USNA | November 2013

Not-for-profit, educational/informational, selected reports/stories identified are not the content of this organization nor this institution, rather authorship remains with the sources listed in the report/stories and DO NOT reflect the position(s) of any company, agency or other entity, nor serve as an endorsement of any kind. 

Amid NSA spying revelations, tech leaders call for new restraints on agency  

http://www.washingtonpost.com/world/national-security/amid-nsa-spying-revelations-tech-leaders-call-for-new-restraints-on-agency/2013/10/31/7f280aec-4258-11e3-a751-f032898f2dbc_story.html

Mounting revelations about the extent of NSA surveillance have alarmed technology leaders in recent days, driving a renewed push for significant legislative action from an industry that long tried to stay above the fray in Washington. Six leading technology companies — Facebook, Google, Apple, Yahoo, Microsoft and AOL — sent a letter to two senators and two congressmen on Thursdayreflecting the sharpening industry strategy. The letter praised a bill the lawmakers have sponsored that would end the bulk collection of phone records of millions of Americans and create a privacy advocate to represent civil liberties interests within the secretive court that oversees the NSA.  After months of merely calling for the government to be more transparent about its surveillance requests, tech leaders have begun demanding substantive new restraints on how the National Security Agency collects and uses the vast quantities of information it scoops up around the globe, much of it from the data streams of U.S. companies.

Silent Circle and Lavabit launch “DarkMail Alliance” to thwart e-mail spying 

http://arstechnica.com/business/2013http://www.wired.com/threatlevel/2013/10/facebook_hacker//10/silent-circle-and-lavabit-launch-darkmail-alliance-to-thwart-e-mail-spying/

At Wednesday's Inbox Love conference held at Microsoft’s Silicon Valley campus, the founders of Lavabit and Silent Circle announced that they want to change the world of e-mail completely by putting privacy and security at its core. The two companies collaborated to create the DarkMail Alliance, a soon-to-be-formed non-profit organization that would be in charge of maintaining and organizing the open-source code for its new e-mail protocol. The new protocol will be based on Extensible Messaging and Presence Protocol, or XMPP, and it's set to be released in mid-2014. The group will ditch the old protocol, SMTP (Simple Mail Transfer Protocol), which is used for almost every bit of e-mail on the Internet.

Cybersecurity Skills Gap Beginning to Have Real Effects on Business

http://www.infosecurity-magazine.com/view/35373/cybersecurity-skills-gap-beginning-to-have-real-effects-on-business/ 

The fact that there are not enough skilled cybersecurity workers is becoming an increasing drumbeat for those tasked with improving the security posture of both public and private sector businesses. A new study underscores that while it’s essential that organizations continually evolve their security strategies to keep pace with the changing threat ecosystem, resource-strapped IT staffs are more often than not too bogged down by tactical activities to keep up. A survey by TEKsystems Network Services, a staffing firm, has found that there is a real-world human capital crisis at play for businesses, not just the anecdotal annoyance of being understaffed.

Start your own "Ethical Hacking" company,... Path to Success for One Palestinian Hacker: Publicly Owning Mark Zuckerberg 

http://www.wired.com/threatlevel/2013/10/facebook_hacker/

  “You’ve no idea what I’ve done,” Khalil Shreateh said, bursting into the kitchen of his family’s stone-and-concrete house in the South Hebron Hills. The stocky 30-year-old Palestinian ran a hand through his already haphazard hair. “I just posted on Mark Zuckerberg’s wall.” ....Shreateh had just reached halfway around the world to pull off a prank that would make him the most famous hacker in the Israeli-occupied West Bank. He’d discovered a Facebook bug that would allow him to post to another user’s wall even if he wasn’t on the user’s friends list. Demonstrating the bug on Zuckerberg was a last resort: He first reported the vulnerability to Facebook’s bug bounty program, which usually pays $500 for discoveries like his. But Facebook dismissed his report out of hand ....Shreateh’s notoriety, is about to launch the former construction worker into a new life. He’s using the funds to buy a new laptop and launch a cybersecurity service where websites will be able to request “ethical hacking” to identify their vulnerabilities. And he’s started a six-month contract with a nearby university to find bugs as part of their information security unit. He hacks and reports flaws on other universities’ sites in his free time.

