Personal Cybersecurity #37: Daily news

What you need to know for your personal cyber security life… 

Number thirty-seven in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop. 

And, just so you know, I’ve got 31 years of IT experience, and my day job is for the State of Wyoming as an Information Specialist. I believe an informed prepper is a BETTER prepper. Information is the life blood of being prepared. Learn more with every article in this continuing series. Please ask questions if you want to learn more…I’m here to help.

evil inside

# # #

HEADLINES…for this issue…16 articles

  • Cybercrime Threat a Growing Concern: Police
  • Microsoft Word Vulnerability Used Against Taiwanese Government
  • Want ‘perfect’ security? Then threat data must be shared
  • Iranian hackers becoming more aggressive
  • How to optimize your security budget
  • TJX Succeeds Where Target Struggles
  • FFIEC Cyber Assessments: What to Expect
  • Teen Arrested for 30+ Swattings, Bomb Threats
  • Cybercrime boss offers a Ferrari for hacker who dreams up the biggest scam
  • Vietnam-China cyberwar breaking out?
  • What the Most Secure Email in the Universe Would Look Like
  • GE patches gap in infosec capabilities with Wurldtech buy
  • Nigeria: Fraudsters Hack NNPC GMD’s Email, Advertise Bogus Contract
  • FFIEC Plans Cybersecurity Assessments
  • Link shortener Bitly disconnects users’ Facebook and Twitter accounts over compromised credentials
  • How government can securely leverage cloud environments

# # #

Cybercrime Threat a Growing Concern: Police

  • By Lona Olavia
  • The Jakarta Globe
  • May 13, 2014

Jakarta — The chief of the National Police and the head of the Indonesian financial watchdog said cybercrime in Indonesia remained a significant challenge as Internet use in the country continued to grow.

“Do not be overconfident,” Gen.Sutarman said at a panel discussion in Jakarta on Tuesday. “Indonesian hackers will often do things just for the sake of it.”

Sutarman said that the increasing popularity of e-commerce in the country meant more online transactions were being made, affording an opportunity to hackers capable of exploiting security loopholes.

Indonesia has received greater scrutiny from cybercrime authorities in recent years, especially since a 2013 survey by Akamai Technologies, an IT security firm, reported that Indonesia had overtaken China as the number one source of hacking traffic in the world. The dubious honor is not necessarily instructive of Indonesia possessing the greatest number of cyber criminals, but that international hackers have found soft spots in Indonesia’s cyber security from which they can launch attacks.


# # #

Microsoft Word Vulnerability Used Against Taiwanese Government

  • By Thomas Brewster
  • Tech Week Europe
  • May 13, 2014

A vulnerability in Microsoft Word has been used to target a range of Taiwanese government bodies and an educational institute, a security company has warned.

Whilst a patch was released by Microsoft in its April Patch Tuesday release, attackers continue to use the flaw in the knowledge that organisations would have failed to update their systems.

The first attack spotted by researchers at Trend Micro used an email with a malicious attachment, claiming to have been sent by a government employee offering information on a national poll. The second used similar tactics, but focused on free trade issues, with an attachment containing a title about a work project.

Both dropped malware onto the targets’ systems, which was capable of stealing files and persistent surveillance.

The attacks have been tied to a campaign known as Taidoor, which has used zero-day flaws in Internet Explorer to hit high-profile targets in the past.


# # #

Want ‘perfect’ security? Then threat data must be shared

  • By Roger A. Grimes
  • InfoWorld
  • 2014-05-13

Here’s a surprise for you: We actually have a fairly good understanding of who is attacking us on the Internet and why. Various entities know not only which groups are doing the attacking, but also the names of the people in those groups. They know where they live, who their family members are, where they went to school, and when they go on vacation.

A great example of this is the Russian Business Network crimeware group. With a little searching, you can find a decade of evidence trails, pictures of the leader, and even business relationships. Want to see who’s sending all that spam? Then check this link out [1]. Want to know who is doing most of the industrial espionage? Then read this report [2]. They even give you the hacker’s physical address.

When I tell friends about this, especially after their computer has been thoroughly compromised, they ask the obvious: Why aren’t these criminals in jail?

The answer is pretty easy. For the most part, these criminals work across international boarders, so there are issues of legal jurisdiction — and their home countries often can’t or don’t want to stop them. Even if we have all the evidence in the world, we can’t just invade a country and arrest its citizens. Yes, many countries do have treaties that support extradition, but most countries don’t. Not surprisingly, the countries with the most prolific hacking cultures don’t, which why most of the world’s malicious hackers live in them.


 # # #

Iranian hackers becoming more aggressive

  • Trade Arabia
  • 13 May 2014

Iranian hackers have become increasingly aggressive and sophisticated, moving from disrupting and defacing US websites to engaging in cyber espionage, security experts say.

