SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XIV - Issue #1

January 03, 2012

The full program was just posted for the SCADA Security Summit in
Orlando later this month.
See: http://www.sans.org/north-american-scada-2011/agenda.php

---

TOP OF THE NEWS

Power Companies Acknowledge Cyber Attack Threat in SEC Filings
More Stolen Stratfor Data Posted

THE REST OF THE WEEK'S NEWS

Hackers May Have Compromised Gordon Brown's email
Israeli Bank Credit Cards Exposed by Saudi Hackers
French Data Protection Group Investigates Credit Mutuel Units
GCHQ Will Offer Incentives to Retain Key Officers
Facebook's White Hat Visa Debit Cards for Bug Hunters
United Airlines Passenger Data Exposed Online
Over 150 UK Police Officers Disciplined for Inappropriate Facebook Posts
Hackerspace Global Grid Plans Satellites and Ground Stations
Twitter Subpoenas Raise First Amendment Concerns

---

********************** SPONSORED BY SAINT Corporation ******************

SAINT is the FIRST product to receive USGCB validation by NIST. SAINT provides both FDCC and USGCB SCAP scanning policies. http://www.sans.org/info/96254

**************************************************************************
TRAINING UPDATE

--SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security.
http://www.sans.org/security-east-2012/

--SANS North American SCADA 2012, Lake Buena Vista, FL January 21-29, 2012 Gain the most current information regarding SCADA and Control System threats and learn how to best prepare to defend against them. Hear what works and what doesn't from peer organizations. Network with top individuals in the field of SCADA security. Return from the summit with solutions that you can immediately put to use in your organization. Pre-Summit courses: January 21-25, 2012 Summit: January 26-27, 2012 Post-Summit Courses: January 28-29, 2012
http://www.sans.org/north-american-scada-2012/

--SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo.
http://www.sans.org/monterey-2012/

--SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 7 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker.
http://www.sans.org/phoenix-2012/

--SANS Secure Singapore 2012, Singapore, Singapore March 5-17, 2012 5 courses. Bonus evening presentations include Introduction to Windows Memory Analysis; and Why Our Defenses are Failing Us: One Click is All It Takes ...
http://www.sans.org/singapore-2012/

--SANS 2012, Orlando, FL March 23-39, 2012 42 courses. Bonus evening presentations include Exploiting Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving Threats; and Harbinger of Evil: The Forensic Art of Finding Malware.
http://www.sans.org/sans-2012/

--Looking for training in your own community?
http://www.sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Atlanta, Bangalore, Stuttgart, and Nashville, all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

************************************************************************

---

TOP OF THE NEWS

Power Companies Acknowledge Cyber Attack Threat in SEC Filings (December 37, 2011)

Con Edison of New York is the first utility to describe cyber-attacks as a stand-alone risk category in SEC filings (10Q). Pepco Holdings, a large power and gas utility serving customers in Delaware, the District of Columbia, Maryland and New Jersey, includes cyber-attacks as one of many risks associated with "
[e ]
ffects of geopolitical events, including the threat of domestic terrorism or cyber attacks."
-http://www.forbes.com/sites/williampentland/2011/12/27/cyber-threat-to-power-gri
d-puts-utility-investors-at-risk/

More Stolen Stratfor Data Posted (December 30, 2011)

The group responsible for breaking into computer systems at Stratfor Global Intelligence and stealing data has posted another round of information to the Internet. The data are reportedly names and associated credit card numbers of people who have bought research information from Stratfor, as well as the user names and email addresses of people who have registered with the Stratfor website. Members of the loosely organized hacker group that calls itself Anonymous are believed to be responsible for the data theft and exposure.
-http://www.computerworld.com/s/article/9223082/Hacking_group_releases_more_Strat
for_subscriber_data?taxonomyId=17
[Editor's Note (Honan): The Tech Herald has an interesting analysis on the passwords that were leaked. Given the professional profile of the people using the Stratfor website I find it disheartening to see that many were using simple and easy to guess passwords
-http://www.thetechherald.com/articles/Report-Analysis-of-the-Stratfor-Password-L
ist]

---

************************** SPONSORED LINK ****************************

1) What devices are accessing what resources and by whom? Take the SANS first annual mobility survey and be entered to win a $250 American Express Card Giveaway when results are announced in late March at SANS 2012! Follow this link to the survey: http://www.sans.org/info/96259

************************************************************************

---

THE REST OF THE WEEK'S NEWS

Hackers May Have Compromised Gordon Brown's eMail (January 2, 2012)

In the course of the investigation into hacking conducted by private investigators on behalf of unnamed UK newspapers, police have discovered evidence that hackers accessed Gordon Brown's "private communications" email account, compromising the privacy of both incoming and outgoing messages. Investigators found the evidence while examining a group of seized computers. The compromised emails date from a time when former Prime Minister Brown was Chancellor of the Exchequer.
-http://www.independent.co.uk/news/uk/crime/gordon-browns-downing-street-emails-h
acked-6283985.html
-http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/former-pm-brown-wa
s-email-hack-victim-10025119/
[Editor's Note (Liston): We're reaping the harvest we've sown by our over-reliance on passwords as a sole access-control mechanism. Hopefully 2012 will see an increasing use of multi-factor authentication. If it's reasonable to have multi-factor authentication on a WoW account, shouldn't my bank account have it as well? ]

Israeli Bank Credit Cards Exposed by Saudi Hackers (January 3, 2012)

