Personal Cybersecurity #30: Daily news

What you need to know for your personal cyber security life… 

Number thirty in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.  

And, just so you know, I’ve got 31 years of IT experience, and my day job is for the State of Wyoming as an Information Specialist. I believe an informed prepper is a BETTER prepper. Information is the life blood of being prepared. Learn more with every article in this continuing series. Please ask questions if you want to learn more…I’m here to help.

evil inside

# # #

HEADLINES…for this issue…15 articles

  • Security pros talk about playing defense against cybercrime
  • When hackers became heroes
  • ‘Bounty Hunter’ Earns Record Payout, and Job, from Facebook
  • U.S. States Investigating Breach at Experian
  • U.S. Regulators Warn of Pattern in ATM Hacks — Update
  • Researchers publicly disclose vulnerabilities in Oracle Java Cloud Service
  • Billions spent on cyber security and much of it ‘wasted’
  • Army Reserve soldiers train in cyber defense operations
  • UMC Health System Security Officer discusses user awareness
  • Middle Eastern hackers use remote access Trojan to infect 24, 000 machines worldwide
  • Hackers Turn Security Camera DVRs Into Worst Bitcoin Miners Ever
  • China’s unsupported XP machines hold the potential to become a massive botnet army
  • Hacked passwords can enable remote unlocking, tracking of Tesla cars
  • What are Advanced Evasion Techniques? Don’t expect CIOs to know, says McAfee
  • Bank abandons place in class-action suit against Target, Trustwave

Security pros talk about playing defense against cybercrime

  • By Ellen Messmer
  • Network World
  • April 03, 2014

Security professionals are playing defense against cybercrime, and often feel outgunned by tech-savvy hackers and insiders out to steal sensitive data from within the business. They see a shortage of qualified security personnel to call on, but also believe that threat-detection tools are getting better.

Those were sentiments shared today by security experts from two large financial services companies, Citi and AIG, together with a special agent of the FBI at a panel discussion at Pace University in New York. When asked about the kind of things that worry them most, they were quick to point to the kind of attacks that are hard to stop and the difficulty in chasing cybercriminals around the globe.

“Zero-day vulnerabilities bringing down the network,” said Bernadette Gleason, North American eCrime laboratory manager at Citi. Use of zero-day attacks by cybercriminals give them the advantage because they can exploit unknown vulnerabilities. “We’ve seen this happen and try to mitigate against it.”

Like many businesses, Citi applies a defense-in-depth strategy but there’s also the realization that the financial services industry has to do better at “consumer awareness” by helping educate the public more about cybercrime, without confusing people with technical terms, she added.


# # #

When hackers became heroes

  • By Marc Rogers
  • April 3, 2014

SAN FRANCISCO — Hackers were once considered nothing but a bane to governments and businesses — an emerging threat which defied understanding.

Today, those same governments and businesses worldwide are recognizing how critical hackers are in defending a businesses’ or nation’s cyberspace.

The public and private sector can’t hire hackers fast enough, infiltrating hacker conferences and turning to those as young as high schoolers to recruit the next generation of cyber-protectors. It points to a significant shift in the mainstream perception of hackers and how governments or businesses are willing to use them.

Why has it taken so long for these organizations to realize this untapped resource? The simple answer is a combination of negative PR and a fundamental lack of understanding about what motivates a hacker. If you can’t understand their motivation, how can you trust them?


# # #

‘Bounty Hunter’ Earns Record Payout, and Job, from Facebook

# # #

U.S. States Investigating Breach at Experian

An exclusive KrebsOnSecurity investigation detailing how a unit of credit bureau Experian ended up selling consumer records to an identity theft service in the cybercrime underground has prompted a multi-state investigation by several attorneys general, according to wire reports.

Reuters moved a story this afternoon quoting Illinois Attorney General Lisa Madigan saying that  ”it’s part of a multistate investigation,” and that Connecticut Attorney General George Jepsen said that Connecticut is looking into the matter as well.

News of the breach first came to light on this blog in October 2013, when KrebsOnSecurity published an exclusive story detailing how a Vietnamese man running an online identity theft service bought personal and financial records on Americans directly from a company owned by Experian, one of the three major U.S. credit bureaus.

