The CyberWire Daily Briefing for 1.31.2014

Cyber Attacks, Threats, and Vulnerabilities

Indian hackers deface Pakistani websites after massive Republic Day cyber-attack (Tech2) It's becoming a bit of an annual ritual now: Pakistani hackers deface Indian websites and Indian hackers hit back

Hackers attack European Jewish Press website (The Times of Israel) Visitors to the site greeted by oriental music and a picture of the Turkish flag in the shape of a mushroom cloud

Israeli Organizations Compromised by Phishing Attacks (eSecurity Planet) Fifteen machines were compromised, including ones belonging to the Civil Administration

Hackers Hit Yahoo Mail With Mass Account Checker Attack (SecurityWeek) Yahoo has issued a warning of an attack targeting users of its email service, and is initiating password resets for potentially affected accounts

Beware of bogus Google "Suspicious sign-in prevented" emails (Help Net Security) A very convincing phishing attempt aimed at harvesting users' Google account credentials has been spotted by a security researcher

Tor-enabled malware stole credit card data from PoS systems at dozens of retailers (InfoWorld) Details of over 50,000 credit and debit cards have been stolen from 119 PoS terminals infected with a malware program called ChewBacca

More card-stealing malware found (ZDNet) RSA researchers found an operational Tor-based network collecting card data from point of sale (POS) systems in11 countries including the US

New details about Target breach come to light (Help Net Security) As data dumps of cards stolen in the Target breach continue to be sold on underground cybercrime forums, and the stolen information is being used to perform unauthorised payments, US Attorney General Eric Holder has stated the Department of Justice is "committed to working to find not only the perpetrators of these sorts of data breaches — but also any individuals and groups who exploit that data via credit card fraud"

NBC News: Target-Style Cyber Thefts Are Spreading to Main Street Stores (Money News) Consumers are focused on massive cyber thefts aimed at big retailers like Target, but the real security problems to be wary of are at small and medium-sized businesses with fewer digital defenses, NBC News reported

URM cyber attack investigation coming to a close (KXLY Spokane) URM Stores' investigation of a criminal cyber attack is coming to a close. The company says they now know which stores were affected by the attack and the incident was limited to credit and debit card transactions made in those stores made between September 1, 2013 — November 24, 2013

CID warns of phishing scam involving Government Travel Card (The Mountaineer) U.S. Army Criminal Investigation Command, commonly referred to as CID, is warning the greater Army community about a new phishing scam where criminals are targeting U.S. Government Travel Card holders

10,000+ UK systems affected by ICEPOL Trojan ransomware (Help Net Security) At least 10,331 successful installs of ICEPOL Trojan ransomware took place in the UK last year

FBI alerts Ohio company of breach involving Social Security numbers (SC Magazine) The FBI alerted Ohio-based State Industrial Products that the personal information — including Social Security numbers — of an undisclosed number of current and former employees may be at risk

GoDaddy owns up to role in Twitter account hijacking incident (CSO) PayPal dismissed claims that its customers representatives were tricked into helping the attacker

HALOCK Finds Over 70% Of Mortgage Lenders May Be Putting Sensitive Financial Data At Risk (Dark Reading) Lenders permitted applicants to send personal and financial information over unencrypted email as email attachment

Clinkle Gets Hacked Before It Even Launches (TechCrunch) Clinkle is the hottest app around to have done mostly nothing. The stealth payments service, which has raised $30 million from big-name investors, has yet to publicly launch. But that doesn't mean it can't be hacked. Today, a guest user posted a list of 33 usernames, user IDs, profile photos, and phone numbers to PasteBin. Based on the data provided, it seems as though these users are Clinkle

Newly released Web based DDoS/Passwords stealing-capable DIY botnet generating tool spotted in the wild (Webroot Threat Blog) Driven by the never ending supply of newly released DIY (do it yourself) underground market releases, in combination with the systematically rebooted life cycles of releases currently in circulation, cybercriminals continue actively developing new cybercrime-friendly malware generating/botnet building applications. Motivated by the desire to further continue the monetization of this ever-green market segment, a key driving force behind the consequential rise of E-shops offering access to compromised accounting data like those we've extensively profiled at Webroot's Threat Blog in the past, these cybercriminals continue to 'innovate' and reboot the life cycles of known releases through the systematic and persistent introduction of

Cyber Trends

Higher stakes from business of cyber crime (TCM) Graham Welch, Sourcefire, explains the business of cyber crime is on the lookout for maximum returns. Cloud and mobile banking are expected to be next high value target zones

Changing forms of APTs, malware, sandboxing (TCM) A series of revelations about the National Security Agency that shook the international security community, made 2013 an interesting year for trend watchers. A look at possible emerging trends in 2014 from Ralf Haubrich at Sophos