According to Silicon Valley-based cybersecurity company FireEye, a group called the Ajax Security Team has become the first Iranian hacking group known to use custom-built malicious software to launch espionage campaigns.

Ajax is behind an ongoing series of attacks on US defense companies and has also targeted Iranians who are trying to circumvent Tehran’s Internet censorship efforts, FireEye said in a report to be published on Tuesday.

Many security experts have said that Iran is behind a series of denial-of-service attacks that have disrupted the online banking operations of major US banks over the past few years.

“I’ve grown to fear a nation state that would never go toe-to-toe with us in conventional combat that now suddenly finds they can arrest our attention with cyber attacks,” Michael Hayden, former director of the CIA and the National Security Agency, told the Reuters Cybersecurity Summit on Monday.


 # # #

How to optimize your security budget

  • By George V. Hulme
  • CSO Online
  • May 12, 2014

The good news is that security budgets are rising broadly. The bad news? So are successful attacks. Perhaps that’s why security budgets averaging $4.3 million this year represent a gain of 51% over the previous year – and that figure is nearly double the $2.2 million spent in 2010 – all according to our most recent Global Information Security Survey, conducted by PricewaterhouseCoopers.

The question is, why? Why are security budgets rising but enterprises still are not getting the results hoped? “Many organizations are infatuated with buying the latest trendy thing, whether or not it makes the most sense for their specific security posture,” says Jay Leek, chief information security officer at The Blackstone Group.

The 11th annual Global Information Security Survey of 9,600 executives also found that the number of organizations reporting losses of greater than $10 million per incident is up 75 percent from just two years ago. The costs of these breaches also are rising, with data breaches up 9 percent in 2013 from 2012.

One thing is certain – the organizations are not spending on the technologies and capabilities best suited to help spot advanced attackers, such as malware analysis with only 51% doing so, inspection of traffic leaving the network (41%), rogue device scaling (34%), deep packet inspection (27%), or threat modeling (21%).


 # # #

TJX Succeeds Where Target Struggles

  • By Eric Novinson
  • May 13, 2014

Shares of Target (NYSE: TGT ) fell by about 3% on Monday May 5, 2014 after the big-box retailer announced that Greg Steinhafel would no longer head up the company as its CEO. This move marked the second high-profile departure related to the data breach at the retailer, as CIO Beth Jacob left the company back in March. However, the data breach just added to the problems that Steinhafel faced at Target. A problematic expansion push into Canada and competition from other retailers have also hit Target’s results. As a result of this, Target posted mixed results for the fourth quarter while its competitor TJX (NYSE: TJX ) posted much stronger results for the period.

Target’s recent results

Target ended 2013 on a weak note, both domestically and in Canada. In its last earnings report, Target announced that its fourth-quarter sales fell 3.8%, although full-year sales still showed a small rise of 0.9%. Target’s gross margin for the quarter in its domestic operations also narrowed from 27.8% to 27.6% year-over-year, although the full-year gross margin actually showed a minor gain rising from 29.7% to 29.8%. With the heavy price promotions going on at many retailers during the 2013 holiday season, this actually looks impressive as Target did not take a huge hit to its margins for the period.

These figures show that even though the last quarter of 2013 didn’t go too well for Target, it wasn’t a total catastrophe as the retailer still managed to show small gains on two important metrics for the year. Target’s diluted earnings per share fell more sharply for the year from $4.52 to $3.07, although most of this stemmed from the $1.13 per share impact of Target’s Canada push. However, the retailer still retains some powerful competitive advantages.

The case for Target

Target sells competitively priced but attractive clothing, appliances, household decorations, food, and many other things. While it doesn’t always have the inventory selection of a category killer, it usually has an inexpensive item available to satisfy most needs. The company can use price competition to beat higher-end retailers, and its design and fashion appeal can help it beat deep discounters. In addition, the company has also expanded its food lineup by adding fresh groceries. Wal-Mart and the dollar stores also see fresh groceries as a promising growth area. Target also has international expansion potential, even if its Canadian launch didn’t work out as well as it expected. Also, Target isn’t the only discounter that’s lost data to a hack.


 # # #

FFIEC Cyber Assessments: What to Expect

  • By Tracy Kitten
  • Bank Info Security
  • May 12, 2014

The Federal Financial Institutions Examination Council’s new cybersecurity assessments for community banking institutions will be incorporated into the usual IT examination process, regulators say. Industry associations and analysts say banking leaders should be preparing for more stringent oversight of cybersecurity awareness and initiatives.

A new work program and assessment tool for cybersecurity will be used in banking institutions’ regularly scheduled IT exams, says Stephanie Collins, spokeswoman for the Office of the Comptroller of the Currency, one of the banking agencies that’s part of the FFIEC.

