skip navigation

More signal. Less noise.

Daily briefing.

A few notes on surveillance open a slow news week.

Google alleges that France's Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has created unauthorized digital certificates for some Google domains. ANSSI says it was a glitch—"human error, which was made during a process aimed at strengthening overall IT security."

Svierges Television reports that Swedish government surveillance of Russian targets (specifically in the energy industry) was significantly an industrial espionage campaign.

The New York Times reports that GCHQ and NSA have been monitoring the MMORGPs (massively multiplayer online role-playing games) Second Life and World of Warcraft. The headline makes the effort sound rather insane ("Elves and Trolls"), but MMORGPs could easily lend themselves to terrorist communication, hence their attractiveness as surveillance targets.

The SANS Institute reports a suspected active Bovnix botnet controller. The Royal Bank of Scotland group remains under sporadic attack—an attempt on NatWest disrupts Ulster Bank's online services. Trend Micro claims to have identified a cyber criminal gang responsible for recent exploits using Ice IX and Zbot. The gang's center is Nigeria, but has international reach.

Religious-themed apps have been seen leaking user data to third parties. Some of this is an "affinity scam"; treat such apps with appropriate circumspection.

Huawei ups its position in the South Korean market. In the US, Ixia completes acquisition of Net Optics, Inc.

The US Administration continues to mull changes to surveillance policy. That policy continues to drive trends toward IT protectionism and autarchy.

Anonymous PayPal DDoS hackers plead guilty.


Today's issue includes events affecting China, European Union, France, Republic of Korea, Nigeria, Russia, Sweden, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Google catches French govt spoofing its domain certificates (ZDNet) Fraudulent certificates were used in a commercial device to inspect encrypted traffic on a private network

Sweden engaged in industrial espionage against Russia — report (Russia Today) Sweden's intelligence agency has not only spied on Russian leadership, sharing intelligence with the NSA, but also apparently engaged in industrial espionage against business targets such as Russia's energy companies, Sveriges Television reports

Spies' Dragnet Reaches a Playing Field of Elves and Trolls (New York Times) Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe

NatWest cyber attack disrupted Ulster Bank website (BBC) Ulster Bank's online services were disrupted for a short time on Friday due to a cyber attack on another member of the RBS banking group

Suspected Active Rovnix Botnet Controller (Internet Storm Center) We have received information about a suspected Rovnix botnet controller currently using at least 2 domains…pointing to the same IP address of (AS 44050)

Bojangles' Restaurants Hacked (eSecurity Planet) In at least one case, the credit card reader was accessed via the restaurant's Wi-Fi network

Made In Oregon Acknowledges Security Breach (eSecurity Planet) The Web site's credit card transaction system was accessed between mid-October and mid-November of 2013

Cyber Crooks Involved in Multiple Cybercriminal Attacks Identified by Trend Micro (Spamfighter News) Security firm 'Trend Micro' has published a new study on the actions of a cybercriminal gang that was involved in multiple crimes that included 419 scams, phishing scandals and attacks that relied on banking Trojans like Ice IX and Zbot

Christian apps sending user data to trackers, advertisers (GMA News) Some religious-themed apps for mobile devices like smartphones and tablets may be engaged in rather unholy activity by sending churchgoers' data to third parties, a security vendor warned

How Threats Disguise their Network Traffic (TrendLabs Security Intelligence Blog) Threats have evolved to try and circumvent advances in analysis and detection. Every improvement by security vendors is met with a response from cybercriminals. Stuxnet, for example, paved the way for the other threat families to use the LNK vulnerability. Using Conficker/DOWNAD popularized the use of a domain generation algorithm (DGA). This is now used by other malware families as well, including ZeroAccess and TDSS

A Virus Of Biblical Distortions (Dark Reading) In the summer of 2010, security researchers serendipitously discovered Stuxnet, a highly sophisticated cyberweapon deeply embedded within Iranian computers. The weapon's main function was to attack the gas centrifuges used by the Iranians for uranium enrichment, believed to be part of an effort to build nuclear weapons in defiance of a resolution by the United Nations Security Council

Linux Worm Targets Embedded Devices (Dark Reading) Attacking a PHP vulnerability patched a year-and-a-half ago, the new outbreak shows the Internet of Things' seams

Cyber Trends

Airlines fight cyberattacks (Free Lance-Star) Worried that computer hackers attacking banks and media companies could easily shift targets, the airline industry is taking preemptive steps to ensure it doesn't become the next victim

Cybercrime ignorance is a serious risk (Help Net Security) Organizations who fail to recognize the threat posed by cyber crime are putting the livelihoods of stakeholders and customers at serious risk, and those organizations that regularly suffer breaches need to be publicly named and shamed with severe consequences for serial offenders, according to Simon Bain, founder of Simplexo

Software Vulnerabilities Lead to Internal Security Problems: Kaspersky (eWeek) Kaspersky Lab points the finger at legitimate software applications for being at the root cause of cyber-security incidents

IT security pros often seen as 'innovation killers,' says ADP's IT security chief (NetworkWorld) In keynote ADP's V. Jay LaRosa says IT security folks should avoid just saying no; work directly with business managers to help them innovate


Deltek: Federal Cyber Spending to Hit $11.4B By 2018 (GovConWire) A new Deltek report predicts that federal contracted spending on cybersecurity will reach $11 billion by fiscal year 2018, $2.4 billion more than fiscal 2013 figures

Lockheed doesn't expect problems over NSA leaks (NewTalkZB) A major US defence company isn't expecting problems for its business as a result of the Edward Snowden NSA leaks

Huawei Deal in S. Korea Worries US Lawmakers (eWeek) Two senators say Huawei's participation in a South Korean networking project raises security concerns in the United States

Cyber Security Executives Raise More Than $327,000 for Children (PRWeb) TDI finds success in first ever White Hat Gala, raising money to support patients at Children's National in Washington

Briefs: Ixia, On Assignment (San Fernando Valley Business Journal) Ixia announced that it has completed its planned acquisition of Net Optics Inc., a network monitoring software company in Santa Clara

Microsoft's anti–NSA encryption pledge raises questions (Naked Security) Microsoft logo courtesy of ShutterstockEarly on in NSA-gate, Microsoft was looking at a laundry list of headlines concerning its collusion with US intelligence operations

Microsoft fails to mention Skype in promises to protect users from NSA surveillance (NetworkWorld) When Microsoft pledged to protect users' privacy and security from government snooping, the company mentioned 'major communications' yet failed to mention Skype at all

Products, Services, and Solutions

HP, VMware, Google cashing in on end of support for Windows XP (ComputerWorld) Microsoft, as we all know by now, formally announced that it will wash its hands off XP as soon the month of April is torn off the 2014 Calendar. Not only did this announcement lead Microsoft to commission a study, whose results threatened multi-crore losses for Indian banks but it also led them to use the popular micro-blogging site Twitter to warn users off XP with a #SwitchfromXP hashtag

Technologies, Techniques, and Standards

How can I keep API keys out of source control? (Ars Technica) If you want to use a free source control service, there are still a few options. I'm working on a website that will allow users to log in using OAuth credentials from the likes of Twitter, Google, etc. To do this, I have to register with these various providers and get a super-secret API key that I have to protect with pledges against various body parts. If my key gets ganked, the part gets yanked

BYOD Should Begin with Business Case (eSecurity Planet) Despite the risks of not making security policies central to enterprise BYOD and mobility programs, many organizations are ignoring this best practice

Experts Offer Advice For Developing Secure Cloud Applications (Dark Reading) Building security into the application development process has always been a challenge. The reality of cloud computing, however, introduces new hurdles that need to be identified and overcome

Want better passwords? Follow the lead of 1Password and make it easier for people (CSO) As the spate of password breaches continues, the challenge is how quickly news of each new attack fades into the background as noise. It makes it even harder to connect with people and convince them to take action. Shift to providing value to others by guiding them on when and how to act -- by sharing information and tools from experts who already invested the time to make it understandable and actionable

Research and Development

Can the DOD tap gamers to prevent cyber attacks? (SF Gate) A new iPad game allows users to play botanist, cataloging plant life on the imaginary island of Miraflora by identifying patterns in flowers

A Fistful of Bitcoins: Characterizing Payments Among Men with No Names (CSEWeb UC San Diego) Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on a combination of cryptographic protection and a peer-to-peer protocol for witnessing settlements. Consequently, Bitcoin has the unintuitive property that while the ownership of money is implicitly anonymous, its flow is globally visible

Legislation, Policy, and Regulation

Building walls in the cloud (Global Post) When former NSA Edward Snowden leaked secrets of the US agency's massive surveillance operations this summer, he prompted a global review of just how secure electronic data is

Obama to soon propose NSA surveillance changes (USA Today) President Obama's proposed changes to National Security Agency surveillance rules are likely to come this month

Tech Companies Outline More NSA Reform Demands (TechCrunch) Before Congress's holiday recess, Silicon Valley's major tech companies have renewed calls for surveillance reform. Executives from Google, Apple, Yahoo, Microsoft, Linkedin, Twitter, and (TechCrunch parent company) Aol have put their weight behind the Reform Government Surveillance coalition, publishing an open collective letter to Congress and

Morale hits new low at NSA after Snowden leaks (Voice of Russia) Morale at the US spying service, the National Security Agency (NSA) has hit a new low as staff believe they have not received the full support of President Obama. Although he defended the agency following the leaks of whistleblower Edward Snowden - now in Moscow - he has failed to make a visit to the NSA HQ

Intel Contractors Give Millions to Lawmakers Overseeing Government Surveillance (Kitsap Sun) In response to documents leaked by former National Security Agency contractor, Edward J. Snowden, the congressional committees in charge of overseeing the government's intelligence operations have come to the defense of the surveillance and data collection programs, and the agencies that administer them. The House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence have rejected attempts to reform the programs while advancing legislation to bolster their legal status and providing a funding boost to the National Security Agency

Litigation, Investigation, and Law Enforcement

FBI surveillance malware in bomb threat case tests constitutional limits (Ars Technica) "Internet link" targeting suspect's Yahoo account used to track his Web movements

Source: The FBI can spy on you by turning on your webcam (State Column) Apparently the National Security Agency (NSA) is not the only government agency capable of spying on Americans

Agencies collected data on Americans' cellphone use in thousands of 'tower dumps' (Washington Post) Federal, state and local law enforcement agencies conducting criminal investigations collected data on cellphone activity thousands of times last year, with each request to a phone company yielding hundreds or thousands of phone numbers of innocent Americans along with those of potential suspects

NSA Defends Global Cellphone Tracking Legality (AP via Hispanic Business) The National Security Agency on Friday said its tracking of cellphones overseas is legally authorized under a sweeping U.S. presidential order. The distinction means the extraordinary surveillance program is not overseen by a secretive U.S. intelligence court but is regulated by some U.S. lawmakers, Obama administration insiders and inspectors general

Rand Paul: I'll Take Privacy Fight to Supreme Court (NewsMax) Sen. Rand Paul, R-Ky., says it is time the country re-examines the Constitution's Fourth Amendment in light of recent revelations that the National Security Agency is mining data from millions of cellphones worldwide

Lawmaker Says Snowden May Testify Before EU Parliament (NPR) A European lawmaker says former NSA contractor Edward Snowden is set to testify before a civil liberties committee of the European Parliament later this month

'Anonymous' hackers in PayPal DDoS attack plead guilty (IBN Live) A group of 13 defendants who had been charged in a cyber attack on PayPal's website pleaded guilty and admitted to the December 2010 attack over PayPal's suspension of WikiLeaks accounts

The spying game: Companies monitor activists because they can (Grist) Back in the '40s, my grandmother lost her scholarship to college after the school found out she had attended a meeting run by a communist organization. Whoever made the call that my grandmother was a communist rabblerouser no longer deserving educational subsidy was clearly acting on bad intel. It would be hard to think of a more terrible communist than my grandmother: She loved playing the stock market

How business can shed light on the 'dark net' (CNBC) Law enforcement agencies around the world have been calling on the tech industry to help eradicate the so-called "dark net" – the hidden, unregulated online marketplace for counterfeit goods, drugs, hitmen and child abuse

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

Cylance Talk: Risk Does Not Equal Threat (Arlington, Virginia, USA, December 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work,...

cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, December 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.