|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Tue Apr 02 2013 - 12:19:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**************************************************************************
SANS NewsBites April 2, 2013 Vol. 15, Num. 026
**************************************************************************
TOP OF THE NEWS
Attacks on US Financial Institutions Continue
US Federal Court Hearing Stingray Case
Russian Government Blocking Websites
Ransomware References Browser History
THE REST OF THE WEEK'S NEWS
Illinois Governor Launches Cybersecurity Competition
DHS and FBI Warn of Telephony DoS Attacks on Public Safety Answering
Points
Judge Says First Sale Doctrine Does Not Apply to Digital Content
Appeals Court Says Broadcast Streaming Company Can Continue to
Operate
Russian Government Blocking Websites
Ransomware References Browser History
Sprint Nextel-SoftBank Merger Dependent on US Oversight of
Networking Equipment
BIND DNS Vulnerability
Documentary Filmmakers' Computers Hacked While Working on Tibet Project
Forty-four Arrested in Connection with Payment Card Fraud Ring
Prison Sentence for Theft of Sensitive Military Information
*********************** SPONSORED BY SANS ********************************
Attend the SANS 20 Critical Security Control Briefing, Thursday, April
18, 2013 in Washington, DC at the JW Marriott. Tony Sager and John
Pescatore will provide an overview of the 20 CSC, showcase the 20 CSC
In Action, and also moderate a Vendor Panel. Event is free to Government
attendees. For more information go to http://www.sans.org/info/128292
To register for this event via simulcast, visit
http://www.sans.org/info/128297
***************************************************************************
TRAINING UPDATE
- -- SANS Northern Virginia 2013 Reston, VA April 8-April 13, 2013
7 courses. Bonus evening presentations include Infosec Rock Star: How
to be a More Effective Security Professional; Pentesting Web Apps with
Python; and Practical, Efficient Unix Auditing: With Scripts.
http://www.sans.org/event/northern-virginia-2013
- -- SANS Cyber Guardian 2013 Baltimore, MD April 15-April 20, 2013
9 courses. Bonus evening presentations include Windows Exploratory
Surgery with Process Hacker; Offensive Countermeasures, Active Defenses,
and Internet Tough Guys; and Tactical SecOps: A Guide to Precision
Security Operations. http://www.sans.org/event/cyber-guardian-2013
- -- SANS Security West 2013 San Diego, CA May 7-May 16, 2013
32 courses. Bonus evening sessions include Gone in 60 Minutes; The
Ancient Art of Falconry; and You Can Panic Now. Host Protection is
(Mostly) Dead.
http://www.sans.org/event/security-west-2013
- -- SANSFIRE 2012 Washington, DC June 14-22, 2013
41 courses. Bonus evening sessions include Avoiding Cyberterrorism
Threats Inside Hydraulic Power Generation Plants; and Automated Analysis
of Android Malware.
http://www.sans.org/event/sansfire-2013
- -- Critical Security Controls International Summit London, UK April 26-May 2 2013
Including SEC566: Implementing and Auditing the 20 Critical Security
Controls led by Dr. Eric Cole.
http://www.sans.org/event/critical-security-controls-international-summit
- -- SANS Pen Test Berlin 2013 Berlin, Germany June 2-June 8, 2013
Europe's only specialist pen test training and networking event. Five
dedicated pen test training courses led by five SANS world-class
instructors.
http://www.sans.org/event/pentest-berlin-2013
- -- Looking for training in your own community?
http://www.sans.org/community/
- -- Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Seoul, Bangalore, Johannesburg, and Malaysia all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*****************************************************************************
TOP OF THE NEWS
--Attacks on US Financial Institutions Continue
(March 29 & 30, 2013)
A group claiming responsibility for a recent distributed
denial-of-service (DDoS) attack against the American Express website is
the same one that has been targeting US financial institutions since
September 2012. While the primary focus of the group's efforts appears
to be crippling the banks' websites, there is concern that the attacks
could provide a cover for fraudulent transactions.
http://arstechnica.com/security/2013/03/funded-hacktivism-or-cyber-terrorists-amex-attackers-have-big-bankroll/
http://www.usatoday.com/story/tech/2013/03/29/american-express-denial-of-service-hack/2030197/
[Editor's Note (Henry): Six months and counting. Those darn financial
institutions must not have invested enough money in security. You have
to build a bigger firewall..."higher, higher!!" (For those who can't
read through my snark, these type of attacks will continue as long as
the adversary wants them to...unless the attackers are stopped.)]
