Cyberpro November 20, 2008

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Officers The articles and information appearing herein are intended for

President educational purposes to promote discussion in the public interest and to Larry K. McKee, Jr. keep subscribers who are involved in the development of Cyber-related concepts and initiatives informed on items of common interest. The Senior Analyst newsletter and the information contained therein are not intended to Jim Ed Crouch provide a competitive advantage for any commercial firm. Any ------misuse or unauthorized use of the newsletter and its contents will result CyberPro Research in removal from the distribution list and/or possible administrative, civil, Analyst and/or criminal action. Kathryn Stephens

The views, opinions, and/or findings and recommendations contained in

this summary are those of the authors and should not be construed as an official position, policy, or decision of the United States Government,

CyberPro Archive U.S. Department of Defense, or National Security Cyberspace Institute.

To subscribe or unsubscribe to this newsletter click here CyberPro News Subscription.

Please contact Larry McKee , ph. (757) 871-3578, regarding CyberPro subscription, sponsorship, and/or advertisement.

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 1

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

TABLE OF CONTENTS

Table of Contents ...... 2 Cyberspace – Big Picture ...... 4 Cyber defense, not cyberattacks, top priority ...... 4 The Dark Art of Cyberwar ...... 4 Cyberspace Invaders ...... 5 Industry group calls for cybersecurity partnership ...... 5 Are agencies buying counterfeit technology? ...... 5 ISP cut off from Internet after security concerns ...... 5 ICANN to terminate notorious registrar’s credentials after all ...... 6 Major data breaches predicted as firms cut IT spending ...... 6 Traditional security isn't enough for SOA ...... 6 An IT-based economic recovery plan ...... 6 Response to Marcus Ranum HITB Cyberwar Talk...... 7 Cyberspace – President-Elect Obama ...... 7 Danger Room Debrief: Time to Reboot Cyber Security, Mr. President-Elect ...... 7 Coviello: Better times ahead for government IT security ...... 7 Obama’s CTO: It’s Not About The Money ...... 8 Can We Secure Government Networks? Yes, We Can, Theoretically ...... 8 Obama Urged to Take Immediate Cyber-security Steps ...... 8 Report: Obama, McCain campaign computers were hacked by 'foreign entity' ...... 8 Cyber attacks on McCain and Obama teams ‘came from China’ ...... 9 Cyberspace – Department of Defense (DoD) ...... 9 DoD draws lessons from cyber attacks against Georgia ...... 9 Space CO foresees smooth move to cyberspace ...... 10 After banning YouTube, military launches TroopTube ...... 10 Cyberspace – Department of Homeland Security (DHS) ...... 10 Security Predictions: Two Views on the Department of Homeland Security ...... 10 DHS seeks input on revised infrastructure protection plan ...... 11 IG: Sensitive information at airport at risk ...... 11 Cyberspace Research ...... 11 ScanSafe Reveals Top 5 Industries Most At Risk Of Web-Based Malware ...... 11 Cybersecurity is focus of new University of Texas start-up incubator ...... 12 110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 2

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Researchers Find Flaws In Microsoft VoIP Apps ...... 12 Study: Critical infrastructure often under cyberattack ...... 13 Cracking Open Internet Hardware ...... 13 Cyberspace Hacks, Tactics, and Defense ...... 13 Hacker Army Infiltrating U.S...... 13 Chinese hack into White House network ...... 13 EXCLUSIVE: Cyber-Hackers Break Into IMF Computer System ...... 14 Three British hospitals hit with malware attack ...... 14 CSI: Hacking Bluetooth 2.1 Passwords ...... 14 New 'Stealth' Technology Secures Data On Shared Networks ...... 15 Swedish router gives McColo botnets hope ...... 15 Spam drop could boost Trojan attacks ...... 15 Russian spy in Nato could have passed on missile defence and cyber-war secrets ...... 15 Host of Internet Spam Groups Is Cut Off ...... 16 The patch paradox ...... 16 Relentless Web Attack Hard To Kill ...... 16 Don't Blame TCP/IP ...... 16 FBI probes data theft blackmail scheme ...... 17 Hackers make crack in Android defences ...... 17 Once thought safe, WPA Wi-Fi encryption is cracked ...... 17 Hackers leverage Obama win for massive malware campaign ...... 17 Cyberspace - Legal ...... 18 Fines likely for data breaches ...... 18 Keystroke spies put on notice by US court ...... 18 Legal Risk of Cyber Outage ...... 18 US Navy hacker avoids Romanian jail ...... 18 Pakistan Declares Death Penalty for 'Cyber Terror' ...... 19 Hackers, phishers can’t get away with it like they used to ...... 19 Cyberspace-Related Conferences ...... 20 CyberPro Content/Distribution ...... 21

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 3

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

CYBERSPACE – BIG PICTURE

Cyber defense, not cyberattacks, top priority The Dark Art of Cyberwar BY: BOB BREWIN, NEXTGOV BY: ALASTAIR GEE, FOREIGN POLICY 11/17/2008 11/13/2008 Mike McConnell, director of National The article explains that there is currently no Intelligence, recently spoke at the Armed international guidelines that define when cyber Forced Communications and Electronics attacks are considered an act of war, although Association’s MILCOM conference, and said that the recently established Cooperative Cyber the United States should focus more on Defense Center in Estonia hopes to improve the defending industry networks that are vital to gaps in international legal systems pertaining to the economy, rather than developing cyber cyberspace. NATO researchers explain that the attack capabilities. McConnell also announced primary challenge for cybersecurity is the intelligence community will release a report attribution, as tracing a cyberattack is virtually that evaluates potential conflicts during the impossible. NATO must also determine how next two decades. McConnell believes nations much damage must be caused by a cyberattack and terrorist groups will work to claim natural to constitute an act of war. The article also resources, and said that Iran’s development of explains that a global cybersecurity treaty may nuclear weapons could pose a significant threat not work since it would not ratified by every to the United States. country, and many countries would be reluctant http://www.nextgov.com/nextgov/ng_2008111 to give up control over their own cybersecurity. 7_1209.php http://www.foreignpolicy.com/story/cms.php?s tory_id=4553&print=1

