A presentation on recent cyber attacks on the U.S. financial industry included in a collection of documents provided to banks and financial institutions by a local branch of the FBI Cyber Division office and distributed by the Oklahoma Bankers Association.
Tag Archive for Cybersecurity
Department of Homeland Security
DHS Report: Criminals and Hacktivists May Use 2012 Summer Olympics as Platform for Cyberattacks
Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches. Information systems supporting the Games, transport infrastructure, law enforcement communications, financial operations and similar will become prime targets for criminals. A collective of approximately eighty-seven UK banks exercised their ability to withstand cyber attacks last November. Olympic organizers anticipated cyber threats and began testing their cybersecurity posture during ‘technical rehearsals’ by running scenarios from their Technology Operations Center (TOC) situated on Canary Wharf. The TOC will be manned with over one hundred personnel continuously monitoring critical applications, such as the Commentator Information System, organizers’ intranet, and a telecom infrastructure encompassing 900 servers, 1,000 network and security devices, and 9,500 computers. In addition, British law enforcement organizations have been collaborating with the U.S. Secret Service and other industry experts to understand attack vectors, detection methods and mitigation strategies to combat the threat. However, the cyber implications are more expansive than localized attacks against systems and encompass globally distributed Olympic-themed malware, spam campaigns and scams.
National Security Agency
U.S. Cyber Command Cybersecurity Legislation Position Letter
A letter from the Commander of U.S. Cyber Command Keith Alexander to Senator John McCain describing the role of U.S. Cyber Command and its position on current efforts to pass cybersecurity legislation.
News
Public-Private Partnerships Expand Amidst Cybersecurity Fears
A fascinating article in the San Jose Mercury News discusses the recent expansion of public-private partnerships in the growing effort to combat cyber threats from foreign governments and criminals. These partnerships occur through formal agreements between major corporations and government-backed organizations, such as law enforcement, the military or research institutions. The agreements usually involve sharing of intelligence between the government and corporate representatives, as well as participation in threat reporting programs and security exercises. In some cases, the partnerships relate directly to research and development regarding ways to mitigate security threats.
News
National Level Exercise 2012 Will Focus on Cyber Attacks Against Critical Infrastructure
Rather than combating natural disasters or a nuclear detonation in a major U.S. city, this year’s National Level Exercise will focus on cyber threats to critical infrastructure and the “real world” implications for government and law enforcement of large-scale cyber attacks. National Level Exercise 2012 (NLE 2012) is scheduled to take place in June and will involve emergency response personnel from at least thirteen states, four countries, nearly every major governmental department as well as a number of private companies, non-governmental organizations, institutions of higher education and local fusion centers. The exercise will span four FEMA regions and will include scenarios affecting the National Capital Region.
FEMA
FEMA National Level Exercise 2012 Private Sector Participant Guide
This document is intended to provide private sector stakeholders with an overview of NLE 2012, to include a discussion of the exercise timeline, a snapshot of the exercise scenario, and a review of the various potential exercise participation opportunities.
U.S. Strategic Command
U.S. Strategic Command Workshop Report: Deterring Violent Non-State Actors in Cyberspace
Like Damocles’ sword, this global interconnectivity both strengthens us and moderates us at the same time. We are strengthened because we are better connected to others than ever before and thus capable of spreading the seeds of liberty and opportunity to populations that yearn for it and where the lack of it is still being justified. We are moderated by this interconnectivity because others can more easily exploit the seams and turn our freedoms against us to infect with vitriolic propaganda that violently radicalizes populations across this interconnected web. It is the matter of moderation of our strength that brought together the remarkable group of thinkers whose words are reflected within this report. We are concerned here with the problem of deterring violent non-state actors from doing harm to our nation and to our allies. The questions of extending freedom through access while mitigating the misuse of that freedom to harm us were the dominant questions we took up in this workshop.
California, Intelligence Fusion Centers
(U//FOUO) Los Angeles Fusion Center: Steganography Intelligence Bulletin
Steganography—the practice of concealing data within a carrier—may be used to obscure malicious or criminal information and activity from law enforcement. While steganography dates to the fifth century BC, it has long been regarded as, and remains, one of the most advanced forms of clandestine communication. In modern usage, the Internet allows accessibility to, and broad dissemination of, steganography tools, and its application continues to evolve with technology. Understanding steganography in its current state is essential to its identification and detection.
California, Intelligence Fusion Centers
(U//FOUO) Los Angeles Fusion Center: Detecting and Mitigating Cyber Threats
US citizens and assets – including the White House, the Central Intelligence Agency, InfraGard, the state of Arizona, and major defense contracting companies – experienced high-profile cyber threats and attacks in the first half of 2011. Most of the tactics and techniques used were not new, however the increase in attacks during the past few months exemplifies the growth of cyber incursions and reinforces the need to be aware of risks and mitigation techniques associated with cyber threats.
