The CyberWire Daily Briefing for 5.13.2014

Cyber Attacks, Threats, and Vulnerabilities

Iran hackers start to hit defence industry (SC Magazine) A new breed of hackers has emerged in Iran that, likely supported by their Government, have escalated from hobbyist website defacement to full-on cyber espionage against US defence organisations, according to FireEye

Cyber experts warn Iranian hackers becoming more aggressive (Reuters) Iranian hackers have become increasingly aggressive and sophisticated, moving from disrupting and defacing U.S. websites to engaging in cyber espionage, security experts say

Near and far, small countries are worrying over Russia's and China's territorial grabs (Quartz) By appearances, this tiny island nation has little to worry about—it is an economic and military powerhouse in which one in six citizens is a millionaire. Situated near the equator, it has even been sheltered from the extreme-weather events to which most other nations have been subjected because of climate change

NSA Accused of Installing Backdoors on US Tech Exports (Infosecurity Magazine) Latest Snowden revelations hit new spy agency head Mike Rogers' attempts to promote greater transparency

Google account passwords stolen in phishing attack (Help Net Security) Hackers have been stealing Google account passwords in a new and better crafted phishing attack that is hard to catch with traditional heuristic detection, according to Bitdefender

Phishers Cast Wider Net, Now Asking for Multiple Emails (TrendLabs Security Intelligence Blog) From a security perspective, phishing attempts are pretty much old hat. In most cases, phishing attempts or attacks focus on getting one particular credential, such as those for credit cards or user accounts. We are now seeing cybercriminals attempt to get more credentials by using phishing pages that allow for multiple email logins

Droid malware cloak outwits Google Bouncer and friends (The Register) Researchers show VXers a better way to infect Mountain View's mobile OS

Another DNS Provider Targeted in DDoS Attack (Threatpost) PointDNS says most of its DNS servers are online again after a massive DDoS attack late last week took down the service provider

Facebook Scam Alert: Child Ghost Caught on Camera Scam Downloads Malware (HackRead) Facebook users have been plagued with many paranormal videos in their newsfeed; but beware before you try clicking on any of these links. Malwarebytes reported that these videos are hoaxes, scams and lure user to download malware

Research gives reason to double-check Heartbleed fix (CSO) Research opens up the possibility that some system administrators may have mistakenly infected healthy web servers with the Heartbleed bug

Android App Components Prone to Abuse (TrendMicro Security Intelligence Blog) We've recently found a vulnerability in certain Android apps that may leave user data at risk of being captured or being used to launch attacks. The two affected apps we investigated are both highly popular

Your phone is a gateway for spying on you by anyone (Russia Today) At a time when people can be watched, tracked and monitored every minute of the day it's not a surprise that market for international surveillance is thriving. Is the government doing more than just uncovering our secrets? Who else can spy on us? Is privacy gone forever? Well, our guest today is committed to exposing the world of unlawful snooping

Points of Sale Poorly Secured, Facing Sophisticated Attacks (Threatpost) The point-of-sale (PoS) systems on which financial transactions are conducted at nearly every physical retail location in the U.S. and and beyond are fast becoming a favorite target for sophisticated criminal organizations as well as standalone attackers

Researchers Quantify Fake Certificates Used in SSL Connections (Threatpost) An attacker with a forged SSL certificate is quite the Internet villain these days, be he a criminal or government spy. In possession of such a cert, an attacker can easily decrypt and monitor traffic, steal credentials and other sensitive information from a network

A peek inside a subscription-based DIY keylogging based type of botnet/malware generating tool (Webroot Threat Blog) Cybercriminals continue to systematically release DIY (do-it-yourself) type of cybercrime-friendly offerings, in an effort to achieve a 'malicious economies of scale' type of fraudulent model

A word on phone scammers (Blaze's Security Blog) You have probably heard of any of the terms "cold call", "calling from Windows" or "phone scam" before

Bitly breach details revealed (Help Net Security) Bitly has released more details about the breach that made them reset user account credentials and disconnect all users' Facebook and Twitter accounts late last week

Spy plane sparked memory shortage that disabled air traffic system (Orlando Sentinel) A common design problem in the U.S. air traffic control system made it possible for a U-2 spy plane to spark a computer glitch that recently grounded or delayed hundreds of Los Angeles area flights, according to an inside account and security experts

Why Foreign Spies Target IT Workers (Information Security Buzz) The Financial Times broke a story the other night about how the British Intelligence service MI5 was warning CEOs at major businesses that, "Foreign intelligence agencies are targeting IT workers at big businesses, hoping to recruit them and gain privileged access to sensitive computer systems."