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 4

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Cyberspace Invaders http://www.fcw.com/online/news/154427- BY: CHRISTOPHER BEAM, SLATE 1.html 11/07/2008 The article explains that a cyber-attack, even by Are agencies buying counterfeit a foreign government, is not technically an “act technology? of war” as defined by the U.S. Code. According BY: DOUG BEIZER, FEDERAL COMPUTER WEEK to the Code, an act of war occurs during armed 11/18/2008 conflict or declared war. The article also A notice from the Civilian Agency Acquisition explains that a cyber-attack may be considered Council and the Defense Acquisition Regulations grounds for war depending on the intention of Council said counterfeit IT products are causing the hackers, although most cyber-attacks are financial losses for government agencies and considered espionage which is not normally industry, and may also threaten national grounds for war. The article also states the security. The councils recommend an addition difficulty of tracing a cyber-attack makes it to the Federal Acquisition Regulation should harder for governments to call attacks acts of require hardware and software contractors to war. One of the goals of President Bush’s ensure product authenticity. The councils also National Cyber Security Initiative is to define requested comments about contractor liability the consequences of an international cyber- for IT products that are not authentic, and if the attack. new rules should apply to other government http://www.slate.com/id/2204123/?GT1=3800 purchases. 1 http://www.fcw.com/online/news/154422- 1.html Industry group calls for cybersecurity partnership ISP cut off from Internet after security BY: BEN BAIN, FEDERAL COMPUTER WEEK concerns 11/18/2008 BY JEREMY KIRK, NETWORK WORLD The Internet Security Alliance recently released 11/12/2008 a report that recommends the development of McColo, a U.S. Internet service provider which a social contract between the Obama was a suspected online haven for cyber administration and industry which would criminals, was partially cut off from the Internet provide economic incentives and awards following a report that said that McColo and programs for corporations that implement other ISPs were linked to spam and cybercrime. cybersecurity measures into procurement and The report claimed that McColo hosted up to 40 loan processes. The group which included Web sites that contained child pornography and members from Verizon, Raytheon, Northrop Web sites that infected computers with Grumman and others said that the Bush malicious spam-sending software. Many experts administration’s voluntary approach lacked believe that there will be a decrease in spam incentives for corporations which discouraged and botnet activity while the ISP is industry involvement. The group also disconnected. recommended that the framework for the http://www.networkworld.com/news/2008/11 contract should define government and 1208-isp-cut-off-from-internet.html industry roles and incentives for industry actions.

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 5

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

ICANN to terminate notorious registrar’s development in data protection and security credentials after all and says companies that cut security costs may BY: DAN GOODIN, THE REGISTER suffer from financial loss as well as damages to 11/13/2008 their reputation and customer-retention. The Internet Corporation for Assigned Names Research released by Kroll Ontrack indicates and Numbers (ICANN) has announced that they three quarters of businesses in Ireland and the will revoke the credentials of EstDomains, a UK do not currently have an adequate data-loss domain name registrar that has been suspected contingency plan. of harboring cyber criminals. ICANN said http://www.siliconrepublic.com/news/article/1 EstDomains would lost accreditation on 1776/cio/major-data-breaches-predicted-as- November 24 for its president’s conviction in firms-cut-it-spending Estonia for fraud, money laundering and forgery. Recently, network provider McColo was Traditional security isn't enough for SOA taken offline after reports of hosting spam and GOVERNMENT COMPUTER NEWS malicious networks, and network provider 11/07/2008 Intercage was disconnected in September for Federal agencies are looking towards service- sending spam and selling malicious software oriented architecture to increase application http://www.theregister.co.uk/2008/11/13/estd flexibility, integration manageability, and omains_loses_icann_appeal/ technology systems alignment. An InfoWorld report says the SOA approach contradicts Major data breaches predicted as firms cut traditional security approaches and the “mix- IT spending and-match nature of SOA” makes it difficult to BY: JOHN KENNEDY, SILICON REPUBLIC develop security barriers for applications. The 11/12/2008 report concludes the SOA approach offers A recent Gartner study claims the average cost increased flexibility, but also increases some of a sensitive data breach will continue to security risks. increase into 2009, but because of the http://www.gcn.com/online/vol1_no1/47520- recession, many companies are cutting IT costs. 1.html The article emphasizes the importance of

An IT-based economic recovery plan management, and water and health care BY: KATHLEEN HICKEY, GOVERNMENT COMPUTER systems and should be included in an economic NEWS recovery plan. Experts agree that technology 11/06/2008 development projects could increase innovation IBM chief executive Samuel J. Palmisano claims and growth in industry. In a New York Times that technologies that link to the Internet and article, Palmisano pointed out that electrical use the Internet to communicate could improve service projects and other technology the efficiency of U.S. utility grids, traffic developments helped the United States’

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 6

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

economic recovery after the Great Depression be put to better use, and believes cyberwarfare and World War II. is not a “new form of battlefield” because you http://www.gcn.com/online/vol1_no1/47515- cannot occupy cyberspace. Author, Bejtlich, 1.html points out the importance of air supremacy, although no one can occupy air space. Bejtlich Response to Marcus Ranum HITB Cyberwar also says cyber combat will not always be a Talk purely cyber conflict but will become one BY: RICHARD BEJTLICH, TAO SECURITY method of warfare, and could contribute to 11/04/2008 traditional warfare. In a speech at the Hack In The Box Security http://taosecurity.blogspot.com/2008/11/respo Conference 2008, Marcus Ranum said the nse-to-marcus-ranum-hitb-cyberwar.html money spent on cyberwar preparations could

