The CyberWire Daily Briefing 08.14.14
Did you hear Russia's PM Medvedev had resigned? Neither had Mr. Medvedev — his Twitter account was hijacked to tweet a resignation in (implausible) shame over his government's conduct. Anti-Putin hacktivists Sholtay-Boltay claim credit.
Taiwan complains publicly of Chinese cyber attacks.
Iranian dissidents (and ordinary Internet users) increasingly work Tor to evade Islamic Republic censorship. (Tor also retains its attractiveness to botnet masters.)
Symantec releases a study of obfuscation and finds, interestingly, noticeably fewer instances of malware shutting down upon detection of a virtual machine. Since determining that software is running in a VM is a useful indicator that the software may be under analysis, this shift indicates either that malware authors are becoming careless or (far more likely) they've decided other forms of evasion are a better investment.
Anonymous continues to hack Ferguson, Missouri, USA, over a controversial police shooting. Someone — possibly a hacktivist opposed to Anonymous — sets up a spoof site to troll Anonymous sympathizers.
Hold Security responds to critics of its handling of the CyberVor discovery, and publishes a CyberVor FAQ.
Researchers offer an overview of automotive cyber attack surfaces.
BlackBerry has patched its OS and enterprise server software.
Harvard Business Review and the Atlantic publish, respectively, a call for a workplace cyber panopticon and a rebuke to the Internet's marketing roots.
Frances' ANSSI issues guidelines for ICS cyber security.
NATO is again encouraged to think through Article 5's application in cyberspace.
US Department of Homeland Security critical infrastructure protection and cyber security programs receive marks from partners.
Today's issue includes events affecting Austria, China, European Union, France, Iran, Netherlands, Russia, Syria, Taiwan, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Russian PM's Twitter hacked, posting 'I resign' (BBC) The Twitter account of Russia's prime minister was hacked on Thursday. The infiltrators posted a message saying Dmitry Medvedev had resigned
China launching 'severe' cyber attacks on Taiwan: Minister (Economic Times) "The Chinese cyberwar units have been engaging with Taiwan units almost every day, with some severe attacks every few months," Simon Chang said. Taiwan's science and technology minister today said that China is launching frequent cyber attacks on the island despite warming ties between the two former rivals
Iran's Internet Users Outsmart Government in Cat-and-Mouse Censorship Game (Global Voices) Tor, a popular online anonymity tool used by many Iranians to bypass Internet censorship, was blocked from late July until the beginning of August. The block prevented 75 percent of the network's estimated 40,000 daily users in Iran from connecting to Tor
Fake Tor Browser Bundle Reversed, Researcher Talks to Botmaster (Softpedia) A security researcher found a fake Tor Browser Bundle that contained malware and reverse engineered his way to communicating with the botmaster for a while
Malware is less concerned about virtual machines (ComputerWorld) Symantec finds most malware doesn't quit if it runs on VM, which used to be a sign it was being analyzed
Threats to virtual environments (Internet Storm Center) In the past few years the virtualization concept becomes very popular. A new study by Symantec discussed the threats to the virtual environment and suggests the best practice to minimize the risk
Malware targets jailbroken iOS devices, hijacks ad revenue (Help Net Security) AdThief (or Spad) is the name of a recently discovered iOS malware that has managed to infect some 75,000 jailbroken iOS devices and steal revenue from around 22 million ads in a period that spanned a little over four months
DorkBot, a Twin Botnet of NgrBot (Fortinet Blog) DorkBot is another modified IrcBot that is extremely similar to NgrBot, which is why many antivirus software treat them the same way, oftentimes using the same detection. Our botnet monitoring system has even captured NgrBot and DorkBot at almost the same time. However, according to a deeper analysis of both NgrBot and DorkBot, we find that they should be treated differently
"Anonymous" attack disrupting Ferguson city government (Fox 2 St. Louis) Protests in the streets have not been the only disruption in the city of Ferguson since the shooting of Michael Brown by police. A cyber attack by the hacker group "Anonymous" has done more damage than any bottle or brick
This Phony 'Anonymous' Site Was Set Up to Trap Ferguson Hacktivists (Motherboard) As military police forces gather around Ferguson, trying to quell an angry, frustrated, and betrayed population, some people are taking their fight online. 'OpFerguson', being spear-headed by members of the hacktivism collective Anonymous, launched a couple of days ago
CyberVor Update: Hold Security Responds (BankInfoSecurity) Firm posts FAQ, defends its intentions. Hold Security continues to deal with the backlash prompted by its recent warning that a Russian cyber gang breached 420,000 web and FTP sites to pilfer more than 1.2 billion credentials.
CyberVor Breach: Frequently Asked Questions (Hold Security) [Eleven questions asked and answered.]
Breach Puts Database Security Back In Spotlight (Daily Business Review) Reports of a Russian crime ring amassing 542 million unique email accounts and 1.2 billion username and password combinations once again raises questions about database security
15 new vulnerabilities reported during router hacking contest (InfoWorld) Five popular router models were hacked during the SOHOpelessly Broken competition at DefCon 22
A Survey of Remote Automotive Attack Surfaces (Illmatics) Modern automobiles consist of a number of different computer components, called Electronic Control Units (ECUs). Each automobile contains from 20-100 of these devices, with each ECU being responsible for one or more particular features of the vehicle. For example, there is an ECU for seatbelt tightening, one for monitoring the steering wheel angle, one to measure if a passenger is in the car, one to control the ABS system, and so on. These ECUs need to pass data to one another so they can make decisions on how to act. For example, an ECU may act differently depending on if the car is in drive or reverse or whether it is moving or stationary
How the NSA (accidentally) took Syria off the internet (Hot for Security) In late 2012, as fighting intensified around Damascus, all internet services in and out of Syria suddenly shut down
The internet just BROKE under its own weight — we explain how (The Register) Next time, big biz, listen to your network admin. On Tuesday, 12 August, 2014, the internet hit an arbitrary limit of more than 512,000 routes. This 512K route limit is something we have known about for some time
Security Patches, Mitigations, and Software Updates
BlackBerry patches vulnerabilities in BlackBerry OS, enterprise server software (CSO) The flaws could allow attackers to access data stored on BlackBerry phones or sensitive credentials logged on servers
Users should patch critical flaw in Adobe Reader and Acrobat, researchers say (CSO) Adobe also releases critical updates for Flash Player and AIR
Gmail introduces filters for non-Latin characters, weeding out more phishing emails (Naked Security) Just one week after Google announced that it was to become the first major email provider to adopt the Internet Engineering Task Force (IETF) standard for addresses containing non-Latin and accented characters, it has had to introduce filters to minimise the risks posed by the change
The Danger from Within (Harvard Business Review) See how resilient your organization is to insider cyberattacks and whether you're helping or hurting the cause
The Internet's Original Sin (The Atlantic) It's not too late to ditch the ad-based business model we have and build the web we want
The Man Who Found 1.2 Billion Stolen Passwords: Negative Publicity Harming My Business (Forbes) Alex Holden, CTO of Milwaukee-based Hold Security, looks surprisingly buoyant. Perhaps it's just his attempt at a brave face. In the past week, his integrity as a security researcher has been called into question. He's been called a liar and a scaremonger. He hasn't been talking to the press until now
SafeNet, Gemalto reached $890M deal after less than 2 months of talks (Baltimore Business Journal) Amsterdam-based Gemalto N.V. was following Belcamp cyber security firm SafeNet Inc. for years before striking a deal to buy it
Lockheed buying up suppliers? Chalk it up to serendipity, says one exec (Washington Business Journal) Tim Reardon, chief of Lockheed Martin Corp.'s defense and intelligence solutions group, acknowledged that some have surmised that Lockheed is buying up its suppliers, in an attempt to bring capabilities under its own umbrella and perhaps trim costs tied to the supply chain. So is it?
Products, Services, and Solutions
ESET releases new SOHO security SKUs (ChannelLine) Slovakian-based security software maker ESET has announced two new solutions for the Small Office/Home Office (SOHO) market: ESET Multi-Device Security Home Office and ESET Small Office Security
Panda 2015 consumer range now available (Beta News) Panda Security has announced the launch of its 2015 consumer range, claiming that it's "lighter, safer and easier to use than ever before"
Drew Morin: TCS to Integrate Cyber Training Modules into Sypris Platform (ExecutiveGov) TeleCommunication Systems has been awarded a contract to design a cybersecurity training program for Sypris Electronics
CTC, SilverSky Partner, Eye Global Managed Security Services Expansion (Talkin' Cloud) CTC will leverage SilverSky to deliver managed security services to its customers
Technologies, Techniques, and Standards
ANSSI key measures to improve the cybersecurity of industrial control systems (ANSSI) Since February 2013, industrial stakeholders (final users, vendors, integrators, professional organizations, etc.) and French governmental entities have been working together as part of a working group, lead by ANSSI, which aims at elaborating concrete and practical proposals to improve the cybersecurity of critical infrastructures
How to Detect SSL Leakage in Mobile Apps (eSecurity Planet) LinkedIn researchers find piles of SSL configuration flaws in mobile apps and so can you
Wireless Auditing, Intrusion Detection & Prevention System (Ethical Hacking) WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit (penetration testing) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all WiFi information in the surrounding and store in databases. This will be useful when it comes to auditing a network if the access point is 'MAC filtered' or 'hidden SSID' and there isn't any existing client at that moment
SAMHAIN v3.1.2 Released (Toolswatch) The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes
Hybrid Cloud Security: New Tactics Required (InformationWeek) Interested in shuttling workloads between public and private cloud? Better make sure it's worth doing, because hybrid means rethinking how you manage compliance, identity, connectivity, and more
Schools Buy Into Cyber Security Business As Investment Swells (BusinessBecause) A cluster of the world's leading business schools have begun rolling out cybersecurity classes, as markets begin recognizing its importance in the corporate world
Cyber Engineering at Louisiana Tech Positions Graduates, Region to Lead Industry (My ArkLaMiss) Cyber is everywhere. From the way we communicate to the way we buy goods and services to the way we share information, our lives and activities today are largely reliant on a strong and secure global cyber infrastructure
Legislation, Policy, and Regulation
The Three Cyber-Security Challenges Facing Nato (International Business Times) Cyber is already an integral part of all conflicts and wars in today's world. For NATO there is plenty of work and planning ahead, before it, as alliance, is a credible player in the cyber domain. NATO must pay special and rapid attention improving its Article 5 policy and collective cyber capabilities, and also remind its member-states that collective cyber credibility begins with countries' own cyber defences. Decisions and guidelines are needed in the Nato Summit in September
The story behind DOT's cyber makeover (FCW) Richard McKinney says that when he came to the Transportation Department as CIO in May 2013, the agency's reputation for cybersecurity was dismal — marked by insufficient staff, inconsistent tools and siloed visibility
Who Receives Hacker Threat Info From DHS? (Nextgov) Health care, banking and other key sectors at risk of cyberattacks have not joined a Department of Homeland Security program required to offer these industries protections against a potential catastrophic hack, according to federal inspectors
Agencies slow to move out on DHS cyber program, survey says (Federal News Radio) A year after the Department of Homeland Security formally launched its effort to move agencies toward a continuous diagnostic and mitigation approach to cybersecurity, things are off to a slow start. On the plus side, the agencies that have gotten the ball rolling already are seeing good results
Cyber Uncertainty [National Guard] (TMC Net) Governors want to tap the Guard's growing cyber capability. The Guard wants to help, but a lack of clear policy from Washington is an impediment
Litigation, Investigation, and Law Enforcement
Snowden: lies pushed me over the edge (AFP via Yahoo! News) Edward Snowden says dishonest comments to Congress by the US intelligence chief were the final straw that prompted him to flee the country and reveal a trove of national security documents
Snowden's New Lies for Old (XX Committee) WIRED has a new interview with Edward Snowden, conducted over several days in Moscow, which claims to be the most significant media discussion with the world's most famous IT contractor since he fled to Russia in June of last year. I won't comment on the magazine cover shot, with Ed wrapped in Old Glory, representing an American super-patriot, which is a rare breed in Putin's Russia
Snowden leaks show that terrorists are JUST LIKE US (The Register) … on infosec, that is. Jihadis' OPSEC rivalled GCHQ's, says Glenn Greenwald
USIS Breach May Open Door To Foreign Agent Recruitment (HS Today) The largest provider of background investigations for the Department of Homeland Security (DHS) recently became the latest victim of a major cyberattack that may have compromised the personal information of employees, prompting the government to suspend its work with the firm
Gartner Magic Quadrant: NetScout Says Secret Is Green (InformationWeek) After Gartner analysts rank NetScout only a "challenger," Netscout files lawsuit alleging Gartner's rankings involve pay for play. Let's examine both sides of this street
US construction company sues bank over cyber-heist (Computing) A US heavy industrial construction company is sueing its bank after losing $327,000 in a cyber attack, claiming negligence on the part of the bank and breach of contract after it was subject to a "corporate account takeover" in a sophisticated sting
IG: Former DARPA head promoted own company, violating rules (Military Times) A former director of the Defense Advanced Research Projects Agency used her influential position to help shine a spotlight on a high-tech research company that she created, actions that the Defense Department Inspector General says violated ethics rules
Facial recognition software leads to arrest after 14-year manhunt (Naked Security) A US child sex abuse suspect hiding out in Nepal who was on the run for 14 years has been caught using facial recognition technology
US Companies Still Mine Europeans' Private Data despite Promises, CDD says (Hot for Security) Dozens of US tech companies, including Adobe Systems, AOL and Salesforce.com, continue to violate Europeans' privacy despite promises to comply, according to the Center for Digital Democracy. The advocacy group filed a complaint against 30 data brokers, tech giants and data management firms that promised to better handle personal information of EU residents
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
SINET 16 (Washington, DC, USA, Dec 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent builders, buyers, investors and researchers. Our goal is to provide entrepreneurs from around the world an opportunity to increase awareness of their Cybersecurity products and solutions to US Federal Governmental agencies and commercial enterprises, key investors and venture capitalists. Applications close August 29, 2014
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.