Rep. Rogers worried HealthCare.gov doesn't have 'solid cybersecurity plan' 

http://thehill.com/blogs/blog-briefing-room/homenews/188266-rep-rogers-worried-healthcaregov-doesnt-have-solid  

Rep. Mike Rogers (R-Mich.) says he’s more concerned about HealthCare.gov’s problems today than he was last week. "It was very clear to me in the hearing that they don’t have an overarching solid cybersecurity plan to prevent the loss of private information,” he said Sunday morning on CNN’s “State of the Union.” Rogers, who’s chairman of the House Intelligence Committee, is also a member of the House Energy and Commerce Committee and sat in on the Thursday hearing in which the ObamaCare website contractors testified. “I’m even more concerned today than I was last week,” he said. Host Candy Crowley asked Rogers what he thinks of Department of Health and Human Services officials saying the website will run properly by the end of November. 

Cyber Attack on Israel Causes Traffic Delays in Tunnel

http://www.usatoday.com/story/tech/2013/10/27/ap-exclusive-israeli-tunnel-hit-by-cyber-attack/3281133/

The attack caused an immediate 20-minute lockdown of the roadway. The next day, the expert said, it shut down the roadway again during morning rush hour. It remained shut for eight hours, causing massive congestion..... One expert, speaking on condition of anonymity because the breach of security was a classified matter, said a Trojan horse attack targeted the security camera apparatus in the Carmel Tunnels toll road on Sept. 8. A Trojan horse is a malicious computer program that users unknowingly install that can give hackers complete control over their systems..... 

Israel Suspects China in Failed Cyberattack Vs. Defense Industry 

http://www.defensenews.com/article/20131028/DEFREG04/310280006/Israel-Suspects-China-Failed-Cyberattack-Vs-Defense-Industry 

Israeli authorities suspect Chinese involvement in a failed cyberattack targeting 140 top defense industry executives and program officials, according to Israel’s Channel 2 News. The attempted attack took place several weeks ago in the form of an email sent to scores of industry executives and program officials from an unnamed German company “known to Israeli industry,” said Nir Dvori, the network’s senior defense reporter. In his Oct. 27 report, Dvori said, “defensive measures” managed to detect and “close down” the threat before recipients had an opportunity to open the mail and release a Trojan horse embedded within the seemingly innocent correspondence. “Defensive measures discovered the attack and thwarted it. The assessment here is that the attack came from the Chinese defense industry,” Channel 2 reported. Myriam Nahon, an MoD spokeswoman, said the ministry does not comment on media reports involving cyber matters. In interviews here, several defense industry executives confirmed that firms were conducting refresher training on protocols and procedures associated with information and network defense. None of the executives contacted agreed to elaborate on the incident or to identify the German firm that served as an unwitting delivery vehicle for the attempted cyberattack.

CNO Says Navy Needs Ground Forces’ Help On Cyber, Electronic Warfare 

http://breakingdefense.com/2013/10/cno-says-navy-needs-ground-forces-help-on-cyber-electronic-warfare/?utm_source=Breaking+Defense&utm_campaign=e3f6f1178a-RSS_EMAIL_CAMPAIGN&utm_medium=email&utm_term=0_4368933672-e3f6f1178a-408017969&goback=%2Egde_1836487_member_5801334268445609986#%21

