The CyberWire Daily Briefing 01.03.14

Summary

By The CyberWire Staff

SoHo routers widely used in homes have been shown to have backdoors that enable an attacker to gain admin access. The SANS Institute's Internet Storm Center reports seeing a large number of probes to a port on which Linksys devices may be listening, which indicates this is more than a theoretical risk.

CryptoLocker, which had hitherto spread as a conventional Trojan, turns up in a new, worrisome version that propagates itself as a worm.

SnapChat works to contain and undo the damage done by the end-of-year compromise it suffered, and announces plans to upgrade security. Forbes suggests the story is one of a missed opportunity to benefit from an independent security warning.

Kaspersky Labs foresees surveillance concerns and desire for increased national control fragmenting the traditional Internet in 2014, going so far as to predict that the deep web will soon be the only remaining international network.

The maritime shipping industry sees a cyber risk in its increased automation of ship operations (compare airline concerns about cyber security).

In industry news, FireEye announced late yesterday that it has acquired Mandiant for a reported $1.05B. Synergies are expected as FireEye combines its virtual machine monitoring tools with Mandiant's endpoint security, incident response, and remediation services. Kevin Mandia will become FireEye's COO; FireEye plans to increase its sales force.

A criminological study claims warning banners actually have a deterrent effect on hackers.

In the US surveillance policy debate, a Foreign Policy essay describes the Presidential surveillance panel's recommendations as "reckless" and "ineffective."

Notes.

Today's issue includes events affecting Australia, China, Japan, Russia, Taiwan, United Kingdom, United States.

Selected Reading

Cyber Trends

CIOs better get ready for influx of tablets, smartphones (FierceMobileIT) As employees come back to work after the holiday break, they will be bringing the smartphones and tablets they received as gifts to the workplace and CIOs need to be prepared

Non–official mobile app stores are security sieves, says Arxan (FierceITSecurity) Mobile app security continues to be the bane of CISOs' existence, and a recent study conducted by mobile app security firm Arxan will do nothing to ease their security woes

IB Times: Cyber Threats 2014: Darknets, Windows XP, Adobe Passwords, Mobile Malware and more (Defense Update) In the cyber security world, 2013 has been more than a bit of an eye-opener for most people. The level of sophistication and power that some people wield over your online activity has been revealed to be far greater than almost everyone ever imagined

Consumers trust government bodies more than private organizations? (Help Net Security) Despite high profile surveillance and data gathering incidents, consumers still appear to trust government bodies more than private sector organisations when it comes to having access to their personal data

The 2013 NSA Cyber Espionage Revelations in Review and Their Impact on Hosting (The Whir) For many, 2013 will be known as the year in which our trust in government was shaken, given the use of new communications technologies for the purpose of surveillance

Marine Cybersecurity: Is Your Ship Safe? Are You Sure? (MarineLink) There is a growing threat to marine safety, security, and environmental protection from the over-reliance on electronics to accomplish operational tasks

Legislation, Policy and Regulation

Is U.S. Ready Rethink Sept. 11 Security Policies? (NPR via KERA News) President Obama says he will soon propose changes at the National Security Agency. Former contractor Edward Snowden's disclosure of NSA surveillance programs widespread criticism and prompted a review of the agency's operations by Congress, the courts, and the White House. NPR's Tom Gjelten looks at whether the country is now at a turning point, ready to rethink the security policies in place since 9/11

Reckless Reforms (Foreign Policy) Why the Obama administration should ignore recommendations from the panel it established to review NSA surveillance

Real ID enforcement to begin in April (FierceHomelandSecurity) Enforcement of the Real ID Act will be phased in starting in April under a schedule the Homeland Security Department released Dec. 20

Security and resilience 'primary aim' of critical infrastructure planning, says new NIPP (FierceHomelandSecurity) A revised National Infrastructure Protection Plan issued by the Homeland Security Department in late December places greater emphasis on security and resilience than its predecessor from 2009