Federal Bureau of Investigation
(U//FOUO) FBI Threat to Law Enforcement From “Doxing”
The FBI assesses with high confidence a that law enforcement personnel and hacking victims are at risk for identity theft and harassment through a cyber technique called “doxing.” “Doxing” is a common practice among hackers in which a hacker will publicly release identifying information including full name, date of birth, address, and pictures typically retrieved from the social networking site profiles of a targeted individual.
Department of Homeland Security
(U//FOUO) DHS Bulletin: Anonymous Upcoming U.S. Operations Overview
The loosely organized hacking collective known as “Anonymous” has announced through several mediums that they plan on conducting cyber attacks, peaceful protests, and other unspecified activity targeting a variety of organizations. The purpose of this product is to judge the likelihood of occurrence for these events, as well as the potential impact.
U.S. Navy
(U//FOUO) U.S. Navy Strategic Studies Group: Convergence of Sea Power and Cyber Power
This plan outlines the Chief of Naval Operations’ (CNO) Strategic Studies Group (SSG) XXVIFs approach to addressing the challenges of operating at the convergence of Sea Power and Cyber Power as presented in the CNO’s Theme. In addition to providing a framework for the approach, this plan presents SSG XXVIFs initial overarching concept and Concept Team (CT) areas of focus.
Department of Homeland Security
(U//FOUO) DHS Bulletin: Anonymous Hacktivist Threat to Industrial Control Systems (ICS)
The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting industrial control systems (ICS). This product characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in coordination with the other NCCIC components.
Department of Homeland Security
(U//FOUO) DHS Bulletin: “Anonymous” and Associated Hacker Groups Deploying New Cyber Attack Tools
The hacker collective known as ‘Anonymous’ has successfully attacked a wide range of public and private sector entities since 2003 with relatively crude tools. Historically, they rely on tools such as the Low Orbit Ion Cannon (LOIC) or Botnets to deny access to websites, or hijack or deface web pages and post quasi-political statements, or perform other malicious activity. Since many of these older tools made it relatively easy for law enforcement and other government forces to identify the source of an attack and then arrest the perpetrator, Anonymous members may have recognized a need to have more advanced tools that offered a lesser degree of exposure. They recently claimed to have developed and possibly employed several new cyber attack tools for use in their self-proclaimed ‘internet civil disobedience’ campaigns. The NCCIC, coordinating with several of its partners, believes there are at least four new tools being shared among and employed by Anonymous members: #RefRef, Apache Killer, Anonware, and Universal Rapid Gamma Emitter (URGE).
Federal Bureau of Investigation
(U//FOUO) FBI Anonymous’ Participation in “Day of Rage” Protest May Coincide with Cyber Attack
The FBI assesses that the hacktivist group Anonymous is likely to participate in the “Day of Rage” protest scheduled for 17 September 2011 in New York City‟s financial district. While the extent of group members‟ participation in the event is unknown, in late August 2011 Anonymous endorsed the event through propaganda consisting of a video posted on YouTube and a campaign poster, as well as references in their Twitter accounts. In the past, Anonymous has been involved in physical protests that coincided with planned cyber attacks. This could indicate an intention to conduct a cyber attack in conjunction with the “Day of Rage” protest.
Australia, Canada, New Zealand, United Kingdom, United States
US, UK, Canada, Australia and New Zealand Joint Public Key Infrastructure Cross-Certification Standards
This section provides the long-term Public Key Infrastructure (PKI) interoperability architecture for the CCEB Allies as agreed at the February 2005 Canberra Collocated Meeting. The architecture enables interoperability through direct cross-certification of each National Defence PKI (NDPKI) in a mesh configuration.
Department of Homeland Security
DHS National Cyber Security Division “Moving Toward Cyber Resilience” Presentation
Department of Homeland Security National Cyber Security Division presentation on “Cyber Resilience” with overviews of recent hacking incidents, including many connected with the hacktivist group Anonymous.
Department of Homeland Security
DHS Cybersecurity Bulletin: Physical Events Provide Phishing/Social Engineering Opportunities
Malicious users seeking to exploit interest related to physical events such as earthquakes and hurricanes will likely use subject lines and attachment titles related to the incidents in phishing e-mails. Network administrators and general users should be aware of these attempts and avoid opening messages with attachments and/or subject lines related to physical events.
Department of Homeland Security
DHS Bulletin: Anonymous/LulzSec Has Continued Success Using Rudimentary Hacking Methods
This Bulletin is being provided for your Executive Leadership, Operational Management, and Security Administrators situational awareness. The actors who make up the hacker group “Anonymous” and several likely related offshoots like “LulzSec”, continue to harass public and private sector entities with rudimentary exploits and tactics, techniques, and procedures (TTPs) commonly associated with less skilled hackers referred to as “Script Kiddies”. Members of Anonymous routinely claim to have an overt political agenda and have justified at least a portion of their exploits as retaliation for perceived ‘social injustices’ and ‘freedom of speech’ issues. Attacks by associated groups such as LulzSec have essentially been executed entirely for their and their associates’ personal amusement, or in their own hacker jargon “for the lulz”.