WASHINGTON: Rivalries between the services are a favorite topic in this town, especially when budgets tighten. But when it comes to cyberwarfare, electronic warfare, and the wireless world where they intersect, the Navy’s top man in uniform is more than happy to get help from the Army.  Admittedly, Adm. Jonathan Greenert is mostly focused on working with the Air Force on cyber/EW under the Air-Sea Battle concept and on reforming the Navy itself. He’s challenging the culture of “straight stick” naval aviators to admit that electronic warfare aircraft like the EA-18G Growler and E-2D Hawkeye are often more important than the strike fighters they support: The strike planes have to make through enemy air defenses to their targets, he noted, and — in a reflection of the Navy’s doubts about “low observable” technology — “all the stealth in the world ain’t gonna penetrate everything,” he told the audience at the 50th annual conference of the Association of Old Crows, a group named after a slang term for electronic warfare operators. Often, he added, a cyber attack or jamming can take down an enemy command network or stop an incoming missile far more effectively than any physical attack.

When the Phone Call is More Dangerous than the Malware: Social Engineering 

http://www.net-security.org/secworld.php?id=15856

“Social engineering has played some role in nearly every major hack you have read about over the last few years, yet this year’s competition clearly illustrates how poorly prepared companies are to defend against socially engineered attacks,” said Chris Hadnagy, Chief Human Hacker, Social-Engineer, Inc

TOP FIVE (TEN) HACKER TOOLS EVERY CISO SHOULD UNDERSTAND

http://www.tripwire.com/state-of-security/security-data-protection/top-fiv
e-hacker-tools-every-ciso-should-understand/
 

Military, NASA Hit in Series of Attacks 

http://gcn.com/Articles/2013/10/29/UK-hacker.aspx?s=gcntech_301013&p=1

Prosecutors have charged a U.K. hacker in connection with a year-long series of attacks on U.S. government and other networks that resulted in the theft of the personal information of government employees and massive amounts of other sensitive data, causing damages in the millions of dollars.

The U.S. Attorney’s Office in Newark, N.J., said Lauri Love, 28, of Stradishall, England, and three unnamed co-conspirators exploited weaknesses in Structured Query Language databases and the Adobe ColdFusion Web application development platform to carry out the attacks, which they said began at least as early as October 2012 and continued into this month. Love was arrested Friday at his home by the Cyber Crime Unit of the U.K.’s National Crime Agency.

Twitter and Facebook links tied to Obama campaign hacked

http://www.foxnews.com/politics/2013/10/28/links-used-in-obama-twitter-account-hacked/ 

A Syrian hacker group supporting the Assad regime says it broke into the link shortening service for President Obama's campaign, redirecting links from his campaign Twitter and Facebook accounts to one showing propaganda videos from the Syrian Electronic Army, Fox News confirms. The admission comes a day before the president hosts CEOs from the financial, energy, defense and information technology sectors to discuss cyber security. A spokesperson for Organizing for Action, the successor group to the Obama campaign which retains control of @BarackObama and the Barack Obama Facebook page, told TIME, “An account to our link shortener was hacked.” Obama’s Twitter and Facebook accounts were not compromised in the attack.

Mysterious Malware that Jumps Airgaps

http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn't know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours. .....But the story gets stranger still. In posts herehere, and here, Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: "badBIOS," as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.

Computer cracks CAPTCHAs in step toward artificial intelligence

http://in.reuters.com/article/2013/10/28/us-technology-captchas-idINBRE99R03620131028 

 

(Reuters) - A technology start-up said on Monday that it had come up with software that works like a human brain in one key way: it can crack CAPTCHAs, the strings of tilted, squiggly letters that websites employ to make users "prove you are human," as Yahoo! and others put it. San Francisco-based Vicarious developed the algorithm not for any nefarious purpose and not even to sell, said co-founder D. Scott Phoenix. Instead, he said in a phone interview, "We wanted to show we could take the first step toward a machine that works like a human brain, and that we are the best place in the world to do artificial intelligence research."

 
Current Cyber News

For more news about USNA, visit us on

facebook       Flickr       YouTube       Twitter       News(Rss)