Counterintelligence Now Riskier Than Terrorism, Intelligence Officials Report (Risk Management Monitor) During a Senate hearing yesterday, top U.S. intelligence officials released a new threat assessment report that outlines the top risks to national security. While cybersecurity remains the greatest threat for a second year, the report said dangers from foreign spies and from leakers have surpassed terrorism as threats

19 Numbers That Explain the Internet of Things (FedTech) The world of connected devices is growing … fast. These numbers offer some much-needed perspective on the future of government

Why the 'Internet of Things' may never happen (ComputerWorld) It's also a lousy name for a great idea that is doomed from the start. Here's why

Arbor Networks Reports Surge in DDoS Attacks (eSecurity Planet) More than 70 percent of service providers operating data centers experienced DDoS attacks last year

Report: Israel subjected to incessant cyberattacks (Al-Monitor) The information security company FireEye, which specializes in providing protection against advanced cyberthreats, has released today, Wednesday, Jan. 29, a report outlining the map of advanced cyberthreats to Israel. The study released by the company is designed to provide a glimpse into the challenges faced by Israel in cyberspace. The study conducted by FireEye is based on the company's database, which indicates that global cyberthreats have definitely not skipped Israel

Marketplace

Engility Finalizes Cash Tender Offer for DRC; Jim Regan Comments (GovConWire) Engility Holdings (NYSE: EGL) has completed a cash tender offer to acquire Dynamics Research Corp. (NASDAQ: DRCO) for $11.50 each

Cyber-Security Stocks With Potential (Wall Street Daily via Investing) When it comes to the burgeoning Internet of Things (IoT) — whereby companies are equipping everyday objects with internet connectivity — security is an afterthought

GitHub enlists its hacker army to hunt down security nightmares in new bounty program (Venture Beat) GitHub, the code repository to the stars (and everyone else), is aware that it has vulnerabilities in its massive codebase. This is bad news for GitHub's millions of users, but not to fear — the company is putting its best hackers on the job. In a new bug bounty program, GitHub is specifically reaching out to white/gray-hat hackers in the security community to find all the nooks and crannies where bad guys might sneak into its codebase

Yahoo to Donna Users: We're Dispensing With Your Indispensable App (TIME) When Yahoo — or any big company — buys your favorite startup, worry. Incredible Labs — the company behind smart-calendar app Donna — is being acquired by Yahoo. The app is being shut down, and most of the folks who worked on it will join the Yahoo Mail team

Box Said To Have Filed For IPO, Could Go Public As Early As April (TechCrunch) Cloud-based storage company Box is said to have filed an IPO, according to an initial report from Quartz, later followed up by confirmations from The Wall Street Journal and Forbes. It did so quietly, filing the paperwork recently (possibly at the beginning of this week), according to the reports, and also silently, something it shares in common with Twitter, and which is made possible under a

Janet Foutty Adds New Role of Deloitte Federal Practice Head; Jim Moffatt Comments (GovConWire) Janet Foutty, national managing director of the federal consulting practice at Deloitte Consulting LLP, has been appointed to also serve as leader of Deloitte's federal practice

Nicholas Percoco Named KPMG Data Protection Group Director; Greg Bell Comments (GovConWire) Nicholas Percoco, head of Trustwave's security organization for more than 10 years, has joined KPMG LLP as director of the firm's information protection group, Health IT Security reported Wednesday

Offit Kurman Attorney Ira Hoffman Appointed to MD Governor's International Advisory Council (PRWeb) Offit Kurman, P.A. is proud to announce that the Hon. Martin O'Malley, Governor of Maryland, has appointed Ira E. Hoffman, a Principal in Offit Kurman's International, Cybersecurity, and Government Contracts Practice Groups, to the Governor's International Advisory Council. The mission of the Council is to provide strategic direction to the Governor and the Maryland Department of Business and Economic Development (DBED) on ways to enhance Maryland's global profile

Products, Services, and Solutions

Google Glass: A mind meld with the surveillance state (The Week) Our cyborg future is here. And it is terrifying

US-based Skyhigh aims to help quash qualms about cloud providers' security practices with a new rating scheme. (ITWire) The Skyhigh CloudTrust program provides an objective and comprehensive assessment of a cloud service's security capabilities, company officials stated

FireEye Scales Threat Protection Management With New Release; Bolsters Email Threat Protection and Operational Readiness (MarketWatch) New FireEye OS 7.1 simplifies virtual machine-based security management as well as extends VM analysis to IPv6 traffic

Webroot SecureAnywhere Internet Security Complete review: Protection needs improvement (PC World) Webroot's suite has a nice interface, but the program needs to get better at detecting zero-day attacks and distinguishing between threats and nonthreats

VIPRE Internet Security 2014: Adequate protection, interface needs a makeover (PC World) Vipre's suite competently guards against known threats, but its zero-day detection was below average in our roundup and its interface lacks polish

