Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 13 Num. 49 : Copyright Lawsuits Now In Doubt; BitCoin Exchange Attacked; Arrest in Lulzsec case in the UK?

  • From: The SANS Institute
  • Date: Tue Jun 21 15:21:08 2011

Hash: SHA1

A few hours ago Version 3 of the 20 Critical Security Controls was
released for public comment. This document matters right now because it
provides the underlying validation for the new FISMA continuous
monitoring reporting requirements mandated on June 1 for FY2011, as well
as the methodology that informed the U.S. State Department's hugely
successful cyber risk reduction initiative. It also provides the key
performance metrics agencies and companies are adopting to test the
effectiveness of their security controls. The new version is
cross-mapped with Australia's 35 Top Mitigation Strategies as well as
the NIST 800-53 controls. The 20 Critical Controls will be one of the
key forces shaping the future of cybersecurity management, so it is
probably worth taking the time to read it and send your suggestions.

Review and comment at

SANS NewsBites                  June 21, 2011            Vol. 13, Num. 049
  LulzSec Member Allegedly Arrested
  Judge Casts Doubt on Righthaven's Legal Standing to Bring Copyright Lawsuits
  SCADA Vulnerabilities in Chinese Weapon Control Systems
  MTGox Bitcoin Exchange Suffers Attack
  Attackers Exploiting Just-Patched IE Flaw
    Flash Flaw is Being Actively Exploited
    Sega Acknowledges Customer Data Stolen
    UK Student Facing Extradition for Running Site With Links to Pirated Movies
    Virgin Media Warns Users Infected With Spy Eye Trojan
    Man Indicted in Domain Name Extortion Scheme
    Prison Sentence for Cyber Extortion Scheme

************  SPONSORED BY Raytheon Trusted Computer Solutions ***********

OS hardening doesn't need to take hours or even days to complete.
Instead of locking down your systems manually, try Security Blanket, the
'one click' hardening tool for Linux and Solaris.  Whether you follow
prescribed hardening guidelines like DISA STIGs or PCI, or use a custom
configuration, Security Blanket has you covered.  Free demo available!

 -- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011
7 courses.  Bonus evening presentations include SANS Hacklab and Why
End Users are Your Weakest Link
 -- SANSFIRE 2011, Washington, DC, July 15-24, 2011
41 courses.  Bonus evening presentations include Ninja developers:
Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6?
 -- SANS Boston 2011, Boston, MA, August 8-15, 2011
13 courses.  Bonus evening presentations include Cost Effectively
Implementing PCI through the Critical Controls; and More Practical
Insights on the 20 Critical Controls
 -- SANS Virginia Beach 2011, August 22- September 2, 2011
11 courses.   Bonus evening presentations include SANS Hacklab;
Offensive Countermeasures; and Evolving VoIP Threats
 -- SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011
6 courses.   Bonus evening presentations include DNS Sinkhole: Peer
Into Your Network While You Sleep; and I See What You Did There:
Forensic Time Line Analysis
 -- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011
45 courses.   Bonus evening presentations include Securing the Kids;
Who is Watching the Watchers?; and Emerging Trends in the Law of
information Security and Investigations
 -- Looking for training in your own community? Save on On-Demand training (30 full
courses) - See samples at
Plus Canberra, Melbourne and Tokyo all in the next 90 days.
For a list of all upcoming events, on-line and live:

 --LulzSec Member Allegedly Arrested
(June 21, 2001)
A 19 year old UK man named Ryan Clery was arrested in a "pre-planned,
intelligence-led" operation. According to the e-crimes unit of Scotland
Yard, the raid was linked to the recent intrusion attacks on the
websites of the CIA and Britain's Serious Organised Crime Agency (Soca).
A Scotland Yard spokesman said: "The arrest follows an investigation
into network intrusions and distributed denial of service attacks
against a number of international business and intelligence agencies by
what is believed to be the same hacking group."
[Editor's Note (Honan): This comes in the wake of groups Anonymous and
Lulzsec banding together to form the "Anti-sec" movement and target
computer systems of governments, banks and large corporations.  Last
night the website of SOCA was offline as a result of a DDOS attack ]

