****************** Sponsored By WinMagic Inc. ********************* Is Your Encryption Solution A Nightmare? Do you have Tales of Encryption? Wake up to a new Reality with WinMagic. Join us for our live broadcast on Wed, Apr 4, 2012 1:00 PM - 2:00 PM EDT to learn how WinMagic SecureDoc can dispel encryption myths and secure your data. Register Today http://www.sans.org/info/102744 ************************************************************************** TRAINING UPDATE --SANS Northern Virginia 2012, Reston, VA April 15-20, 2012 7 courses. Bonus evening presentations include Linux Forensics for Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack http://www.sans.org/northern-virginia-2012/
--SANS Cyber Guardian 2012, Baltimore, MD April 30-May 7, 2012 11 courses. Bonus evening presentations include Ninja Assessments: Stealth Security testing for Organizations; and Adjusting Our Defenses for 2012. http://www.sans.org/cyber-guardian-2012/
--SANS AppSec 2012, Las Vegas, NV April 24-May 1, 2012 Listen to two of the best minds in Application Security, Jeremiah Grossman and Chenxi Wang, at the AppSec Summit. Maximize your training by also attending one or more of the 4 pre-summit courses. http://www.sans.org/appsec-2012/
--SANS Security West 2012, San Diego, CA May 10-18, 2012 24 courses. Bonus evening presentations include Metametrics - A New Approach to Information Security Management Metrics; and Malware Analysis Essentials Using REMnux. http://www.sans.org/security-west-2012/
--SANS Toronto 2012, Toronto, ON May 14-19, 2012 5 courses. Bonus evening presentations include I've Been Geo-Stalked! Now What? And What Should Keep You Up at Night: The Big Picture and Emerging Threats. http://www.sans.org/toronto-2012/
--SANS Rocky Mountain 2012, Denver, CO June 4-9, 2012 10 courses. Bonus evening presentations include Adjusting Our Defenses for 2012; and Why Do Organizations Get Compromised? http://www.sans.org/rocky-mountain-2012/
--Forensics & Incident Response Summit & Training, Austin, TX June 20-27, 2012 Pre-Summit Courses: June 20-25, 2012; Summit: June 26-27, 2012 Techniques and solutions to aid organizations and agencies responding to crimes and attacks. Maximize your training by also attending one or more of the 4 pre-summit courses. http://www.sans.org/forensics-incident-response-summit-2012/
Plus Abu Dhabi, Johannesburg, Brisbane, Jakarta, and Malaysia all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ***********************************************************
TOP OF THE NEWS
FBI Cyber Chief Says US Losing War With Hackers (March 28, 2012)
In an interview with the Wall Street Journal, FBI cyber chief Shawn Henry said that the US is "not winning" the war waged by hackers on corporate networks. "We've been playing defense for a long time, ... You can only build a fence so high, and what we've found is that the offense outpaces ... and is better than the defense." He said that more and more often, FBI investigations turned up data stolen from companies that did not even know they had been infiltrated. Henry plans to leave the FBI after more than 20 years to work in private industry. James A. Lewis, senior fellow in cybersecurity with the Center for Strategic and International Studies, agrees with Henry's assessment, saying that "there's a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector." -http://online.wsj.com/article/SB10001424052702304177104577307773326180032.html?m od=djemalertNEWS -http://www.technolog.msnbc.msn.com/technology/technolog/not-winning-war-hackers- fbi-cyber-chief-581557 -http://blogs.computerworld.com/19951/cybersecurity_america_is_losing_the_war_chi na_hacked_every_major_us_company?source=CTWNLE_nlt_security_2012-03-29 -http://news.cnet.com/8301-1009_3-57405707-83/u.s-not-winning-war-with-hackers-sa ys-fbi-bigwig/?tag=txt;title [Editor's Note (Pescatore): Actually, I think there is a very willful desire to make things sound worse than they are. Despite centuries of security effort, retail still loses 3% of revenue to "shrinkage" - shoplifting and employee theft, and the costs of keeping to that level. Turns out that level is an acceptable cost of doing business - they could get shrinkage down to zero but revenue would drop more than 3% so *they would be worse off.* Ditto bank robberies, and every other area of physical and cyber world crime. "Winning" any war against any crime is not crippling the business to see the crime stop, it is getting both the cost of the crime *and* the cost of the security down to acceptable business levels. (Honan): You can only hope to win a battle when you are properly engaged. When you read reports, such as the Verizon Data Breach Investigations report, and see statistics showing 97% of the breaches studied were avoidable through simple or intermediate controls you realise that many organisations are not even in the parking lot never mind on the playing field when it comes to information security.]