CYBERSPACE – PRESIDENT-ELECT OBAMA

Danger Room Debrief: Time to Reboot for developing cybersecurity or risk economic Cyber Security, Mr. President-Elect and military catastrophes. Arquilla says the next BY: NOAH SHACHTMAN, WIRED BLOG NETWORK administration must develop a deterrent 11/18/2008 strategy with a plan for retaliation, which could John Arquilla, professor of defense analysis at be difficult without the ability to identify the U.S. Naval Postgraduate School and an attackers. Arquilla also emphasizes the advisor to the Obama campaign, explains that importance of improving cyberspace defenses United States businesses and military are through encryption and data protection. becoming increasingly dependent on computer http://blog.wired.com/defense/2008/11/unsoli networks and believes the Obama cited-a-3.html administration will have to develop a strategy

Intelligent Software Solutions ISS is a leading edge software solution provider for enterprise and system data, services, and application challenges. ISS has built hundreds of operationally deployed systems, in all domains – “From Space to Mud”™. With solutions based upon modern, proven technology designed to capitalize on dynamic service-oriented constructs, ISS delivers innovative C2, ISR, Intelligence, and cyber solutions that work today and in the future. http://www.issinc.com.

Coviello: Better times ahead for believes that federal agencies must manage government IT security risks better. Coviello also says that new laws BY: WILLIAM JACKSON, GOVERNMENT COMPUTER have increased awareness of IT security, but NEWS have not been properly funded. Coviello 11/18/2008 discusses Obama’s intentions of taking control Art Coviello, president and CEO at RSA Security of cybersecurity and says that the new Inc., says that he is optimistic about the increased awareness of cyberthreats, but 110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 7

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

administration must follow through on efforts that most government departments and from the Bush administration. agencies would be unwilling to give up money http://www.gcn.com/online/vol1_no1/47612- and control over their computers and says we 1.html should only expect “incremental” changes. http://www.eweek.com/c/a/Security/Can-We- Obama’s CTO: It’s Not About The Money Secure-Government-Networks-Yes-We-Can- BY: ELIZABETH CORCORAN, FORBES Theoretically/ 11/11/2008 The article claims a Silicon Valley executive may Obama Urged to Take Immediate Cyber- be the first “chief technology officer” for the security Steps Obama administration because of the BY: ROY MARK, EWEEK.COM significant financial support from Valley 11/06/2008 executives for the Obama campaign. According The “Defense Imperatives for the New to Obama, the new CTO will work towards Administration” report from the Defense increased network security through inter- Science Board says President-elect Barack agency efforts using emerging technologies and Obama will face information infrastructures by sharing agencies’ best practices. The CTO will that are not prepared for cyber attacks and a also have to create a staff structure and will be Department of Defense that is becoming in charge of making government agencies more increasingly aware and concerned about “transparent”. The article explains how the new advanced cyber threats. The report, which CTO would have to cash out their stock provided advice to the Secretary of Defense, portfolio, although executives could buy recommends implementing detection government Treasury bonds to avoid large tax technologies and providing frequent upgrades bills. The article also includes several names of to critical systems. Obama has said that Valley executives that may be offered the job. cybersecurity will be a top priority and that he http://www.forbes.com/technology/2008/11/1 will appoint a national advisor who will report 1/first-cto-obama-tech-cio- to him. cx_ec_1111firstcto.html http://www.eweek.com/c/a/Security/Obama- Urged-to-Take-Immediate-Cyber-Security- Can We Secure Government Networks? Steps/ Yes, We Can, Theoretically BY: LARRY SELTZER, EWEEK.COM Report: Obama, McCain campaign 11/11/2008 computers were hacked by 'foreign entity' President-elect Obama has said that he will BY: JAIKUMAR VIJAYAN, COMPUTERWORLD make cybersecurity a top priority and appoint a 11/05/2008 cyber-advisor who reports directly to the Newsweek magazine recently reported that president. The article explains that no section of hackers infiltrated computer systems used by the government is willing to give up control campaigns of both President-elect Obama and over its own computers’ security and that the Sen. McCain earlier this year. The attackers, current standards for security of federal reportedly a “foreign entity”, stole files from networks are inadequate and not enforced both candidates but experts say it is unlikely properly, which could make it more difficult for that any sensitive information was stored on Obama’s administration to enforce a unified the servers. Both candidates were notified of cybersecurity strategy. Author, Seltzer, believes the breach by the U.S. Secret Service, the FBI

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 8

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

and the White House and details of how the attacks were government sponsored. The intrusions were found have not been released. attackers were able to download information http://www.computerworld.com/action/article. from the candidate’s computer networks, do?command=viewArticleBasic&articleId=9119 possibly to learn more about the candidates’ 221&source=rss_topic82 policies. Newsweek said the FBI and Secret Service agents informed the candidates about Cyber attacks on McCain and Obama the attacks this summer and said both teams ‘came from China’ candidates hired private companies to address BY: DEMETRI SEVASTOPULO, FINANCIAL TIMES the data breaches. Attacks on the Pentagon 11/07/2008 computer system last year have also been Officials believe the attacks on the Obama and blamed on China. McCain campaign computers over the summer http://www.ft.com/cms/s/0/3b4001e2-ac6f- originated in China, but are not sure if the 11dd-bf71-000077b07658.html?nclick_check=1