Google + Microsoft = Process Explorer 16.0 (ZDNet) Process Explorer, a free tool from Microsoft, now integrates support for VirusTotal, a free public service from Google

McAfee Internet Security 2014 review: Intuitive interface, decent protection (PC World) McAfee's touch-optimized interface is ideal for Windows 8 users, but the suite is a bit weak on zero-day defense

ThreatTrack Security Makes It Easier For OEMs To Integrate Malware Defense Into Their Solutions (Sacramento Bee) ThreatTrack Security OEM partners secure more than 10 million endpoints worldwide with the VIPRE Antivirus SDK

Review: GreenSQL Database Security (eSecurity Planet) Business databases are the holy grail for hackers. Matt Sarrel reviews some products from GreenSQL that help protect databases

Technologies, Techniques, and Standards

Why governance and policy can strengthen compliance efforts (Help Net Security) A colleague of mine recently made a joke and it made me pause to think. During our discussion on compliance and how internal policy can help organizations comply with external regulation, she said "…like an Amazon suggestion 'People who comply with PCI also like the following regulations'…". I smiled because it was funny, but there was also wisdom in what she said. Many of the requirements in compliance regulations seem similar as you go from regulation to regulation — so you see what could be considered as duplication

Positioning your institution's response in the face of data breach (CSO) Data breaches are going to happen. The important part, says ACI Worldwide's Seth Ruden, is how an association chooses to handle them

The power of two — All you need to know about two-factor authentication (Naked Security) What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it

How to recover deleted or corrupted digital currency (Help Net Security) The popularity of Bitcoin and other digital / cryptographic currency cannot be denied. Different users like using it for different reasons, but many agree that the question of keeping their stash safe is something that occasionally keeps them up at night

Moving to the Cloud? Learn From CBP's Mistakes (FCW) A few years ago, CBP made email-as-a-service for its 60,000 employees one of its first major cloud projects. According to Wolf Tombe, the agency's CTO, it was a huge mistake. Tombe, speaking Jan. 29 at an executive briefing in Washington, D.C., said the agency did not specify with the vendor how the migration to cloud email would occur, nor did it contractually demand visibility into the vendor's cloud infrastructure

US phone companies to explore replacing all phone numbers with IP addresses (Engadget) Voice-over-IP (VoIP) is nothing new, of course, but so far it's been regarded merely as an add-on to America's regular, analog-based copper and cellular voice networks -- networks that are currently maintained as a matter of legal requirement. The FCC isn't necessarily such a stickler for tradition, however, as it is now encouraging phone networks to explore what would happen if VoIP replaced everything else

Flipping the Switches on Facebook's Privacy Controls (New York Times) Facebook is all about sharing. But if you value your privacy, using the service means deciding not only what you want to share, but also who gets to see it

Design and Innovation

The Analogies Project (The Analogies Project) "I can think of nothing that an audience won't understand. The only problem is to interest them; once they are interested, they understand anything in the world." — Orson Welles (1915 — 1985). The Analogies Project has a clear mission. To tackle the unintelligibility of information security head on and secure the engagement of a much broader audience. Its aim is to bridge the chasm between the users, stakeholders and beneficiaries of information security and those responsible for delivering it

Research and Development

"Honey Encryption" overwhelms attackers with fake results (Help Net Security) Former RSA chief scientist Ari Juels is working on an innovative approach at encryption that could make cyber crooks' life a lot more difficult

Academia

UL Lafayette props Air Force cyber defense (KATC 3) Research at the University of Louisiana at Lafayette is helping the U.S. military identify malware, software designed to disrupt computer systems. Charles River Analytics, in partnership with the University, has won an Air Force contract to develop novel cyber defense techniques for the Semi-Supervised Algorithms against Malware Evolution program

Trend Micro contributes more than $300,000 to support responsible technology use in students (Trend Micro Simply Security) In the "Internet of Everything" era, even refrigerators can go online. Knowing how to navigate the Internet safely is no longer optional. This know-how is even more crucial for children, since they are often unaware of the dangers lurking in the World Wide Web, and so that they are prepared for the digital careers of tomorrow. This need will only continue to become stronger as children increasingly utilize social media to interact with each other virtually

Legislation, Policy, and Regulation

SEC examiners to review how asset managers fend off cyber attacks (Reuters via the Baltimore Sun) U.S. regulators said Thursday they plan to scrutinize whether asset managers have policies to prevent and detect cyber attacks and are properly safeguarding against security risks that could arise from vendors having access to their systems

Kerry in Berlin: 'US is committed to privacy' (The Local (German edition)) US Secretary of State John Kerry acknowledged on Friday that relations with Germany had gone through a "rough period" of late over NSA snooping but he said the US was "committed to privacy"

EU warns United States: SHAPE UP on data protection OR ELSE (The Register) Reding: Sort it out soon or Safe Harbor framework is toast

Holder: Not stopping terrorism doesn't mean telephony metadata not useful (FierceGovIT) Whether or not the intelligence community's bulk storage of telephony metadata has actually prevented a terrorist attack shouldn't be the only metric by which the program's efficacy should be measured, said Attorney General Eric Holder

Rogers Nominated To Helm NSA/Cyber Command (Defense News) President Obama has nominated Vice Adm. Michael Rogers, the US Navy's cyber chief and long viewed as the likely successor to US Cyber Command (CYBERCOM) and National Security Agency (NSA) head Gen. Keith Alexander, to take over for Alexander when he retires later this year, the Defense Department announced late Thursday

Obama Picks Navy Admiral For NSA; Keeps CyberCom Ties (Breaking Defense) In a statement, Hagel said he is "delighted" to designate Rogers to the NSA post. But what a time to take over the agency. As the secretary notes in his statement with what can only be called massive understatement, "this is a critical time for the NSA…" Rogers selection was not a surprise

Litigation, Investigation, and Law Enforcement

Ukrainian police use cellphones to track protesters, court order shows (Ars Technica) "Tower dumps" help government profile people attending demonstrations

Obama: Clapper 'should have been more careful' in congressional testimony (The Hill) Obama said Clapper felt "that he was caught between a rock and a hard place." President Obama said Friday that Director of National Intelligence James Clapper "should have been more careful" when he testified to a Senate panel last year that the National Security Agency did not collect data on millions of Americans

Super Bowl Prostitution Digitally Mapped by Data Trackers (Bloomberg) Sitting in an operations center outside Washington, Josh Gearheart and his team have spent the last week tracing the digital footprints of Super Bowl sex traffickers with the same technology he once used to hunt insurgents in Afghanistan

Delayed breach response prompts lawsuit against Kaiser (FierceHealthIT) California Attorney General Kamala Harris sued Kaiser Foundation Health Plan Inc. in state court on Jan. 23, alleging the company was too slow to notify more than 20,000 current and former employees that their personal information was compromised in a 2011 security breach, Law360 reported. In the breach, an external hard drive that contained personal information of Kaiser employees—including Social Security numbers, dates of birth and addresses—had been sold to a member of the public at a thrift store

Metro woman sues Neiman Marcus over security breach (Atlanta Journal-Constitution) A metro Atlanta woman has become one of the first plaintiffs nationwide to sue Neiman Marcus over a security breach that may have exposed more than 1.1 million of its customers' credit cards

Defendants in data-breach case cite NIST framework in opposing federal mandates (Inside Cybersecurity) The defendants in a landmark data-breach case that could determine the Federal Trade Commission's authority to mandate security measures are citing a preliminary framework of cybersecurity standards to argue that the court should throw out the lawsuit

Digital Currency Founder: U.S. Indicted Me For Not Giving FBI My Source Code (Wired) The founder of digital currency Liberty Reserve says he was indicted and arrested last year after refusing to hand over the source code for his system to the FBI

The UK government moves to unblock websites inadvertently affected by ISP porn filters (TNW) The porn opt-in debate divided opinions and generally caused a stink when UK ISPs revealed plans to 'protect' children from adult content on the Web. And many of the initial concerns, vis-à-vis perfectly legitimate sites being inadvertently blocked by filters, have proven to be valid

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Suits and Spooks Security Town Hall (, Jan 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights.

Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.

Suits and Spooks San Francisco (, Jan 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.

Suits and Spooks San Diego (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. This two-day event will be held on June 20-21, 2014 at the Museum of Contemporary Art La Jolla. If you're interested in speaking, please submit a topic title and abstract along with your bio.

Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.

Cyber Training Forum at NGA (Springfield, Virginia, USA, Feb 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence Community, and Industry. The CSTF will include keynotes, breakout sessions, and cyber security demonstrations from industry.

U.S. Department of Commerce Technology Expo (, Jan 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact your FBC representative to submit an abstract today.

Cyber Security 2014 (, Jan 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security supply chain, from Prime Contractors, through tier 1 and tier 2 suppliers, SMEs and those at the front of R&D and the development of new and innovative products and services. The event will provide a unique opportunity for those within the whole supply chain to understand both the current and future threat of Cyber Security on the supply chain and what action will need to be taken to mitigate these and ensure we are fit to compete in the future — both as businesses and as a country. Organisations who have confirmed their attendance include: RBS, Finmeccanica Selex, Thales, MOD, Scottish Government, Lockheed Martin UK, BAE Systems and others.

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, Feb 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.

FBI HQ Cloud Computing Vendor Day (, Jan 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer.

New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, Jan 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals.

Free OWASP Training and Meet Up (San Francisco, California, USA, Feb 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.

Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.

Cloud Expo Europe (, Jan 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.

Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.

Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.