skip navigation

More signal. Less noise.

Daily briefing.

Iran's ongoing naval exercises feature cyber defense operations. That nation's sympathizers in the Izz ad-Din al-Qassam Cyber Fighters tried another denial-of-service attack against US banks on Christmas day, but the attempt fizzled. (They threaten to continue their DDOS campaign, and industry analysts generally believe 2013 will see a continued uptick in these familiar attacks.)

The Internet Explorer zero-day vulnerabilities disclosed at last week's end have been exploited in a waterholing campaign. Waterholing attacks infect topically related Websites members of particular communities are thought likely to visit; they then infect visitors on a drive-by basis. This latest attack is centered on the Council on Foreign Relations and may be the work of Chinese hackers.

US Army servers at Aberdeen Proving Grounds are hacked, compromising personnel files and visitor information from CECOM's former headquarters at Fort Monmouth.

We saw Friday how some universities help students sanitize their online image (mostly by shifting search results away from embarrassing party pictures). A new app launched today takes a more proactive approach: Clearable aims to educate the rising cyber generation on how their online behavior may impact their ability to land a sensitive and interesting job. Available to people younger than college seniors (and to their parents) it offers a look into one's social media presence similar to that taken by the US Government clearance process.

DARPA seeks to rectify "inherent vulnerabilities" in software. The headline says "in drones," but the problem is much wider.

Pakistan clamps down on YouTube, which augurs more Internet censorship.

Notes.

Today's issue includes events affecting Bagladesh, Canada, China, Finland, Iran, Japan, Korea, Mexico, Maldives, New Zealand, Oman, Pakistan, Philippines, Russia, Sweden, United States..

At year's end, we'd like to thank you for reading the CyberWire. We hope you find it informative and useful, and please remember we welcome and value your comments and suggestions. From all of us at the CyberWire, we wish you a happy, safe, and prosperous 2013.

Cyber Attacks, Threats, and Vulnerabilities

Iran uses cyber defense techniques for 1st time in naval drills (Press TV) Iran has used cyber defense techniques for the first time in its Velayat 91 naval military exercises. Irans Navy launched six-day naval maneuvers on December 28 in order to display the countrys capabilities to defend its maritime borders and maintain durable peace in the region. The exercises cover a vast area including the Strait of Hormuz, the Sea of Oman, the north of the Indian Ocean, the Gulf of Aden and Bab-el-Mandeb Strait.

Christmas Day DDoS Planned Attacks Failed (Technology Banker) Izz ad-Din al-Qassam Cyber Fighters warned that the same level of attack as the previous weeks will be implemented until the offensive YouTube video against Islamic belief is removed. According to the hacktivist groups post on Pastebin, American leaders can easily remove the controversial YouTube trailer but they chose to keep it. The group suggested that the US Government along with the financial institutions should think sensibly in finding an easy solution, instead of spending too much in dealing with the attacks

Council on Foreign Relations Hacked by Chinese Hackers (Hack Read) In a report published by right-wing Washington Free Beacon, an advanced malware attack against one of Americas most powerful decision making foreign policy groups was conducted last week, in which the website of Council on Foreign Relations (CFR) and its servers were infected. The cyber experts are now investigating the attack have reveled that the attack is one of its kind and relatively new ploy called a drive-by website cyber attack, detected around 2:00 p.m. on 26th December. The experts added that they suspects the Chinese hackers behind the attack in which the servers operating the CFRs website were infected, then via infected servers the CFR members and others who visited or drove by the site were infected

Microsoft confirms zero-day bug in IE6, IE7 and IE8 (Computerworld) On Saturday, Jaime Blasco, the labs manager at AlienVault, weighed in on the IE zero-day as well, noting that the exploit was able to circumvent Microsoft's anti-exploit technologies, DEP (data execution prevention) and ASLR (address space layout

Attackers Target Internet Explorer Zero-Day Flaw (Krebs on Security) Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more

Council on Foreign Relations Site Hosted Malicious Content Since December 21 (Softpedia) Experts from security firm FireEye have analyzed the recent hack that affected the Council on Foreign Relations (CFR). Besides revealing the fact that an Internet Explorer zero-day has been used, researchers have also confirmed that the malware hosted on the CFR site was planted there as early as December 21. The malicious content was discovered on December 26, which means that the cybercriminals could have successfully infected the computers of a large number of users during that timeframe

Researchers find malware targeting Java HTTP servers (Computer World) Security researchers from antivirus vendor Trend Micro have uncovered a piece of backdoor-type malware that infects Java-based HTTP servers and allows attackers to execute malicious commands on the underlying systems. The threat, known as BKDR_JAVAWAR. JG, comes in the form of a JavaServer Page (JSP), a type of Web page that can only be deployed and served from a specialized Web server with a Java servlet container, such as Apache Tomcat

Hacker Warns of State Spying at Chaos Computer Club (Sci Tech Today) US hacker and Wikileaks volunteer Jacob Appelbaum warned of the growing threat of state surveillance, as Europe's largest annual hacker meeting opened Thursday in Germany. About 6,000 programmers and "hacktivists" were meeting in Hamburg for the four-day Chaos Computer Club conference, focused on safeguarding civil rights and privacy in the information age. Appelbaum, a computer security researcher for the non-profit Tor Project, warned that state security services are quickly building up their surveillance networks

National University of Bangladesh Hacked, 15000 Credentials Leaked by JokerCracker (Hack Read) A hacker who goes by the handle of @JokerCracker has hacked into the National University of Bangladesh and leaked 15,000 credential details of universitys staff and students. The hack was announced by @JokerCracker by himself on his official Twitter account on which he told the public that the leaked data contains usernames, emails, passwords and other general information. According to the message on leaked data

Anonymous Hacks Brazil's Ministry of Environment and Power Plant Firm (Softpedia) Anonymous hacktivists continue the campaign called Operation Green Rights (OpGreenRights). Their latest targets are Brazils Ministry of Environment (mma. gov. br) and Eletronorte

TheAndroid.DDoS.1.origin, a new malware detected on Android mobile (Cyberwarzone) In line with expectations a new cyber threat is menacing the mobile, in particular the most diffused OS, Android. The Russian anti-virus vendor Doctor Web has detected a new malware, dubbed TheAndroid. DDoS.1

SSNs, Salary Information Exposed In Breach Of Army Servers (Dark Reading) 'Unknown' attackers access databases of information on 36,000 people. Army officials have confirmed that cybercriminals obtained personal information of 36,000 people from multiple Army commands and visitors to the former Fort Monmouth base via a server hack

Global Scans Reveal Internet's Insecurities in 2012 (Dark Reading) Researchers and attackers catalog vulnerable systems connected to the Internet, from video conferencing systems set to auto-answer to open point-of-sale servers to poorly configured database systems

Nearly half of detected infections are on financial institutions' servers (Ars Technica) Symantec has discovered a new piece of malware that appears to be targeting financial institutions and their customers in the US. Dubbed Trojan. Stabuniq by Symantec, the malware has been collecting information from infected systemspotentially for the preparation of a more damaging attack

Anonymous threatens to take down California police department (RT) Members of the hacktivist collective Anonymous are demanding that a California police department remove an officer from the force after video has surfaced of the cop in question firing at a civilian 11 times at point-blank range. The Manteca Police Department says that Officer John Moody was in the right when he shot nearly a dozen bullets at Ernesto Duenez Jr. last year, killing the man on the spot. Others arent so certain, though

Dutch Hotline fireworks nuisance website suffering DDOS attacks (Cyberwarzone) The Dutch website for fireworks nuisance is suffering DDOS attacks as the end of the year is coming. The website VuurweThe Dutch website for fireworks nuisance is suffering DDOS attacks as the end of the year is coming. The website Vuurwerkoverlast

Security Patches, Mitigations, and Software Updates

Targeted zero day attack being used against Internet Explorer 6, 7, and 8 (Internet Storm Center) Microsoft have published a security advisory for a zero day attack being used against a "targeted audience" using Internet Explorer 6, 7, and 8. This atypically means corporate or business users still locked in to using these older browsers. Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft's recommendations to build a layered defence to protect staff

Microsoft fixes faulty OpenType security patch (ZDNet) Microsoft has reissued a patch intended to fix a serious security flaw in implementations of the OpenType font, after the original version of the patch rendered the font unreadable for many users of PowerPoint and other applications. The problematic patch came out as part of Patch Tuesday on 11 December, affecting users of PowerPoint, Quark Xpress and Coreldraw. It made it impossible for those programs to render OpenType characters at a size greater than 15pt

Cyber Trends

The threat landscape continues to expand rapidly (Help Net Security) ThreatMetrix announced cybersecurity trends and risks businesses and consumers must keep top of mind in 2013. These include cyberwarfare, data breaches, migrating malware, BYOD, cloud computing, and mobile and social media fraud. In todays threat environment, the reach of cybercriminals expands to more industries each year, with financial services, insurance, retailers, enterprises and government agencies especially vulnerable to new threats

China dominates 2012 cybersecurity talking points (ZDNet) Asia-Pacific has seen its fair share of IT and online security incidents, from intellectual property theft and cyberespionage to hacktivism, this year. But not all were bad news though, as regional governments took steps to clamp down on online crime by implementing new regulations and setting up cybercrime units. China, however, hogs the limelight when it comes to security matters in this region, for both good and bad reasons

DDoS Attacks: 2013 Forecast - Experts Say Recent Hits Only the Beginning (Bank Information Security) During the last third of 2012, 10 major U.S. banks were the targets of powerful distributed-denial-of-service attacks apparently launched by a foreign hacktivist group. Some observers predict there will be many more DDoS attacks against financial institutions in 2013. They say hacktivists, organized crime rings and even nation states will be the perpetrators, working collaboratively in some cases and independently in others

What DDoS attacks reveal about your security infrastructure (Help Net Security) As we close out 2012, there is no doubt that this year will go down as epic in the history books of information security professionals. Looking back on the year its not hard to find a laundry list of security programs that have been overrun by nefarious perpetrators or to see how dramatically different the risk landscape is today than just a year ago. Taking stock of it all, the following are some of the most notable attacks:Jan - Feb 2012 Group Anonymous attacks various Israeli sites leaving, among others, the Israeli Stock exchange in operational duress for a momentMarch 2012 Operation Global Blackout Group Anonymous threatens to take out the internet by attacking the DNS infrastructure of the worldJuly Aug 2012 Admin

The threat landscape continues to expand rapidly (Help Net Security) ThreatMetrix announced cybersecurity trends and risks businesses and consumers must keep top of mind in 2013. These include cyberwarfare, data breaches, migrating malware, BYOD, cloud computing, and mobile and social media fraud. In todays threat environment, the reach of cybercriminals expands to more industries each year, with financial services, insurance, retailers, enterprises and government agencies especially vulnerable to new threats

Threats to the Power Grid and the Advances in Cyber Security to Thwart Them (AOL) Utility companies confront security challenges daily, especially those related to securing the North American power grid. Increasingly, they're responding by implementing comprehensive cyber security plans across their business networks and their generation, transmission and distribution systems. From broad-based threats against corporate e-mail systems to targeted spear-phishing attacks aimed at nuclear operations, utilities face new challenges regularly

The Industrialization of Malware: One of 2012s darkest themes persists (ESET) For several years now, antivirus researchers have observed increasing efficiency and sophistication in malware development and distribution. At the start of 2012, I began using the term "industrialization of malware" to describe this phenomenon. I also drew a picture of the fictitious enterprise "Malware, Inc." as a means of conveying the transformation that malware has undergone (the blog has slides about Malware, Inc. that you might find helpful)

Database hacking: The year that was (Help Net Security) Have you ever been to the Privacy Rights Clearinghouse site? It tallies all the data breaches that have occurred in United States since 2005. What you read there is really scary

Britain 'losing the war on cyber crime' as costs hit 205 million (Telegraph) Commissioner Adrian Leppard, head of City of London Police, said online fraud was rising exponentially, with the largest number of attacks originating from Eastern Europe and Russia. In a stark warning to MPs earlier this month, he said police were struggling to keep up with increasingly sophisticated internet criminals. Keith Vaz, chairman of the Commons home affairs select committee, suggested to Mr Leppard that internet criminals keep running rings around some of the best police officers in the country, adding: Are we winning this battle?

Government Malware to Become Commoditized, Forecasts Imperva (SPAMfighter News) The New Year, according to Imperva, will have cyber-criminals likely using numerous hosts, which have increasingly advanced malware

Vulnerabilities Will Keep Channel Busy in 2013 (Channelnomics) By now, most security folks have unleashed their 2013 predictions forecasting myriad threat events ranging from the mundane to the cataclysmic. It's likely many of the attacks will come, wreak havoc and then vaporize into the security ether. However, one oft-repeated prediction will likely have a profound and long lasting effect on organizations: Software vulnerabilities will be a main target for cybercriminals in 2013

There's A Difference Between Private And Personal (TechCrunch) While most of us were enjoying the holidays with our families all over the world, someone who is related to the CEO of Facebook posted a photo of her family to friends, and then some journalist person downloaded it and tweeted it

Marketplace

Onodera To Review Defense Plans, Up Spending (Japan Times) Amid China's military rise and the continued threat from North Korea, new Defense Minister Itsunori Onodera has vowed to bolster Japan's defensive capabilities by reviewing its strategies, increasing the defense budget and revising the guidelines in place with the United States

Unthinkable Cuts Almost A Reality (Wall Street Journal) Illustrating the gravity of the cuts, the Pentagon plans to notify 800,000 civilian employees that they could be forced to take several weeks of unpaid leave in 2013 if a deal isn't struck, and other agencies are likely to follow suit

Day Of Seesaw Talks Produces No Accord On Fiscal Crisis (New York Times) Senate leaders on Sunday failed to produce a fiscal deal with just hours to go before large tax increases and spending cuts were to begin taking effect on New Year's Day, despite a round of volatile negotiations over the weekend and an attempt by Vice President Joseph R. Biden Jr. to intervene

Samsung To Build A Massive R&D Complex In Silicon Valley (TechCrunch) You might finally start seeing some Android phones out in the wild around Silicon Valley. Samsung Electronics Co. just announced a major expansion of its Silicon Valley operations, which includes a gigantic 1.1M square foot headquarters for Samsung Semiconductor and a 385k square foot facility for Samsung Information Systems America

While There Are Some Glimpses Of Progress, Mexico Faces A Long Road To Innovation (TechCrunch) A few weeks ago, Vivek Wadhwa visited Mexico and wrote about the possible opportunities he saw for the Mexican IT sector, noting manufacturing plans. In his article, he suggested that the Mexican technology industry "leapfrog India" by moving away from

Why Google Just Made iPhone King (Wired) By releasing new versions of Google Maps and Gmail for iOS this month, Google helped make the iPhone the best mobile phone on the planet. Why is Google, the owner of Android and Motorola, helping its ostensible rival? The answer boils down to advertising. Google's smartphone operating system, Android, has always been incidental to Google's ad business, the source of virtually all the company's profits, and Google's Motorola handset division is, for now, a similar sideshow