--US Federal Court Hearing Stingray Case
(March 29, 2013)
A federal court in Arizona is hearing a case regarding the use of
Stingray, a surveillance technology that simulates a cellphone tower to
collect suspects' location data. The technology has raised concern among
privacy advocates because it gathers information about everyone in the
vicinity who is using a wireless communication device. The case involves
a man accused of identity theft and tax fraud; the American Civil
Liberties Union (ACLU) argued before the court that the use of Stingray
violated the defendant's Fourth Amendment protections. The court is
expected to make a ruling in the next several weeks, which will
determine whether the evidence collected with Stingray is admissible.
The lawyers for the defense are also seeking to clarify whether or not
the government included information about Stingray in a warrant it used
to collect the information, and if so, whether it was clear to the judge
how the technology worked.
http://www.theregister.co.uk/2013/03/29/fbi_stingray_mobile_tracking/
http://www.wired.com/threatlevel/2013/03/gov-fights-stingray-case/
http://www.scmagazine.com/federal-judge-to-weigh-in-on-fbis-stingray-cell-phone-surveillance/article/286729/
[Editor's Note (Murray): The DoJ has given assurance that it has changed
its policy. Going forward it will seek warrants in questionable cases.
This would seem to represent a departure from the policy of the last
four years, where the DoJ has insisted that warrants were not required
when using novel forensic technology or techniques. ]
--Russian Government Blocking Websites
(April 1, 2013)
The Russian government is making good use of a law that took effect in
November that allows it to block websites deemed illegal or harmful to
children. The government has used the law to issue takedown requests to
major social networking sites such as Facebook and Twitter.
http://news.cnet.com/8301-1009_3-57577239-83/russian-government-selectively-blocks-site-access/
--Ransomware References Browser History
(April 1, 2013)
A new variant of ransomware cites the browser history of infected
computers to lend more credence to the initial message's authenticity.
The message accompanying this new variant appears to be from the US
Department of Justice, the Department of Homeland Security, and the FBI,
and says that the target's computer has been used to download and share
pornography. The malware checks the computer's browsing history against
a list of websites associated with the illegal content and if a match
is found, names the sites that have been visited on that computer.
http://www.computerworld.com/s/article/9238040/Ransomware_leverages_victims_39_browser_histories_for_increased_credibility?taxonomyId=17
[Editor's Note (Ullrich): Mass customized social malware. Increasingly
we are seeing that malware tries to become "smart" and customizes its
sales pitch by harvesting information from social networks and from the
victim's computer (as in this case).
(Henry): Using the victim's browser history to gain credibility for
their fraud scheme is yet another example of adversaries changing and
modifying their offensive techniques. As defenses develop (more
signatures added to AV, enhanced user awareness, etc.), sophisticated
adversaries raise the stakes...an electronic game of cat and mouse.]
*************************** Sponsored Links: ******************************
1) Webcast! Meeting the need for speed (and resiliency) in Security
Management Systems, Thursday, April 18 http://www.sans.org/info/128410
2) Take the New SANS Survey on the Critical Security Controls and enter
to win a new iPad! http://www.sans.org/info/128415
*****************************************************************************
THE REST OF THE WEEK'S NEWS
--Illinois Governor Launches Cybersecurity Competition
(April 1, 2013)
Illinois Governor Pat Quinn has announced the Illinois Cyber Challenge.
The competition aims to identify veterans and other people with interest
in and talent for cybersecurity. The top finishers will have the
opportunity for additional training and cybersecurity residencies. The
competition is open to everyone.
http://www.myfoxchicago.com/story/21845436/governor-illinois-pat-quinn-launches-cyber-security-contest
--DHS and FBI Warn of Telephony DoS Attacks on Public Safety Answering
Points
(April 1, 2013)
The US Department of Homeland Security (DHS) and the FBI have issued a
warning to public safety call centers about telephony denial-of-service
(TDoS) attacks. The recent attacks are part of a scheme in which
companies receive a call from someone claiming to be from a payday loan
company saying that they are collecting unpaid debt. When the
organizations refuse to pay, their phone systems are hit with a
debilitating flood of calls, which often prevent them from receiving and
placing legitimate phone calls.