 --Judge Casts Doubt on Righthaven's Legal Standing to Bring Copyright Lawsuits
(June 20, 2011)
Righthaven, a company that has attempted to make a name for itself by
suing people for online copyright infringement, is finding the ground
crumbling beneath its legal feet. US District Judge Philip Pro has ruled
that the reposting of an article did not violate copyright law.  The
case in question was brought against a man who posted an article from
the Las Vegas Review-Journal in its entirety; Righthaven was seeking up
to US $150,000 in damages. The company argued that the posting reduced
the number of visitors to the original publication's site. Judge Pro
also found that Righthaven did not have legal standing to bring the
lawsuit. This is not the first time that Righthaven's legal standing to
bring a copyright lawsuit has been questioned.
[Editor's Note (Schultz): I would not be at all surprised if a varient
of Stuxnet that targets these vulnerabilities in these systems surfaces
sometime in the future.]

 --SCADA Vulnerabilities in Chinese Weapon Control Systems
(June 20, 2011)
The US Department of Homeland Security (DHS) has warned that supervisory
control and data acquisition (SCADA) systems used to operate Chinese
weapons systems are vulnerable to attacks. The warning appeared in an
advisory from the DHS Industrial Control Systems Cyber Emergency
Response Team (ISC-CERT). The vulnerabilities affect Sunway ForceControl
and pNetPower SCADA/HMI applications. The vulnerabilities were
discovered by NSS Labs researcher Dillon Beresford.
[Editor's Note (Honan): These Scada systems are also used in other
industries and not just in Chinese weapon control systems.  It is also
worth noting that the ICS-CERT "co-ordinated with the researcher, China
National Vulnerability Database (CNVD), and Sunway to ensure full
remediation of the reported vulnerabilities.]

 --MTGox Bitcoin Exchange Suffers Attacks
(June 20, 2011)
Bitcoin virtual currency exchange MTGox was the target of a cyber attack
that compromised usernames, email addresses and hashed passwords of more
than 61,000 traders. The information was posted to the Internet. The
price of Bitcoin crashed early on Monday, June 20, when an unusually
large sell order was placed from a compromised account. MTGox plans to
roll back all transactions that occurred after the fraudulent sell
The Internet Storm Center posted Lenny Zeltser's terrific explanation of the attack:,bitcoin-exchange-hacked-61000-accounts-published.aspx,2817,2387279,00.asp
[Editor's Comment (Northcutt): Hmmm, I thought the whole premise is that
you can't roll back a transaction? Anyway, this reminds me of Digicrash,
er uh, Digicash. It is amazing, but the SecondLife Linden Exchange seems
to be the most stable of these systems so far. (Honan): This story about $500,000
being stolen from a hacked Windows PC may also have had an impact on the

 --Attackers Exploiting Just-Patched IE Flaw
(June 17, 2011)
One of the vulnerabilities Microsoft patched in a security bulletin on
Tuesday June 14 is now being actively exploited. The fix for the Timed
Interactive Multimedia Extensions memory corruption flaw was included
in a cumulative fix for Internet Explorer (IE). The flaw affects IE 6,
7 and 8, but the exploit detected in the wild appears to affect just IE 8.

***************************  SPONSORED LINKS  ******************************
1) Download the Symantec Endpoint Protection 12 Beta for unrivaled
security and blazing performance.

2) Learn how to secure your network during the IPv6 transition at the
Security Impact of IPv6 Summit July 15th in Washington DC and take
advantage of the post-Summit IPv6 Essentials course July 16th.