Small N.C. cloud company nabs first FedRAMP security certification (NextGov) Autonomic Resources, a small business in North Carolina, has earned the first-ever security certification to install cloud services governmentwide. The General Services Administration, the government's purchasing agency, stuck to a self-imposed year-end deadline for issuing the seal of approval under the Federal Risk and Authorization Management Program, or FedRAMP

Charlie Thomas on How Razorsight is Positioning Itself for the Future of Global Comms, Mobility and Big Data (Executive Biz) "The communications industry is going through a metamorphosis and unbelievable transformation as the world moves increasingly toward mobile, social, video content and big data… we load massive amounts of data and analyze that data with a variety of tools and applications to give (carriers and other firms) greater insight, greater automation, more flexibility, scalability and growth."

Yahoo Bids Farewell to South Korea, Completes Exit (TechCrunch) After 15 years, Yahoo completed its exit from South Korea today, reports Yonhap News Agency. This move also marks the first Asian market that Yahoo is leaving

Hackulous Shuts Down, Taking Its iOS Piracy App Installous With It (TechCrunch) Hackulous, the company behind the popular (and controversial) app Installous which let people easily download pirated apps on jailbroken iOS devices, has shut down. In what iDownloadBlog's Sebastien Page has called "a small victory against app piracy," the Installous app is also no longer available for use

Products, Services, and Solutions

15 (FREE!) security tools you should try (IT World) Here are some of the best-known products you can try inside your own network

Kaspersky Lab Boosts Linux Mail Security (Channelnomics) Kaspersky Lab ZAO gave its Kaspersky Security for Linux Mail Server a few strong tweaks in the security area with an update that bolsters protection against spam and malware spread by e-mail, giving the channel a competitive edge when breaking into growing open-source security niches. Kasperskys refreshed security solution, which serves Linux and FreeBSD mail servers, contains revamped security mechanisms that partners can use to gain ground in competitive open-source markets. One of the biggest improvements is a zero-day exploit and targeted attack shield, dubbed ZETA Shield technology, designed to detect and block unknown and increasingly sophisticated advanced persistent threats (APTs) delivered via e-mail attachments

Windows 8 Fizzling, Time For Windows Classic? (InformationWeek) If Windows 8 sales don't improve soon, Microsoft might have to pull a Coke and cut its losses on its radically reengineered OS

Windows 8: Let's Not Plan The Funeral Yet (InformationWeek) Even in tech time, it seems silly to sound the death knell so soon on such a significant overhaul. Did you really expect instant success

5 Ways Microsoft Can Save Windows 8 (InformationWeek) Microsoft's new OS holds plenty of potential, but so far consumers aren't loving the radically redesigned desktop. Microsoft should consider these changes

Microsoft's Windows 8 Numbers Meaningless (InformationWeek) Microsoft says it has sold more than 40 million Windows 8 licenses, but the information is worthless in absence of key data the company won't divulge

U.S. Navy Steps Forward With CANES (SIGNAL) The U.S. Navy's next-generation tactical afloat network recently received approval to enter the production and deployment phase. The San Diego-based destroyer USS Milius (DDG 69) was selected for first installation

Kim Dotcom To Host Mega's Launch Event At His New Mega Zealand Mansion Next Month (TechCrunch) Kim Dotcom doesn't do things small. The man behind the Megaupload empire is about to launch his next service dubbed simply Mega. But don't expect a simple press event in a hotel conference room. Nope, on January 20, 2013, exactly one year after his over-the-top takedown, Dotcom is hosting the Mega launch event at his sprawling New Zealand estate — effectively giving the finger to the RIAA, MPAA

Changes to Mozilla Security Program Foster Open Source Security Tool Development (Threatpost) Mozilla recently announced some changes to the way it will interact with members of the security community who contribute code, bug reports and fixes for the Firefox Web browser and other open source tools under Mozilla's watch. Michael Coates, director of security assurance at Mozilla, recently answered some questions about the changes and how they will impact how the organization deals with security researchers

