NOW -News in the Outside World

SFBayISSA Chapter MeetingJune 11, 2014Your name could be here!

1

Agenda

2

Bitly Warns of Breach, Disables Facebook and Twitter Accounts

EBay Asks Users to Change Passwords After Cyber-attack

California Joins Other States In Investigation Of eBay Hack

U.S. accuses China of cyber spying on American companies

Economic Espionage: Protecting American’s Trade Secrets

THREATCON Status

Information Security Culture

Bonus news to know: FBI Agent: We've Dismantled The Leaders Of Anonymous http://www.huffingtonpost.com/2013/08/21/anonymous-arrests-fbi_n_3780980.html

http://www.kqed.org/news/story/2012/03/06/86961/to_solve_hacking_case_feds_get_hacker_of_their_own?category=u.s

Apple iPhones, iPads Hijacked, Held for Ransom in Australia http://www.eweek.com/security/apple-iphones-ipads-hijacked-held-for-ransom-in-australia.html

Bitly Warns of Breach, Disables Facebook and Twitter Accounts http://blogs.wsj.com/digits/2014/05/09/bitly-warns-of-breach-disables-facebook-and-twitter-accounts/ http://www.ask.com/wiki/OAuth / http://oauth.net/about/ http://www.eweek.com/blogs/security-watch/bitly-installs-two-factor-security-after-insider-account-compromise.html

3

May 9, 2014

Bitly suspects that some “account credentials have been compromised.”  Bitly disconnected its users’ Facebook and Twitter accounts from its site to protect private information like email addresses and encrypted passwords.Bitly urged its users to reset their passwords, change access tools called API keys and OAuth tokens and reconnect their social media accounts. Otherwise, it gave little detail on the breach or the impact.Bitly said it believes email users’ addresses, encrypted passwords, and the API and OAuth information were compromised. Bitly is also recommending iPhone users download the latest version of its app.

May 14, 2014 - Bitly Installs Two-Factor Security After Insider Account Compromise

Bitly has now disclosed that the problem is just the latest example of an insider compromise. Audit logs for the hosted source code repository that contains the credentials for access to the offsite database backup storage identified that the unauthorized access was initiated from an employee's account.

Two-factor authentication for all Bitly accounts on the source code repository was immediately implemented.

The CTO of Bitly reports “While we don't know exactly how the Bitly employee account was compromised, what is clear from my perspective is that employees remain weak links in security. Many organizations have spent time and money securing their enterprises from external threats, but don't have the same rigor in place internally.”

Bitly Warns of Breach, Disables Facebook and Twitter Accounts http://blogs.wsj.com/digits/2014/05/09/bitly-warns-of-breach-disables-facebook-and-twitter-accounts/ http://www.ask.com/wiki/OAuth / http://oauth.net/about/ http://www.eweek.com/blogs/security-watch/bitly-installs-two-factor-security-after-insider-account-compromise.html

4

May 9, 2014

Bitly suspects that some “account credentials have been compromised.”  Bitly disconnected its users’ Facebook and Twitter accounts from its site to protect private information like email addresses and encrypted passwords.Bitly urged its users to reset their passwords, change access tools called API keys and OAuth tokens and reconnect their social media accounts. Otherwise, it gave little detail on the breach or the impact.Bitly said it believes email users’ addresses, encrypted passwords, and the API and OAuth information were compromised. Bitly is also recommending iPhone users download the latest version of its app.

May 14, 2014 - Bitly Installs Two-Factor Security After Insider Account Compromise

Bitly has now disclosed that the problem is just the latest example of an insider compromise. Audit logs for the hosted source code repository that contains the credentials for access to the offsite database backup storage identified that the unauthorized access was initiated from an employee's account.

Two-factor authentication for all Bitly accounts on the source code repository was immediately implemented.

The CTO of Bitly reports “While we don't know exactly how the Bitly employee account was compromised, what is clear from my perspective is that employees remain weak links in security. Many organizations have spent time and money securing their enterprises from external threats, but don't have the same rigor in place internally.”

EBay Asks Users to Change Passwords After Cyberattack Compromised Database Contains Encrypted Passwords, Not Financial Data http://online.wsj.com/news/articles/SB10001424052702303980004579575802725316802?KEYWORDS=ebay&mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702303980004579575802725316802.html%3FKEYWORDS%3Debay

5

May 19, 2014 Associated Press

EBAY asked the 145 million registered users to change their passwords following a cyberattack that compromised a database containing encrypted passwords and other data.

The attackers gained access to the corporate network by compromising some employees' login credentials, eBay said.

The compromised eBay database includes passwords, email addresses, physical addresses, phone numbers and dates of birth, the company said. EBay said it would encourage users who used the same password on other sites to change those passwords as well.

California Joins Other States In Investigation Of eBay Hackhttp://www.forbes.com/sites/ryanmac/2014/05/23/as-ebay-notifies-users-of-hack-states-launch-investigation/

6

May 23, 2014

At least four U.S. states have started an investigation into eBay in light of the web-based auction company’s announcement earlier this week that it had been hacked. Attorneys General for Florida, Connecticut, Illinois and California said this week that they are looking into the online business practices of the San Jose, Calif.-based company, which asked all of its users to change their passwords after a database containing personal data and user information was compromised.

eBay announced that its database was hacked “between late February and early March,” allowing cyber-attackers access to names, encrypted passwords, email addresses, home addresses, phone numbers and dates of birth. An eBay spokesperson said that as many 145 million users may have been affected by the breach.

Noted in the most recent eBay quarterly report: ”Negative publicity and user sentiment generated as a result of fraudulent or deceptive conduct by users of our Marketplaces, Payments and Enterprise services could reduce our ability to attract new users or retain our current users, damage our reputation and diminish the value of our brand names. We believe that negative user experiences are one of the primary reasons users stop using our services.”

New York Attorney General Eric Schneiderman said that he “fully expects eBay to provide free credit monitoring services to customers impacted by this breach” but did not mention any further investigation in a statement.

U.S. accuses China of cyber spying on American companieshttp://www.reuters.com/article/2014/05/19/us-cybercrime-usa-china-idUSBREA4I09420140519 http://www.cnn.com/2014/05/19/justice/china-hacking-charges/index.html http://www.economist.com/blogs/democracyinamerica/2014/05/industrial-espionage

7

May 19, 2014

On May 19, 2014, the United States Department of Justice filed charges against five members of the People’s Liberation Army of the People’s Republic of China. The individuals are charged with 31 counts, including economic espionage, theft of trade secrets, and conspiring to commit computer fraud. The indictment states that these individuals conspired to attack the networks of six or more U.S. companies between 2006 and 2014 while the companies were involved in business or legal actions with Chinese state-owned enterprises.

The indictment lists the hacked companies as:

• U.S. Steel Corp. • Westinghouse • Alcoa • Allegheny Technologies • The United Steel Workers Union • SolarWorld (a U.S. subsidiary of a German company)

Per information released by the FBI, these companies were targeted with fraudulent emails used to install malicious software. The malicious software then extended access within the company and exfiltrated proprietary information including emails, trade secrets, and technical specifications.

Economic Espionage: Protecting American’s Trade Secretshttp://www.fbi.gov/about-us/investigate/counterintelligence/economic-espionage

8

What are trade secrets?

Trade secrets are all forms and types of financial, business, scientific, technical, economic or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, complied, or memorialized physically, electronically, graphically, photographically or in writing,

(1)which the owner has taken reasonable measures to protect; and (2)which have an independent economic value from not being generally known to the public.

Commonly referred to as proprietary information, economic policy information, trade information, proprietary technology, or critical technology.

THREATCON Status – ELEVATED (where the operating environment is one that adversely impacts our ability to carry out some facet of our business.) http://security.homestead.wellsfargo.com/sites/SOC/CTI/WFTHREATCON/default.aspx

9

These enterprise threats are being actively tracked:

Events surrounding new variants of malware – Increases in ransomware activity

Malicious activity possibly targeting the financial sector with potential to cause significant impact

Life-cycle changes to an OpenSSL vulnerability - "Heartbleed" Bug in OpenSSL

Life-cycle changes to the May Open Systems Patches (Urgent)Life-cycle changes to the April Open Systems Patches (Urgent)

Life-cycle changes to the April Adobe Patches

Life-cycle changes to the May Microsoft Patches

Life-cycle changes to Apache Struts vulnerabilities - Exploits in the wild using automated tools

Wells Fargo Information Security Culture

10

Managing a company’s reputation is a team effort.

Please keep these concerns in mind while practicing your Information Security discipline.

Thank you.