universities have been warned to change their passwords after a user's login details were compromised in a 'cyber attack'
"Man In The Middle" Cyber Attack Targets UWF (WUWF) A computer security breach at the University of West Florida has compromised the accounts of at least 160 individuals including 90 UWF students. UWF's Chief Information Officer Mike Dieckmann says this particular type of cyber attack is called a "man in the middle attack. It's kind of the internet equivalent of wiretapping". People were actually intercepting on line traffic, decrypting it and using that information to acquire user names and passwords from people's accounts
Police warn of credit card cyber attack (Delaware Online) Ocean City, Maryland police are alerting the public to the discovery of a recent credit card breach involving an out-of-state company that contracts with numerous restaurants and bars in Ocean City
Reactions to the Paddy Power data breach (Help Net Security) Paddy Power is contacting 649,055 customers in relation to a data breach from 2010. The historical dataset contained individual customer's name, username, address, email address, phone contact number, date of birth and prompted question and answer. Customers' financial information such as credit or debit card details has not been compromised and is not at risk
Gambling website Paddy Power took four years to tell 650,000 customers their data had been stolen (Lumension Blog) Yesterday, popular gambling website Paddy Power found itself admitting that it had suffered a serious data breach — the kind of position that no company ever wants to find itself in
Security Patches, Mitigations, and Software Updates
Denial of Service Vulnerability Fixed in SCADA Server (Threatpost) A hole has been fixed in a popular industrial control system data management server that if left unpatched, could result in a remotely exploitable denial of service condition
Samba patch fixes critical vulnerability (ZDNet) Another system on the network could take root privileges on a vulnerable Samba client or server
Cyber Trends
Salted Hash: Live from Black Hat USA (Day 0) (CSO) Salted Hash takes a trip out west to visit the hacking confab in Las Vegas
No such thing as perfect cybersecurity (FierceCFO) With total prevention impossible, CFOs can only hope for mitigation, Deloitte warns
Access Control's Future Is Now (Security Management) Convergence engineering of IT and traditional access control is no longer a "what if" but more of an "almost done," offering security practitioners a new array of innovations that are increasing the effectiveness of access control at their organizations
What is Privacy? (M) Earlier this week, Anil Dash wrote a smart piece unpacking the concept of "public." He opens with some provocative questions about how we imagine the public, highlighting how new technologies that make heightened visibility possible
Mitigating cyber risk as healthcare data sharing accelerates (HealthITSecurity) When it comes to protecting their data, healthcare organizations are increasingly finding themselves caught between the proverbial rock and a hard place
How secure are today's critical networks? (Help Net Security) In this interview, Dr. Lutz Jänicke, CTO at Innominate Security Technologies, illustrates the security of critical networks, the regulatory mandates for organizations in the critical infrastructure sector, and showcases the building blocks of a robust security appliance aimed at critical networks
Marketplace
Blurred Lines: Commercial, Defense Sectors Begin To Blend (Defense News) As companies continue to turn their eyes toward the Middle East and Asia for new business, a trend has emerged: The lines between commercial and defense businesses are increasingly blurring
Can This Israeli Startup Hack Your Phone? (Wall Street Journal) Many computer-security companies trumpet their skills and accomplishments. Some take another tack altogether, like NSO Group
CloudPassage Appoints Former IBM, McAfee Executive as CTO (Talkin' Cloud) New CloudPassage CTO Amrit Williams is a 20-year veteran of the enterprise security and software space
Products, Services, and Solutions
Hexadite's Automated Incident Response Solution narrows the gap between detection and response (NetworkWorld via ComputerWorld) It has become fairly clear that one of the largest data breaches of 2013 occurred, in part, because no one followed up on an automated alert from a breach detection system. Like many other companies, this organization was overwhelmed by incident alerts that come by the hundreds or thousands every day
G Data Anti-Virus — New updates and Feature list (Streetwise Tech) G Facts Application, a group of anti-malware alternatives developed by G Facts Application Inc., is considered the most effective anti-virus software within the worldwide current market currently. It supports a significant level of safety and safety for end users. In addition, it truly is user-friendly and easy to navigate. G Data Computer software safeguards people from the huge selection of malware, threats, viruses, phishing together with other malicious scripts. Let's take a nearer glance on a number of the functions of the anti-virus software package
StrikeForce's ProtectID® Out-of-Band Authentication Technology Now Secures Microsoft Office 365 (Wall Street Journal) StrikeForce Technologies, Inc. (OTCQB: SFOR), a company that specializes in Cyber Security solutions for the prevention of Identity Theft and Data Breaches, announced today that ProtectID(R) now supports Microsoft Office 365
ZoneAlarm Internet Security Suite 2015 (PC Magazine) Check Point Software puts out a wide range of products under the ZoneAlarm name. I tested four of them in April, when the 2015 product line came out. I started on the other two but hit some glitches and agreed to wait until Check Point could iron out the problems. Now, three months later, the company deemed ZoneAlarm Internet Security 2015 ($79.95 for three licenses) ready for testing. Test it I did, and I came away unimpressed with this security suite
SolarWinds adds DPI to network monitoring application (TechTarget) SolarWinds adds software-based deep packet inspection to flagship network monitoring application
Technologies, Techniques, and Standards
Chip-based credit cards are a decade old; why doesn't the US rely on them yet? (Ars Technica) Square is pushing forward with a new credit card reader for the 2015 transition
Verizon's Paul Pratley: Financial Services Should Base Cyber Defenses on Attack Patterns (ExecutiveBiz) Paul Pratley, a global investigations manager with Verizon's RISK team, urges financial services organizations to implement cyber defenses against threats such as web application attacks, denial of service and skimming
Design and Innovation
Security Secrets, Dated but Real (New York Times) Was the National Cryptologic Museum designed using a code of some kind? Something perhaps meant, cryptically, to mask its character and significance? Something that can be deciphered only by those familiar with mysterious organizations like the Black Chamber?