“[This] will allow us to develop a baseline assessment across the sector of how they are managing cybersecurity risks,” she says. “In order to ensure that we comprehensively assess the cybersecurity environment in which financial institutions operate, we also plan to involve a number of the most critical technology service providers.”

On May 7 and 8, the FFIEC and the Office of the Comptroller of Currency announced plans to launch a pilot program for new cybersecurity assessments by the end of this year (see FFIEC Plans Cybersecurity Assessments).


 # # #

Teen Arrested for 30+ Swattings, Bomb Threats

  • By Brian Krebs
  • Krebs on Security
  • May 12, 2014

A 16-year-old male from Ottawa, Canada has been arrested for allegedly making at least 30 fraudulent calls to emergency services across North America over the past few months. The false alarms — two of which targeted this reporter — involved calling in phony bomb threats and multiple attempts at “swatting” — a hoax in which the perpetrator spoofs a call about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with deadly force.

On March 9, a user on Twitter named @ProbablyOnion (possibly NSFW) started sending me rude and annoying messages. A month later (and several weeks after blocking him on Twitter), I received a phone call from the local police department. It was early in the morning on Apr. 10, and the cops wanted to know if everything was okay at our address.

Since this was not the first time someone had called in a fake hostage situation at my home, the call I received came from the police department’s non-emergency number, and they were unsurprised when I told them that the Krebs manor and all of its inhabitants were just fine.

Minutes after my local police department received that fake notification, @ProbablyOnion was bragging on Twitter about swatting me, including me on his public messages: “You have 5 hostages? And you will kill 1 hostage every 6 times and the police have 25 minutes to get you $100k in clear plastic.” Another message read: “Good morning! Just dispatched a swat team to your house, they didn’t even call you this time, hahaha.”


 # # #

Cybercrime boss offers a Ferrari for hacker who dreams up the biggest scam

  • By Paul Peachey
  • Crime Correspondent
  • The Independent
  • 11 May 2014

The leader of a global cybercrime syndicate offered his associates a Ferrari for the hacker who came up with the best scam, according to a senior European security source.

The gift – made on a professionally produced video hidden in a dark recess of the internet – formed the basis of a bizarre “employee of the month” competition for the organised crime gang. On the tape, a presenter is pictured in a car showroom alongside a Porsche, a Ferrari and glamorous female assistants who offer the prize for the most successful hacker.

Troels Oerting, the head of the European Cybercrime Centre (EC3), said this was a sign of the lengths that organised crime will go to recruit and retain young technological talent.

The scheme – operated from an unspecified eastern European destination – highlights the huge rewards on offer for relative risk-free criminal operations that can net the masterminds millions of pounds from countries that operate as safe havens – far beyond the reach of European security officials.


 # # #

Vietnam-China cyberwar breaking out?

Securitydaily on May 9 quoted as reporting that tens of websites of Chinese organizations and enterprises had been attacked by hackers from Vietnam. The main attack mode was DDoS (distributed denial of service).

Some websites of individuals and organizations with the domain name “.tw” (Taiwan) have also been victims of the attacks.

Experts have expressed their worries that the attacks may trigger a cyberwar between Vietnam and China. If this occurs, Vietnamese internet users would suffer heavily.

On Sunday, Hoang Cuong of the Information Technology Center, an arm of the Military Technical Academy, published an article in Securitydaily. It named 102 Vietnamese websites which have been attacked by Chinese hackers. Another source said the number of hacked Vietnamese websites could be even higher.

The author affirmed that most of the websites were “dead” – that is, they had been hijacked.


 # # #

What the Most Secure Email in the Universe Would Look Like

  • By Patrick Tucker
  • Defense One
  • May 12, 2014

Say you wanted to send an email more secure than any message that had ever been transmitted in human history, a message with absolutely no chance of being intercepted. How would you do it?

You may have encrypted your message according to the highest standards, but encryption doesn’t guarantee secrecy. The fact that you sent it is still detectable. An intercepting party in possession of just a few clues such as your identity, the receiver’s identify, the time of the message, surrounding incidents and the like can infer a great deal about the content of the message in the same way that the NSA can use your metadata to make inferences about your personality. You need to conceal not just what’s in the message but its very existence.

The answer? Make your message literally impossible to detect. A team of researchers from the University of Massachusetts at Amherst and Raytheon BBN Technologies led by Boulat A. Bash have created a method for doing just that, cloaking electronic communications so that the communication can’t be seen. They explain it in a paper titled Covert Optical Communication.


 # # #

GE patches gap in infosec capabilities with Wurldtech buy

  • By Richard Chirgwin
  • The Register
  • 12 May 2014

Years after the infosec world noticed the chronic insecurity of SCADA kit, industrial giant GE has decided it needs to improve its in-house capabilities by announcing that it’s to acquire Wurldtech.