Israel's Army Radio said hackers claiming to be of Saudi Arabian origin had taken credit for exposing 15,000 credit cards from the Bank of Israel.
-http://www.businessweek.com/news/2012-01-03/bank-of-israel-says-details-of-15-00
0-credit-cards-put-on-web.html

French Data Protection Group Investigates Credit Mutuel Units (January 2, 2012)

France's data protection authority has inspected two Credit Mutuel-CIC units following a data system failure in late December. The Commission Nationale de l'Informatique et des Libertes is examining "numerous pieces of evidence gathered during ... inspections" of an information technology unit and a newspaper that belongs to the bank.
-http://www.bloomberg.com/news/2012-01-02/credit-mutuel-units-inspected-by-french
-data-protection-watchdog.html

GCHQ Will Offer Incentives to Retain Key Officers (December 31, 2011)

The UK government has approved a package of bonuses and incentives that will help GCHQ (the government communications headquarters) keep key officers who would otherwise be lured away to private companies like Microsoft and Google by large pay packages. Last year, GCHQ director Iain Lobban told MPs that he was having a difficult time retaining valuable staff in the face of lucrative offers from private companies.
-http://www.dailymail.co.uk/news/article-2080841/Spies-bonuses-halt-Google-poache
rs-pay-times-GCHQ.html

Facebook's White Hat Visa Debit Cards for Bug Hunters (December 31, 2011)

Facebook has started giving out White Hat Visa debit cards to bug hunters. Facebook began paying bounties for bugs in July 2011. Those reporting the flaws earn a minimum of US $500 and there is no maximum amount; to date, the largest sum Facebook has paid for a vulnerability is US $5,000. The bug hunters must abide by Facebook's responsible Disclosure Policy, which requires that they not publicly disclose the flaw until it has been fixed.
-http://news.cnet.com/8301-1009_3-57350464-83/facebook-hands-out-white-hat-debit-
cards-to-hackers/
[Editor's Note (Murray): I hope that this is not evidence that FaceBook has adopted late patching as a strategy, rather than as simply one tactic, for security; not evidence that they have given up on doing it right the first time. ]

United Airlines Passenger Data Exposed Online (December 30, 2011)

A woman who was attempting to check her available miles through the United Airlines mobile website found herself viewing information for other people's accounts. Each time she navigated to a different part of the website, she found another person's information. Exposed data included names, Mileage Plus numbers, future itineraries and confirmation codes. When she contacted United about the problem, the company suggested that perhaps someone had used her phone to navigate the site and had not logged off correctly, but no one else had used her phone. A United Airlines spokesperson said the company is looking into the matter but that the woman "didn't have access to sensitive personal information."
-http://www.kvue.com/news/United-Passenger-Finds-dozens-of-account-passengers-inf
o-online--136455568.html

Over 150 UK Police Officers Disciplined for Inappropriate Facebook Posts (December 30, 2011)

Police in the UK have been disciplined for inappropriate and offensive posts on Facebook. More than 150 officers have faced action for posting inappropriate photographs, using the social networking site to harass colleagues, and making racist comments. At least two officers have been fired for inappropriate Facebook activity. Details of the disciplinary action were obtained through a Freedom of Information Act request; the information includes formal complaints lodged against police officers from the UK and Wales between 2008 and 2010. A government review of police corruption in the UK "found a significant blurring between people's professional lives on social networking sites and their private lives."
-http://www.securitynewsdaily.com/uk-police-inappropriate-facebook-behavior-1456/
-http://www.thesun.co.uk/sol/homepage/news/4028553/Cops-fired-over-Facebook-slurs
.html
[Editor's Note (Murray): Unless you have a policy and training, it is very unlikely that your employees are any better behaved than these officers. You may enjoy the advantage that you are not subject to disclosure under Freedom of Information. On the other hand you may be easier to sue than the police. ]

Hackerspace Global Grid Plans Satellites and Ground Stations (December 30, 2011 & January 1 & 2, 2012)

A group of hackers say they plan to launch their own communications satellites to keep the Internet beyond the control of earthly censors. Speaking at the Chaos Communication Congress in Berlin last week, the group behind the Hackerspace Global Grid (HGG) project said they also plan to establish ground stations for satellite tracking and communication.
-http://www.bbc.co.uk/news/technology-16367042
-http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/hackers-work-on-sa
tellite-system-aim-for-the-moon-10025121/
-http://www.pcmag.com/article2/0,2817,2398268,00.asp
[Editor's Note (LISTON): John Gilmore famously said, "The Net interprets censorship as damage and routes around it."
(Murray): Interesting. It should be possible to put up balloons faster than they fail and the nation states can knock them down. However, even those few nation states that really do abide by the Rule of Law are likely to see such a hack as threatening. ]

Twitter Subpoenas Raise First Amendment Concerns (December 29 & 30, 2011)

The District Attorney of Suffolk County, Massachusetts, which includes the city of Boston, has subpoenaed Twitter for records associated with two accounts, two hash tags, and the name of an individual between December 8 and December 13, 2011. The accounts in question are associated with the Occupy Boston movement. The subpoena has raised concerns among free speech advocates, who view it as a violation of the First Amendment. It appears to seek to identify anyone who used the hash tags between those dates, and of anyone who followed the two named accounts.
-http://www.cnn.com/2011/12/29/us/massachusetts-occupy-twitter/index.html
-http://www.boston.com/Boston/metrodesk/2011/12/judge-refuses-quash-subpoena-twit
ter-account-used-person-linked-occupy-boston/Ok9A0LTVS058ZWkhvqbBhI/index.html
-http://www.wired.com/threatlevel/2011/12/boston-subpoena-twitter/

---

************************************************************************

The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/