Issue No. 3, March 2014. Monthly newsletter


Issue No. 3 | March 2014

Cyber security monthly newsletter

6 March

State Duma approves draft proposal to block websites with pirated content

In late February, Sergey Zheleznyak, a member of the United Russia party and vice speaker of the State Duma, proposed a bill to limit Internet access not only to films, but also to any pirated content online.

11 March
Russian Federal Service for Technical and Export Control issues draft order

The Russian Federal Service for Technical and Export Control (FSTEK) has issued a draft order approving information security requirements for automated business and production process management systems used at critical and hazardous facilities, as well as at facilities exposed to risks that may result in catastrophic health and environmental damages.

Legislative news and regulatory recommendations


What is a DoS attack?

A DoS, or DDoS, attack can be best explained with an analogy. Several times a week, the world’s oceans may produce single, abnormally huge waves that are unlike regular waves. They occur spontaneously, reaching as high as 100 feet (30 metres) on a calm sea. When bumping against a vertical wall of water, a ship, however big, is unlikely to stay afloat (disaster film Poseidon illustrates a similar situation). The Internet, with its waves of information, is similar to an ocean. Similarly, a website can get caught in a storm as a result of a DoS attack. Such attacks are often referred to as flooding attacks.

3 March

iOS 7 keyloggers

The situation with mobile application keyloggers is getting more attention in the mobile world. Jailbroken mobile devices with IOS 7 have been known for some time to be vulnerable to keyloggers, who register user gestures and button presses and transfer this information to miscreants. Now, non-jailbroken IOS devices also fall under this threat.

12 March

SPlashData's most common passwords for 2013

In 2013, SplashData published the annual top 25 most common passwords leaked onto the Internet. Adobe's "leaky" database has also contributed to this list. 'Password' is now only second to '123456', a second-time top winner.

14 March

Russian Federation Council: bans not enough to ensure child safety on Internet; quality replacement content needed

The Russian Federation Council held a parliamentary session to discuss hot issues related to child safety on the Internet.

24 March

MS Word vulnerability exploited in the wild

According to Microsoft's Security Advisory 2953095 (SA 2953095), hackers may carry out targeted attacks by exploiting a new memory-corruption cross-Word (2003-2007-2010-2013) 0day vulnerability (CVE-2014-1761) to remotely execute a malicious code. A specially crafted Rich Text Format (RTF) is used to execute the code, via either a flawed MS Word version or as a user views an MS Outlook message containing the malicious RTF. Although attackers have used MS Word 2010 exploits, the remote code execution flaw also exists in Microsoft Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011.

26 March

Protecting your data: How?

Today, it is almost impossible to guarantee the safety of either corporate or user data kept on e-mail services, PCs and cloud storage. An e-mail service can be hacked. Data from a laptop, either yours or your colleague's, can be copied and used by other employees for their own purposes. Is there a way to protect your information? Although no company can give you an iron-clad guarantee of the safety of your data, there is still a way forward: you can use encryption to protect your data.

Staying secured

Finance sector

2 March

Banking attacks

I would like to briefly discuss here the standard recently issued by the Bank of Russia (also discussed in my report). The standard explains that the life cycle of a banking software system consists of seven stages, spanning from system specifications to decommissioning. In my report, I use real-life stories about attacks to show how trends related to these attacks could have been reversed if banks had started to apply this standard earlier.

17 March

Alfa Bank and VTB 24 websites attacked

Alfa Bank's Internet resources are unavailable. There are also issues with its ATM network. According to information published by Alfa Bank on its official Facebook page, the problem is due to "issues on the provider side."

17 March

Antivirus experts warn about increased banking attacks

The antivirus industry reports increased malicious activities targeting online banking services. According to antivirus experts, bank websites have seen an increase not only in hacking but also in DDoS attacks.

19 March

Following stress tests of banks in Eurozone, ECB to take measures to protect information

Having launched large-scale stress tests for 128 of the largest Eurozone banks, the European Central Bank is now concerned about how to maintain the confidentiality of the test results. In particular, Eurozone bankers are concerned about potential leaks that may take place before the official reviews of balance sheets are published, giving rise to speculations and complicating life for investors, according to a reporter in Brussels.

19 March

About 90 million rubles stolen by hackers from QIWI accounts

QIWI, a payment system provider, has found that 687 of its user accounts have been hacked, with 88 million rubles stolen by hackers.

27 March

Ukrainian hackers leak data from 7 million bank card holders online

A hacking group claiming that it represents Anonymous in Ukraine has leaked data from 7 million holders of Visa, MasterCard, American Express and Discover cards, including names, online. The hackers wrote about the data dump on their Twitter blog. After downloading the leaked files, Vedomosti, a Russian business daily, noted that the files contained information looking like credit card data.


Internet and telecommunications

6 March

Meetup's CEO blackmailed to pay $300 for stopping DDoS attack

The CEO of Meetup received a rather unusual e-mail message saying "your competitor has asked me for a DDoS attack at your website. I can stop it for USD 300. Let me know if you are interested." Before the CEO could read the message, a 8.2 Gbps DDoS attack launched against the site, causing it to crash.

9 March

Norwegian telecom carrier's router software exploits user IPs to reveal customer telephone numbers

Recently, a problem has been found with a Norwegian telecommuncations carrier NextGenTel, making the I-will-hunt-you-down-by-your-IP threat quite real. Software installed on NextGenTel routers exploited user IPs to show telephone numbers in a browser.