CYBERSPACE – DEPARTMENT OF DEFENSE (DOD)

DoD draws lessons from cyber attacks and said that the traditional military attacks against Georgia following the Georgian cyberattacks should be a BY: JASON SHERMAN, INSIDE DEFENSE lesson for the United States about the future of 11/13/2008 warfare. Schissler also said that it is almost Pentagon cyberware officials believe the United impossible to attribute the attacks to Russia States can learn from the recent cyberattacks because the attacks used multiple international against Georgia, although the Defense servers, and explained that the Georgian Department cannot confirm the cyber attacks attacks would not have the same effect on the were directed by the Russian government. Brig. United States because of networking Gen. mark Schissler spoke to a group organized differences. by the Business Council for the United Nations,

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 9

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Space CO foresees smooth move to http://www.airforcetimes.com/news/2008/11/ cyberspace airforce_space_transformation_111208w/ BY: ERIK HOLMES, AIR FORCE TIMES 11/14/2008 After banning YouTube, military launches Gen. Bob Kehler, commander of AFSPC, explains TroopTube that the missions of space and cyberspace are BY JESSICA MINTZ, WIRED BLOG NETWORK closely related, and says that the addition of 11/11/2008 cyberspace defense to Air Force Space The U.S. military has launched TroopTube, a Command will not be as significant as some video-sharing site for troops and their families believe. The Air Force recently announced that similar to YouTube, which was restricted from nuclear-capable B-52s and B-2s as well as AFSPC military computers in May 2007. The site allows missile forces will move to a new Global Strike military personnel, their families, supporters Command, which is expected to be up by and civilian Defense Department employees to September 2009, and the provisional Air Force register and upload personal videos that are Cyber Command will move to AFSPC as the 24th screened by the Pentagon for copyright and Air Force next spring. Maj. Gen. William Lord, national security violations. TroopTube is also commander of Air Force Cyber Command using new technologies to sort and resize videos (provisional) explained that the move to AFSPC and uses speech recognition software to is already underway and collaboration with improve video searching. AFSPC has been smooth. Both Lord and Kehler http://news.wired.com/dynamic/stories/T/TEC agree that Space Command is well equipped to _TECHBIT_TROOPTUBE?SITE=WIRE&SECTION=H control the cyberspace mission. OME&TEMPLATE=DEFAULT&CTIME=2008-11- 11-16-10-15

CYBERSPACE – DEPARTMENT OF HOMELAND SECURITY (DHS)

Security Predictions: Two Views on the nation’s cybersecurity and the need for unified Department of Homeland Security standards for federal agency security. Williams COMPUTERWORLD says the private sector should increase efforts 11/18/2008 to protect critical infrastructure and Amit Yoran, who left DHS in 2004, believes the government facilities, while government next administration should encourage more resources should be focused towards threat dialogue and debate for the Cybersecurity detection and deterrence. Initiative, and said that companies need to shift http://www.computerworld.com/action/article. focus from compliance to security development do?command=viewArticleBasic&taxonomyNam to improve cybersecurity. Dwight Williams, e=security&articleId=9120543&taxonomyId=17 former chief security officer for the DHS &intsrc=kc_top answers questions about challenges to the

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 10

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

High Tech Problem Solvers www.gtri.gatech.edu

From accredited DoD enterprise systems to exploits for heterogeneous networks, GTRI is on the cutting edge of cyberspace technology. Transferring knowledge from research activities with the Georgia Tech Information Security Center, GTRI is able to bring together the best technologies, finding real-world solutions for complex problems facing government and industry.

DHS seeks input on revised infrastructure protection plan IG: Sensitive information at airport at risk BY: BEN BAIN, FEDERAL COMPUTER WEEK BY: ALICE LIPOWICZ, FEDERAL COMPUTER WEEK 11/14/2008 11/10/2008 The Homeland Security Department is working A report from DHS Inspector General Richard on revisions to the National Infrastructure Skinner says DHS agencies that operate at Los Protection Plan (NIPP) for release next year, and Angeles International Airport lack adequate is requesting public reviews and input of the information technology security. The report new document. The NIPP, a framework for identified many problems including access collaboration between federal agencies and the controls, unsecured server storage and private sector on critical infrastructure improper storage of IT systems, and also made protection, requires a review every three years. 23 recommendations for security The revised NIPP will include a new emergency improvements. In addition to the DHS agencies, response framework, information sharing the report states the Coast Guard, Immigration updates and public comments. The revision will and Customs Enforcement, and the also include private sector input on the Transportation Security Administration also implementation of the Bush administration’s need security improvements. Comprehensive National Cybersecurity http://www.fcw.com/online/news/154329- Initiative. 1.html http://www.fcw.com/online/news/154392- 1.html

CYBERSPACE RESEARCH

ScanSafe Reveals Top 5 Industries Most At Pharmaceutical & Chemical: Engineering & Risk Of Web-Based Malware Construction; Transportation & Shipping; and SCANSAFE.COM Travel & Leisure. Energy & Oil companies were 11/2008 rated the most vulnerable, and the study found ScanSafe, leading provider of SaaS Web that these companies also encounter more Security, recently released ‘The Vertical Risk’ “unique variants” of malware than other report which identified the top 5 industries that industries. The report also concluded that the are at risk of malware and an evaluation of the most common exploits were of vulnerabilities different types and severity of malware. The from Adobe Flash and Adobe Reader. The five industries identified are: Energy & Oil; article also provides a link to the full report.

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 11

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

http://www.scansafe.com/news/press_releases from other research groups. The Institute has /press_releases_2008/scansafe_reveals_top_5_ already selected Denim Labs and Safe Mashups industries_most_at_risk_of_web- for the technology incubation project, and based_malware?cid=nl_DR_DAILY_T expects to select three more start-ups to fund. Ravi Sandhu, professor of computer science at Cybersecurity is focus of new University of the University, said the Air Force and the Texas start-up incubator National Science Foundation are also BY: ELLEN MESSMER, NETWORK WORLD contributing to the Institute for botnet defense 11/18/2008 research. The University of Texas at San Antonio recently http://www.networkworld.com/news/2008/11 received $3.5 million from the state of Texas to 1808-university-texas-technology- fund the Institute for Cyber Security. The incubator.html Institute will focus on commercializing concepts

CISCO Cisco (NASDAQ: CSCO) enables people to make powerful connections-whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible-providing easy access to information anywhere, at any time. Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company's inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 65,225 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company's core development areas of routing and switching, as well as in advanced technologies such as: Application Networking, Data Center, Digital Media, Radio over IP, Mobility, Security, Storage Networking, TelePresence, Unified Communications, Video and Virtualization. For additional information: www.cisco.com

Researchers Find Flaws In Microsoft VoIP Office Communicator, and Windows Live Apps Messenger which Microsoft estimates to have BY: TIM WILSON, DARK READING over 250 million users. Andriy Markov, director 11/14/2008 of VoIP Shield Labs said the flaws are specific to VoIPshield Laboratories, the research division of Microsoft, but other VoIP vendors’ products VoIPshield Systems, recently announced the have similar flaws. VoIPshield has provided discovery of vulnerabilities in Microsoft details of the flaws to the vendors, but will not applications with voice over IP (VoIP). If release the details publicly. exploited, the flaws would allow hackers to http://www.darkreading.com/security/vulnerab launch denial-of-service attacks and would ilities/showArticle.jhtml?articleID=212100043 affect Office Communications Server 2007, 110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 12

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Study: Critical infrastructure often under Cracking Open Internet Hardware cyberattack BY: KATE GREENE, TECHNOLOGY REVIEW BY: ROBERT MCMILLAN, COMPUTERWORLD 11/05/2008 11/11/2008 Nick McKeown of Stanford University has IDC’s Energy Insights and Secure Computing announced a project, called OpenFlow, that will Corp. have released a survey of network release network hardware from various engineers and administrators from nine companies including HP, Cisco, NEC, and infrastructure industries about American, Juniper. McKeown explained that the project Canadian, and European cybersecurity. The will allow researchers to work with the Internet survey found that 75 percent of the industry hardware to make improvements to security insiders were dissatisfied with critical and energy efficiency. McKeown’s team was infrastructure security, and respondents named given permission to write code that grants the energy sector the most in need of improved access to flow tables of the equipment vendors’ security because of the size and. The survey networks, and hopes to work towards also found that cost was the biggest obstacle to “seamless mobility” between networks. Rick security development. McGeer, a researcher at HP Labs, explained that http://www.computerworld.com/action/article. vendors will need to support the project as it do?command=viewArticleBasic&articleId=9119 moves to the live Internet, and said that other 838&source=rss_topic82 Internet service providers should recognize the benefits of opening their networks. http://www.technologyreview.com/web/21637 /?a=f

CYBERSPACE HACKS, TACTICS, AND DEFENSE

Hacker Army Infiltrating U.S. BY: PETER BROOKES, NEW YORK POST Chinese hack into White House network 11/12/2008 BY: DEMETRI SEVASTOPULO, FINANCIAL TIMES Recent reports claim Chinese hackers have been 11/07/2008 penetrating presidential campaign and White A senior U.S. official recently announced that House computer networks, and have gained Chinese hackers infiltrated the White House access to unclassified e-mails. The article computer network and gained access to e-mails explains that the Chinese government may be between officials. Although they cannot say for interested in information on president-elect sure, cyber experts believe the attacks were Barack Obama and may be increasingly sponsored by the Chinese government. The targeting U.S. industry for espionage especially National Cyber Investigative Joint Task Force, for information about emerging defense which originally detected the attacks, reported technologies and weapons systems. The article the hackers had only accessed the unclassified explains that attacks on American industry are computer network. Chinese hackers infiltrated rarely reported and will ultimately damage the the Pentagon last year, and investigations have United States ability to compete in global concluded that attacks on the Obama and markets. McCain campaigns this summer originated in http://www.nypost.com/seven/11122008/post China. opinion/opedcolumnists/chinas_cyber_spies_1 38262.htm 110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 13

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

EXCLUSIVE: Cyber-Hackers Break Into IMF malware. William Mach, a spokesman for the Computer System U.K.’s National Health Service, says no patient BY RICHARD BEHAR, FOX NEWS data was disclosed, but the infected computer 11/14/2008 systems were shut down as a precaution and Fox news recently reported the International ambulances were diverted to other hospitals. Monetary Fund (IMF) had been attacks by Mach also said that the NHS has not alerted law hackers, although the IMF says the intrusion enforcement officials about the breaches, but was not critical. The article states the attacks on has provided a sample of the worm to McAfee. the IMF prove that the world’s financial systems http://www.computerworld.com/action/article. are becoming increasingly vulnerable to do?command=viewArticleBasic&articleId=9120 cybercrime. IMF officials discovered spyware on 853 the institution’s computer system on November 7 and temporarily disconnected their network CSI: Hacking Bluetooth 2.1 Passwords link to the World Bank as a precaution. The BY: KELLY JACKSON HIGGINS, DARK READING World Bank was the victim of cyber attacks in 11/18/2008 2007, and some security experts believe the Researchers have found significant security World Bank may have unknowingly infected the flaws in the latest version of the Bluetooth IMF. wireless protocol, Bluetooth Version 2.1. http://www.foxnews.com/story/0,2933,452348 Andrew Lindell of Aladdin Knowledge Systems ,00.html says the password protocol of the new version is vulnerable to attacks and that headsets and Three British hospitals hit with malware keyboards are also unprotected. Version 2.1 attack passkeys can also be intercepted easily, and are BY: JEREMY KIRK, COMPUTERWORLD in fact less secure than with the previous 11/19/2008 version of Bluetooth. Lindell explains how A variant of the Mytob mass-mailing worm hackers are able to figure out passwords, and infected computers at three London hospitals recommends randomly generated passwords this week which were all equipped with McAfee and improved security mandates. Inc.’s VirusScan 8.5 software. The worm finds e- http://www.darkreading.com/security/attacks/ mail addresses and then sends itself as an showArticle.jhtml?articleID=212100566&cid=nl attachment, and can also download additional _DR_DAILY_T

