–New York Times Domain Hijack Due to Phishing Email (29th August) On Wednesday evening hackers claiming to be part of the Syrian Electronic Army disrupted web services for the New York Times, as well as the Huffington Post UK and the Twitter image sharing site Twing.com.
The attack appears to have originated after a user in a reseller for Australian based domain registrar Melbourne IT fell victim to a “targeted phishing attack”. Melbourne IT is the domain registrar for the New York Times and the other affected domains. As a result the attackers gained access to the username and password of the reseller.
The attackers were then able to alter the DNS records for the affected sites to servers under their control based in Russia. Control over the domain records were eventually returned to the rightful owners and normal services restored.
Internet Storm Center: https://isc.sans.edu/diary/NY+Times+DNS+Compromised/16451
http://www.theregister.co.uk/2013/08/27/twitter_ny_times_in_domain_hijack/
http://www.net-security.org/secworld.php?id=15478
http://www.theguardian.com/technology/2013/aug/28/twitter-newyorktimes-hack-syrian-electronic-army
[Editor’s Note (Ullrich): Yet another simple “give me your password”
attack. It should be noted that the attack against twitter was only partially successful due to Twitter taking advantage of the Domain Lock feature for it’s main twitter.com domain.]
–NIST Releases Cybersecurity Draft Framework (28th August) The US National Institute of Standards and Technology has released a preliminary cybersecurity draft framework outlining standards and guidelines to support President Obama’s “Improving Critical Infrastructure Cybersecurity” executive order issued in February of this year. The NIST document states “The framework, developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk, in a manner similar to financial, safety, and operational risk.” A spokesperson for NIST said the document is a discussion draft ahead of NIST’s upcoming meeting in September where officials will meet with industry to discuss cybersecurity and help shape the forthcoming framework.
http://fcw.com/articles/2013/08/28/nist-cybersecurity-framework.aspx
http://nist.gov/itl/upload/discussion-draft_preliminary-cybersecurity-framework-082813.pdf
[Editor’s Note (Paller): I am very hopeful that this framework is a first step in the right direction. The draft framework itself fails to accomplish what the Presidential Directive specified, (a Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach.”) The only criterion on which it excels is “flexibility” because any organization could do almost anything and claim it is following this framework. It fails most completely on prioritization and cost-effectiveness. I think the authors in the White House knew not to expect much from the team doing the initial framework and gave the subsequent job of making the framework real to DHS. If they can get the team John Streufert assembled there to demonstrate how to add the prioritization and cost-effectiveness, the Framework can be the beginning of important improvements.]
–Three Men Charged with Stealing Company Code from Wall Street Firm (27th August) Three men have been charged in a scheme to steal the source code for the electronic trading software of a Wall Street based firm. Two of those charged were employees of the firm. They are accused of emailing the code from their work accounts to their personal accounts. According to the complaint one of the accused, Glen Cressman, a trader at the firm, sent emails to his personal account which included trading strategies
and valuation algorithms. He is charged with two counts of unlawful
duplication of computer related material and unauthorized use of secret scientific material. One of his alleged conspirators and former co-worker, Jason Vuu, faces twenty counts of the same charge. Vuu is alleged to have shared the stolen information with a former college friend with the aim to set up their own trading company.
http://www.theregister.co.uk/2013/08/27/wall_street_secrets_stolen_via_email/
Deja un comentario