OCR chief leaves as permanent HIPAA auditing program ramps up (FierceHealthIT) The departure of U.S. Department of Health & Human Services Office for Civil Rights Director Leon Rodriguez leaves OCR without its central leader just as the permanent HIPAA auditing program gets under way this year

Cyber deterrence and reserves corps strategy become law (FierceGovernmentIT) This year's national defense authorization act, signed into law by President Obama Dec. 26, includes Senate Armed Services Committee language requiring development of a new cyber attack deterrence policy

Yes, Virginia, there is privacy (I hope) (SC Magazine) It will be just after the start of this year that we all should hear President Obama's stance on recommendations made by the special advisory panel he created last year to review the surveillance programs of the National Security Agency

Products, Services, and Solutions

Robocoin, The Bitcoin ATM, Is Heading To Hong Kong And Taiwan (TechCrunch) The first shipping bitcoin ATM, Robocoin, is landing in Hong Kong and Taiwan as the company expands its reach this January. They are planning further releases in Europe, Canada, and the US but, given Asia's clout in the BTC markets, this is definitely an interesting development. The first Robocoin landed in Vancouver where it's been a big hit and we wanted to see how things have been going for the

Technologies, Techniques, and Standards

Restrictive Deterrent Effects of a Warning Banner in an Attacked Computer System (Criminology) System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on the deterrence perspective, we employ a large set of target computers built for the sole purpose of being attacked and conduct two independent experiments to investigate the influence of a warning banner on the progression, frequency, and duration of system trespassing incidents

Marketplace

FireEye buys cyber forensics firm Mandiant for about $1 billion (Reuters) Cybersecurity company FireEye Inc has acquired Mandiant Corp, the computer forensics specialist best known for unveiling a secretive Chinese military unit believed to be behind a series of hacking attacks on U.S. companies

Spam, hackers fuel rise in messaging security gateway market, says Infonetics (FierceITSecurity) Fueled by increasing spam and hacking activity, the mobile messaging security gateway market is forecast by Infonetics Research to reach $70 million in 2013, a 70 percent year–over–year increase

Booz Allen Marks Centennial, Rings NYSE Opening Bell (ExecutiveBiz) Booz Allen Hamilton rang the opening bell at the New York Stock Exchange on Thursday to kick off a year–long celebration to honor the company's 100th anniversary

TBR: SaaS Usage Disrupts Security Vendor Sales (Talkin' Cloud) Traditional security vendors may have a difficult 2014 (and beyond), thanks to cloud computing. According to a Technology Business Research (TBR) report, the rise of software–as–a–service (SaaS) has led organizations away from traditional security products in favor of—you guessed it—cloud–based security services.

Cloud Security Fears to Boost Licensed Software Spending, Says Forrester (The Wall Street Journal) Concerns about cloud software security, influenced by new knowledge on NSA Internet snooping operations could help boost licensed software sales by as much as 6% in 2014, according to Forrester Research Inc

Research and Development

NSA seeks to build quantum computer that could crack most types of encryption (The Washington Post) In room–size metal boxes secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world

Cyber Attacks, Threats, and Vulnerabilities

Gaping admin access holes found in SoHo routers from Linksys, Netgear and others (Naked Security) For many home users, the router–slash–firewall at the edge of their network plays an vital security role. So it is always alarming to read about sloppy programming in the firmware that ships with this sort of device

Backdoor in wireless DSL routers lets attacker reset router, get admin (Ars Technica) A quick Christmas hack uncovers a vulnerability in Linksys, Netgear, others

Scans Increase for New Linksys Backdoor (32764/TCP) (Internet Storm Center) We do see a lot of probes for port 32764/TCP . According to a post to github from 2 days ago, some Linksys devices may be listening on this port enabling full unauthenticated admin access. At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network

OpenSSL site defacement involving hypervisor hack rattles nerves (updated) (Ars Technica) The official website for the widely used OpenSSL code library was compromised four days ago in an incident that is stoking concerns among some security professionals