12 March

Over 162,000 WordPress-driven websites exploited in massive DDoS attack

A massive DDoS attack has been waged on thousands of WordPress-driven websites.

13 March

Facebook user computers infected by NSA

According to news from the Intercept, an online publication, the U.S. National Security Agency has used Facebook to infect users' computers.

14 March

Hackers attack

If you try to access the home page at, you come up against a message telling you that the "website is unavailable." The website is now functional; however, some pages may occasionally fail when accessed.

16 March

CyberBerkut attacks NATO's websites

On 15 March, Saturday evening, hacker group CyberBerkut attacked NATO's websites, protesting against "NATO's invasion" into Ukraine. The attackers wrote about the attack on their webpage.

23 March

New York Times: NSA has had access to Huawei's servers for several years

According to a report by the New York Times, the NSA has had access to the servers of Chinese company Huawei for several years.

27 March

Russian Internet starts cyberthreat map service

The Russian Internet, known as RuNet, has started a real-time map service that shows cyber threats as they occur across the world. Kaspersky Lab's press service, which is responsible for launching the map, says that the interactive map will show the activity of e-mail and online antivirus tools, as well as vulnerabilities and network attacks as they are identified.


Industry and services

6 March

Hackers leak RosOboronExport documents onto Internet

According to messages published on Twitter and on 6 March, hackers who claim to be part of the Anonymous movement have published the internal archives of state-owned company RusOboronExport (Russian Defense Export).

13 March

Indian police unresponsive to citizen complaints for 8 years due to lost data base password

The Delhi police have had no complaints from citizens for 8 years, and it is not because of their perfect track record: a lost password prevented them from accessing their complaint data base the entire time.

20 March

Google launches encryption for Gmail traffic between data centers to ensure better protection of user data

According to Google, its Gmail team has decided to start encryption for Gmail traffic between its data centers. The encryption is generally aimed at protecting personal user data from being spied on by North Korea, the NSA, and similar intelligence services engaged in traffic interception and analysis.

20 March

FBI arrests Russian programmer, acting on information from Microsoft

In Seattle, the FBI has arrested Alexey Kibkalo, a Russian programmer suspected of disclosing Microsoft trade secrets.

21 March

Microsoft may be paid by FBI for each official information request on its users

The Syrian Electronic Army has leaked interesting information that the FBI seems to pay Microsoft, whose invoices have been obtained by the hackers, for each information request about Microsoft customers.


1 March

CAdES formats overview

This article offers a review of CAdES (CMS Advanced Electronic Signatures). It is based on both my personal theoretical research and my experience with implementation and verification of CAdES signatures.

3 March

3G/4G network security

Cell tower setup costs comprise a significant portion of a carrier's expenditure, which is why carriers seek to lower costs incurred to build and operate 3G/4G networks. They can also do so by using new technology: Networks have evolved ATM connectivity to SDH/SONET, DSL, IP/MPLS and metro Ethernet.

4 March

Online bugs in news

Apple has recently made a serious mistake, leaving an excessive unconditional 'goto' command in the middle of the SSLVerifySignedServerKeyExchange function that verifies a server signature when setting up an SSL connection. The result was that the function completed its operation successfully without actually verifying the signature.

10 March

Finger-written signature

This post is about finger-written signatures used to authenticate individuals. This technology has been attracting huge interest as touchscreen mobile devices become more widespread. Just imagine opening an e-mail and putting down your finger signature so that you instantly have a legally valid document ready to be sent back to your addressee.  While in other countries this technology has been around for quite some time, in Russia the only trusted form of signature is either a hand-written signature put on a paper document or an officially registered digital signature on an electronic document.

14 March

Differential cryptoanalysis for dummies

FEAL may be even more robust than DES. Unlike DES with its 56-bit key, FEAL has an increased key length of 64 bits, making key search more difficult. Unlike DES, FEAL offers an additional advantage: almost random cyphertext distribution.

Learn something new: cyber security technology updates

March 7

HTTPS traffic analysis can leak user sensitive data

A Team of US researchers at UC Berkeley conducted a study on the HTTPS traffic analysis of ten widely used HTTPS-secured Web sites with surprising results.

March 10

The marketing approach of cybercrime to phishing emails

Mark Sparshott, director at Proofpoint, explained that cybercrime manages phishing emails using techniques similar to those used by the marketing industry.

March 11

$5 Billion in Military Cyber Spending fivefold increase over last year

The Military Cyber Spending reserved by the Pentagon for cyber operations next year is $5 Billion, part of the comprehensive $496 billion fiscal 2015 budget.

March 14

TURBINE, how NSA has plundered botnets to the cybercrime

TURBINE is the codename for a sophisticated hacking platform to take control of C&C servers managed by cybercrime. The NSA has been hijacking the botnets managed by cybercrime to its own purpose, this is the last revelation on questionable activities of the agency.

March 16

NATO websites hit in cyber attack linked to Crimea tension

Hackers brought down several public NATO websites, the alliance said on Sunday, in what appeared to be the latest escalation in cyberspace over growing tensions over Crimea.

March 17

Banking's back room risk cops step into top jobs

Once modest of pay and profile, risk experts are being reborn as rock stars of the banking world - their status and salaries soaring as regulators force financial institutions to clean up.

March 25

ATM malware, controlled by a text message, spews cash

A group of enterprising cyber criminals have figured out how to get cash from a certain type of ATM -- by text message. The latest development was spotted by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico.

Foreigner corner

Did you find this useful?