Raytheon Aspiring to be the most admired defense and aerospace systems supplier through world-class people and technology Raytheon is a technology leader specializing in defense, homeland security, and other government markets throughout the world. With a history of innovation spanning more than 80 years, Raytheon provides state-of-the-art electronics, mission systems integration, and other capabilities in the areas of sensing; effects; command, control, communications and intelligence systems, as well as a broad range of mission support services.

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 14

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

New 'Stealth' Technology Secures Data On http://www.techworld.com/news/index.cfm?R Shared Networks SS&NewsID=107218 BY: TIM WILSON, DARK READING 11/18/2008 Spam drop could boost Trojan attacks Unisys recently released the Stealth Solution for BY: JOHN E. DUNN, COMPUTERWORLD Network, which is a method of encrypting and 11/17/2008 splitting data which would help organizations Security experts warn that the decrease in spam limit the release of information to certain following the disconnection of the McColo Corp. individuals without a discrete network. Stealth ISP is only temporary and may actually cause a also keeps users within a secure community spike in Trojan viruses. McColo is the third ISP using digital keys and would allow users to that hosted illegal sites to be shut down in access only the data on their particular recent months, and experts believe that botnet community. Unisys is offering the technology to controllers will attempt to regain control over defense and government agencies first, but will infected PCs, and may attack new PCs to start release the technology for commercial users. new botnets. Ed Rowley of Marshal8e6 believes Although details have not been released, Unisys the McColo case could still be beneficial explains the software encrypts data and then because the sharp decline in spam may “bit-splits” the data which is encrypted again encourage authorities to attack spam and and reassembled for delivery to users. problem ISPs more vigorously. http://www.darkreading.com/security/encrypti http://www.computerworld.com/action/article. on/showArticle.jhtml?articleID=212100633&cid do?command=viewArticleBasic&articleId=9120 =nl_DR_DAILY_T 624&source=rss_topic82

Swedish router gives McColo botnets hope Russian spy in Nato could have passed on BY: JEREMY KIRK, TECHWORLD missile defence and cyber-war secrets 11/18/2008 BY: ROGER BOYES, TIMES ONLINE Internet service provider McColo, which was 11/16/2008 disconnected briefly after security experts Investigation teams from both the EU and Nato reported the ISP’s servers hosted child are investigating Herman Simm, an Estonian pornography and cyber crime Web sites, came defence ministry official, who is suspected of back online through Swedish ISP TeliaSonera. giving information on the U.S. missile shield and TeliaSonera was quick to remove McColo after cyberdefense to Russia. Simm led delegations complaints, but experts worry cybercriminals on data protection and worked with the EU and that run botnets from McColo’s networks could Nato in developing information protection have tried to preserve their hacks while the ISP systems. Experts are calling the case the largest was connected. Spam levels reportedly dropped case of espionage against Nato since the Cold almost 75 percent after McColo was originally War. Simm, who handled Estonian classified removed. According to security vendor FireEye, information at Nato, was reportedly recruited hackers that control the Rustock botnet moved by Russia in the 1980s and has been charged in their controls to a Russian data centre in Russia Estonia with supplying classified information to while McColo was reconnected. Security a foreign power. analysts worry spam levels will increase since http://www.timesonline.co.uk/tol/news/world/ hackers had the opportunity to move europe/article5166227.ece operations to other ISPs.

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 15

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Host of Internet Spam Groups Is Cut Off Relentless Web Attack Hard To Kill BY: BRIAN KREBS, WASHINGTON POST BY: KELLY JACKSON HIGGINS, DARK READING 11/12/2008 11/11/2008 McColo Corp., a Web hosting firm, was taken Recent SQL injection attacks possibly originating offline after community security experts in China have infected thousands of Web sites reported McColo servers hosted Web sites that which may still be vulnerable even after the contained child pornography and sold malicious code is removed. Research company, counterfeit drugs and products. Security firm Kaspersky Lab, discovered the attacks that has IronPort said there was a 66 percent decrease affected many sites including Travelocity.com, in spam levels following the removal of McColo. countyofventura.org, and Missouri.edu. Don Mark Rasch, former cyber crime prosecutor for Jackson of SecureWorks explains the new the Justice Department, explains that Web threats use a new stealthy and closely guarded hosting providers are not usually liable for SQL toolkit which makes the attacks more illegal activity on their networks, although they difficult to detect. The attack infects victims’ sometimes face charges in the case of child computers with a Trojan downloader which pornography if the providers do not remove steals user passwords, while most users never illegal content that they are aware of. detect the attack. http://www.washingtonpost.com/wp- http://www.darkreading.com/security/attacks/ dyn/content/story/2008/11/12/ST20081112006 showArticle.jhtml?articleID=212001872&cid=nl 62.html _DR_DAILY_T