Founded in 2006, Wurldtech’s product portfolio, sold under the Achilles brand, includes a test suite and industrial firewall software. It’s also got a service operation under which it evaluates device communication looking for troublesome behaviours.

The test suite is based on hardware designed to sit between the control system and the target industrial device – stuff like SCADA, distributed control systems and smart meters – firing off test traffic to detect vulnerabilities as well as other faults. It covers Ethernet, Foundation Fieldbus, Modbus IP, OPC UA and Profinet IO systems.

The Achilles Threat Intelligence Software is designed to add an industrial-network wrinkle to the more prosaic business of network protection. Since industrial plant managers really dislike being told to take their systems down so the IT crowd can apply a patch, ATIS instead lets the user wrap up a system in extra security when a bug of vulnerability is published, letting the patching happen later.


 # # #

 Nigeria: Fraudsters Hack NNPC GMD’s Email, Advertise Bogus Contract

  • Premium Times
  • 8 MAY 2014

The Nigerian National Petroleum Corporation, NNPC, has cautioned contractors and other stakeholders in the oil and gas industry against falling victims of phantom contract proposals by some fraudsters. 

This is contained in a statement issued on Thursday in Abuja by the Group General Manager, Group Public Affairs Division, NNPC, Ohi Alegbe.

The statement said that some hackers and internet scam artists broke into the personal email account of the NNPC GMD on Wednesday.

The statement said the hackers had been using the account to send all manners of scam letters and phantom contract deals to some highly placed contacts within and outside the oil and gas industry.

It said few days earlier, some online news sites were intermittently flashing a strange icon which had the photograph of the NNPC GMD.


 # # #

FFIEC Plans Cybersecurity Assessments

  • By Jeffrey Roman
  • Bank Info Security
  • May 8, 2014

The Federal Financial Institutions Examination Council is planning cybersecurity vulnerability and risk-mitigation assessments to help smaller banking institutions address potential gaps. The effort is expected to begin later this year.

The assessments will help FFIEC member agencies, such as the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp., make informed decisions about the state of cybersecurity at community institutions, address gaps and prioritize necessary actions to strengthen supervisory programs, the FFIEC says in a May 7 statement.

The FFIEC’s announcement came a day before Thomas Curry, Comptroller of the Currency and chairman of the FFIEC, delivered a speech at the Risk Management Association’s Governance, Compliance and Operational Risk Conference that included a reference to new cybersecurity examination procedures the OCC expects to pilot later in the summer.

“To be managed properly, operational risk issues must be viewed in terms of their impact on the entire enterprise, not merely as – to use cybersecurity as an example – an IT Issue,” Curry says. “That requires a fully integrated and comprehensive approach to risk management, which is exactly what the OCC’s heightened expectations are intended to achieve.”


 # # #

Link shortener Bitly disconnects users’ Facebook and Twitter accounts over compromised credentials

  • By Andrea Peterson
  • The Washington Post
  • May 9, 2014

Bitly, a popular service that allows users to create shortened or even customized URLs, and track how that shortened link is shared over time, issued a mysterious security update Thursday evening.

In a blog post, CEO Mark Josephson warned the company had “reason to believe that Bitly account credentials have been compromised.” While the company says that they “have no indication at this time that any accounts have been accessed without permission,” it took the extreme step of disconnecting the service from all users’ Facebook and Twitter accounts.

That’s sure to cause a headache for some social media managers — although probably less than the one from finding that their social channels were spewing unauthorized content.

Bitly is urging all users to reset passwords, change the API key and OAuth token associated with their account that allow the shortener to be tied into services, such as share buttons or social media management platforms, and then reconnect the shortener to their Facebook and Twitter accounts.


 # # #

How government can securely leverage cloud environments

  • By Dan Chenok
  • May 09, 2014


p>In recent years, federal agencies have made significant strides incorporating cloud computing into their IT portfolios.  From the OMB “Cloud First” strategy, to GSA’s Federal Risk and Authorization Management Program (FedRAMP), the government is following commercial best practices to leverage the cloud.

Cloud capabilities can be provided over the public Internet or through connections over private networks — and government does both. Some agencies establish private clouds due to perceived risks of making data available over public channels. At the same time, they are moving toward greater use of the open Internet, including public clouds.

In many cases, the choice for agencies is not public or private clouds, but rather a blend of the two approaches – often referred to as a hybrid cloud – where Internet-based applications provide information into a system that sits inside agency firewalls.

Since hybrid clouds span both the public cloud as well as the user’s private environment, and integrate with systems in each, consideration must be given to IT governance across the whole enterprise. Hybrid clouds blend public and private development, oversight and integration with other processes.


 # # #

Updated: May 16, 2014 — 8:05 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 24th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural southern Wyoming, just below the continental divide (long story, that...). Always ready to help others, he shares what he learns on multiple blogs, many social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.