Hieu Minh Ngo, a 24-year-old Vietnamese national, pleaded guilty last month to running an identity theft service out of his home in Vietnam. Ngo was arrested last year in Guam by U.S. Secret Service agents after he was lured into visiting the U.S. territory to consummate a business deal with a man he believed could deliver huge volumes of consumers’ personal and financial data for resale.


 # # #

U.S. Regulators Warn of Pattern in ATM Hacks — Update

  • By Ryan Tracy
  • The Wall Street Journal
  • April 2, 2014

WASHINGTON — U.S. regulators are warning of a pattern in cyberattacks targeting automated teller machines that could saddle banks with “large dollar losses” from unauthorized withdrawals.

The attacks are increasing, senior bank supervisors on the Federal Financial Institutions Examination Council said in a statement Wednesday. They said small and midsize banks are especially at risk.

The warning is the latest evidence that hackers are exploiting weaknesses in the security of the U.S. financial system for illicit profits. In recent months, banks have been reissuing millions of credit cards as a result of stolen customer information at Target Corp. and other retailers.

The regulators didn’t identify specific victims of the attacks or potential sources.


 # # #

Researchers publicly disclose vulnerabilities in Oracle Java Cloud Service

  • By Lucian Constantin
  • IDG News Service
  • April 2, 2014

Security researchers released technical details and proof-of-concept code for 30 security issues affecting Oracle’s Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.

Researchers from Polish security firm Security Explorations, who found many Java vulnerabilities in the past, decided to publicly disclose the Java Cloud Service security weaknesses because they weren’t satisfied with how Oracle handled their private report.

“Two months after the initial report, Oracle has not provided information regarding successful resolution of the reported vulnerabilities in their commercial cloud data centers (US1 and EMEA1 respectively),” Adam Gowdiak, the CEO and founder of Security Explorations, said Wednesdayvia email.

“Instead, a year and a half after the commercial availability of the service, Oracle communicates that it is still working on cloud vulnerability handling policies,” he said. “Additionally, the company openly admits that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centers in the future.”


 # # #

Billions spent on cyber security and much of it ‘wasted’

  • By Stuart Corner
  • IT Pro
  • April 3, 2014

The global IT security budget runs into tens of billions of dollars but much of it is not being used effectively, say security experts.

ABI Research estimated that cyber security spending for critical infrastructure – the segments of defence, energy, financial, healthcare, ICT, public security, transport, and water and waste management hit $US46 billion globally in 2013. Gartner put overall security technology and services market at $US67.2 billion in 2013.

In the face of an evolving cybercriminal “community”, Art Gilliland, HP’s senior vice president and general manager, enterprise security, argues businesses need to rethink their security spend.

“We’re spending something like $46 billion a year on cyber security but the percentage of breaches is increasing by 20 per cent per year and the cost of those breaches is increasing by 30 per cent,” he told IT Pro.


 # # #

 Army Reserve soldiers train in cyber defense operations

  • By Capt. Addie Randolph
  • 04.01.2014

FORT DIX, N.J. — Once a year, five battalions belonging to the Army Reserve Information Operations Command come together from across the U.S. to participate in their annual training. This year the training took place March 22-29 at Fort Dix, N.J.

Just over 200 soldiers participated in the training event, said Lt. Col. John Coiro, ARIOC brigade operations officer. The training allowed the soldiers of the ARIOC to hone their military occupation specialties in cyber defense operations as well as give them valuable training in other areas.

The five areas of concentration for this year’s training revolved around dynamic defense, forensics, computer network defense service provider, incident handling, and threat analysis. Subject matter experts in these areas were chosen from each battalion to lead the training.

Chief Warrant Officer 3 Sunny Ramos, a dynamic defense analysis from the Western Information Operations Command, based out of Camp Parks, Calif., was tasked to teach a class on Kali Linux, an operating system designed for digital forensics and penetration testing.

“I chose to teach the tool cobalt strike, an advance penetration testing tool, using Kali Linux as the operating system,” said Ramos. “It wasn’t too difficult as I was exposed to that tool last year when I participated in the National Security Agency’s Cyber Defense Exercise.”

Sgt. Leonardo Brown from the WIOC has been working with AT&T U-verse Internet Services for 12 years as a network security engineer in his civilian capacity.

In his civilian job, Brown deals with the security aspect of cyber defense and watches for intrusions to his company’s network. This requires him to analyze and understand they different ways people are hacking his employer’s network.