The patch paradox Don't Blame TCP/IP BY: STEPHEN SWOYER, GOVERNMENT COMPUTER BY: KELLY JACKSON HIGGINS, DARK READING NEWS 11/10/2008 11/12/2008 Security experts believe that recently exposed Hackers have released exploit code for threats which use the Transmission Control vulnerabilities in Microsoft’s Windows just a Protocol (TCP) do not necessarily indicate day after Microsoft had released a patch. TCP/IP flaws, but show vulnerabilities in Gartner analysts explained that Microsoft has applications. Dan Kaminsky, who discovered the called the attacks “limited and targeted” but DNS cache poisoning flaw, explains that recent that the out-of-cycle patch was necessary. threats do not mean that TCP/IP is broken, but Gartner has also said that Microsoft has rather shows the potential scope of a TCP/IP improved its patching process significantly and attack. The article explains that TCP/IP attacks invested greatly in software security are not new, and are not particularly significant, development. Still, some IT administrators are but because of application vulnerabilities and a cautious about installing untested patches and lack of secure endpoint communications, the many corporations have difficulty implementing TCP/IP attacks become larger and more the rapidly released patches. dangerous. http://www.gcn.com/online/vol1_no1/47546- http://www.darkreading.com/security/vulnerab 1.html ilities/showArticle.jhtml?articleID=212001576

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 16

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Once thought safe, WPA Wi-Fi encryption FBI probes data theft blackmail scheme is cracked BY: JEREMY KIRK, COMPUTERWORLD BY: ROBERT MCMILLAN, NETWORK WORLD 11/07/2008 11/06/2008 Express Scripts, a U.S. prescription drug At the PacSec conference in Tokyo, security management company, announced that they researcher Erik Tews will demonstrate how to received a letter in October from data thieves crack Wi-Fi Protected Access (WPA) encryption who threatened to release stolen patient standards, which allows hackers to read data information if the company does not pay them. sent from routers and send fake information to The company notified the FBI as well as patients users connected to the routers. Researchers whose information was contained in the letter, broke the Temporal Key Integrity Protocol and has also provided resources for patients (TKIP) key which is used by WPA, but still are who believe they have been fraud victims. The not able to crack encryption keys. The hack Privacy Rights Clearinghouse’s Chronology of would cause significant damage to enterprises Data Breaches states there have been more that use WPA, and could even affect customers than 230 million records involved in security that upgrade to newer Wi-Fi technologies, breaches since January 2005. which often still use WPA to connect to http://www.computerworld.com/action/article. networks. do?command=viewArticleBasic&articleId=9119 http://www.networkworld.com/news/2008/11 518&source=rss_topic82 0608-once-thought-safe-wpa-wi-fi.html

Hackers make crack in Android defences Hackers leverage Obama win for massive BY: ROBERT MCMILLAN, TECHWORLD malware campaign 11/06/2008 BY: GREGG KEIZER, COMPUTERWORLD Hackers have found a way to exploit controls in 11/05/2008 the T Mobile’s GI phone’s Google Android Following the U.S. presidential election, hackers operating system, and are able to access data sent out spam messages that contained fake from the phone and install new programs. links to election results that required victims to Details on the hack and step-by-step download an Adobe Flash Player update which instructions have been posted online in an actually downloaded a Trojan horse to the Android development forum. Google has said user’s PC. Dan Hubbard, vice president of that they were notified of the hack, and that security research at Websense Inc., explained the company is working to develop a fix and that the Trojan floods the victim’s PC with update their open source code base. malware, and said that 100,000 copies of the http://www.techworld.com/news/index.cfm?R message had been found as of November 5. SS&NewsID=106605 Experts agree that there will probably be many attacks that relate to Obama and warn users to not click on suspicious e-mail links. http://www.computerworld.com/action/article. do?command=viewArticleBasic&articleId=9119 219&source=rss_topic82

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 17

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

CYBERSPACE - LEGAL

Fines likely for data breaches http://www.techworld.com/news/index.cfm?R BY: PETE SWABEY, GROWTHBUSINESS.CO.UK SS&NewsID=107273 11/18/2008 The UK’s Information Commissioner’s Office Legal Risk of Cyber Outage (ICO) wants the power to fine businesses that BY: KEVIN COLEMAN, DEFENSE TECH break data laws up to 10 percent of their 11/17/2008 revenues, the maximum punishment the Following recent research that indicates U.S. Financial Services Authority can currently critical infrastructure is unprepared for cyber impose. The ICO, whose current maximum attacks, the Department of Homeland Security penalty is £5,000, also wants the power to has requested public comments for revisions to search suspects’ computers without their the National Infrastructure Protection Plan. The consent due to the belief that businesses are original NIPP identified 17 critical not complying with data laws. Paula Barrett of infrastructures, and DHS has announced that law firm Eversheds says consumers worry that critical manufacturing will be added as an businesses are abusing their power and using additional sector. Attorney Fred Rice, who computer technologies to collect personal specializes in corporate legal issues, says information. The ICO also reported that 11 corporations have an obligation to evaluate government ministers have violated the Data their risk and develop defense strategies to Protection Act by not properly reporting data cyberattacks. The article also briefly discusses collection. the liability of corporations for damages that http://www.growthbusiness.co.uk/news/busine result from cyberattacks. ss-news/814242/fines-likely-for-data- http://www.defensetech.org/archives/004536. breaches.thtml?cid=nl_DR_DAILY_T html