11 Amazing Apps Of 2012 (InformationWeek) Here are 11 applications that mattered in 2012 -- and a hint at what's to come. Each underscores meaningful software trends

What is Clearable? (Clearable.us) What is Clearable? Clearable is an "App" that connects to a Facebook user and analyzes their social media behavior (posts, friends, fan pages) and flags items that future employers and admission directors at schools may view as concerns

Technologies, Techniques, and Standards

Browser-based penetration testing with Firefox and Chrome (Doug Vitale Tech Blog) With the proper extensions installed, you can hack from the comfort of your Firefox or Chrome browser. Within Firefox, add-ons are divided into three categories: extensions, appearance themes, and plugins. Extensions extend the functionality of Firefox past simple web browsing. Appearance themes change the way Firefox looks, and plugins are necessary for Firefox to display specialized non-HTML Web content such as Flash, Java script, multimedia, etc

Would a Malware BuyBack Program Work? (Infosec Island) I just read a story about how successful L.A.'s gun buyback program has been and it reminded me about a suggestion that was made at our Boston Suits and Spooks event - that a buyback program might be successful in reducing the amount of malware in circulation

The importance and ownership of cloud security education (e27) With rising adoption of cloud deployments, users, IT managers and stakeholders will need to be better educated on cloud security standards and best practices

Design and Innovation

How Hackers/Founders Grew From Beer-Filled Bar Meetups To Full-On Startup Incubator (TechCrunch) Back in 2008, Jonathan Nelson was working as an ER nurse and tinkering on code at home in his spare time. As someone who wasn't a full-time engineer, he had a hankering to get out of the house and rub elbows with other techies. So he organized a casual meetup at a local bar, inviting other programmers toying with the idea of getting into the startup world to trade stories and talk shop over a beer

Insert Coin: Engadget Is Looking For Some Cool Crowdfunded Projects (TechCrunch) Our brothers and sisters over at Engadget are holding their first red hot, super exciting conference called Expand in SF in March. The event will feature all the boring, old commercial hardware you could imagine including the latest from all the hardware greats but, more important, they're also reaching out to a contingent dear to my heart: crowdfunded gadgets

Research and Development

Pentagon Looks to Fix 'Pervasive Vulnerability' in Drones (Wired Danger Room) Drones may be at the center of the U.S. campaign to take out extremists around the globe. But there's a "pervasive vulnerability" in the robotic aircraft, according to the Pentagon's premier science and technology division — a weakness the drones share with just about every car, medical device and power plant on the planet. The control algorithms for these crucial machines are written in a fundamentally insecure manner, says Dr. Kathleen Fisher, a Tufts University computer scientist and a program manager at the Defense Advanced Research Projects Agency. There's simply no systematic way for programmers to check for vulnerabilities as they put together the software that runs our drones, our trucks or our pacemakers

Japan's Digital Grid Scheme (IEEE Spectrum) Japan's plan to phase out its nearly 50 gigawatts of nuclear capacity over the next two to three decades has opened a window for renewable energy in the country. But swapping wind and solar power for that nuclear generation, which produced 30 percent of Japan's electricity prior to the 2011 Fukushima crisis, could also lead to major disruptions in energy supply, warns Rikiya Abe, a University of Tokyo professor. The problem, says Abe, who came to academia after working in the electrical generation industry for 30 years, is that Japan's grid—and indeed that of many developed countries—is set up to be centrally controlled. The utilities have to carefully regulate the grid's frequency and voltage by maintaining a fine balance between power generation and changing demand. A diverse group of large Japanese firms is starting to explore a solution—a gradual reorganization of the country's power system so that in the end it resembles the Internet, routers and all

Foundries Rush 3-D Transistors (IEEE Spectrum) Nearly two years after Intel, the world's leading foundries scramble to get FinFETs into the hands of chip designers

