March 16, 2012

Berghel, H. (2012). Wikileaks and the matter of Private Manning. Computer, 45(3), 70-73. [Full text available in IEEE Computer Science Digital Library database].

The release of significant documents by WikiLeaks, the international online not-for-profit organization, has become front-page news that has significant implications for computing professionals.

More from Wired: “UN torture chief: Bradley Manning treatment was cruel, inhuman”

Booth, R., & Mahmood, M. (2012, March 13). How the Assad emails came to light. Guardian. Retrieved from http://www.guardian.co.uk/world/2012/mar/14/how-assad-emails-came-light

In late March last year, Syrian opposition activists say, a young government worker in Damascus nervously handed a scrap of paper to a friend. On it were four handwritten codes that the friend was instructed to pass to a small group of exiled Syrians who would know what to do with them.

The paper contained two email addresses: sam@alshahba.com and ak@alshahba.com. They are thought to have been the personal email usernames and passwords of the president, Bashar al-Assad, and his wife, Asma.

For the next nine months they were to offer a cell of activists an extraordinary window into what appeared to be the private lives of Syria’s first family and their attempts to turn around the country’s steady descent towards the abyss.

Galperin, E. (2012, March 15). Fake YouTube site targets Syrian activists with malware.  Electronic Frontier Foundation. Retrieved from https://www.eff.org/deeplinks/2012/03/fake-youtube-site-targets-syrian-activists-malware

Last week, EFF reported on two instances of pro-Syrian-government malware targeting Syrian activists through links sent in chats and emails. This week, we’ve seen new Windows malware dropped by a fake YouTube site hosting Syrian opposition videos.

Golovanov, S. (2012, March 16). A unique ‘fileless’ bot attacks news site visitors. Securelist. Retrieved from http://goo.gl/b9FJk

In early March, we received a report from an independent researcher on mass infections of computers on a corporate network after users had visited a number of well-known Russian online information resources. The symptoms were the same in each case: the computer sent several network requests to third-party resources, after which, in some cases, several encrypted files appeared on the hard drive.

The infection mechanism used by this malware proved to be very difficult to identify. The websites used to spread the infection are hosted on different platforms and have different architectures. None of our attempts to reproduce the infections were successful. A quick analysis of KSN statistics that might help to identify the connection between compromised resources and the malicious code being distributed did not yield any results, either. However, we did manage to find something that the news sites had in common.

[UPCOMING LARGO-AREA EVENT] Goodwin, J. (2012, March 13). China panel to explore ‘China’s computer exploitations’ March 26. Government Security News. Retrieved from http://www.gsnmagazine.com/node/25827

The U.S.-China Economic and Security Review Commission, a congressionally-mandated panel that looks at the national security implications of America’s economic relationship with China, will hold a public meeting in Manassas, VA, on March 26 that will examine recent trends in China’s computer exploitations and nuclear strategies.

The public session, which will take place at the Hylton Performing Arts Center, 10960 George Mason Circle, Manassas, VA 20109, from 9 AM to 3 PM, will be open to the public, with no advanced reservations required.

Johnson, N. B. (2012, March 15). Increase in cyber attacks on federal systems slows. Federal Times. Retrieved from http://goo.gl/wLVQq

Cyber attacks against federal websites and networks increased 5 percent between 2010 and 2011, a big slowdown compared to the 40 percent increase between 2009 and 2010, the government reported.

Federal agencies suffered 43,889 cyber attacks in 2011, up from 41,776 the previous year, according to a report by the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT).

Agencies have adopted more performance-based metrics that allow them to better measure their cybersecurity progress and address security weaknesses, according to the report, which details how well agencies are complying with the 2002 Federal Information Security Management Act.

Kravets, D. (2012, March 14). FBI can’t crack Android pattern-screen lock. Wired. Retrieved from http://www.wired.com/threatlevel/2012/03/fbi-android-phone-lock/

Pattern-screen locks on Android phones are secure, apparently so much so that they have stumped the Federal Bureau of Investigation.

The bureau claims in federal court documents that forensics experts performed “multiple attempts” to access the contents of a Samsung Exhibit II handset, but failed to unlock the phone.

Madnick, S., Choucri, N., Li, X., & Ferwerda, J. (2012, March). Comparative analysis of cybersecurity metrics to develop new hypotheses (ESD-WP-2012-03). Retrieved from http://esd.mit.edu/WPS/2012/esd-wp-2012-03.pdf

Few Internet security organizations provide comprehensive, detailed, and reliable quantitative metrics, especially in the international perspective across multiple countries, multiple years, and multiple categories. As common refrain to justify this situation, organizations ask why they should spend valuable time and resources collecting and standardizing data.

This report aims to provide an encouraging answer to this question by demonstrating the value that even limited metrics can provide in a comparative perspective. We present some findings generated through the use of a research tool, the Explorations in Cyber Internet Relations (ECIR) Data Dashboard. In essence, this dashboard consists of a simple graphing and analysis tool, coupled with a database consisting of data from disparate national-level cyber data sources provided by governments, Computer Emergency Response Teams (CERTs), and international organizations. Users of the dashboard can select relevant security variables, compare various countries, and scale information as needed.

Prince, B. (2012, March 13). New bank fraud schemes target SIM cards in multi-layered attacks. SecurityWeek. Retrieved from http://www.securityweek.com/new-bank-fraud-schemes-target-sim-cards-multi-layered-attacks

As online banking shifts to add more authentication tests, scammers have been forced to up their game to compromise accounts. In new research, security firm Trusteer revealed two examples of just how much.

