The CyberWire Daily Briefing 08.13.14

Summary

By The CyberWire Staff

A study of hacktivism resisting Israeli operations against Hamas in Gaza highlights the difficulty of attribution, particularly when non-, trans-, or sub-national actors are involved. What, in the end, does attributing an action to Anonymous really mean? (Hacktivists in this respect resemble irregular military forces. How are they organized? How are they controlled? How are they recognized?)

For a look at what it's like for a community and its associated non-governmental organizations to receive the cyber ministrations of a state security apparat, see a Max Planck Institute study of China's operations against its Uyghur minority. Observations concerning social engineering of highly targeted attacks are particularly interesting.

Russian cyber espionage against former Soviet and Warsaw Pact nations' diplomatic networks continues.

India's government and Internet service providers receive a warning to expect cyber attacks on Independence Day, August 15.

Android malware reported by ESET affords an object lesson in how crimeware evolves in the underground ecosystem.

Patch Tuesday reviews are in.

Damballa and Trend Micro both release their 2014 Q2 trend reports, with Damballa seeing ransomware reaching a tipping point, and Trend Micro calling for a more strategic approach to cyber defense.

In industry news, Lookout raises $150M in venture capital. Financial markets digest IBM's acquisition of Lighthouse Security. Cisco is rumored to be bracing for layoffs.

Wired publishes an interview with Edward Snowden amid speculation that there remains at least one undiscovered leaker within the US Intelligence Community. The Snowden affair prompts discussion of corporate and agency ethics and whistleblower policies.

Notes.

Today's issue includes events affecting China, Bahrain, France, India, Israel, Kazakhstan, Palestinian Territories, Poland, Russia, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

State of Infections Report — Q2 2014 (Damballa) The Damballa Q2 2014 "State of Infections" report revisits the state of the enterprise under attack and trends in threats seen in the second quarter of 2014. Ransomware was a big mover this quarter, appearing nearly everywhere, grabbing international headlines and showing vigorous activity. Unlike traditional malware, which conducts its criminal activity in the background, ransomware is essentially a cyber stick-up. The victim is immediately locked out of their computer. Most will not regain control even if they pay the ransom demand

Trend Micro's Q2 Security Round Up Highlights Need for Comprehensive Cybersecurity Strategy to Keep Information Secure (CNW) Cyber threats, data breaches and high-risk vulnerabilities have continued to dominate the first half of 2014 as seen in Trend Micro Incorporated's (TYO: 4704; TSE: 4704) second quarter security roundup report, "Turning the Tables on Cybercrime: Responding to Evolving Cybercrime Tactics." The severity of these attacks intensified against financial and banking institutions as well as retail outlets. Total attacks have exposed more than 10 million personal records as of July 2014 and strongly indicate the need for organizations to adopt a more strategic approach to safeguarding digital information

State-of-the-art spear phishing and defenses (CSO) Likelihood, severity support paying upfront for that ounce of prevention

How security practitioners deal with incident response (Help Net Security) A spate of high-profile security breaches and attacks means that security practitioners find themselves thinking a lot about incident response, according to a new SANS survey

How fast can security pros detect a breach? (Help Net Security) Tripwire announced the results of a survey of 215 attendees at the Black Hat USA 2014 security conference in Las Vegas

94% of Kazakhstani complain on the spam (KZ-CERT) ESET Company represents the results of poll of Kazakhstan citizens

Awareness of threats key to tackling cyber crime (Gulf Daily News) Doing basic cyber hygiene right can reduce the risk of a cyber breach by as much as 80 per cent, according to an expert

Legislation, Policy and Regulation

Anonymous wifi the latest casualty of Russia net neurosis (The Register) Ruskies must provide mobile phone numbers to surf Starbucks

UK campaign raises cyber attack awareness (SBS) Britain has launched a new campaign to improve cyber common sense and cut down on security breaches from malicious emails and infected USB sticks

Products, Services, and Solutions

Why surveillance companies hate the iPhone (Washington Post) The secrets of one of the world's most prominent surveillance companies, Gamma Group, spilled onto the Internet last week, courtesy of an anonymous leaker who appears to have gained access to sensitive corporate documents. And while they provide illuminating details about the capabilities of Gamma's many spy tools, perhaps the most surprising revelation is about something the company is unable to do: It can't hack into your typical iPhone

Splunk App Captures Real-Time Streaming Wire Data (CIO) Splunk adds capability to capture wire data to its platform, dramatically expanding use cases for application management, IT operations, security and business analytics

Bitdefender Internet Security 2015 Review (Laptop) Bitdefender Internet Security has earned the top honors in tests at AV-Test, an independent software testing lab. Bitdefender security suite includes all the features in Bitdefender Antivirus Plus and has a few others that are more directed toward internet security