Legislation, Policy, and Regulation

Pakistan's YouTube Ban Is Lifted And Then Reinstated As Observers Worry About Internet Freedom (TechCrunch) Pakistan lifted, then very quickly reinstated its ban on YouTube after a few hours when efforts by the government to filter out blasphemous material provided unsuccessful. Prime Minister Raja Pervez Ashraf had ordered the video sharing site blocked in September after YouTube refused to remove the low-budget anti-Islamic film "Innocence of Muslims." Access was restored for a few hours on Saturday

Michigan Becomes Latest State To Protect Citizens From Employers And Schools Snooping On Private Social Feeds (TechCrunch) Employers and schools in Michigan, the greatest state in the Nation, are now prohibited from asking employees and students for passwords to their personal email and social media accounts. In a win for reasonable privacy and common sense, Michigan Gov. Rick Snyder just signed House Bill 5523 into law introduced by state Rep. Aric Nesbitt, R-Lawton. "Cyber security is important to the

Philippine Government Ignores Public Concerns, Continues To Push Extreme 'Cybercrime' Law (Techdirt) One of the striking -- and depressing -- features of the Internet today is the almost universal desire of governments around the world to rein it in through new laws. We wrote about one such attempt in the Philippines a couple of months ago, where the government is trying to bring in some particularly wide-ranging and troubling legislation. Although the Philippine Supreme Court put a temporary restraining order on the law, the Philippine government is not softening its stance, and has asked the court to lift the order.

Cyber emergency meet begins today (Oman Observer) Sessions of International Conference of the Organisation of the Islamic Co-operation-Computer Emergency Response Teams (OIC-CERT) will kick-off at Al Bustan Palace Hotel today under the patronage of Dr Abdullah bin Mohammed al Saeedi, Minister of Legal Affairs. The event will be hosted by the Sultanate represented by the National Computer Emergency Readiness Team (OCERT) at the Informational Technology Authority (ITA). The event aims to learn about the most important developments in the field of information security, threats and risks to information arena, in addition to highlighting the efforts made by the Sultanate in this area within the framework of regional and international co-operation

A Few Actual Harms To Be Concerned About From Today's Government Spying Law (TechCrunch) "Other than the vague threat of an Orwellian dystopia, as a society we don't really know why surveillance is bad," writes Washington University Law Professor, Neil Richards. Today, the United State Senate reauthorized a controversial Obama-supported surveillance law, the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 (FISA), which permits intelligence agencies to

Federal Power to Intercept Messages Is Extended (New York Times) Congress gave final approval on Friday to a bill extending the governments power to intercept electronic communications of spy and terrorism suspects, after the Senate voted down proposals from several Democrats and Republicans to increase protections of civil liberties and privacy. The Senate passed the bill by a vote of 73 to 23, clearing it for approval by President Obama, who strongly supports it. Intelligence agencies said the bill was their highest legislative priority

NDAA seeks to disarm hackers (Politico) Lawmakers are poised to greenlight a defense bill that would add millions of dollars to federal cybersecurity programs while requiring contractors to inform the government in the event of a cyberattack. The conference report on the House and Senate floors Thursday preserves notable increases to Pentagon programs meant to stave off foreign hackers and research new ways to defeat them. But the reconciled 2013 bill also includes new cybersecurity reporting and procurement rules that many in the tech industry are just now reviewing

Litigation, Investigation, and Law Enforcement

Chinese Telecom Giant Huawei Accused Of Offering Embargoed HP Equipment To Iranian Companies (TechCrunch) Chinese telecommunications manufacturing giant Huawei is once again in hot water over allegedly playing loose with trade sanctions. One of Huawei Technologies key Iranian partners reportedly offered to sell embargoed HP computer equipment to Iran's largest mobile-phone operator in late 2010, according to documents unearthed by Reuters

ITC judge recommends ban on Samsung devices infringing on Apple patents (Ars Technica) Following an October preliminary finding, judge also approves design tweaks for Samsung