According to Trusteer, the first scheme starts with a drive-by download infecting victims with the Gozi Trojan. Once the Trojan is on the victim’s PC, it uses a Web page injection that prompts the victim to enter the International Mobile Equipment Identity (IMEI) number on their mobile device before they can enter their online bank account. For those who don’t know what an IMEI number is, the scammers are thoughtful enough to explain how to find it on the phone’s battery or dialing *#06# on the device keypad.

Ragan, S. (2012, March 14). Gh0stRAT variant used in targeted attacks against organizations in Tibet. SecurityWeek. Retrieved from http://www.securityweek.com/gh0strat-variant-used-targeted-attacks-against-organizations-tibet

Researchers from AlienVault Labs have discovered a spear phishing attack against several organizations in Central Tibet. Based on the data, the security firm believes that the attacks are originating from the same Chinese group that launched the Nitro attacks last year.

Towards the end of 2011, a group believed to be located in China, launched a series of attacks against chemical and defense companies, aiming to obtain sensitive information about the organizations themselves, and their supporters. The attacks were given the name Nitro, and they leveraged Phishing and a PDF exploit to target a vulnerability in Windows. However, what made headlines was the payload, a Remote Access Trojan called Gh0st (Gh0stRAT), a relative of the Poison Ivy trojan. At least 48 companies were believed to have been targeted in the Nitro attacks.

Riboni, D., Pareschi, & Bettini, C. (2012). JS-Reduce: Defending your data from sequential background knowledge attacks. IEEE Transactions on Secure and Dependable Computing [new issue], 9(3), 387-400. [Full text available in IEEE Computer Society Digital Library database].

Web queries, credit card transactions, and medical records are examples of transaction data flowing in corporate data stores, and often revealing associations between individuals and sensitive information. The serial release of these data to partner institutions or data analysis centers in a nonaggregated form is a common situation. In this paper, we show that correlations among sensitive values associated to the same individuals in different releases can be easily used to violate users’ privacy by adversaries observing multiple data releases, even if state-of-the-art privacy protection techniques are applied. We show how the above sequential background knowledge can be actually obtained by an adversary, and used to identify with high confidence the sensitive values of an individual. Our proposed defense algorithm is based on Jensen-Shannon divergence; experiments show its superiority with respect to other applicable solutions. To the best of our knowledge, this is the first work that systematically investigates the role of sequential background knowledge in serial release of transaction data.

Schmidt, M. S. (2012, March 13). New interest in hacking as threat to security. New York Times. Retrieved from http://www.nytimes.com/2012/03/14/us/new-interest-in-hacking-as-threat-to-us-security.html

During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security compared with 11 over the same period a year ago.

None of the attacks caused significant damage, but they were part of a spike in hacking attacks on networks and computers of all kinds over the same period. The department recorded more than 50,000 incidents since October, about 10,000 more than in the same period a year earlier, with an incident defined as any intrusion or attempted intrusion on a computer network.

The increase has prompted a new interest in cybersecurity on Capitol Hill, where lawmakers are being prodded by the Obama administration to advance legislation that could require new standards at facilities where a breach could cause significant casualties or economic damage.

Shar, L. K., & Tan, H. B. K. (2012). Defending against cross-site scripting attacks. Computer, 45(3), 55-62. [Full text available in IEEE Computer Science Digital Library database].

Researchers have proposed multiple solutions to cross-site scripting, but vulnerabilities continue to exist in many Web applications due to developers’ lack of understanding of the problem and their unfamiliarity with current defenses’ strengths and limitations.

United States. Government Accountability Office. (2012, March). IRS needs to further enhance internal control over financial reporting and taxpayer data (GAO-12-393). Retrieved from http://www.gao.gov/products/GAO-12-393

IRS implemented numerous controls and procedures intended to protect key financial and tax-processing systems; nevertheless, control weaknesses in these systems continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRS’s systems. Specifically, the agency continues to face challenges in controlling access to its information resources. For example, it had not always (1) implemented controls for identifying and authenticating users, such as requiring users to set new passwords after a prescribed period of time; (2) appropriately restricted access to certain servers; (3) ensured that sensitive data were encrypted when transmitted; (4) audited and monitored systems to ensure that unauthorized activities would be detected; or (5) ensured management validation of access to restricted areas. In addition, unpatched and outdated software exposed IRS to known vulnerabilities, and the agency had not enforced backup procedures for a key system.

Wheatman, J. (2012, March 14). Database activities you should be monitoring. Gartner. [Full text available in Gartner database].

The need to monitor activities in business-critical data stores continues to grow in scope and importance. Organizations should evaluate the landscape of security monitoring tools, balancing the cost, impact and security benefits, and implement solutions that address 10 critical areas.

Also from Gartner this week: Three Kinds of Password Management, How Metadata Improves Business Opportunities and Threats, and Developing a Strategy for Business-Aligned Information Security.

Zetter, K. (2012, March 9). Teen exploits three zero-day vulns for $60K win in Google Chrome hack contest. Wired. Retrieved from http://www.wired.com/threatlevel/2012/03/zero-days-for-chrome/

Just hours before the end of Google’s $1 million hack challenge, a teenager who once applied to work at Google without getting a response, hacked the company’s Chrome browser using three zero-day vulnerabilities, one of which allowed him to escape the browser’s security sandbox.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: