Syria's civil war continues in cyberspace, spilling over onto UN Websites.
AP, Forbes, and AFP (relying on Der Spiegel) report fresh allegations of NSA operations to compromise hardware and monitor traffic over trans-oceanic telecom cables. (A note to Forbes, however: that octopus logo you're featuring in your coverage is an NRO payload mission patch, not an NSA design. Cool logo, by the way, NRO.)
The Black Friday Target point-of-sale compromise is now known to have included customer PINs. Target claims its encryption limits the risk to customers.
In the UK, a Russian cyber criminal hacked BBC servers over the Christmas holiday and sold access on the black market. NatWest bank suffered a denial–of–service attack.
Symantec observes a quiet but large NTP reflection campaign in the wild. Researchers complain that Snapchat's phone number searches are too easy, and thus a threat to privacy. Other researchers report vulnerabilities in SD cards.
In industry news, US companies continue to face surveillance–related headwinds in international sales.
In France, researchers at INRIA report a crypto breakthrough: an algorithm that, for certain classes of problems, efficiently solves the discrete logarithm problem underlying several modern cryptosystems.
A US Federal judge in New York rules, contra his counterpart in the District of Columbia, that NSA surveillance is legal after all. The conflicting rulings will no doubt move the case to the US Supreme Court.
Snowden promises to raise his media profile in 2014; the former head of Britain's MI5 predicts the US will make a deal with him.
Today's issue includes events affecting China, France, Germany, India, Italy, Malaysia, Morocco, Oman, Pakistan, Romania, Spain, Syria, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Anti Assad Syrian Hacker Hacks United Nations Population Fund Websites for Free Syria(Hack Read) Syrian Hacker Hacks Mali and El Salvador United Nations Population Fund against Syrian Conflict. A Syrian hacker going with the handle of Dr.SHA6H has hacked and defaced two official websites of United Nations Population Fund (UNPF) designated for El Salvador and Republic of Mali. The hacker hacked both websites against ongoing conflict in Arab Republic of Syria, criticizing UN and governments of the world
SEA denies reported FBI claim that hacktivists were phishing(SC Magazine) On the night before Christmas, the FBI was sending out warning notices that the Syrian Electronic Army (SEA) was phishing for usernames and passwords, according to a New York Times report that was quickly denied on Twitter by the pro–Assad hacktivists
Report: NSA intercepts computer deliveries(AP via the Washington Post) A German magazine lifted the lid on the operations of the National Security Agency's hacking unit Sunday, reporting that American spies intercept computer deliveries, exploit hardware vulnerabilities, and even hijack Microsoft's internal reporting system to spy on their targets
Target's Christmas nightmare just got worse: Customer PINs were stolen, too(Quartz) Oh dear. Target just confirmed that encrypted personal identification numbers (PINs) were, in fact, stolen when up to 40 million credit and debit card accounts of its customers were compromised by hackers in recent weeks. That appears to be an about face from a denial the retailer gave Reuters just two days ago
Who's Selling Credit Cards from Target?(Krebs on Security) The previous two posts on this blog have featured stories about banks buying back credit and debit card accounts stolen in the Target hack and that ended up for sale on rescator[dot]la, a popular underground store. Today's post looks a bit closer at open–source information on a possible real–life identity for the proprietor of that online fraud shop
NatWest Cyber Attack Causes Alarm for Customers and Insurance Industry(Inquistr) NatWest was hit by a cyber attack that left customers unable to garner access to their online bank accounts. The United Kingdom bank was reportedly the target of a distributed denial of servie (DOS) attack, according to the Mirror. A statement released by the bank maintains that the cyber warfare posed "no risk" to its customers
NTP reflection attack(Internet Storm Center) Symantec has notice[d] in the last few weeks that there [are] significant NTP reflection attacks. NTP is Network time protocol and it's used to synch the time between client and server, it is a UDP protocol and it's run on port 123
SD Cards Aren't As Secure As We Think(TechCrunch) The hardware hacker Bunnie Huang gave a talk at the Chaos Compute Club Congress where he offered some good news and some bad news. The good news? SD cards contain powerful, handy micro controllers that are useful to hackers and hobbyists. The bad news? SD cards are woefully insecure
OpenSSL suffers apparent defacement(Internet Storm Center) Update 29 DEC: Per OpenSSL.org, re: web site defacement, "Investigation in progress, more details to follow." While now recovered and seemingly back to normal…appears to have been defaced
Cybercrime Trends 2013 — Year in Review(Webroot Threat Blog) It's that time of the year! The moment when we reflect back on the cybercrime tactics, techniques and procedures (TTPs) that shaped 2013, in order to constructively speculate on what's to come for 2014 in terms of fraudulent and malicious campaigns, orchestrated by opportunistic cybercriminal adversaries across the globe. Throughout 2013, we continued to observe and profile TTPs, which were crucial for the success, profitability and growth of the cybercrime ecosystem internationally, such as, for instance, widespread proliferation of the campaigns, professionalism and the implementation of basic business/economic/marketing concepts, improved QA (Quality Assurance), vertical integration
Data Mining on the Side of the Angels(Wired) Here's what Patrick Ball wants the technology world to know: Data, by itself, isn't truth. Even big data. But data plus a little bit of science can get you close
RSA's Deal With The NSA Reflects A General Mistrust(TechCrunch) Here's how it works when a big company believes that its power is in its girth: They enter this bizarre world that leads them to believe that what comes from their PR organs is enough to float their troubles away. It's all about denial and avoiding any potential shareholder backlash. And so we come to the sad state of affairs at RSA, the security division of EMC
Using Geolocation Artifacts and Timeline Analysis to Solve the Case: A Digital Forensics Case Study(Forensic Focus) Pre–incident: a sixteen–year–old female and 29–year–old male meet on Facebook. The male is pretending to be eighteen and using a fake name. He uses grooming techniques to establish a bond with the female and convinces her to meet him in person. Using Yahoo! webmail, an email is sent from the male to the female, who has a Gmail account, with the map of the meeting location attached. The female uses Google maps on her computer to get directions to the meeting location, and then leaves the house to meet the male
Windows 8 File History Analysis(Forensic Focus) File History is a new backup service introduced in Windows 8. By default this feature is off and to turn it on, the user has to select a backup location — either a network drive or external storage media. Thus, it does not allow the user to use the same disk. File History backs up files of the Libraries, Desktop, Contacts and Favorites folders. There is an option to exclude any folder(s) that users don't want to backup. Notice that File History is unable to backup your folders synced with cloud storage service(s)
Bitcoin Forensics Part II: The Secret Web Strikes Back(Forensic Focus) In last week's post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st. Well, just over a month later and Silk Road is back online. It only took a day and they already had over 20,000+ users on the site
Man In The Middle Attack: Forensics(Forensic Focus) Yes, that's right! Mr. Upset did not post 'I am hating my new job' as it appears in Figure 2 [see link to full article below for images], instead he wrote 'I am loving my new job'. Then how did it happen and who did it? This article aims at addressing these questions. We fabricate a case where a person is an object of a Man In the Middle Attack and subsequently analyze victim's device to corroborate the facts and trace the perpetrator
Cyber Hygiene with the Top 20 Critical Security Controls(MS ISAC) In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater. However, in order to be as secure as possible, we need to use good cyber hygiene — that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices
Design and Innovation
These Adorable Robots are Teaching Kids to Code(Fast Company) Say hello to Yana and Bo, two robots who want to teach your five–year-old to write code. The newly crowdfunded Play–i system uses music, animation, and stories to teach kids ages 5 to 12+ to program their new robot friends—and have fun in the process
Research and Development
French Team Invents Faster Code–Breaking Algorithm(Communications of the ACM) A team of French mathematicians and computer scientists has made an important advancement in the field of algorithms for breaking cryptographic codes. In a certain class of problem, the new algorithm is able to efficiently solve the discrete logarithm problem that underlies several important types of modern cryptosystems
Legislation, Policy, and Regulation
Lawmakers dispute Snowden's declaration of victory(The Reporter) Members of Congress said Sunday they weren't impressed with Edward Snowden's recent publicity blitz calling for an end to mass surveillance and declaring that he's already accomplished his mission
NSA targets foreigners, catches Americans(USA Today via the Marshfield Herald) You may have heard this before: the United States is a country of immigrants. Given that so many of us are foreign–born or the children of people from other countries, how should we respond to the recently revealed programs of mass warrantless NSA surveillance, and in particular the repeated governmental assurances that the Internet communications being collected and searched are only those of "foreigners"? After all, many of us were foreigners not that long ago
Bitcoin Exchanges Shut Down in India After Government Warning(Wired) Bitcoin is once again feeling the squeeze from government regulators. This time, the crunch comes in India, where multiple online exchanges have suspended operations following a warning against the digital currency from the country's central bank and, according to a
Verdict for National Defense(The Wall Street Journal) A federal judge rules that collecting metadata is constitutional. Well, what do you know. Maybe the National Security Agency's collection of telephone metadata doesn't violate the Fourth Amendment or any relevant statute. You wouldn't know this from the left–libertarian political clamor of recent weeks, but on Friday federal Judge William Pauley delivered a much–needed reality check. Judge Pauley, a Bill Clinton appointee, rebuffed a challenge from the American Civil Liberties Union and ruled that the program to "find and isolate gossamer contacts among suspected terrorists in an
WikiLeaks' Assange: Sysadmins of the World, Unite!(Wired) Faced with increasing encroachments on privacy and free speech, high-tech workers around the world should identify as a class and fight power together, said WikiLeaks founder Julian Assange on Sunday
New Fund to Support Snowden–like Whistleblowers(Wired) A new foundation to support whistleblowers is being launched by former British intelligence agent Annie Machon, whose resignation and revelations about U.K. spying activities in the 1990s sparked controversy echoing this year's NSA news
8 People Arrested in Spain for Role in $45M / €33M Cybercriminal Scheme(Softpedia) Authorities in Spain have arrested a total of eight individuals — six Romanians and two Moroccans — for their alleged involvement in the massive cyber heist involving compromised credit cards issued by the Bank of Muscat in Oman, and the National Bank of Ras Al–Khaimah (RAKBANK) in the United Arab Emirates
FloCon 2014(Charleston, South Carolina, USA,
January 13 - 16 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, from January 13 to 16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques
NASA Langley Cyber Expo(Hampton, Virginia, USA,
January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
cybergamut Tech Tuesday: Malware Reverse Engineering: An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware(Columbia, Maryland, USA, and various other nodes,
January 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value–proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better–informed judgments on how to improve their response and remediation protocols
Cybertech: Cyber Security Conference and Exhibition(Tel Aviv, Israel,
January 27 - 29 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA,
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA,
January 28 - 30 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-–day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action–oriented outputs to fuel voluntary principle–driven consensus–based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FloCon 2014(, January 1, 1970) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
Cybertech: Cyber Security Conference and Exhibition(, January 1, 1970) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.