Compiled by Scott Jarkoff for Intel Security Japan
- NSA Hacked? China and Russia Almost Definitely Have the Snowden Docs
- ‘Lotus Blossom’ Cyber-espionage Campaign Stretches Back 3 Years
- Federal law enforcers want separate database for protection after OPM security ‘blunder’
- RLE Wind Turbine HMI Stores Passwords in Plaintext, ICS-CERT Issues Advisory
- Adm. Zukunft Unveils New Coast Guard Cyber Strategy
- Federal CIO: Cyber is “Our Most Important Mission Today”
1. NSA Hacked? China and Russia Almost Definitely Have the Snowden Docs
Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.
Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.
2. 'Lotus Blossom’ Cyber-espionage Campaign Stretches Back 3 Years
“The group relies on spear phishing attacks to infect its users, often using a malicious office document and decoy file containing content relevant to the target’s occupation or interests,” according to a report from Palo Alto Networks’ Unit 42 team. “The spear phishing attachment typically includes exploit code for a well-known Microsoft Office vulnerability, CVE-2012-0158, which is used to install the Trojan on the system and then display the decoy file, tricking the user into thinking the file opened correctly.”
The attackers used a backdoor Trojan named Elise after the sports car made by Group Lotus PLC of the United Kingdom. The tool appears to be unique to the group, and has morphed over time.
3. Federal law enforcers want separate database for protection after OPM security ‘blunder’
“Action must be taken to protect these federal law enforcement officers and their families,” stated a Federal Law Enforcement Officers Association memo dated Tuesday. “Lifetime credit monitoring needs to be provided for the victims of this breach. Additionally, to remedy this gross incompetence, OPM must implement new preventative measures and should move background investigations back under the FBI and install a separate database for officers and their families and those with security clearances.”
But that may prove to be a pricey endeavor.
The cost of creating a separate database inside an existing database could range from $25,000 to $250,000, depending on the size and type of system used by the Office of Personnel Management, said Keith Alsheimer, chief marketing officer for EnterpriseDB, an open source database provider that works with various government agencies.
4. RLE Wind Turbine HMI Stores Passwords in Plaintext, ICS-CERT Issues Advisory
Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor. However, the vendor has been unresponsive and ICS-CERT issued an advisory about the vulnerability in order to warn users.
The vulnerability results from the fact that the software stores user credentials in plaintext, making the turbines attractive targets for attackers. If an attacker gains access to the credentials, he would be able to perform any action he chose on the device.
“Independent researcher Maxim Rupp has identified an unsecure credential vulnerability in the RLE International GmbH Nova-Wind Turbine HMI. RLE has been unresponsive in validating or addressing the alleged vulnerability. ICS-CERT is releasing this advisory to warn and protect critical asset owners of this serious issue,” the advisory says.
5. Adm. Zukunft Unveils New Coast Guard Cyber Strategy
“What is modern warfare going to look like in the 21st century?” asked Adm. Paul Zukunft. “Not that long ago,” he said, workers aboard a mobile offshore drilling unit unwittingly downloaded malware that scrambled the system that kept the floating platform stable. “They drifted off the well site,” the Coast Guard commandant said — with the drill pipe still attached and the well still pumping oil.
“Fortunately, the blowout preventer kicked in and shut it down,” Zukunft continued, preventing a disastrous spill. (It was the blowout preventer that failed on the Deepwater Horizon, where Zukunft coordinated the federal response in 2010). But a more sophisticated cyber attack on US oil and gas could be devastating, and there are people out there with the motive and the means to do it. Russia just happens to have some of the sharpest hackers on the planet, a worsening relationship with the US, and a massive share of the European and Asia natural gas markets.
6. Federal CIO: Cyber is “Our Most Important Mission Today”
Scott said strengthening the federal cybersecurity posture across government agencies is the only way to fully “restore public confidence in government and institutions,” which has undoubtedly decreased following the slew of hacks, breaches and negative cyber-related recent headlines.
Scott, only about four months into his new job as the government’s top techie, has been swift to react to the nation’s cybersecurity issues.
Last week, the White House – led by Scott – launched a 30-day ‘cybersecurity sprint’ to assess and improve agency’s cybersecurity processes, resources and priorities. Emergency procedures include tightening controls for “privileged users” and network administrators, upping the use of multifactor authentication and immediately patching critical software vulnerabilities.