Security Patches, Mitigations, and Software Updates

Another Windows security reprieve — Microsoft gives 8.1 users a further month to install Update (Beta News) Windows 8.1 Update makes the tiled operating system more mouse and keyboard friendly, and while it takes a little getting used to at first, the changes are mostly for the better — in my opinion anyway

The latest iPhone lock screen bypass, and how to stop it (Intego) iOS 7 has brought some cool new features to Apple's mobile operating system, but it has also introduced its fair share of embarrassing and unwelcome security holes

Cyber Trends

Interdependence: Good for community, bad for the IoT (ComputerWorld) Is technological dependency and the data that fuels it making us more resilient or more fragile?

Cyber attacks present a greater risk to firms as they collect more data about customers (Washington Post) Companies are gathering an increasing amount of information about their customers, storing that data for longer periods and analyzing it to glean greater insight about their clientele. But the rise in big data analytics comes at a time when those companies face a higher risk of cyber breaches from hackers looking to access that same information

What keeps senior IT security pros up at night? It's not what you think (Help Net Security) In the security space, last year was one for the books. Edward Snowden made waves after leaking classified documents detailing government surveillance programs, which raised privacy and security concerns for individuals and enterprises worldwide. Data breach after data breach of major retailers and brands shook every industry to its core, leaving IT teams wondering, "could this happen to us?"

Recommendations for Adding Cybersecurity Intelligence to the Smart Grid (CircleID) Over the last few years, there has been an increased effort to modernize the U.S. electric grid. Building a "Smart Grid" has been central in the effort to help utilities better manage their resources, minimize power outages and reduce energy consumption. However, adding more electronic devices and sensors to the grid's network has made it a prime target of cyberattacks, like Distributed Denial of Service (DDoS) attacks, which if successful, could cause wide-spread disruption of services affecting many other sectors

Into The Breach: The Limits Of Data Security Technology (Dark Reading) When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines

Cyber Crime Is Growth Industry In Israel (HSToday) In the first quarter of 2014, there were approximately 400,000 malicious code attacks launched against Israel, which was ranked 49th on the list of most dangerous countries for cyber attacks, according to a new cyber-security report by Kaspersky Labs

Marketplace

Cybersecurity insurance may push companies to better security (ZDNet) Cybersecurity insurance is probably a requirement now for a business of any import, and the insurers are looking in on customers to try to prevent breaches

Call to keep customers in cyber-attack loop (The Australian) Australian businesses should be more forthcoming in the event of a cyber-attack and alert customers about the potential exposure of their personal information to criminal networks, according to a leading global cyber security expert

Data Breach Roundup: April 2014 (eSecurity Planet) Would sharing intelligence on hackers and other threats help companies avoid data breaches? At least one expert thinks so

Money, Skills, And Hired Guns: 2014 Strategic Security Survey (InformationWeek) Tight budgets. A manpower crunch. More — and more sophisticated — threats. Are you sure you're up to this?

NIMBOXX Selects SparkCognition to Deliver Cognitive Security for its Hyper-converged Platform (Digital Journal) SparkCognition, the world's first Cognitive Security Analytics company, announced that its Cognitive Security Insights platform has been selected by NIMBOXX, developer of the industry's most advanced hyper-converged platform. SparkCognition's software and its Cloud based service will power security analytics and automated security policy management for NIMBOXX systems

Products, Services, and Solutions

Penetration testing device that fits in your pocket (Help Net Security) Pwnie Express updated the Pwn Phone, a phone that doubles as a powerful penetration testing device making it easy to evaluate wired, wireless and Bluetooth networks

Crypto for the Masses: Here's How You Can Resist the NSA (Daily Beast) It used to take serious nerd ninja skills to secure your communications. But a new browser plug-in for Facebook could change all that

Out in the Open: The Tiny Box That Lets You Take Your Data Back From Google (Wired) The National Security Agency is scanning your email. Google and Facebook are hoarding your personal data. And online advertisers are selling your shopping habits to the highest bidder

Check Point Introduces High-End Security System for Data Centers (Data Center Dynamics) Multi-blades to be used to fight off intruders

AhnLab's MDS: A comprehensive approach to malware management (SC Magazine) AhnLab is no newcomer to the information security market — having been around since 1995. This offering, however, is relatively new. It is backed by a large global company with vast experience in many aspects of information security, cloud-based systems and on-premises tools. I have seen elements of this offering in many other anti-malware tools, though the hallmark of this one is that for every reason one buys individual gateways this tool has it