Once Brown dons his military uniform his role changes from security to the forensics. This allows him to delve deeper and see what artifacts were left behind, what actually hit the system as well as what information was taken.

“My jobs both civilian and military complement each other greatly. The security aspect of my civilian job allows me to see the before and the forensics aspect of my military job allows me to see the after,” Brown said.

Not only did the soldiers participate in their military occupational specialty training, but they also focused on soldier skills helping to ensure readiness for their rotational deployment in support of South West Asia Cyber Center.

ARIOC leadership is placing emphasis on preparing for the transition from their current mission in Cyber Training to the new Cyber Protection Teams. The command is working hard to develop advanced cyber training plans that rapidly advance the cyber skills across the brigade to support new missions.

When you have geographically dispersed units they tend to train in a vacuum. The benefit of getting all of these educated, skilled, and qualified individuals together if that they can learn from each other, said Sgt. 1st Class Thomas Blackard, noncommissioned officer in charge of the Master Cyber Trainer Detachment. They see they have similar constraints that impede their progress and are able to work collectively to over come these constraints to be better mission capable.

 # # #

 UMC Health System Security Officer discusses user awareness

  • By Patrick Ouellette
  • Health IT Security
  • April 1, 2014

With 14 years under his belt working with government entities in IT security, Phil Alexander, Information Security Officer at University Medical Center (UMC) Health System, certainly has a unique outlook on IT security in the healthcare sector.

Based on those experiences at the federal level and his one year at UMC, Alexander talked with about his current focuses and where he thinks healthcare IT security is headed. UMC Health System, which includes our all its clinics in the local area, is the major regional provider in the West Texas area, so Alexander has a lot to keep track of.

What are you concentrating on security-wise at UMC at the moment?

When I got here, we were doing the typical basic cybersecurity and information assurance, nothing out of the ordinary. So I split my team into two: one dedicated to beefing up information assurance and the other being our computer security incident response team (CSIRT).

The CSIRT team does a lot of traffic monitoring, packet analysis and forensics. And then on the other side of the house we’re increasing user awareness training this year. I have a different philosophy on security awareness — I know there’s been a lot of discussion on the subject and there have been two philosophies. There’s one that argues organizations will never teach the end user anything and the other that says it’s a must-have. The pendulum kind of swings back and forth on the topic, but I think we’ve made a mistake over the past 20-30 years in IT in that organizations have told users that the organization, not the users, will take care of security. That worked back in the mainframe days of the 1970s and 1980s where your information at work wasn’t available to you at home. That doesn’t work anymore because work and home devices now look very similar to each other, so we’ve never really taught some of those users proper security.


 # # #

Middle Eastern hackers use remote access Trojan to infect 24, 000 machines worldwide

  • By Alastair Stevenson
  • 01 Apr 2014

Security firm Symantec has uncovered 487 groups actively using njRAT malware, claiming the malicious users have managed to infect 24,000 machines worldwide.

Symantec threat lab researchers reported the campaigns in a blog post, confirming the hackers are using the njRAT malware for a variety of purposes.

“Symantec has identified 487 groups of attackers mounting attacks using njRAT. These attacks appear to have different motivations, which can be broadly classed as hacktivism, information theft and botnet building,” the researchers said.

“The malware can be used to control networks of computers, known as botnets. While most attackers using njRAT appear to be engaged in ordinary cyber-criminal activity, there is also evidence that several groups have used the malware to target governments in the region.”


 # # #

Hackers Turn Security Camera DVRs Into Worst Bitcoin Miners Ever

  • Enterprise
  • 04.01.14

Here’s something we haven’t seen before: security camera recorders hacked and used to mine bitcoin.

The issue was first reported by Johannes Ullrich, an instructor at the SANS Technology Institute — a computer security training organization. Last Friday, he discovered malicious software infecting the Hikvision DVRs used to record video from security cameras. The malware jumps from device to device, trying to infect any other machines it can find on the network. But it also tries to earn a little scratch for its creators by mining bitcoins, a processor-intensive activity that would probably slow down any infected DVR.

Though this is a novel method, it’s hardly the first time hackers have tried to bust their way into other people’s hardware in order to make some bitcoin, the popular digital currency. The bitcoin system is run by independent machines spread across the globe, and if you contribute processing power to the system, you receive some bitcoin in return. This is called mining, and hackers often seek to mine using any machines they can gain control of — including security camera DVRs.

