CyberArms Intelligence Report: Top Cyber Security News for February 19, 2012

Some of the top Cyber Security and computer news from around the web:

McCain: Cybersecurity Bill Ineffective Without NSA Monitoring the Net

The bill neglects to give authority “to the only institutions currently capable of [protecting the homeland], U.S. Cybercommand and the National Security Agency (NSA),” McCain said in a written statement presented at the hearing. “According to [General Keith Alexander, the Commander of U.S. Cybercommand and the Director of the NSA] in order to stop a cyber attack you have to see it in real time, and you have to have those authorities…. This legislation does nothing to address this significant concern and I question why we have yet to have a serious discussion about who is best suited to protect our country from this threat we all agree is very real and growing.”

Senators renew push for cybersecurity bill, absent ‘kill switch’

Senators are taking another crack at pushing a broad cybersecurity bill three years in the making, once again stripping a controversial Internet “kill switch” and making other concessions in a bid to find an elusive bipartisan majority in an election year.

NSA’s whitelisting approach economically blocks computer viruses

Military computers soon will be configured to execute only administrator-approved software applications in certain areas of a computer, Pentagon officials told Nextgov. The Defense Department’s unique version of the “application whitelisting” approach focuses on where downloads are allowed to launch in a system. It is intended to be a relatively inexpensive protection against downloads that antivirus programs fail to flag as threats.

FBI seeks developers for app to track suspicious social media posts, sparking privacy concerns

According to the ACLU, who reviewed the FBI documents for Fox News, information pulled from sites like Facebook, Twitter and blogs could be cross referenced with other databases to identify potential threats. Mike German, a former FBI agent who runs the National Security section of the civil liberties group, says the data could be used to increase video surveillance in a neighborhood. German argues fundamental issues are not being addressed.

Hacker Boasts of Intel Corporation Network Breach

A hacker who goes by the handles “WeedGrower” and “X-pOSed” is claiming to have breached the networks of tech giant Intel. The attacker boasts of having gained access to an subscriber database that contains sensitive information including passwords, social security and credit card numbers.

U.S. Not Afraid To Say It: China’s The Cyber Bad Guy

American officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names. In the last few months, that has changed. China is now officially one of the cyber bad guys and probably the worst.

INTERPOL Set To Open Global Cybercrime Center In 2014

Michael Moran, director of cybersecurity and cybercrime for INTERPOL, says the planned opening of the INTERPOL Global Complex in Singapore in 2014 is crucial to improving global cooperation among law enforcement. Moran says the organization is working on putting in place a secure online presence for police worldwide to work together on cybercrime cases, which often crisscross multiple regions and geographic jurisdictions.

US Strategic Command on Defending Cyberspace

The DoD operates approximately 15,000 networks. These networks are comprised of about seven million computers at bases and outposts around the globe; in submarines and research facilities that patrol and monitor the oceans; in manned and unmanned aircraft that control the skies; in satellites that relay vast quantities of data around the earth in seconds and coordinate our efforts.

Middle East Cyberjihad Timeline

If you have a look to the Middle East nations involved in the cyber conflict which made attacks or suffered attacks (depicted in the map below that does not include U.S. victim of the latest Credit Card leak and France whose Council of Jewish Institutions was hacked earlier in June), you may easily notice that the virtual geopolitics reflect nearly exactly the real ones (the dotted arrow from Iran indicates the uncertainty of the nationality of OxOmar).

Selected Readings in Cyberwar

Large selection of cyberwar and cybersecurity articles and books.

Military News:

Navy Puts More Bang Into Unmanned Fleet

The special warfare branch of the Navy’s expeditionary warfare division is eying plans to arm its small fleet of unmanned boats with an long-range missile, branch chief Capt. Evin Thompson said. The missile — known as the Spike — is built by Israeli defense firm Rafael Advanced Defense Systems, Thompson said during this week’s Association for Unmanned Vehicle Systems International-sponsored symposium in Washington.

Pentagon calls for ‘urgent’ upgrade of massive bunker-busting bombs, as Iranian threat looms

The military’s so-called Massive Ordnance Penetrator, a 30,000-pound bunker buster bomb, requires an “urgent” upgrade, according to Pentagon officials who are trying to ensure that 20 of the bombs are battle-ready — possibly for use against Iran, though officials have been tight-lipped on potential targets.

China’s Minesweeping Drones

Amid all the recent talk about the need for U.S. Navy minesweepers in the Persian Gulf in case Iran attempts to close the strait of Hormuz with sea mines, I noticed an interesting fact about China’s minesweeping plans. They involve drones. Not sleek, purpose-built, sea-going drones, but vessels originally designed to carry people that have been quickly converted to be remotely operated from an anti-mining mothership.

Other Interesting News Stories:

Chinese thieves stole 1,700 US-bound iPhones

Five suspected Chinese thieves were arrested after allegedly stealing 1,700 iPhone 4S that were bound for the US and swapping them with plastic replicas, the Shanghai Daily newspaper reported Friday.

Stunning Footage from Space

Time lapse sequences of photographs taken by the crew of expeditions 28 & 29 onboard the International Space Station from August to October, 2011.

Cyber Arms Intelligence Report for February 4th, 2011

All eyes are on Egypt this week. Again as turmoil hits a nation, the internet goes dark. Cell phone usage though was for the most part untouched. So Google, Twitter and Say Now put their heads together and found a way to allow Egyptians to post tweets via cell phone.

Oddly enough, the protests in Egypt have touched off controversy here in the US over Obama’s internet kill switch. Joe Lieberman and his co-sponsors are planning on introducing the Cyber Security and American Competitiveness Act of 2011 (PDF File) at the current session on congress. The proposed legislation and the events in Egypt prompted the following statement:

“Our cybersecurity legislation is intended to protect the U.S. from external cyberattacks,” the statement says. “Yet, some have suggested that our legislation would empower the president to deny U.S. citizens access to the Internet. Nothing could be further from the truth. We would never sign on to legislation that authorized the president, or anyone else, to shut down the Internet. Emergency or no, the exercise of such broad authority would be an affront to our Constitution.”

Thank goodness for the Constitution. Time will tell if the “Kill Switch” is legitimized or not.

Microsoft is caught with its hands in Google’s cookie jar. Google suspected Microsoft’s Bing search engine was copying Google’s search results. When entering search terms in both engines, identical results were returned. So Google set up a trap:

From December 17 to December 31, engineers inserted a “honeypot” result as the top result for specific search queries — including, hiybbprqag, mbzrxpgiys, and indoswiftjobinproduction — and waited to see if the same results would appear on Bing. Lo and behold, the identical results popped up.

Microsoft responded by denying the accusation and requesting a third party investigate the incident. Yusuf Mehdi, Microsoft’s Senior Vice President of Online Services Division said:

We do not copy results from any of our competitors. Full stop. We have some of the best minds in the world at work on search quality and relevance, and for a competitor to accuse any one of these people of such activity is just insulting.

Next the gloves came off and a full Twitter war of “yes you did”, “no we didn’t” responses began between Google and Microsoft Employees – nice.

Microsoft also made headline news as another Internet Explorer vulnerability was found that put an estimated 900 Million users at risk.

In other news, CSC wins a $30 Million Air Force cybersecurity contract:

Under the terms of the contract, CSC will isolate, contain and prevent intrusive activities on the Air Force automated information systems and networks. In addition, CSC will plan, coordinate, analyze and report on the results of managed network intrusion detection systems and intrusion prevention systems.

And NATO begins implementation of Cyber Shield plan:

Deputy Secretary of Defense William Lynn is meeting this week with his NATO and European Union (EU) counterparts in Brussels to begin implementation of the alliance’s cybersecurity defense plan.

Lastly, a new purpose was found for unwanted text messages.  Apparently, a wireless provider’s “Happy New Year” message set off a terror bombers suicide vest. The suicide bomber was thought to be with the same Jihad group that recently hit Moscow’s airport.

Other top stories from around the web:

White House Gets Average Grades on Cyber-Security
The National Security Cyberspace Institute (NSCI), which calls itself as a cyber-space education, research and analysis group for public, private and academic entities, in January gave the administration middling grades on cyber-security in its report, Federal Government Cybersecurity Progress: Obama Administration Report Card 2009 – Present.

Show of Strength urged for Cyberwar
Military cyberwarriors are building up efforts to pinpoint the sources of foreign computer break-ins on U.S. networks and will need to demonstrate a major computer attack capability in the future to deter increasingly sophisticated threats, according to the outgoing commander of the U.S. Strategic Command.

2011 CyberSecurity Watch Survey: Organizations Need More Skilled Cyber Professionals to Stay Secure
More than 600 respondents, including business and government executives, professionals and consultants, participated in the survey. The survey is a cooperative effort of CSO, the U.S. Secret Service, the Software Engineering Institute CERT® Program at Carnegie Mellon University and Deloitte.

Russia Calls for Stuxnet Investigation
Late last week Russia’s envoy to NATO, Dmitry Rogozin, publicly called upon (more like demanded) NATO to conduct a thorough investigation into the Stuxnet computer worm that targeted the Iranian nuclear power plant, and stated that the incident could have triggered a “new Chernobyl.”

Busted Cybercrime Ring Targeted Apple Stores
Dozens of people have been charged with forming a prolific identity theft ring that used thousands of stolen credit card numbers to shop at Apple stores around the country, according to a court document and a law enforcement official.

Cyber Arms Intelligence Report for 12/13/10

The biggest story this week is still Wikileaks. Okay let’s start with the latest DDoS targets. After a flood of DDoS attacks, a 16 year old kid was arrested by Dutch police. So, unbelievably the Dutch police come under attack:

Dennis Janus, a spokesman for the National Police Service confirmed that both the police website, and that of the National Prosector’s Office had been offline for much of the day, with many theorising that the likely reason is a distributed denial-of-service (DDoS) attack similar to that which was launched against Mastercard, PayPal and other firms.

What has been crazy is the DDoS and counter DDoS attacks seem to have no end in sight. One hacking group “Anonymous” is offering its DDoS tool (LOIC) and asking for volunteers to jump in and help. Apparently the 16 year old that was arrested may have been using LOIC and wouldn’t you know; LOIC attacks are not anonymous. They can be tracked back to the attacker.

It does make one wonder though if the government is involved with any of these attacks. Not sure, but one site does claim that the CIA is hosting one of the Wikileaks mirror sites as a honeypot.

We have even seen a casualty of mistaken identity in this DDoS war as a company that was not even involved at all gets taken down. EasyDNS was mistakenly reported by media outlets as the company that knocked Wikileaks offline. When in reality it was a company called EveryDNS. I wonder if the hackers, after recognizing the mistake apologized?

Well, Wikileaks hasn’t come out of this mess unscathed. According to an article on CNN, it looks like there is mutiny in the ranks. A group has broken off of Wikileaks and created a new whistleblower site called “” and will launch today:

“It has weakened the organization,” one of those founders, Daniel Domscheit-Berg says in a documentary airing Sunday night on Swedish television network SVT. He said WikiLeaks has become “too much focused on one person, and one person is always much weaker than an organization.”

But it looks like they are not the only group breaking up with the Wikileaks fiasco. It appears the members of the hacking group “Anonymous” are starting to turn on each other too. A Sydney based Anonymous  member had some colorful comment about fellow members:

He said that, rather than being full-blown hackers, the Anonymous members were “script kiddies” who only knew how to download the LOIC program and run it.”They’re very unprofessional, illogical and irrational and very much their actions are based upon emotions,” he said.

So apparently, LOIC is just a simple DDoS tool and many members have very little technical experience. They are just running the program. Thank goodness they aren’t using the much more efficient layer 7 DDoS attacks(OWASP PDF file).

In other news, even though Iran says they are A-OK after Stuxnet attack, computer security experts beg to differ:

Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed. The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz.

Okay, they are still infected, what will it take to finally get rid of all traces of Stuxnet? German security expert Ralph Langner had this to say:

“Here is their problem. They should throw out every personal computer involved with the nuclear program and start over, but they can’t do that. Moreover, they are completely dependent on outside companies for the construction and maintenance of their nuclear facilities. They should throw out their computers as well. But they can’t,“ he explained. “They will just continually re-infect themselves.”

“With the best of expertise and equipment it would take another year for the plants to function normally again because it is so hard to get the worm out. It even hides in the back-up systems. But they can’t do it,” he said.

Well, whoever was behind Stuxnet, it looks like they have done an amazing job of tying up and maybe even neutralizing the Iranian Nuclear plants. It also makes one wonder how prepared are other facilities to defend against threats like Stuxnet?

And lastly, a nasty new Botnet has been detected by ShadowServer. The Destination Darkness Outlaw System or “Darkness” is easy to purchase, easy to deploy, and is very effective and efficient in what it does. Darkness works against Windows 95- Windows 7 clients, runs as a Windows service and uses varying levels of bots to shut down target networks.

According to Shadowserver, 30 bots can overwhelm an average site, 300 bots a medium size site, 1000 bots a large site, 5000 a cluster even when using anti-ddos, and 15-20 thousand bots could theoretically bring down the Russian version of Facebook.

Other Top Security Stories from around the Web:

Cybersecurity Must Balance ‘Need to Know’ and ‘Need to Share’ – Robert J. Butler said sharing information within the military, with coalition partners and even with outside agencies will continue, but there will be more controls placed on the information.

NATO Works to Set Right Cyber Balance – “I could envision within the NATO alliance an operational command that focuses on cyber,” he said. “At the moment, that work is imbedded in several of the NATO agencies. But I think we are seeing this as an operational task, so I will be advocating putting more of this on the operational side.”

Army’s plan to modernize intell rides on the cloud – The Army’s efforts to enlist cloud computing to modernize its intelligence capabilities is in step with similar efforts across the military services.

NASA sold computers without properly scrubbing them, IG says – A NASA inspector general’s audit found that the agency had released to the public 10 computers that had not had their memories wiped. Nine of them might have contained highly sensitive data.

NIST Announces SHA-3 Hash Function Finalists – The SHA-3 finalists include Skein, developed by a group including Bruce Schneier and Jon Callas.

Cyber Arms Intelligence Report for December 6, 2010

Wikileaks again makes front page news. This time Assange threatens to release a large cache of secret encrypted documents if he is arrested or if any action is taken against Wikileaks. What is this? Some sort of Cyber Extortion? And how is this different from what he has been doing already? He is basically saying, “If you try to stop me from releasing sensitive classified documents, I will release more of them”. He has already proved that he is out to damage the US as much as possible, so this is not really a threat. He will release them anyways.

Where is our Cyber Command in all of this? Several have questioned why hasn’t the US Cyber Command taken out Wikileaks by now. Cyber Command was commissioned to defend Department of Defense systems. With the release of military documents it would seem that this would fall well into the realm of Cyber Command’s operational realms. This question was posed to Pentagon’s Press Secretary Geoff Morrell last week, and the response? Granted the leaks are embarrassing, but they really don’t hurt us:

 But, at the end of the day, it does not, at least over the long term, adversely impact America’s power or prestige. Secretary Gates just does not buy into that. People don’t do business with America necessarily because they like us or even trust us. They do business with us because they must. We are the last, one, remaining, indispensable power.

Interesting statement, but this may not be the whole story. Last Month Cyber Command’s chief, Gen. Keith B. Alexander petitioned for additional rights to perform offensive operations in protecting US interests. But it looks like it won’t happen:

But current and former officials say that senior policymakers and administration lawyers want to limit the military’s offensive computer operations to war zones such as Afghanistan, in part because the CIA argues that covert operations outside the battle zone are its responsibility and the State Department is concerned about diplomatic backlash.

So it would seem that Cyber Command has its hands tied and for the meantime this is going to become a legal battle that will go on for months. Even as Wikileaks mirror sites now pass 200.

Some information that has come out in the leaks has been interesting though. Saudis continue to be major financial supporters of terror groups. According to a NY Post article from earlier this year Saudis create the text books for many Muslim nations and they still contain anti-Semitic and anti-Christian teachings. These text books have even appeared in British class rooms.

Another document released, China uses access to Microsoft source code to help plot cyber warfare, is also very interesting. It appears that China has signed an agreement with Microsoft that allows select Chinese companies access to Microsoft source code. And what is China doing with this access? Some of the companies involved are known for hiring and working with Chinese hacker groups. Nothing like handing them the keys to the castle…

Some interesting picture links:

And lastly, other top cybersecurity news from around the web:

The 12 cyber scams of Christmas
Expert: Pentagon cybersecurity changes ‘very basic, very late’
US works to secure networks as hackers advance
Visited Porn? Browser Flaw Secretly Bares All
Basic tips for Android protection
Russia tops Kaspersky Labs’ list of global spammers
Intel Plans 1,000-Core Processors — But How Fast Will They Be?