Worryingly, CryptoLocker ransomware turns from a Trojan…into a worm (Graham Cluley) As if CryptoLocker wasn't causing enough problems by infecting and locking thousands of innocent users' Windows computers, security researchers have discovered a new variant of the ransomware that takes its propagation to a new level

Snapchat user data exposed in huge data theft (Trend Micro Countermeasures) Usernames and phone numbers for more than 4.5 million Snapchat users have been published on a website called SnapchatDB.info after attackers took advantage of an exploit disclosed on the 23rd December 2013

Snapchat Says It's Improving Its App, Service To Prevent Future User Data Leaks (TechCrunch) Snapchat has released an official post about the recent leak of 4.6M usernames and phone numbers from its servers. The post blames what it says was 'abuse' of its API on the leak, but acknowledges that the way that it stores the information made it possible for a database of numbers to be used to sniff out usernames and match them up. Changes will be made to both Snapchat's apps

The Hackers Who Revealed Snapchat's Security Flaws Received One Response From The Company…Four Months Later (Forbes) On New Year's Day, the website SnapchatDB.info released the usernames and redacted phone numbers of 4.6 million U.S. Snapchat users. Months earlier, an Australian security outfit called Gibson Security published a thorough account of the security vulnerabilities plaguing the company

Alert (TA14-002A) Malware Targeting Point of Sale Systems (US CERT) When consumers purchase goods or services from a retailer, the transaction is processed through what are commonly referred to as Point of Sale (POS) systems. POS systems consist of the hardware (e.g. the equipment used to swipe a credit or debit card and the computer or mobile device attached to it) as well as the software that tells the hardware what to do with the information it captures

Developer Spams Google Play With Ripoffs Of Well–Known Apps…Again (TechCrunch) It's not uncommon to search the Google Play app store and find a number of knock–off or "fake" apps aiming to trick unsuspecting searchers into downloading them over the real thing — especially when the app in question isn't yet available on Android. But one developer really went out of his or her way over New Year's to fill the Android app marketplace with a number of rip–offs of big–name

BBC cyber attack confirms 'relentless threat' to online resources, says Eversheds (The Lawyer) Liz Fitzsimons, data protection expert at Eversheds, has commented on news that the BBC faced a cyber attack on Christmas Day

Russian hacker owns up to taking over BBC server (SC Magazine) A Russian hacker secretly took over a computer server at the British Broadcasting Corporation on Christmas Day

Wall Street is finally acknowledging that bogus trades are a problem…in its own way (Quartz) Wall Street has never been very good at regulating itself. For example, the market for over-the-counter derivatives (interest-rate swaps, credit-default swaps and so forth) was, up until recently, largely self-regulated, and we all know how that worked out

Litigation, Investigation, and Enforcement

More Congressmen Say They're Open to Clemency Deal to Bring Edward Snowden Back to U.S (Buzz Feed) A few members of Congress are now saying they believe the government should attempt to work out a deal to return Edward Snowden to the United States

H4cked Off: Snowden's not the messiah, or even a particularly naughty boy. He's just some guy. (Computing) Public clamour about US National Security Agency (NSA) whistle blower Edward Snowden ranged in 2013 from 'string up this dread criminal' (US government, pretty much) to 'He's better than the Pope' (certain readers of Time magazine)

Top 10 Hacker Arrests in 2013 (Hot for Security) It was a fruitful year for cyber–crime authorities worldwide, and notorious hackers were arrested with a weekly or even daily frequency. Neither Christmas nor New Year's Eve put an end to police effervescence in 2013 when it comes to busting cyber–criminals

Two Former Purdue Students Admit Hacking Computers to Change Grades (Softpedia) Roy C. Sun and Sujay Sharma, both former students of Purdue University, have admitted hacking the educational institution's computer systems in an effort to change grades. They've used keyboard keyloggers to collect access credentials from professors

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

FloCon 2014 (, January 1, 1970) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.

cybergamut Tech Tuesday: Malware Reverse Engineering: An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (, January 1, 1970) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.

Cybertech: Cyber Security Conference and Exhibition (, January 1, 1970) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.