Technologies, Techniques, and Standards

Varying opinions on HHS Security Risk Assessment Tool (HealthITSecurity) The Department of Health and Human Services (HHS) releasing its Security Risk Assessment Tool has spurred diverse opinions as to how healthcare organizations should use the tool as part of their compliance strategy as well as audit preparation

Beefing up Windows End Station Security with EMET (Internet Storm Center) After my post last week on things a System Administrator can do to protect against zero days in your browser, operating systems and applications, one of the biggies for Windows is to deploy EMET — Microsoft's Enhanced Mitigation Experience Toolkit. EMET implements advanced security controls that are not native to the operating system. Using EMET, you can take advantage of security features from Windows 8, even if you are running Windows 7 or even to some extent on XPSP3. Or you can beef up what's in Windows 8 with features that aren't anywhere but in EMET yet

Why Google prefers numeric CAPTCHAs (Help Net Security) Alphanumeric CAPTCHAs — those more or less difficult-to-read combinations that are used by many online services to discern whether a user is human or a bot — have been in use for over 15 years now, but I've yet to meet a person who likes "solving" them

How to better secure your Twitter account (Hot for Security) Have you ever had your Twitter account hacked? Did you find it unexpectedly spewing out claims that you had lost weight following a miracle diet, malicious links to phishing sites, or even over-run by mischievous hackers like the Syrian Electronic Army?

How Can SMB Overcome Obstacles to Social Media Monitoring for Risk and Compliance? (Cyveillance) Small and medium businesses (SMB), particularly banks and credit unions, typically have to meet the same compliance guidelines for their industry as their larger peers, including those for social media. As one expert noted, there are some baseline compliance requirements that organizations must meet if their employees use social media at work, whether the company is regulated by FINRA, HIPAA, the SEC, or otherwise. In this post, we'll discuss three of the hurdles that SMBs often face when trying to implement monitoring solutions for risk and compliance, and some suggestions for how to overcome them

Design and Innovation

The Next Big Thing You Missed: One Day, You'll Google the Physical World With a Scanner Like This (Wired) There are few technologies as comprehensive as Google. A simple search can tell you more than you ever wanted to know about the world around you. But the world's largest search engine, robust as it may be, has its shortcomings. Most notably, there's no way to Google physical objects

Research and Development

What the Most Secure Email in the Universe Would Look Like (Defense One) Say you wanted to send an email more secure than any message that had ever been transmitted in human history, a message with absolutely no chance of being intercepted. How would you do it?

Academia

Reading, Writing, Arithmetic, and Lately, Coding (New York Times) Seven-year-old Jordan Lisle, a second grader, joined his family at a packed after-hours school event last month aimed at inspiring a new interest: computer programming

Exposing the Roots of the Perpetual "STEM Crisis" (IEEE Spectrum) Okay, here are your choices: 1957, 1982, and 2014. Match each year to when the following statements were made

Legislation, Policy, and Regulation

UK needs new watchdog for its spies, ex-MI6 chief says (Reuters via the Chicago Tribune) Britain should create a new body to oversee its intelligence agencies to reassure the public after revelations from ex-U.S. intelligence contractor Edward Snowden, the former head of the British foreign intelligence service said on Monday

USA Freedom Act advances, draws mixed reviews from advocacy groups (FierceGovernmentIT) The House Intelligence Committee approved the USA Freedom Act May 8, setting the stage for a vote on the House floor

Lobbying on data, cybersecurity has tripled (Washington Post) The number of companies, associations and other groups lobbying on data and cybersecurity issues has nearly tripled since 2008, according to a review by Capitol Metrics, a lobbying analytics firm. The number of lobby firms advocating on behalf of clients on data and cybersecurity issues also tripled in the same period

New NSA chief vows more transparency for embattled agency (Reuters) The new head of the National Security Agency vowed on Monday to lead the embattled spy agency with greater transparency as it balances individual rights against the rising risk of a destructive cyber attack against the United States

How N.S.A. Recalibrated Its Mission (New York Times) Part 1 of "United States of Secrets," Tuesday night on PBS's "Frontline," is a fine ticktock account of how we arrived at our current information collection quandary, and what makes it so says a lot about this still-evolving issue

Inside the NSA the Day After 9/11 (PBS Frontline) The mood was somber at NSA headquarters on Sept. 12, 2001. Nearly 3,000 Americans were dead in the worst terrorist attack in U.S. history. Analysts at Fort Meade were shell-shocked. What had they done to miss the warning signs?