Research and Development
How to secure the cloud (Phys.org) With support from the National Science Foundation, cryptography expert Daniel Wichs, an assistant professor in the College of Computer and Information Science, will work as part of a multi-university team to develop better encryption techniques to improve cloud security. For many of us, the primary reason we use "the cloud" is for storage — whether it's storing email through services like Gmail and Yahoo!, photos on Flickr, or personal documents on Dropbox. Many organizations like hospitals and banks utilize the cloud to store data on patient and customer information
Academia
Retired sergeant continues cybersecurity mission with UMBC (Technical.ly Baltimore) Homer Minnick once searched for training opportunities for U.S. Army cybersecurity personnel. Now he's on the other side of the equation, working to train Defense personnel and contractors
Purdue doctoral student recognized for stopping identity theft (NWI.com) U.S. Homeland Security Investigations recently recognized Rachel Sitarz, a Center for Education and Research in Information Assurance and Security Ph.D candidate in cyber forensics at Purdue University, for her efforts in support of a nationally coordinated investigation in 2012
Erika Gerhold presents research on mathematics used in cryptography (Herald-Mail) Salisbury University senior Erika Gerhold recently presented her research on the mathematics used in cryptography at the 18th Annual Posters on the Hill event in Washington, D.C
Legislation, Policy, and Regulation
Beijing to bar Symantec, Kaspersky anti-virus in procurement: report (Today) China has excluded U.S.-based Symantec Corp and Russia's Kaspersky Lab from a list of approved anti-virus software vendors, according to a Chinese media report suggesting Beijing is expanding efforts to limit use of foreign technology
Govt called to account for spy claims (Radio New Zealand) Prime Minister John Key's office is denying the fibre-optic cable that links New Zealand with the world is being intercepted
Key must "come clean" on NSA / GCSB fibre optic cable interception (TelcoReview) The Green Party has called on Prime Minister John Key to "come clean" after revelations that a US National Security Agency (NSA) engineer was in New Zealand in 2013, discussing with the GCSB the setting up of an interception site on the country's only fibre optic cable
NSA Has 'Far-Reaching' Partnership With Israeli Intelligence Agency (Huffington Post) Documents published Monday by The Intercept revealed the "far-reaching" extent of the U.S. National Security Agency's collaboration with Israeli intelligence services
Sen. Kirsten Gillibrand Proposes Tax Incentives to Spur Cyber Intell Sharing (ExecutiveGov) A bill sponsored by Sen. Kirsten Gillibrand (D-N.Y.) would offer tax credits to private infrastructure operators who coordinate with information sharing and analysis centers to mitigate cyber threats
Army names new commander for cyber training center (FCW) Maj. Gen. Stephen Fogarty (left) is taking over the Army's Cyber Center of Excellence while Maj. Gen. LaWarren Patterson moves to the Installation Management Command. Army Chief of Staff Gen. Ray Odierno announced a change in command at the Army's main cybersecurity training center on Aug. 1
Litigation, Investigation, and Law Enforcement
China investigating Microsoft in monopoly case (AP via Northwest Asian Weekly) China's anti-monopoly agency announced an investigation Tuesday of Microsoft Corp., stepping up regulatory pressure on foreign technology companies
Russia keeps fugitive whistle-blower Edward Snowden in legal limbo (Los Angeles Times) The Kremlin is keeping Edward Snowden guessing about whether it will renew temporary asylum for the fugitive U.S. intelligence contractor
John McCain, Lindsey Graham Slam CIA Spying As 'Worse Than Criminal' (Huffington Post) The Central Intelligence Agency's infiltration and possible manipulation of computers belonging to Senate oversight investigators was "worse than criminal" and needs to be investigated, two key Republican senators charged Friday
Sen. Mark Udall Calls For CIA Director John Brennan To Resign (Huffington Post) Following reports that Central Intelligence Agency employees improperly accessed computers used by U.S. Senate staff to investigate the agency, Sen. Mark Udall on Thursday called for the resignation of John Brennan as CIA director
The Country Has Big Trouble (Huffington Post) The two guys at the top of national security (the Director of National Intelligence [DNI] and the director of the CIA) have both been caught lying to the American people and to the US Senate — they have no right to lie
Google Explains How It Forgets (IEEE Spectrum) Google can forget, but unlike the rest of us, the process is not automatic. Yesterday Google told a European government data protection working party how it handles requests for search result link removals. The removals began in June after a May European court ruling (see our coverage) upholding a Spanish man's right to be forgotten
Feds' Silk Road Investigation Broke Privacy Laws, Defendant Tells Court (Wired) The Department of Justice sees its takedown of the billion-dollar Silk Road black market as a massive, victorious drug bust. Ross Ulbricht, the alleged creator of that anonymous contraband bazaar, now wants to cast the case in a different light: as a landmark example of the government trampling privacy rights in the digital world
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.
SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, Aug 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction
STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, Aug 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities
4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.
BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.
Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.
DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.