SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XIV - Issue #41

May 22, 2012

TOP OF THE NEWS

Cross-Browser Malware Spreading Through Facebook
DoJ Crime Statistics Site Hacked
Five-Year Sentence for Role in Phishing Scam

THE REST OF THE WEEK'S NEWS

FTC Names Privacy Advocate and Law Professor Paul Ohm Senior Adviser
Supreme Court Will Consider FISA Challenge Case
Supreme Court Will Not Hear Tenenbaum File-Sharing Appeal
California Considering Genetic Data Privacy Bill
ZTE Says it Will Fix Backdoor in ScoreM Handsets
Class Action Lawsuit Alleges Facebook Violated Privacy Laws
London Police to Extract and Retain Suspects' Mobile Phone Data

---

**************** SPONSORED BY Skybox Security, Inc. *********************
Special Webcast: Intelligent Firewall Management: The Key Ingredient for Network Consolidation Success SANSFIRE 2012 - Washington Wednesday, May 23, 2012 at 11:00 AM EDT
http://www.sans.org/info/105725
**************************************************************************
TRAINING UPDATE
- --SANS Rocky Mountain 2012, Denver, CO June 4-9, 2012 10 courses. Bonus evening presentations include Adjusting Our Defenses for 2012; and Why Do Organizations Get Compromised?
http://www.sans.org/rocky-mountain-2012/

- --Forensics & Incident Response Summit & Training, Austin, TX June 20-27, 2012 Pre-Summit Courses: June 20-25, 2012; Summit: June 26-27, 2012 Techniques and solutions to aid organizations and agencies responding to crimes and attacks. Maximize your training by also attending one or more of the 4 pre-summit courses.
http://www.sans.org/forensics-incident-response-summit-2012/

- --SANS Canberra 2012, Canberra, Australia July 2-10, 2012 5 courses. Bonus evening presentations include Penetrating Modern Defenses; and Tales From the Crypt: TrueCrypt Analysis.
http://www.sans.org/canberra-2012/

- --Security Impact of IPv6 Summit, Washington, DC July 6, 2012 Walk away with best practices from some who have already implemented IPv6, in large networks, for a few years.
http://www.sans.org/ipv6-summit-2012/

- --SANSFIRE 2012, Washington, DC July 6-15, 2012 44 courses. Bonus evening presentations include Authentication Issues Between Entities During Protocol Message Exchange in SCADA Systems; Critical Infrastructure Control Systems Cybersecurity; and Why Don't We Consider Our Cars Critical Infrastructure?
http://www.sans.org/sansfire-2012/

- --SANS San Francisco 2012, San Francisco, CA July 30-August 6, 2012 9 courses. Bonus evening presentations include All Your Hash Are Belong to Us: Targeting Windows Password Hashes for Penetration; Spear Phishing and Targeted Attacks; and Assessing Deception.
http://www.sans.org/san-francisco-2012/

- - - --Looking for training in your own community?
http://www.sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Malaysia, Bangkok, Boston, and San Antonio all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php
********************************************************************

---

TOP OF THE NEWS

Cross-Browser Malware Spreading Through Facebook (May 21, 2012)

A new piece of malware called LilyJade spreads through Facebook and can infect computers across browsers and across platforms. LilyJade was created using a Javascript cross-browser extension framework known as Crossrider. It is currently in beta testing and is capable of running on Internet Explorer, Chrome, and Firefox; support for Safari is expected to be available soon. LilyJade appears to be created to launch click fraud schemes.
-http://www.computerworld.com/s/article/9227351/Cross_browser_worm_spreads_via_Fa
cebook_security_experts_warn?taxonomyId=17
[Editor's Comment (Northcutt): I am guessing this is just the beginning. Facebook is a perfect target for advanced frameworks to establish fraud. I decided to take a year off from most of the social media and let all the smart people sort this stuff out.]

DoJ Crime Statistics Site Hacked (May 21, 2012)

Hackers have reportedly gained access to a US Department of Justice website. The US Bureau of Justice Statistics (BJS) collects, analyzes, and publishes data about crime in the US, including cyber attacks. The Anonymous hacking collective has claimed responsibility for the attack and says it has uploaded 1.7GB of data to the Internet, including internal emails and the site's "entire database dump."
-http://www.zdnet.com/blog/security/anonymous-hacks-bureau-of-justice-leaks-17gb-
of-data/12260
-http://www.chicagotribune.com/sns-rt-usa-hackersl1e8glmqz-20120521,0,6264972.sto
ry

Five-Year Sentence for Role in Phishing Scam (May 18, 2012)

A California woman has been sentenced to five years in prison for her role in phishing ring that netted members more than US $1 million. Nichole Michelle Merzi was convicted last year of bank and wire fraud conspiracy, aggravated identity theft, computer fraud, and money laundering. Merzi was arrested during an international effort dubbed "Operation Phish-Phry," which resulted in charges against 100 alleged hackers in the US and Egypt.
-http://www.scmagazine.com/cyber-crime-ringleader-sentenced-to-five-years-in-pris
on/article/241822/

---

*************************** Sponsored Links: *************************
1) Special Webcast: SEC575 Webcast Series: Session 1: A Taste of SANS Security 575 - Invasion of the Mobile Phone Snatchers Security Architecture 2012 - San Diego Friday, June 01, 2012 at 1:00 PM EDT http://www.sans.org/info/105730
2) Attend SANSFIRE - July 6-15 in Washington DC at the Hilton Washington & Towers. http://www.sans.org/info/105735
************************************************************************