Keystroke spies put on notice by US court US Navy hacker avoids Romanian jail BY: JEREMY KIRK, TECHWORLD BY: JOHN LEYDEN, THE REGISTER 11/18/2008 11/11/2008 The U.S. Federal Trade Commission recently Victor Faur, a Romanian hacker who attacked announced that a U.S. court has ordered the U.S. Navy, NASA and Department of Energy CyberSpy Software company to stop selling the systems, received a suspended prison sentence RemoteSpy program, which secretly records PC in Romania and a fine of $238,000. U.S. users’ keystrokes. The FTC complaint said the prosecutors believe Faur led the WhiteHat software violated regulations which prohibit hacking team, which attacked U.S. government software installations without user consent and systems as part of the “biggest military hack of personal data collection. The software, which all time”. U.S. authorities have said that they was advertised as “undetectable by antivirus would seek the extradition of Faur to the United software” provided customers instructions on States after the Romanian trial. Faur faces nine how to email the program to victims as a photo counts of hacking and one of conspiracy in the file. The software recorded victims’ keystrokes, United States. including passwords, and took screen shots http://www.theregister.co.uk/2008/11/11/us_n every five minutes. avy_hack_sentencing/

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 18

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

Pakistan Declares Death Penalty for 'Cyber significant arrests this year due to better Terror' training, stronger laws and international BY: NOAH SHACHTMAN, WIRED BLOG NETWORK cooperation. The article discusses federal 11/07/2008 agencies’ additional resources, international Pakistani president Asif Ali Zardari recently help and cyber laws that have led to many high- signed the Prevention of Electronic Crimes law, profile arrests this year. The article also includes which makes cyber terror “punishable with an interview with Romanian Prosecutor General death”, although executions will only be Laura Codruta Kövesi, who has worked with the allowed in cases where the attack causes the United States to find criminals tied to death of a victim. The article also includes the international cybercrime groups. Questions law’s definition of cyber terrorism. The addressed many topics including: Romanian maximum punishment for hacking in the United cooperation with the U.S.; the factors that States is currently 20 years in prison. influence the success of the U.S.-Romania http://blog.wired.com/defense/2008/11/cyber- partnership; and the focus and targets of the terror.html prosecutors. http://www.usatoday.com/tech/news/compute Hackers, phishers can’t get away with it rsecurity/hacking/2008-11-16-hackers-phisher- like they used to crime-fbi_N.htm BY: JON SWARTZ, USA TODAY 11/16/2008 Shawn Henry of the FBI Cyber Division says the FBI and Secret Service have made several

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 19

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

CYBERSPACE-RELATED CONFERENCES

Note: Dates and events change often. Please visit web site for details. Please provide additions, updates, and/or suggestions for the CYBER calendar of events here.

3-4 Dec 2008 FinSEc 2008, Palm Beach Gardens FL, http://www.misti.com/default.asp?page=65&Return=70&ProductID=7474 11-12 Dec 2008 European Conference on Computer Network Defense, Dublin Ireland, http://2008.ec2nd.org/ec2nd/597-EE.html 19-21 Jan 2009 International Workshop on e-Forensics Law, Adelaide Australia, http://www.e-forensics.eu/ 26-29 Jan 2009 U.S. Department of Defense Cyber Crime Conference, St Louis MO, http://www.dodcybercrime.com/9CC/ 16-19 Feb 2009 Black Hat DC 2009, Washington DC, http://www.blackhat.com/ 9-11 Mar 2009 INFOSEC World Conference & Expo, Orlando FL, http://www.misti.com/default.asp?page=65&Return=70&ProductID=5539 13-15 Mar 2009 Cybercultures: Exploring Critical Issues, Salzburg Austria, http://www.inter- disciplinary.net/ci/Cyber/cybercultures/c4/fd.html 30 Mar – 2 Apr Computational Intelligence in Cyber Security, Nashville TN, http://www.ieee- 2009 ssci.org/index.php?q=node/21 6-8 Apr 2009 Cyber Security and Information Intelligence Workshop, Oak Ridge National Laboratory, http://www.ioc.ornl.gov/csiirw07/ 14-17 Apr 2009 Black Hat Europe, Amsterdam The Netherlands, http://www.blackhat.com/ 20-24 Apr 2009 RSA Conference, San Francisco CA, http://www.rsaconference.com/2009/US/Home.aspx 24 – 28 May Internet Monitoring and Protection, Venice Italy, 2009 http://www.iaria.org/conferences2009/SECURWARE09.html 14 – 19 Jun 2009 International Conference on Emerging Security Information, Systems and Technologies; Athens Greece, http://www.iaria.org/conferences2009/SECURWARE09.html 15-19 Jun 2009 Air Force Cyberspace Symposium 2009, Bossier City, Shreveport, LA, http://www.cyberinnovationcenter.org 25-30 July Black Hat USA 2009, Las Vegas NV, http://www.blackhat.com/ 7-10 Jul 2009 Conference on Ubiquitous Intelligence and Computing, Brisbane Australia, http://www.itee.uq.edu.au/~uic09/ 17-19 Aug 2009 DFRWS (Digital Forensics Research) 2009 Annual Conference, Montreal Canada, http://www.dfrws.org/2009/

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 20

Volume 1, Edition 14 CyberPro November 20, 2008

Keeping Cyberspace Professionals Informed

CYBERPRO CONTENT/DISTRIBUTION

Officers The articles and information appearing herein are intended for

The views, opinions, and/or findings and recommendations contained in

this summary are those of the authors and should not be construed as an official position, policy, or decision of the United States Government,

CyberPro Archive U.S. Department of Defense, or National Security Cyberspace Institute.

To subscribe or unsubscribe to this newsletter click here CyberPro News Subscription.

Please contact Larry McKee , ph. (757) 871-3578, regarding CyberPro subscription, sponsorship, and/or advertisement.

110 Royal Aberdeen  Smithfield, VA 23430  ph. (757) 871 - 3578

CyberPro National Security Cyberspace Institute P a g e | 21