Cyber Arms Intelligence Report for September 13th

Quis custodiet ipsos custodies? This Latin quote is from the Roman poet Juvenal, which means “Who will guard the guards themselves?” or “Who watches the watchmen?”. 

A recent security audit of the Department of Homeland Security’s US-CERT cyber security division systems revealed hundreds of vulnerabilities.

Even the much vaulted “Einstein” system did not go unscathed in the security test. The Einstein system is a highly capable government intrusion detection system.

A scan of US-CERT systems by the IG turned up 540 unique vulnerabilities in the Mission Operating Environment (MOE), 202 of which were rated as “high.” No other systems had vulnerabilities rated as “high,” but Einstein had 89 unique vulnerabilities, eight of them rated “medium.” Overall, there were a total of 671 unique vulnerabilities found US-CERT systems.”

The majority of the serious vulnerabilities found were in applications (Java, Adobe, Microsoft Apps) and in the Windows and Red Hat Linux Operating Systems.

What was the root cause of this many issues being found? According to the report, it was lack of automated updating.

“The problem is not that DHS is ignoring vulnerabilities, but a lack of automation, the report found. NCSD performs vulnerability testing and has established a patch management process, but the process is ineffective because patches are being applied manually on applications in the MOE. Because of the challenge of patching a large number of machines manually, patches are often not applied universally or in a timely fashion.”

Since the audit, the vulnerabilities have been addressed and a solution for patching has been put into place.

In an appendix to the report, which is dated Aug. 18, the division wrote that it has patched its systems since the audit was conducted.

DHS spokeswoman Amy Kudwa said in a statement Wednesday that DHS has implemented “a software management tool that will automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.”

Turning towards the Middle East, could Israel turn to cyberwar to take out the Iranian nuclear power plants? They do have the know-how:

“To judge by my interaction with Israeli experts in various international forums, Israel can definitely be assumed to have advanced cyber-attack capabilities,” said Scott Borg, director of the U.S. Cyber Consequences Unit, which advises various Washington agencies on cyber security.”

But how might they go about it?

“Asked to speculate about how Israel might target Iran, Borg said malware – a commonly used abbreviation for “malicious software” – could be inserted to corrupt, commandeer or crash the controls of sensitive sites like uranium enrichment plants.”

“A contaminated USB stick would be enough,” Borg said.”

The recent E-Mail worm that clogged inboxes worldwide could have been the work of Cyber Jihadists.

Joe Stewart, director of malware research for the counter threat unit at Secureworks, says the Brigades of Tariq ibn Ziyad, a self-proclaimed “cyber-jihad” organization, might have set off the worm that crippled email servers in major organizations during the past day, in some cases using the subject line “Here you have,” reminiscent of 2001 Anna Kournikova virus. Stewart discovered a username of “Iraq_resistance” embedded in the binary of the malware that was similar to one sent out in August.

And finally, in an interview, UK’s Admiral Lord West talks about the Rules of Engagement and Infrastructure Vulnerabilities in Cyber Warfare.

2 thoughts on “Cyber Arms Intelligence Report for September 13th”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: