24 – 28 February 2014: MIIS Cyber Research Assistants Dan Gifford and Ben Volcsko attended the 2014 RSA Conference in San Francisco, California. The RSA Conference is a cryptography and information security-related conference that is vendor-independent and managed by RSA, the Security Division of EMC, with support from leaders in the information security industry. The multi-day event consists of two parts: the conference, which hosts speakers for a variety of topics and a vendor expo. The conference provides various presentations on the topic of internet security.
Month: February 2014
MIIS Cyber GRAs attend Suits and Spooks San Francisco 2014
27 February 2014: MIIS Cyber Research Assistants Dan Gifford and Ben Volcsko along with members of the MIIS Cyber Security Student Working Group attended Taia Global’s February 2014 Suits and Spooks cyber security collision in San Francisco, California.
The Suits and Spooks Conference San Francisco 2014 covered topics such as:
- Cloud Security
- Big Data
- The International Cyber Arms Race
- Cyber Intelligence Analysis
- An inside look at how the world’s second largest defense contractor has built one of the world’s most successful and motivated security operations teams after suffering a major breach several years ago
- Why VIPs still are reluctant to defend against Cyber threats versus physical threats
Speaker Series – Dr. Linton Wells II: 14 Feb 2014
14 February 2014: Dr. Linton Wells II, Director of the Center of Technology & National Security Policy (CTNSP) at the National Defense University and Sharing to Accelerate Research – Transformative Information for Development and Emergency Support (STAR-TIDES), offered a guest lecture on “The Humanitarian Side of Cyber.”
Point of Sale Target’ed, Millions of Credit Cards Scraped.
Early in December rumors began bouncing across cyberspace that retail giant Target had been hit in an extensive cybercrime scheme, wherein point of sale devices, (read here cash registers) had been infected with a program designed to steal credit card details. The attack seems to have been concentrated on the “Black Friday” sale after Thanksgiving, one of the busiest shopping days of the year. Since then a number of the stolen credit cards have been cloned and sold online, and retailers and credit card companies have been sent scrambling to contain the damage.
More details about the specifics of the breach have become available as time goes on. Security journalist Brian Krebs, who broke the story and has been a driving force in the public exposition of the damage, has revealed the method used by the attackers to penetrate into Target’s network. The attackers sent spearphishing emails to a subcontractor who had access to parts of Target’s internal networks, Fazio Mechanical, and used the access credentials they gained within this heating, ventilation and air conditioning company to break into the Target network.
The breach potentially exposed millions of consumer credit cards, and many have shown up for sale on forums within the deep web. In response to the scale of the breach, hearings have been held in Congress on methods to prevent similar breaches in the future. One proposed method is to transition to smartcard technologies over the 1960’s era magnetic strips that currently employed.
Hotels May Become New Data Breach Point
A data breach appears to have hit White Lodging, a firm which manages hotel franchises for the Marriott, Hilton and Starwood Hotel chains. As reported by Brian Krebs, The breach appears to have struck computers in the restaurants and gift shops of a number of hotels managed by the company over a time period extending from March 2013 until the end of the year, collecting credit card information. Krebs was alerted to the breach by a number of fraud specialists working in banking who were dealing with the fallout of the credit card frauds.
New White House Initiative Pledges $750 Million for Student Technology
A new corporate initiative spearheaded by the White House has assembled a war chest of $750 million through donations from the business sector. The money will be used to ensure that “99 percent” of students receive strengthened access to technology within 5 years.
Mask/Careto Unmasked, Shadowy Spanish Spybots Slink into Sunset
Amid continuous revelations of a variety of “Advanced Persistent Threat” (APT) hacking operations sponsored by nation states–among them Flame/Gauss/Duqu/Stuxnet, Red October, Comment Crew, Shamoon, Icefog and Dark Seoul– the major global players such as the US, Russia, and China have been heavily represented. A new report by Kaspersky has revealed an advanced operation conducted by an as yet unknown but presumably Spanish speaking state. The operation apparently began as early as 2007, and the sophistication of the code has been judged as higher than that seen in programs such as Duqu, Red October or Icefog.
Based on multiple strings in the code, especially those referring to “Careto”, Spanish slang for ugly face or mask, it is assumed that the virus writers speak Spanish. The malware was discovered by Kaspersky Lab because it exploited a flaw in earlier versions of Kaspersky’s anti-virus software to hide itself from virus scans. The payload of the program also included a rootkit and a bootkit, employed zero-day exploits and could infect a variety of 32 and 64 bit systems, including versions for Windows, Mac, and Linux, and possibly Android and IOS used on smartphones.
The campaign seems to have relied on spearphishing to send users to a malicious website which would deploy the modular program. Many of the malicious sites used addresses which impersonated the sites of a number of Spanish and international newspapers, all of which were signed by a valid certificate (albeit a certificate for an unknown (and probably fictitious) Bulgarian company called TecSystem LTD). The setup used on command and control servers for the malware was also designed to deny access to IP addresses that may be used by security researchers, among them Kaspersky Lab.
The entities targeted by the attacks seemed to primarily be in the UK, Brazil and Morocco, though a range of European countries are represented. The discovered targets are also only a limited subset of the possible targeted groups, as the team involved was very effective at covering their tracks, and the given targets in the image above only represent the systems being targeted at the time that Kaspersky made their investigation. However, soon after the operation was discovered, it was shut down, as detailed in the article linked below.
Dan Gifford- MCySec Media Manager
Speaker Series – Dr. Orion Lewis: 7 Feb 2014
7 February 2014: Dr. Orion Lewis, Professor of Political Science at Middlebury College, presented on, “The Coverage of Conflict: The Role of Media in Insurgencies and Conflict Resolution.” This event was open to the public. It was co-sponsored by Middlebury College, MIIS President’s Office and MIIS CySec.
Speaker Series – Atif Mushtaq: 3 Feb 2014
3 February 2014: Atif Mushtaq, Senior Scientist and Malware Researcher for FireEye, presented on “Taking Down the World’s Largest Botnets”. Mr. Mushtaq explained his personal experiences in encountering and mitigating large-scale botnets, hackers, threat groups and cybercrime on behalf of FireEye. Following Mr. Mushtaq’s presentation, FireEye conducted informal university recruiting with all participating students. FireEye advertised several of their student internship positions available through their Ingnite college recruitment program.