FBI Seeks License To Hack Bot-Infected PCs (Dark Reading) Justice Department seeks search warrant changes to battle online crime syndicates, but critics cite impact on innocent bystanders and potential for abuse

Regulators Planning Cybersecuity Assessments for Banks (Threatpost) A government agency in charge of developing standards for the nation's banks announced last week that it will work harder to try to identify vulnerabilities in smaller community banks and that it's planning to better raise awareness when it comes to cyber threats

Russia Quietly restricts the rein on the web with the Bloggers law (HackRead) Russia has carried out another vital step towards restricting the once freewheeling internet. The president of the Russian federation has signed a law requiring the famous online voices to make their registration with the federal government

Litigation, Investigation, and Law Enforcement

NSA chief: U.S. spy agency targets changed behavior after Snowden (Reuters) Foreign governments, individuals and groups targeted by the U.S. National Security Agency for intelligence collection have changed their "behavior" following disclosures by former agency contractor Edward Snowden, the NSA's new chief said on Monday

Glenn Greenwald's Pulse-Pounding Tale of Breaking the Snowden Leaks (Wired) In June 2013, Edward Snowden was sitting in his room at the Mira hotel in Hong Kong, watching the world react to the first of his explosive leaks about the NSA's out-of-control surveillance, when he was tipped off that the NSA might be closing in on him

Extracting the Evidence (Dubuque Telegraph Herald) Officials dive into digital investigations to gather information

EU Court Rules Google Must Give Individuals "Right To Be Forgotten" (Or Not To Be Found) (TechCrunch) TechCrunch contributor Andrew Keen has long argued the "Internet needs to learn to forget", but I'm not sure this latest EU ruling is quite what he had in mind

Microsoft strikes cybercrime agreement with ACMA (ARN) New agreement involves real-time sharing of data on Australian computers

16-year-old Canadian boy arrested for over 30 swattings, bomb threats (Naked Security) In March 2013, US computer security reporter Brian Krebs was swatted

A new LinkedIn best practice—don't connect with your insider trading partner (Quartz) If your college buddy is feeding you economic data ahead of its official release, it's perhaps best to avoid publicly connecting with him on social networks. It was a LinkedIn connection that helped lead to the arrest of a National Australia Bank associate director who is charged with insider trading, the Age reports

Former Pret à Manger Employee Imprisoned for Identity Theft (eSecurity Planet) Nigel McCollum was sentenced to 1 1/3 to 4 years in state prison for using stolen customer data to create fraudulent credit cards in his own name

Two More Alleged Anonymous Hackers Arrested in Cambodia (eSecurity Planet) The two men were charged with attacking the website of Cambodia's Anti-Corruption Unit

12 voice phishing hackers have been arrested by Europol (CyberWarZone) Europol and her partners have successfully arrested 12 hackers which were involved in the voice-phishing case. Europol seized 15000 EUR in cash and important digital evidence which would help to build the voice-phishing case

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

SANS Security West (, Jan 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning innovative ideas and techniques to fend off today's most challenging cyber threats as well as emerging threats.

Eurocrypt 2014 (, Jan 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors.

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation.

Cyber Security for National Defense Symposium (, Jan 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations can come together for actionable discussions and debate. The symposium will focus on increasing the security and resiliency of the Nation's critical networks, operating freely in the Cyber Domain, and the protection of infrastructure in support of national defense and homeland Security.

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations and Governments to a complex threat environment including hacktivists to trans-national crime organizations and advanced persistent threats. Join experts from government, industry and academia in discussing how we are making our future more secure.

Fraud Summit (Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

INFILTRATE (, Jan 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch.

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the mobile carrier's network assets while protecting its customers from security attacks. The conference will also consider the case for distributing and coordinating security strategies across the end-user device, the mobile network, and the cloud as carriers look to prevent attackers from triggering outages and degradations or from stealing sensitive customer information.

Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.

Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.

NSA Mobile Technology Forum (MTF) 2014 (, Jan 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

Fort Meade Technology Expo (, Jan 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.

How the SBIR/STTR Program Can Help Grow Your Business (Halethorp, Maryland, USA, May 27, 2014) The SBIR/STTR programs promote small business innovation and profitability while simultaneously meeting the government's research and development needs. Every year, small businesses receive millions of dollars in SBIR/STTR funds for research, development and commercialization purposes. This course will provide attendees with an overview of the SBIR/STTR programs; funding sources and eligibility requirements; best practices in SBIR/STTR proposals writing, involvement, and commercialization; and a discussion of how to protect your company's legal interests in either program.

CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.