Former US Countertorrism Czar Says China Hacked Every Major U.S. Firm (March 29, 2012)
NSA Director General Alexander Fingers China in RSA Hack (March 29, 2012)
Earlier this week, NSA Director and Commander of the US Cyber Command General Keith Alexander told the Senate Armed Services Committee that China was responsible for the attack on RSA last year. Those attacks compromised the security of RSA's SecurID tokens. The information taken was used in an attempted but ultimately unsuccessful attack against Lockheed Martin. General Alexander also said that China is stealing large quantities of military intellectual property from the US. General Alexander said that changes need to be made to make it more difficult for these types of attacks to occur. He said that the government needs real time capabilities to work with the private sector and stop attacks. -http://www.theregister.co.uk/2012/03/29/nsa_blames_china_rsa_hack/ -http://www.informationweek.com/news/government/security/232700341 [Editor's Note (Murray): The recent Verizon Data Breach report tells us that commercial enterprises do not know in "real time" when they are under attack. ]
Gen Alexander: Pres. Approval Should be Required for Cyber Attack (March 27, 2012)
***************** Sponsored Links: ********************** 1) Do Not Miss SANS Special Webcast: Threat Review of Resurgent Botnets: Waledac, Kelihos, Zeus sponsored by Palo Alto Networks. Go to http://www.sans.org/info/102749 2) SANS Analyst Program Webcast: Reducing Risk to Federal Systems with the SANS 20 Critical Controls April 19, 1 PM EDT. http://www.sans.org/info/102754 ************************************************************************
THE REST OF THE WEEK'S NEWS
Study Claims Assumptions On Cyber Criminals Are Wrong (March 29, 2012)
According to a study released by The John Grieve Centre for Policing and Security at London Metropolitan University, 80 percent of cybercrime is committed by ordinary criminals and not sophisticated hackers as depicted by Hollywood. The research shows that 43 per cent of cyber-crooks are over 35 years old while 29 per cent are under 25, dispelling the myth of hacking being the preserve of highly skilled teenagers. The availability of crimeware and easy-to-use hacking tools means that criminals can get involved with cybercrime without having any high level of technical skills. Professor John Grieve, founder of policing centre, said "The research found evidence of many cases where there has been real success in closing down digital criminal operations. Growth in the digital economy will inevitably cause an increase in organized digital crime, however this need not be seen as an insurmountable problem. Rather, it is a predictable problem that - by better understanding the perpetrators and their working methods - we can meet head on." -http://www.theregister.co.uk/2012/03/29/cybercrime_myths_exploded/ -http://www.zdnet.co.uk/news/security-threats/2012/03/29/detica-80-percent-of-int ernet-crime-is-co-ordinated-40154918/ -http://www.v3.co.uk/v3-uk/news/2164355/gangs-responsible-crimes
Megaupload Drops Suit Against Universal (March 29, 2012)
European Commission Proposes New Cybercrime Center (March 28, 2012)
The European Commission announced that it will create a European Cybercrime Centre to tackle the growing threat of cybercrime. The centre will focus primarily on combating credit card and banking fraud. It will also be responsible for training national experts on cybercrime, be the focal point in coordinating national authorities, and analyze information gathered by national and European police forces. Cecilia Malmstrom, European Commissioner for Home Affairs, said, "As the e-economy grows at a fast pace, cybercrime is following suit," and the centre "will bring together some of Europe's best brains in the field of cybercrime". The cybercrime centre is expected to open in January 2013 in the Hague and form part of Europol, the pan-European police body. -http://euobserver.com/9/115691 -http://www.bbc.com/news/technology-17541462
Second Kelihos Botnet Taken Down by Security Firms (March 28, 2012)
McCain Says DHS Not Cut Out to be Cyber Defense Leader (March 27, 2012)