Joe Sandbox 10: Analysing unpacked PE Files and Memory Dumps with IDA (Joe Security) As you know the current Joe Sandbox version is 9.0.0 which we released in the end of March 2014. Since then we have implemented a set of very cool new features which we are going to release soon with Joe Sandbox 10. Some of them are outlined in this blog post

New security tools from Tenable, HP, Co3 attempt the impossible (NetworkWorld) Automated incident response promises total network security by combining threat detection, prevention and response

GFI WebMonitor 2015 Beta 1 released (Help Net Security) Beta 1 of a totally revamped GFI WebMonitor is now available for preview. GFI WebMonitor 2015 is a new, powerful version that really gives sysadmins the tools to manage internet monitoring in their organization

Technologies, Techniques, and Standards

New Free Windows System Tool Called Sysmon from Sysinternals (Gizmo's Freeware) It isn't often that we get a brand-new addition to the famous suite of free system tools provided at Windows Sysinternals and when we do it's worth noting. Mark Russinovich has just announced a tool called Sysmon

How to Hack a Macbook via Firewire (Techly) There's nothing quite like a weekend at a hacking convention to make you realise just how easy it is for technology companies to fall behind the ball

Whitepaper: History of cryptography (Help Net Security) This whitepaper presents a brief history of cryptography and how encryption-related technologies have evolved and will continue to evolve as well as the measures Internet users should consider when implementing modern encryption

Marketplace

Lookout funding boosted by Amazon's Bezos (Financial Times) Lookout has raised $150m from Amazon founder Jeff Bezos, Goldman Sachs and Morgan Stanley Investment Management, in the largest fundraising by a cyber security company this year

IBM Buys Lighthouse Security Group To Boost IAM Offerings (CRN) IBM bought the Identity and Access Management (IAM) subsidiary of longtime IBM partner Lighthouse Computer Services on Monday in an effort to bolster its cloud-based security offerings and one-up competitors Amazon Web Services, CA and Oracle

Will The Lighthouse Security Group Acquisition Affect IBM (IBM) Stock? (The Street) IBM (IBM_) announced Monday that it acquired cloud identity and access management company Lighthouse Security Group. Terms of the deal were not disclosed

Cisco rumoured to cut staff numbers again (TechRadar) Bad news coming soon

Vupen, Hacker made in France (Backchich) 10 ans qu'une start-up de Montpellier joue dans la cour des grands

Research and Development

Volunteers Hunt for Flaws in Cryptography Software (Tom's Guide) Good encryption software is not easy to make. but it's essential for keeping files, emails, Web traffic and financial and personal information safe on the Internet

Meet MonsterMind, the NSA Bot That Could Wage Cyberwar Autonomously (Wired) Edward Snowden has made us painfully aware of the government's sweeping surveillance programs over the last year. But a new program, currently being developed at the NSA, suggests that surveillance may fuel the government's cyber defense capabilities, too

Security Patches, Mitigations, and Software Updates

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP = patch early, patch all! (Naked Security) Patch Tuesday for August 2014 has arrived, with Adobe and Microsoft delivering their now-familiar security fixes

Microsoft Security Bulletin Summary for August 2014 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for August 2014

Adobe patches Flash and zero-day Acrobat bugs (ZDNet) A flaw in Adobe Acrobat and Reader for Windows is being exploited in the wild. Critical vulnerabilities affect all versions of Flash Player

Microsoft Holds Back on Out-of-Date ActiveX Blocking Until September (Redmond Magazine) Microsoft's new security protection feature for Internet Explorer that blocks older installations of ActiveX will now start to take effect on Sept. 9, instead of the earlier announced Aug. 12 date, and it will only block Oracle Java ActiveX for now

Cyber Attacks, Threats, and Vulnerabilities

Cyber Infiltration During Operation Protective Edge (Forbes) At the commencement of Operation Protective Edge, the latest Israeli military operation in the Hamas-governed Gaza Strip, hackers began attacking Israeli government sites and media outlets through denial of service (DDoS) and Domain Network System (DNS) attacks, and the personal data of Israeli citizens were exposed. These recent attacks are connected to cyber groups with links to state sponsorship terrorism, with some affiliation to the Anonymous theoretical concept

Report Details China's Unrelenting Cyberattacks Against Activists (SecurityWeek) Cyber-attackers backed by China have conducted "a series of apparently targeted, sophisticated cyber-attacks" against activists representing the Uyghurs, a religious minority in China, a group of researchers have found

A Look at Targeted Attacks Through the Lens of an NGO (Max Planck Institute for Software Systems) We present an empirical analysis of targeted attacks against a human-rights Non-Governmental Organization (NGO) representing a minority living in China. In particular, we analyze the social engineering techniques, attack vectors, and malware employed in malicious emails received by two members of the NGO over a four-year period. We find that both the language and topic of the emails were highly tailored to the victims, and that sender impersonation was commonly used to lure them into opening malicious attachments. We also show that the majority of attacks employed malicious documents with recent but disclosed vulnerabilities that tend to evade common defenses. Finally, we find that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that havebeen reported to engage in targeted attacks against political and industrial organizations, and Tibetan NGOs

Moscow hackers "systematically target" former soviet embassies (ITProPortal) A huge cyber-attack has been carried out across more than 15 countries, with the hackers targeting former soviet embassies across the globe

Government departments, internet service providers alerted about cyber attack on August 15 (Economic Times) Cyber security division NCIIPC has alerted government departments and leading internet service providers about a possible cyber attack on the Independence Day and has suggested a series of measures to prevent these attacks

Android Trojan passes off crafty RAT as ESET security software (TechWorld) The Russians are coming. Security firm ESET has discovered a crafty Android 'backdoor' remote access Trojan (RAT) passing itself off as a variety of apps, including the firm's own Mobile Security software

Android backdoor lurking inside legitimate apps (Help Net Security) One of the most important pieces of advice we give Android users is to refrain from downloading applications from dubious sources and to stick to the official Google Play store. Malware does show up from time to time there, but it is much better controlled, thanks to the Google Bouncer, than on alternative app stores

Windows tech support scammers take root in the U.S. (ComputerWorld) Security company accuses Florida firm of mixing old and new tactics to dupe unwary consumers with fake infection anxieties

FinSpy surveillance software tunnels into all mobile platforms except iOS (FierceMobileIT) Only jailbroken iPhones were vulnerable

EE network whacked by 'PDP authentication failure' blunder (The Register) Carrier is 'aware' of cockup, working on a fix NOW

Social engineering blunders at security shows (FierceITSecurity) The more hacker-ish the show ethos, the more attention attendees should pay to their own behavior

Academia

Drexel gets $3.1M from NSF for minority STEM program (Technical.ly Philly) Drexel is the lead university on the 20-year-old National Science Foundation program. As of last year, it has helped more than 10,200 students get undergraduate degrees, said regional director Veniece Keene

Encouraging Girls to Embrace Tech, No Matter Where They Live (Re/Code) Waad "Dede" Krishan is probably having a better summer than you

Science academies a hot trend for fall in North Jersey (NorthJersey.com) With schools set to open in about three weeks, the hottest trend in education is the launching of special academies for science, technology, engineering and math, aimed at training future high-tech workers and capturing the fascination of young people born to a digital age

Litigation, Investigation, and Enforcement

NPR Is Laundering CIA Talking Points to Make You Scared of NSA Reporting (The Intercept) On August 1, NPR's Morning Edition broadcast a story by NPR national security reporter Dina Temple-Raston touting explosive claims from what she called "a tech firm based in Cambridge, Massachusetts." That firm, Recorded Future, worked together with "a cyber expert, Mario Vuksan, the CEO of ReversingLabs," to produce a new report that purported to vindicate the repeated accusation from U.S. officials that "revelations from former NSA contract worker Edward Snowden harmed national security and allowed terrorists to develop their own countermeasures"

The Most Wanted Man in the World (Wired) The message arrives on my "clean machine," a MacBook Air loaded only with a sophisticated encryption package. "Change in plans," my contact says. "Be in the lobby of the Hotel —— by 1 pm. Bring a book and wait for ES to find you"

Risky Business: How To Blow The Whistle (But Still Protect Your Career) (Forbes) Which is more valuable to your company's culture — a strong ethics policy or a whistleblower policy? A reader pitched me this week on covering this topic and pointed to an article contrasting the two policies here

Ethics Policies vs. Whistleblower Policies — What’s the Difference? (CMS) Many companies and organizations have a code of ethics and best practices. However, these policies are useless unless you have a meaningful way to handle violations

Facebook ordered to disclose records on underage users (Naked Security) Facebook must disclose any available records on the number of children under the age of 13 who have accounts in Northern Ireland or anywhere throughout the UK, the High Court in Belfast has ruled

Former Citadel quant pleaded guilty to theft of HFT signals (FierceFinanceIT) A former Citadel quantitative engineer has pleaded guilty to stealing high-frequency trading signals from Citadel and to a similar theft from a previous employer in New Jersey

Design and Innovation

No More Solitude: How to Make DoD the Next Google (War on the Rocks) Johann Wolfgang von Goethe once said, "Nothing will change the fact that I cannot produce the least thing without absolute solitude." He could have easily been describing the current culture of innovation within the U.S. Department of Defense

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector

FOCUS 14:Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies. Understand how innovative, market-leading companies are using McAfee's security technology to build and sustain a competitive advantage

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector

upcoming Events

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.