DMCA Vs. Swedish law and The Pirate Bay (Cyberwarzone) Below is a conversation between The Pirate Bay and another of there many legal threats. I think you will get a few LUL's. Get some pop corn, Sit back and enjoy the read. In addition, if the service provider has the right and ability to control the infringing activity and if the service provider receives a financial benefit directly attributable to the infringing activity, the service provider will not be protected by Section 512 of the Digital Millennium Copyright Act

Data-Gathering via Apps Presents a Gray Legal Area (New York Times) Angry Birds, the top-selling paid mobile app for the iPhone in the United States and Europe, has been downloaded more than a billion times by devoted game players around the world, who often spend hours slinging squawking fowl at groups of egg-stealing pigs. While regular players are familiar with the particular destructive qualities of certain of these birds, many are unaware of one facet: The game possesses a ravenous ability to collect personal information on its users. When Jason Hong, an associate professor at the Human-Computer Interaction Institute at Carnegie Mellon University, surveyed 40 users, all but two were unaware that the game was storing their locations so that they could later be the targets of ads

Case Against 5 Japanese Android Malware Developers Dismissed (Softpedia) Over the past few months, Japanese authorities have managed to identify a number of individuals suspected of developing and using malware against mobile phone users. However, it appears that the problem is not catching them, but prosecuting them. Back in October, Japanese police announced that they had arrested a number of 5 individuals responsible for creating and distributing the malicious Android apps dubbed The Movie

RIM's Upfront Payment To Nokia In Patent Dispute Settlement Totals $65M (TechCrunch) RIM responded to Nokia's request to have its devices removed from sale following a patent decision in the Finnish company's favor by working out a settlement, and now we're beginning to get a sense of the specific terms of said arrangement. AllThingsD has uncovered an SEC filing that details RIM's first lump-sum payments, which amounts to €50 million (or around $65 million). Following that

Cybercrime has increased by 200 percent in Maldives: Police Chief (Haveeru) Police Commissioner Abdulla Riyaz Monday revealed that there is a 200 percent increase in internet related crimes in the Maldives. Speaking during the inauguration ceremony of the IT Legislation in the Maldives seminar in Bandos Island Resort, Police Commissioner said while only 15 cases of cybercrime were reported in 2010, the figure rose by 200 percent to 41 cases in 2011. So far this year 61 cases have been reported, which is a matter of great concern, he added

The Other Bradley Manning: Jeremy Hammond Faces Life Term for WikiLeaks and Hacked Stratfor Emails (Democracy Now) A federal judge has refused to recuse herself from the closely watched trial of jailed computer hacker Jeremy Hammond, an alleged member of the group "Anonymous" charged with hacking into the computers of the private intelligence firm Stratfor and turning over some five million emails to the whistleblowing website WikiLeaks. Hammonds lawyers had asked Federal Judge Loretta Preska to recuse herself because her husband worked for a client of Stratfor, and himself had his email hacked. Hammonds supporters say the Stratfor documents shed light on how the private intelligence firm monitors activists and spies for corporate clients

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

BWI Business Partnership Signature Breakfast (Hanover, Maryland, USA, January 16, 2013) Navy Rear Adm. Margaret Klein, Chief of Staff of the U.S. Cyber Command at Fort Meade, will headline the BWI Business Partnership's Signature Breakfast, Wednesday, Jan. 16, from 7:45 to 9:15 a.m., at the...

Cybergamut Technical Tuesday: Finding Splunk Before Splunk Finds You (Columbia, Maryland, USA, January 22, 2013) Rob Frazier of Whiteboard Federal Technologies will present his talk "Finding Splunk Before Splunk Finds You". Certification letters will be available for PMI PMP PDU' and CISSP CPEs as well as other technical...

TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, January 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but...

Data Privacy Day (Various locations, January 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy...

North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, February 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.