Most malicious software is written for Linux or Windows machines, but Ullrich has seen this new malware infect routers and DVRs in the past. That usually happens accidentally when a worm written for a Windows or Linux system spreads to strange devices that happen to be running the same operating system. But here, the malicious code “was actually complied for the ARM processor that’s running these devices, he says, “so they kind of knew what they were into.” Since Friday, Ullrich has also spotted the malware running on a router. He couldn’t immediately be reached for comment.


 # # #

China’s unsupported XP machines hold the potential to become a massive botnet army

  • By Tim Greene
  • Network World
  • March 31, 2014

Unsupported Windows XP machines in China could pose a threat to the Internet in general if bot-herders round up significant numbers of them to use as launch pads for malicious exploits, according to a top white-hat hacker.

James Forshaw, a vulnerability researcher for Context Information Security, says the vast number of XP computers in China represents the potential staging ground for attacks if they become compromised.

“If we’re talking tens of millions of machines that’s a significant pool to do DoS or other malicious attacks,” says Forshaw, who is a $100,000 winner of Microsoft’s BlueHat bounty prize for finding and reporting vulnerabilities in its Internet Explorer browser. “It might be in everyone’s best interest to get China or other countries to help them to migrate.”

StatCounter, which tracks operating system use by country, says that in January Windows XP represented 50.46%  of the operating systems in use in China. That’s down from 63% the year before, but still very significant. With China’s population upward of 1.3 billion, that represents a lot of machines, Forshaw says.


 # # #

Hacked passwords can enable remote unlocking, tracking of Tesla cars

[There was a good tweet about solving this problem now with a simple fix  – WK]

  • By Lucian Constantin
  • IDG News Service
  • April 01, 2014

Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a security researcher.

Tesla Model S owners need to create an account on when they order their cars and the same account allows them to use an iOS app to remotely unlock the car’s doors, locate it, close and open its roof, flash its lights or honk its horn.

Despite providing access to important car features, these accounts are only protected by a password with low-complexity requirements — six characters long and at least one number and one letter — a security researcher named Nitesh Dhanjani said Friday in a blog post.

The Tesla Motors site also doesn’t seem to have an account lockout policy based on incorrect log-in attempts, which makes accounts registered on the site susceptible to brute-force password guessing attempts, Dhanjani said.


 # # #

What are Advanced Evasion Techniques? Don’t expect CIOs to know, says McAfee

  • By John E Dunn
  • Techworld
  • 31 March 2014

What is an Advanced Evasion Technique (AET)?  According to a McAfee survey, an awful lot of CIOs have absolutely no idea, confusing them with the more famous Advanced Persistent Threats (APTs) that have become an established term on many large organisations’ worry list.

The survey of 800 professionals across the US, UK, Germany, France, Australia, Brazil, and South Africa found that only 70 percent were even sure they understood AETs, with 37 percent of those getting the definition wrong. This means that less than half of CIOs can define the term at all.

In fairness to CIOs, nobody has heard of AETs because they are, whisper it, pretty dull. They can be explained as subtle techniques designed to get around security boxes such as firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Think of them as packet-level probes that aim to spot weakness in these products such as traffic flows they don’t understand, get confused about or just don’t notice.


 # # #

Bank abandons place in class-action suit against Target, Trustwave

  • By Jeremy Kirk
  • IDG News Service
  • March 31, 2014


p>One of the two banks suing Target and security vendor Trustwave over responsibility for one the largest data breaches in history has pulled out of the lawsuit.

Trustmark National Bank, of New York, filed a notice of dismissal of its claims on Friday in U.S. District Court for the Northern District of Illinois.

It had joined Green Bank of Houston in the class-action suit, which claims Target and Trustwave failed to stop the theft of 40 million payment card details and 70 million other personal records.

The suit may have wrongly named Trustwave as one of Target’s IT security contractors. After the suit was filed on March 24, Trustwave said it would not comment on pending litigation and customarily does not identify its customers. Many agreements with IT vendors and customers are confidential.

But on Saturday, Trustwave’s Chairman and CEO Robert J. McCullen added more clarity by writing a letter on its website saying Target did not outsource its data security or IT obligations to the company.


 # # #

Updated: April 6, 2014 — 12:05 am

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 24th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural southern Wyoming, just below the continental divide (long story, that...). Always ready to help others, he shares what he learns on multiple blogs, many social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.