In testimony before the Senate Armed Services Committee, Senator John McCain (R-Arizona) argued that the US Department of Homeland Security (DHS) should not be taking the lead in protecting the country's critical infrastructure from cyber attacks. McCain cited the public's lack of confidence in the DHS's Transportation Security Administration's (TSA) technological capabilities as evidence that it shouldn't have those powers. McCain said that the NSA and the US Cyber Command have the necessary expertise to assume that role. Proposed legislation in the Senate would give the DHS authority to require computer systems that are associated with elements of the country's critical infrastructure meet certain security requirements. -http://thehill.com/blogs/hillicon-valley/technology/218409-mccain-homeland-secur ity-department-shouldnt-be-trusted-with-cybersecurity
On Tuesday, March 27, US Representatives Mary Bono Mack (R-California) and Marsha Blackburn (R-Tennessee) introduced a Republican-backed cybersecurity bill. Senators John McCain (R-Arizona) and Kay Bailey Hutchison (R-Texas) along with other Senate Republicans, introduced a similar measure there earlier in March. The bill is offered as an alternative to previously introduced cybersecurity legislation. The Republicans' bill does not give DHS the authority to require that computer systems at private entities that comprise elements of the country's critical infrastructure meet certain cybersecurity standards. Instead, the bill emphasizes information sharing and increasing penalties for online crimes. Representative Jim Langevin (D-Rhode Island) said that although the bill offers "a thoughtful proposal for much-needed improvements in the sharing of cyber threat information, [it would be ] a major step backward" because the approach of depending on private companies to take adequate security measures "has failed us over the last decade." -http://thehill.com/blogs/hillicon-valley/technology/218421-secure-it-act-introdu ced-in-the-house
Huawei Suffering Setbacks in Global Market (March 27, 2012)
In November, Symantec ended a joint venture with Huawei over concerns that its association with the Chinese telecommunications equipment firm could impede its access to classified US cyberthreat intelligence and hurt its business. The joint venture was established four years ago, with the goal of developing and distributing security appliances to telecommunications companies. Earlier this week, Huawei was blocked from bidding on a broadband contract in Australia over security concerns. In the last 10 years, legislators and regulators in the US have blocked Huawei from three acquisitions and numerous partnerships. Three problems the US government has with Huawei are that its CEO is a former colonel in the People's Liberation Army; that the company has ties with the Chinese government, as do all organizations in that country; and it has in the past supplied Iran with networking equipment which was reportedly used to track citizens. Huawei says it is being mischaracterized. -http://www.theregister.co.uk/2012/03/27/symantec_huawei_china_spying/ -http://money.cnn.com/2012/03/27/technology/huawei/index.htm [Editor's Note (Pescatore): Slippery slope here. Many North American and Australian vendors can be portrayed as being cozy with their home governments and DoDs. The key is putting supply chain integrity programs in place, not simple nationalistic approaches. ]
Apple iOS Review Teams Rejecting Apps That Use UDID for Tracking (March 27, 2012)
Apple has started to reject apps that use the unique device identifier (UDID), which is built into Apple devices, to track users. Apple has 10 iOS review teams. Currently, two of those teams are rejecting apps that use UDIDs; the number of teams looking for the issue will increase until all 10 teams are rejecting apps that do this. Apple began warning developers last August that they should not use the numbers to track users. -http://www.informationweek.com/news/security/privacy/232700326 [Editor's Comment (Pescatore): This is good as a reactive response to discovered abuses. It would be much better to see Apple take a proactive approach to security and privacy testing apps to differentiate themselves as a "safer" app store than competitors. (Northcutt): Perhaps Secure UDID is a better answer, it would allow developers to distinguish between devices, but not to track: -http://techcrunch.com/2012/03/27/secureudid-is-an-open-source-solution-to-the-ap ple-udid-problem/]
Two Teenagers Arrested for Hacking into Dutch Telecoms Operator (March 27, 2012)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of CounterHackChallenges, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
This course, on the first day, made clear several topics that I had questions on for years. The explanations provided were unlike other information contained on websites and in books -M. Cook, Arrowhead International