http://krebsonsecurity.com/2013/04/dhs-warns-of-tdos-extortion-attacks-on-public-emergency-networks/
http://krebsonsecurity.com/wp-content/uploads/2013/04/DHSEM-16-SAU-01-LEO.pdf
--Judge Says First Sale Doctrine Does Not Apply to Digital Content
(April 1, 2013)
A federal judge in New York has issued a summary judgment, ruling that
ReDigi, who opened a marketplace for people to resell digital music
files, violates US copyright law. US District Judge Richard Sullivan
said in his ruling that the first sale doctrine, which allows people in
legal possession of copyrighted material the right to resell that
material, does not apply to digital content. The judge's reasoning is
that the transaction involves making an illegal copy of the file,
despite ReDigi's assertion that this is not the case. The ruling means
that digital resale marketplaces will have to obtain consent from
copyright holders before reselling content.
http://www.wired.com/threatlevel/2013/04/reselling-digital-goods/
http://arstechnica.com/tech-policy/2013/04/can-i-resell-my-mp3s-redux-federal-judge-says-no/
http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1334&context=historical
[Editor's Comment (Northcutt): This is going all the up to the Supreme
Court I wager; here is the DOJ take on the subject:
http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm01854.htm ]
--Appeals Court Says Broadcast Streaming Company Can Continue to
Operate
(April 1, 2013)
A three-judge panel of a US federal appeals court has rejected
broadcasters' attempt to block Aereo, a subscription service that allows
streaming of broadcast television to any Internet-enabled device. At
least half a dozen television networks filed the initial lawsuit against
Aereo, alleging that the company did not obtain licensing from them and
that Aereo's service is tantamount to copyright infringement. The case
is likely to be reheard with a larger panel of judges.
http://www.wired.com/threatlevel/2013/04/cord-cutters-rejoice/
http://arstechnica.com/tech-policy/2013/04/appeals-court-upholds-legality-of-aereos-tiny-antennas-scheme/
http://www.usatoday.com/story/tech/2013/04/01/aereo-wins-appeals-court-ruling/2042527/
--Sprint Nextel-SoftBank Merger Dependent on US Oversight of Networking
Equipment
(March 29 & 31, 2013)
US approval of the SoftBank's pending acquisition of Sprint Nextel is
being helped along by the companies' agreement to refrain from using
Huawei networking equipment and allowing US national security officials
to monitor equipment changes. SoftBank does not use Huawei equipment,
and Sprint uses Huawei equipment in one of its subsidiaries; Sprint has
said that it would replace the devices.
http://arstechnica.com/security/2013/03/sprint-softbank-to-shun-chinese-networking-equipment/
http://www.eweek.com/mobile/huawei-network-security-becomes-issue-in-sprint-softbank-merger/
[Editor's Note (Ullrich): Why not include equipment made in China but
sold under US brands?]
--BIND DNS Vulnerability
(March 29, 2013)
A vulnerability in the BIND Domain Name System (DNS) software could be
exploited to crash DNS servers. The problem lies in the way the libdns
library processes regular expressions. The flaw affects BIND versions
9.7.x, 9.8.0 through 9.8.5b1, and 9.9.0 through 9.9.3b1 for Linux and
UNIX systems. Windows versions are not affected. The Internet Systems
Consortium, which maintains BIND, has released versions 9.9.2-P2 and
9.8.4-P2. BIND 9.7 is no longer being maintained.
http://www.computerworld.com/s/article/9238002/Critical_denial_of_service_flaw_in_BIND_software_puts_DNS_servers_at_risk?taxonomyId=17
http://www.h-online.com/security/news/item/Critical-vulnerability-in-BIND-9-regular-expression-handling-1832816.html
http://seclists.org/fulldisclosure/2013/Mar/252
--Documentary Filmmakers' Computers Hacked While Working on Tibet
Project
(March 28, 2013)
While much attention is being paid to cyberespionage, the Chinese also
appear to be using the Internet to suppress free speech. American
filmmakers working on a documentary about human rights abuses in Tibet
found themselves the target of cyberattacks. Before even arriving in the
country, there was evidence that an unknown person was remotely
controlling a crewmember's laptop. After their arrival in Tibet, a
laptop was hacked, its operating system wiped, and a web site in Los
Angeles associated with the filmmakers succumbed to a denial-of-service
attack. The filmmakers believe that the Chinese government is behind the
attacks; that country has a long history of quashing information about
circumstances in Tibet.