---

THE REST OF THE WEEK'S NEWS

FTC Names Privacy Advocate and Law Professor Paul Ohm Senior Adviser (May 21, 2012)

The US Federal Trade Commission (FTC) has named Paul Ohm as a senior policy adviser for consumer protection and competition issues affecting the Internet and mobile services. Ohm, an associate professor at the University of Colorado Law School, will serve in the FTC's Office of Policy Planning.
-http://www.washingtonpost.com/blogs/post-tech/post/ftc-names-internet-privacy-ex
pert-as-senior-adviser/2012/05/21/gIQA17HofU_blog.html
-http://www.computerworld.com/s/article/9227352/FTC_taps_privacy_advocate_Paul_Oh
m_as_adviser?taxonomyId=17

Supreme Court Will Consider FISA Challenge Case (May 21, 2012)

The US Supreme Court has agreed to consider whether the 2008 FISA Amendments Act can be challenged. Human rights groups and journalists are trying to challenge the law that allows warrantless wiretapping, but the White House maintains that because the plaintiffs cannot prove that their communications were intercepted by government secret surveillance programs, they have no legal standing to challenge the law. A federal appeals court rejected the government's argument last year. The FISA Amendments Acts allows the government to eavesdrop electronically on phone calls and email communications provided that one of the parties involved in the communications is outside the US.
-http://arstechnica.com/tech-policy/2012/05/supreme-court-to-decide-if-journalist
s-can-sue-over-warrantless-wiretaps/
-http://www.wired.com/threatlevel/2012/05/scotus-fisa-challenge/

Supreme Court Will Not Hear Tenenbaum File-Sharing Appeal (May 21, 2012)

The US Supreme Court has declined to hear the appeal of a man who is facing a US $675,000 fine for illegal filesharing. The decision not to hear the case means that Joel Tenenbaum will return to the trial level. The judge in Tenenbaum's initial case ruled that the jury's award was unconstitutional, but the ruling was overturned by an appellate court because the process of "remittitur" should have been used to reduce the verdict before its constitutionality was questioned. Tenenbaum's attorney maintains that the music industry is seeking excessive fines "for the ulterior purpose of creating an urban legend so frightening to
[those ]
using the Internet ... that they will somehow reverse the tide of the digital future."
-http://arstechnica.com/tech-policy/2012/05/supreme-court-declines-to-hear-file-s
wapping-case/
-http://www.wired.com/threatlevel/2012/05/supreme-court-file-sharing/

California Considering Genetic Data Privacy Bill (May 20, 2012)

State legislators in California are considering a bill that would impose restrictions on the use of genetic information. The Genetic Information Privacy Act would require written consent to collect, analyze, retain, and share an individual's genetic information; the bill covers DNA, genetic test results, and family disease history. Access to the information would be limited to those authorized on a consent form and the information would be permitted to be used only for purposes specified on that form. Scientists say the bill could have serious detrimental consequences for genomic research. For example, when researching genes associated with specific diseases, scientists often sequence DNA of thousands of people. The bill would prohibit the scientists from using the dataset generated to study other diseases.
-http://www.scientificamerican.com/article.cfm?id=california-considers-dna

ZTE Says it Will Fix Backdoor in ScoreM Handsets (May 18, 2012)

A China-based handset manufacturer has acknowledged that one of its models contains a backdoor. ZTE's ScoreM handset, which is marketed as an Android phone, contains a backdoor account with a hardcoded password. The company uses the account to update firmware on the phones. ZTE says it will fix the hole.
-http://www.wired.com/threatlevel/2012/05/zte-backdoor/
-http://www.h-online.com/security/news/item/ZTE-admits-to-backdoor-in-one-of-its-
Android-devices-1580108.html
[Editor's Note (Murray): Android is a brand, not a product. The more products covered by the brand, the less the brand says about the quality of the product.]

Class Action Lawsuit Alleges Facebook Violated Privacy Laws (May 18 & 21, 2012)

A class-action lawsuit filed against Facebook seeks US $15 billion in damages for alleged privacy violations. The lawsuit, filed in California, consolidates 21 separate lawsuits from across the US. The suit alleges that the violations occurred as a result of using cookies to track users' browsing; Facebook allegedly tracked user activity even after they logged out of the site. The suit alleges violations of the federal Wiretap Act, the Computer Fraud and Abuse Act, the Stored Communications Act, and various California laws.
-http://www.eweek.com/c/a/Security/Facebook-Class-Action-Lawsuit-Seeks-15-Billion
-for-Privacy-Violations-265753/
-http://www.v3.co.uk/v3-uk/news/2178224/facebook-usd15bn-suit-privacy-violations
[Editor's Note (Murray): It seems to be about money, not privacy, but it could be a really good show. ]

London Police to Extract and Retain Suspects' Mobile Phone Data (May 17, 2012)

Police in London, UK, have put in place a system that extracts data from mobile phones that belong to suspects being held in custody. The Metropolitan Police will retain call history, texts, and contact lists of people who have been held in custody. The practice is currently in place in 16 London boroughs; it could eventually become used across the UK. The system allows law enforcement officers to access the data in police stations, rather than sending the devices out for forensic examination. The data will be retained even when a suspect is released. The data extraction procedure is to be used only when officers have reasonable suspicion that the devices were used in the commission of criminal activity.
-http://www.bbc.co.uk/news/technology-18102793
-http://www.zdnet.com/blog/london/london-police-8216hack-suspects-phones-a-major-
blow-to-human-rights/4775

---

************************************************************************

The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of CounterHackChallenges, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/