****************** SPONSORED BY Blue Coat Systems, Inc. ***************** IDC Security Infographic sponsored by Blue Coat If it's your job to protect your company and its workforce from security threats, you know this better than anyone: the risks are real. But there's a new side of security emerging. Security isn't only about prevention. It's also about empowerment. View the IDC Infographic here: http://www.sans.org/info/132477 *************************************************************************** TRAINING UPDATE
- -- SANSFIRE 2013 Washington, DC June 14-22, 2013 43 courses. Bonus evening sessions include Avoiding Cyberterrorism Threats Inside Hydraulic Power Generation Plants; and Automated Analysis of Android Malware. http://www.sans.org/event/sansfire-2013
- -- SANS Rocky Mountain 2013 Denver, CO July 14-20, 2013 10 courses. Bonus evening sessions include OODA - The Secret to Effective Security in Any Environment; and APT: It is Not Time to Pray, It is Time to Act. http://www.sans.org/event/rocky-mountain-2013
- -- SANS Boston 2013 Boston, MA August 5-10, 2013 9 courses. Bonus evening sessions include Cloud R and Forensics; and You Can Panic Now. Host Protection is (Mostly) Dead. http://www.sans.org/event/boston-2013
- -- SANS Virginia Beach 2013 Virginia Beach, VA August 19-30, 2013 10 courses. Bonus evening presentations include Thanks for Recovering ... Now I Can Hack You!; Everything I Know is Wrong!; and APT: It is Time to Act. http://www.sans.org/event/virginia-beach-2013
- -- SANS London Summer 2013 London, UK July 9-July 16, 2013 5 courses. SANS has added a new London date to the security-training calendar, giving security professionals the opportunity to take one of four of SANS' most popular 6-day courses and the excellent 2 day Securing The Human course. http://www.sans.org/event/london-summer-2013
- -- SANS Forensics Prague 2013 Prague, Czech Republic October 6-13 2013 SANS's European forensics summit and dedicated forensics training event. Four of SANS's most important forensics training courses and opportunities to network with leading digital forensics experts. http://www.sans.org/event/forensics-prague-2013
- -- SANS Dubai 2013 Dubai, UAE October 26th - November 7th 2013 SANS returns to Dubai with four essential courses at the Hilton Jumeirah Beach. http://www.sans.org/event/dubai-2013
Plus Canberra, Austin, Mumbai, Bangkok and Melbourne all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org *****************************************************************************
TOP OF THE NEWS
US Presidential Directive Orders List of Potential Cyberattack Targets (June 7, 2013)
When Microsoft seized thousands of domain names associated with the Citadel botnet, it also took down some domains that had already been sinkholed by researchers. Those researchers were gathering information about the malware so they could figure out the best way to tackle the botnet. The information was also used to inform the owners of compromised computers and help them clear their machines of the infection. This is not the first time that a Microsoft botnet takedown has disrupted researchers' efforts. During a ZeuS takedown effort, several hundred domain names that researchers had sinkholed were also seized. Microsoft has said that it is difficult to distinguish between domains under the control of criminals and those under the control of researchers. -http://www.networkworld.com/news/2013/061013-microsoft-researcher-citadel-botnet -270657.html -http://www.theregister.co.uk/2013/06/10/citadel_botnet_takedown_own_goal_by_micr osoft/ [Editor's Note (Henry): Deterring illegal adversary activity through dismantlement of their infrastructure is another way to mitigate the threat. The effort described here appears to be an operation with benevolent intentions that had some minor collateral damage. We often talk about the need for good communication and actionable-intelligence sharing between the government and the private sector. This demonstrates the need for similar communication private sector-to-private sector, so efforts are coordinated for maximum impact. A consortium of like-minded experts focused on a specific threat - botnets, in this case - would help to ease unintended consequences. ]
First Lawsuit Filed Over NSA's Surveillance of Verizon Data (June 10, 2013)
A lawsuit had been filed against Verizon, the NSA, President Barack Obama, Attorney General Eric Holder and others over the constitutionality of the NSA's wide surveillance program, which was disclosed late last week. The lawsuit alleges that the surveillance program violates the US Constitution as well as a number of federal laws. -http://www.wired.com/threatlevel/2013/06/nsa-phone-lawsuit/
ACLU Asks FISA Court to Disclose Opinion On Constitutionality of Section 215 of Patriot Act (June 10, 2013)
The American Civil Liberties Union (ACLU) has filed a motion asking that the Foreign Intelligence Surveillance (FISA) Court "unseal its opinions evaluating the meaning, scope, and constitutionality of Section 215 of the Patriot Act." That section allows the court to issue national security letters (NSLs) at the request of the government, which has to demonstrate only that the information sought is relevant to an "authorized investigation." Senators Mark Udall (D-Colorado) and Ron Wyden (D-Oregon) last year wrote Attorney General Holder, requesting the declassification of the secret court ruling allowing the broader surveillance powers. -http://www.wired.com/threatlevel/2013/06/nsa-dragnet-legalities/ -http://www.aclu.org/files/assets/fisc_unsealing_motion.pdf
NSA Whistleblower Edward Snowden (June 8, 9 & 10, 2013)
Israel is Doing a Great Job of Training Cybersecurity Experts (June 9, 2013)
Israel has had great success in developing a corps of cybersecurity experts who can write and modify code, identify vulnerabilities, infiltrate and navigate within others' networks without being detected. The skill level per capita is the highest in the world. Israel's efforts to identify and train people with talent in the cybersecurity arena have been successful because they have focused on honing people's technical skills. The country has increased its focus on math and science in schools and has held cybersecurity competitions. Israel has also worked to integrate academia, the IT industry, and the military to focus on cybersecurity. Organizations that are a part of Israel's critical infrastructure are required to protect their systems from cyber attacks. -http://www.csmonitor.com/World/Middle-East/2013/0609/Israel-accelerates-cybersec urity-know-how-as-early-as-10th-grade
Warg Faces Hacking Charges in Denmark (June 7, 2013)
************************************************************************ The Editorial Board of SANS NewsBites
John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service.
Shawn Henry recently retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. He is now president of CrowdStrike Services.
Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..
Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries.
Mark Weatherford is a Principal at The Chertoff Group and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT.
Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org).
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and non-profits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project.
Alan Paller is director of research at the SANS Institute.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
SANS provides the best up to date training relating to security issues. The sessions are relevant and well presented with well written manuals. -Ravindranath Goswami, The Power Generation Company of Trinidad and Tobago Ltd.