Stratfor Documents Obtained in December 2011 Breach - Released

The fallout from the December 2011 breach of Stratfor was not fully felt until today, when the website WikiLeaks released a statement that they would begin to publish "5 million e-mails from the private intelligence company Stratfor, starting with a company "glossary" that features unflattering descriptions of U.S. government agencies." 


Stratfor will not confirm nor deny the authenticity of the documents but they do make mention that the documents can now be easily edited by those who release the information.


Wikileaks has stated that the documents will be released through a network of more than 25 news outlets and activist groups in the coming weeks. The first document out was titled "The Stratfor Glossary of Useful, Baffling and Strange Intelligence Terms," featuring brief and sometimes humorous definitions and blunt assessments of U.S. intelligence and law enforcement.


To read more about Stratfor and Wikileaks click here
To read the full text of what was released click here

New Microsoft Windows Server 8 FCI Integrates Websense DLP Technology

Data breaches and theft can be detrimental to any company and preventing the accidental loss or misuse of sensitive documents is a major IT security concern. In this video demo, we explain how Microsoft has integrated Websense DLP technology into its File Classification Infrastructure to prevent these major data-stealing attacks.

Websense DLP technology is a key feature in the Websense® TRITON™ solution, which offers unified web, email, and data security. The TRITON modules are available separately or together, and can be deployed in enterprise-grade appliances, as cloud-based services (SaaS), and as powerful and efficient hybrids of on-premise and SaaS elements working together. Backed by Websense data classification expertise, the collaboration between Microsoft and Websense technologies allows organizations to accurately monitor, identify, categorize, and ensure protection and proper use of sensitive information— as it is being authored.

Web Security Company Mykonos Acquired by Juniper Networks

Juniper networks closed the 80 million dollar deal February 13th and has added Mykonos, a provider of website and web application security software, to their Security Business Unit. 

The idea behind the acquisition is that Juniper can use the technology to detect attacks before the attack is in progress. The Mykonos product uses predictive analysis and deception-based software that is able to catch an attack in progress, profile the attack, learn the behavior, and then using that behavior to thwart future attacks.

Citing data from a Verizon report, Juniper says web applications are among the largest unprotected attack surfaces and the frequency of attack is increasing.

Read more about this acquisition on Network World

Shameless Plug Tuesday!

One of our goals of DLP Digest is to keep the "sales pitch" out of our updates and provide a non-biased view of what is happening in the technology and security worlds. However, from time to time we can't help but promote some of the cool stuff we are doing with our education and training programs. We have just rolled out regional training dates for Websense DLP solutions and chances are we will be in a city near you very soon! So sign up and maximize your organization's investment! Attevo is proud to announce a Websense Authorized Training program designed to provide organizations with the knowledge and skills needed to confidently manage your Websense technology investment. Attevo Websense certified instructors provide classroom, on-premise, or customized training for the following technologies: Web Security Gateway Anywhere Email Security Gateway Data Security Suite Triton Enterprise Attevo offers formal classroom training in Cleveland, Ohio on a regular basis in addition, we currently have regional courses scheduled in the following cities: New York City:  April 16-19  Atlanta:           April 23-26 Chicago:          April 30-May 3 Dallas:             May 7-10 Los Angeles:     May 14-17 Seattle:           May 21-24 St. Louis:         June 4-7 Course Schedules and Course Outlines can be found using the OnCourse button or date links above.  We now return you to your regularly scheduled programming...

Cool Websense Security Survey Infographic

Content Security and Data Loss Prevention company, Websense in conjunction with independent research firm Dynamic Markets just released their "Security Pros & ‘Cons’" survey. IT managers and non-IT employees in the U.S., UK, Canada, and Australia where they asked about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs).

Websense has condensed the findings of the study into an easy to read infographic. The portion of the infographic below is one of the more interesting data points collected regarding a "false sense of security" that is felt by many IT managers. They know that they need to protect their organization against modern malware and web 2.0 threats, but 52% of IT managers do not protect their organization from confidential data being uploaded to the web.

Fortunately, help is on the horizon as headline-grabbing security incidents have promoted data security talks amongst top management and have driven focus on security, including the need for additional budget. Click here to download the full report 

Wall Street Journal: Chinese Hackers Suspected In Long-Term Nortel Breach

In an article in the Wall Street Journal by Siobhan Gorman it is speculated that the over decade long breach of the once massive telecommunications company Nortel  was the result of hackers based on China. The article goes on to detail recent U.S. intelligence reports that Chinese hackers are a threat to world networks and that "both government-affiliated and private-sector [Chinese Hackers]—are the world's most 'active and persistent' perpetrators of industrial spying."


While China has been a hot topic in security news for a while I think the most egregious offense is the negligence on the side of Nortel executives. It was reported in the article that nothing was done from a security standpoint after the breach was discovered other than changing the passwords that were used to gain access to the network.


Publicly traded Nortel did not disclose the breach and did not believe that they had to make investors aware because it was not considered a "material" risk or event. Late last year the SEC released a formal memo stating that cyber attacks can be "material" and that an organization must investigate all cyber attacks to determine if they are in fact "material".


In the meantime, Nortel was also in the process of selling portions of their business as a result of filing for bankruptcy. Even during this process executives did not disclose the breach to potential buyers. According to the article, former CEO of Nortel Mike Zafirovski believes, " People who looked at [the hacking] did not believe it was a real issue. This never came up like, 'We have a real issue and we need to disclose to potential buyers of businesses.' Mr. Zafirovski said he didn't believe the infiltrations could be passed on to acquiring companies. 'That's a real, real stretch'."

The article in the WSJ is a great comprehensive timeline of the Nortel breach and all of the factors at play in this complicated story. While outside hackers are a threat to networks, an even greater threat to world networks is a lack of security education, or in this case negligent organizations. Tell us what you think and be sure to check out the full WSJ article here: Chinese Hackers Suspected in Long-Term Nortel Breach

Foxconn Breached

Hackers have breached embattled technology manufacturer Foxconn. The hacking group, Swagg Security, uploaded a collection of files to the Pirate Bay website that, once downloaded and uncompressed, measured almost 16 megabytes in size and contained around 25 spreadsheets along with a handful of text documents.

As reported by Time.Com " One document titled 'Company_Sensitive_information.txt' contains what the group claims are login credentials that 'could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel, and Dell.' "  

Some may remember Foxconn as the 900,000 employee company that manufactures iPhones, iPads and other consumer technologies by hand and has seen a a rash of employee suicides blamed on poor working conditions. Many consumers have begun to speak out against Foxconn's unfair labor practices and what is seen as Apple's apathy towards the issue.

In the same Time.com article, "Some consumers don’t think that’s enough, however. A group of 'concerned Apple customers' has announced that it will be delivering more than 250,000 petition signatures to Apple 'demanding the company respond to recent criticisms of worker abuse in their supplier factories and commit to creating an ethical iPhone 5.'"

It will be interesting to see what happens to Foxconn, and the consumer electronics companies that rely on their services to keep prices low. 

For more information on this topic check out the Time.com/Techland article here: Time.com -- Techland

Man in the Browser Attacks Online Banking Customers

Last week you may remember that Symantec notified pcAnywhere customers of the potential for "Man in the Middle" attacks as a result of their leaked source code. This week a malware testing lab out of Britain,  S21sec, is warning online banking users of "Man in the Browser" or MitB threats. 


The idea behind these two threats, despite the different name, is the same. The user downloads malware accidentally and the application lives in their browser and alters what is seen on the site and where the entered data goes. Some more sophisticated versions will change payment details and amounts to try and cover the malicious activity.

Fortunately, many banks use software that understands a user's patterns and when something out of the norm occurs, the bank will alert the account holder of the activity. 

Read more: UPI.com

Anonymous Strikes Again - Texas Police Officer Edition

A hacker affiliated with Anonymous has gained access to the Texas Police Association website and obtained names, addresses and police departments of more than 700 officers across the state. These records were then published along with a link to a news story about a Texas police officer being placed on administrative leave while being investigated for child pornography charges.


This is not the first time the Texas Police Association's website has been hacked, but it is the first time personal data has been revealed. Erwin Ballarta, Executive Director of the Texas Police Association has contacted the FBI.

pcAnywhere is Safe Again

Symantec issued a statement updating their pcAnywhere customers with the news that they were able to patch all breach-exposed vulnerabilities that had previously caused the company to advise users to disable the product.

"On Friday, January 27, 2012, Symantec released a patch that eliminates known

vulnerabilities affecting customers using pcAnywhere 12.0 and pcAnywhere 12.1."

Symantec is also offering a free-upon-request upgrade to the latest version of pcAnywhere, version 12.5. Users should send the company an email to their pcanywhere@symantec.com address.