3) Sign up for SANS Webcast:Practical Use of the Next-Generation
Firewall to Control Advanced Malware sponsored by Palo Alto Networks.
Go to

 --Flash Flaw is Being Actively Exploited
(June 20, 2011)
Attackers are actively exploiting a vulnerability in Flash Player for
which Adobe issued a patch last week. The flaw is being exploited
through drive-by attacks on legitimate websites as well as through spear
phishing attacks. The attacks infiltrate users' computers "in the
background," leaving them unaware that their machines have been infected
with malware. Adobe's director of product security and privacy Brad
Arkin acknowledged that attackers are likely targeting Flash because of
its ubiquity. Adobe has been focusing on getting out-of-cycle fixes
released quickly when attacks exploiting zero-day flaws are detected in
the wild.

 --Sega Acknowledges Customer Data Stolen
(June 19 & 20, 2011)
Sega, the video game company, says one of its databases has been hacked,
exposing sensitive personal information of 1.3 million Sega customers.
The Sega Pass website database contains customers' names, dates of
birth, email addresses and encrypted passwords. Sega has notified
affected customers of the breach. Payment information appears to be
unaffected by the attack. Because of the information compromised,
customers were warned to be on the lookout for suspicious communications
seeking more personal data. The Sega pass website has been temporarily
disabled while Sega investigates the incident; the company has reset all
user passwords.
Internet Storm Center:

 --UK Student Facing Extradition for Running Site With Links to Pirated Movies
(June 17 & 20, 2011)
A UK student who allegedly ran a website that contained links to other
sites hosting pirated content is facing extradition to the US to face
charges of conspiracy to commit copyright infringement and criminal
copyright infringement. A British court granted Richard O'Dwyer bail,
the terms of which prohibit him from entering airports and other ports
and from applying to register new domain names. If he is extradited and
convicted of the charges in the US, O'Dwyer could face a five year
prison sentence. O'Dwyer's lawyer says the extradition demands violate
his client's human rights. O'Dwyer's website was hosted in the UK and
UK laws pertinent to the situation already exist. If he is extradited,
O'Dwyer would face harsher penalties.,student-faces-us-copyright-extradition.aspx;content

 --Virgin Media Warns Users Infected With Spy Eye Trojan
(June 17, 2011)
Internet service provider (ISP) Virgin Media has warned about 1,500
customers that their computers have been infected with the SpyEye Trojan
horse program. Virgin has provided the customers with advice from the
UK's Serious Organised Crime Agency (SOCA) for cleaning their computers.
[Editor's Comment (Northcutt): ISPs helping to notify their users may
be the only way we can start to manage SpyEye, Sunspot etc.
(Honan): Well done to Virgin Media for taking this proactive step in
reducing the amount of infected PCs on the Internet, hopefully other
ISPs will follow their example.]

 --Man Indicted in Domain Name Extortion Scheme
(June 17, 2011)
A federal grand jury in San Jose, California has indicted an Indian man
on charges of computer hacking and extortion for allegedly breaking into
and taking over the account of oDesk.  Chetan Suresh
Bendale allegedly changed the passwords and administrative contact for
the Redwood City, California-based technology staffing company and
threatened to expose the company's information unless he was paid US $1
million. US authorities plan to seek extradition.

 --Prison Sentence for Cyber Extortion Scheme
(June 17, 2011)
A German man has been sentenced to nearly three years in prison for his
role in a cyber extortion scheme against six gambling websites prior to
last year's World Cup tournament. The unnamed man was also ordered to
pay 350,000 Euros (US $502,000). He reportedly hired a botnet and
threatened to launch distributed denial-of-service (DDoS) attacks
against the gambling sites unless they paid him 2,500 Euros (US $3,600).
He collected a total of 5,000 Euros from three of the sites; the other
sites did not give in to his demands.

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and
the author/co-author of books on Unix security, Internet security,
Windows NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses ( and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology

Mark Weatherford, Chief Security Officer, North American Electric
Reliability Corporation (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit

Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools -


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.