Department of Homeland Security
(U//FOUO) DHS Utility-Sector Employee Insider Threats Warning
Insiders often possess detailed operational and system-security knowledge, as well as authorized physical and systems access to utilities. Insiders can be employees, contractors, service providers, or anyone with legitimate access to utility systems. They often are self-motivated, know system security measures, and raise no alarms due to their authorized systems access. With knowledge of and access to a utility’s network, malicious actors could seize control of utility systems or corrupt information sent to plant operators, causing damage to plant systems and equipment. Systems and networks used by utilities are potential targets for a variety of malicious cyber actors. Threat actors who target these systems may be intent on damaging equipment and facilities, disrupting services, stealing proprietary information, or other malicious activities. The greater the individual’s knowledge and authorized systems access, the greater risk the individual poses. Furthermore, any individual with access to a plant’s systems could unwittingly or inadvertently introduce malware into a system through portable media or by falling victim to socially engineered e-mails.
News
DHS National Cybersecurity Center Warns of Crude, But Effective LulzSec/Anonymous/AntiSec Attacks
A bulletin released in late June by the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) warning of the recent activities by LulzSec and Anonymous has surfaced online. The unclassified bulletin titled “Hacktivist Groups Target U.S. and Foreign Networks” was recently posted to an unknown online network security website Aisle.net before being subsequently removed. The site it was posted to has also disappeared and now visitors to the domain are greeted with a blank screen. While the full document is not recoverable at this point in time, a cached version of the document’s summary contains a number of surprising admissions regarding the effectiveness of basic techniques utilized by LulzSec/Anonymous.
News
NSA $3.2 Billion “Site M” Expansion Planning Documents Reveal Cyberwar Command Center
In July 2010, the NSA revealed that it was expanding into a 227-acre parcel of land at Fort Meade called “Site M”, constructing a series of buildings that could cost as much as $5.2 billion. This expansion would displace two golf courses currently occupying the land and provide the NSA, which already occupies 630 acres at Fort Meade, with more space to build “an operational complex and to construct and operate consolidated facilities to meet the National Security Agency’s (NSA) continually evolving requirements and for Intelligence Community use”. The project has been shrouded in secrecy throughout its existence and there are only a few references to “Site M” in DoD budget planning documents. However, a recently discovered collection of development planning documents for the Site M project provide detailed information about the proposed $3.2 billion expansion, indicating that the facility will be a centralized command center for the NSA’s evolving cyberwarfare capabilities.
White House
White House International Strategy for Cyberspace
Digital infrastructure is increasingly the backbone of prosperous economies, vigorous research communities, strong militaries, transparent governments, and free societies. As never before, information technology is fostering transnational dialogue and facilitating the global flow of goods and services. These social and trade links have become indispensable to our daily lives. Critical life-sustaining infrastructures that deliver electricity and water, control air traffic, and support our financial system all depend on networked information systems. Governments are now able to streamline the provision of essential services through eGovernment initiatives. Social and political movements rely on the Internet to enable new and more expansive forms of organization and action. The reach of networked technology is pervasive and global. For all nations, the underlying digital infrastructure is or will soon become a national asset.
White House
White House Strategy for Trusted Identities in Cyberspace
A secure cyberspace is critical to our prosperity. We use the Internet and other online environments to increase our productivity, as a platform for innovation, and as a venue in which to create new businesses. “Our digital infrastructure, therefore, is a strategic national asset, and protecting it—while safeguarding privacy and civil liberties—is a national security priority” and an economic necessity. By addressing threats in this environment, we will help individuals protect themselves in cyberspace and enable both the private sector and government to offer more services online. As a Nation, we are addressing many of the technical and policy shortcomings that have led to insecurity in cyberspace Among these shortcomings is the online authentication of people and devices: the President’s Cyberspace Policy Review established trusted identities as a cornerstone of improved cybersecurity.
Corporate
HBGary Morgan Stanley CERT Physical Memory Standard Operating Procedures
Memory forensics allows MSCERT to become more effective and agile regarding the acquisition of actionable intelligence. Traditional disk forensic approaches to investigations are slow and non-scalable. Large amounts of data must be acquired, transferred, and then analyzed. Memory forensics reveal what the true running state of a target system is at the time of acquisition. Hidden processes and other system activities are made available to an analyst by analyzing a smaller set of data than disk forensics. This document details Morgan Stanley’s (MS) Standard Operating Procedures (SOPs) for acquiring and analyzing physical memory using the HBGary forensic toolset. Fastdump Professional and Responder Professional usage are detailed through a case study methodology.