http://www.washingtonpost.com/world/national-security/tibet-taboo-leads-to-cyber-assaults/2013/03/28/a6b8a0c2-8cae-11e2-b63f-f53fb9f2fcb4_story.html
[Editor's Note (Henry): I think it's important to recognize the extent
to which adversaries will use cyber tools to advance many of their
agendas...not necessarily just to pilfer data...and it is woven into our
society and technology for as long as I can see.]
--Forty-four Arrested in Connection with Payment Card Fraud Ring
(March 28 & April 1, 2013)
Law enforcement agents in Europe have arrested 44 people in connection
with a payment card fraud ring. The investigation, dubbed Pandora-Storm,
involved more than 400 police from 20 agencies in the US, Australia and
Europe, including members of Europol and Romania's Cybercrime Unit.
http://www.v3.co.uk/v3-uk/news/2258207/europol-smashes-romanian-credit-card-fraud-gang
http://www.computerworld.com/s/article/9237963/Authorities_bust_global_credit_card_fraud_network?taxonomyId=17
http://www.esecurityplanet.com/hackers/europol-44-arrested-for-credit-card-fraud.html
[Editor's Note (Honan): It is also great to see Europol's European
Cybercrime Centre (EC3) having an impact after only being launched in
January of this year.]
--Prison Sentence for Theft of Sensitive Military Information
(March 25, 2013)
A Chinese citizen has been sentenced to 70 months in prison for stealing
sensitive information from a US military contractor. Sixing Liu took
thousands of files related to a device called a disk resonator
gyroscope, which is used to help drones, missiles, and rockets find
their targets without a satellite. Liu was employed as an engineer at
L-3 Communications.
http://articles.washingtonpost.com/2013-03-25/world/38006926_1_development-of-military-technologies-information-and-technologies-chinese-citizen
http://www.dailyherald.com/article/20130326/business/703269904/?interstitial=1
http://www.justice.gov/usao/nj/Press/files/Liu,%20Sixing%20Verdict%20News%20Release.html
************************************************************************
The Editorial Board of SANS NewsBites
John Pescatore was Vice President at Gartner Inc. for fourteen years.
He became a director of the SANS Institute in 2013. He has worked in
computer and network security since 1978 including time at the NSA and
the U.S. Secret Service.
Shawn Henry recently retired as FBI Executive Assistant Director
responsible for all criminal and cyber programs and investigations
worldwide, as well as international operations and the FBI's critical
incident response. He is now president of CrowdStrike Services.
Stephen Northcutt teaches advanced courses in cyber security management;
he founded the GIAC certification and was the founding President of STI,
the premier skills-based cyber security graduate school, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of CounterHack, the nation's top producer of
cyber ranges, simulations, and competitive challenges, now used from
high schools to the Air Force. He is also author and lead instructor of
the SANS Hacker Exploits and Incident Handling course, and Penetration
Testing course..
William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.
Michael Assante was Vice President and Chief Security Officer at NERC,
led a key control systems group at Idaho National Labs, and was Vice
President and Chief Security Officer for American Electric Power.
Sean McBride is Director of Analysis and co-founder of Critical
Intelligence, and, while at Idaho National Laboratory, he initiated the
situational awareness effort that became the ICS-CERT.
Rob Lee is the SANS Institute's top forensics instructor and director
of the digital forensics and incident response research and education
program at SANS (computer-forensics.sans.org).
Tom Liston is a Senior Security Consultant and Malware Analyst for
InGuardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Gal Shpantzer is a trusted advisor to CSOs of large corporations,
technology startups, Ivy League universities and non-profits
specializing in critical infrastructure protection. Gal created the
Security Outliers project in 2009, focusing on the role of culture in
risk management outcomes and contributes to the Infosec Burnout project.
Alan Paller is director of research at the SANS Institute.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlFbDgcACgkQ+LUG5KFpTkZ9WwCfZ2e/2AheM0pMAluvVEvWxFH5
GGkAnAivuPOdTxXrMgT/3b6Gs/oVRtRO
=Mw4v
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]