skip navigation

More signal. Less noise.

Daily briefing.

Reports over the weekend describe a "suspected state hacking campaign" active against Israeli and European military targets. The campaign, which CrowdStrike and Cymmetria describe as looking like the work of a "second-tier" cyber power, adapted Core Security testing software into attack tools. There's no attribution, but sources close to Israel CERT speculate that Iran might be responsible. Others independently note a trend of cyber attacks adapting legitimate tools (and not just the obvious lawful intercept tools) to disruptive ends.

North Korea's Internet suffered another outage Saturday, cause unknown. CloudFlare suggests that, given the fragility of the DPRK's information infrastructure, if the event indeed proves an attack as opposed to a failure, the hacker is most likely to be "a 15-year-old in a Guy Fawkes mask."

Microsoft and Sony have restored their Xbox and PlayStation networks. LizardSquad members claim responsibility, with an insouciance about exposure to prosecution that would be startling in a brighter group, but seems about par for LizardSquad. See KrebsOnSecurity for a clear (and hostile) profile of the group.

Having fooled with gaming networks, LizardSquad turned its attention to Tor with s Sybil attack aimed at controlling a significant portion of the network. Tor is actively mitigating the attack and purging compromised relays.

US members of Congress scowl in the direction of China, which they feel must have known about the (alleged) DPRK attack on Sony. For its part China's party-controlled media task Sony and the US Government with careless security and failure to regulate more stringently, respectively.


Today's issue includes events affecting Afghanistan, Cambodia, China, European Union, Iran, Israel, Italy, Democratic Peoples Republic of Korea, New Zealand, Russia, Spain, Ukraine, United Arab Emirates, United States.

The CyberWire will take New Year's Day off, returning as usual on January 2. We hope you continue to enjoy the holidays.

Cyber Attacks, Threats, and Vulnerabilities

Suspected state hacking campaign used commercial software (Reuters via the Chicago Tribune) A previously undisclosed hacking campaign against military targets in Israel and Europe is probably backed by a country that misused security-testing software to cover its tracks and enhance its capability, researchers said

Iran could be behind state hacking campaign, Israeli cyber firm says (Y Net News) Recent cyber attacks on Israel, EU military targets perpetrated by state that misused US-made security software to lead attacks; 'they don't have their own capabilities,' expert says

Attackers Leverage IT Tools As Cover (Dark Reading) The line between attack and defense tools has blurred

North Korea's internet shut down again, China and cyber experts say ( NORTH Korea has suffered an internet shutdown, Chinese state media and cyber experts say, after Pyongyang blamed Washington for an online blackout earlier this week

Who's Behind The Internet Outages In North Korea, Anyway? (TechCrunch) North Korea blamed the U.S. and called President Obama a "monkey" today when the country's Internet and mobile network went down for the third time this week. However, it's still not clear who's behind the Internet outages

N Korean Websites Unstable in Cyber-Standoff With the US (Sputnik News) North Korea has been deprived of Internet access during the last four days, with its major websites down or unstable as a possible US retaliation for the infamous Sony hack

DPRK rebuffs US accusation of cyber attack on Sony movie (China Daily) The Democratic People's Republic of Korea (DPRK) on Saturday rebuffed the US accusation that Pyongyang was involved in a cyber attack on a Sony movie

MICROSOFT: Here's Why We Decided To Release 'The Interview' (Business Insider) Microsoft and Sony announced on Wednesday that "The Interview" will be available via Microsoft's Xbox Video platform

Google, Microsoft Invoke Free Speech in Statements About Streaming The Interview (Mediaite) The Interview is available to stream today on YouTube, Google Play, and Xbox, and both Google and Microsoft put out statements on their company blogs declaring this to be a victory for free speech and free expression

You won't get hacked by streaming 'The Interview' online (CNN Money) If you think hackers will hurt you for streaming "The Interview" on your computer, relax

Sony Hack Highlights The Global Underground Market For Malware (NPR) There are global underground markets where anyone can buy and sell all the malicious code for an attack like the one North Korea is accused of unleashing on Sony Pictures

What caused the Afghan government cyber-attack? (Khaama Press) While the motive of the recent cyber-attack on Afghan government websites is still not known, the incident has certainly put the Ministry of Communications and Information Technology (MCIT) on the spot and the administration and management of the IT programs and projects are under scrutiny

PlayStation Network back online after cyber attack (Arabian Business) Sony's PlayStation Network is back online one day after Microsoft's Xbox was also restored. A hacker group called Lizard Squad has claimed responsibility for the cyber attack

Lizard Squad wipes out gaming networks at Christmas time (Inquirer) Notorious hack group the Lizard Squad has continued its long campaign of gaming related mayhem by standing in front of Christmas consoles and not letting a lot of people play their brand new machines and games

Cowards Attack Sony PlayStation, Microsoft xBox Networks (KrebsOnSecurity) A gaggle of young misfits that has long tried to silence this Web site now is taking credit for preventing millions of users from playing Sony Playstation and Microsoft Xbox Live games this holiday season

Who's in the Lizard Squad? (KrebsOnSecurity) The core members of a group calling itself "Lizard Squad" — which took responsibility for attacking Sony's Playstation and Microsoft's Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here's a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks

Xbox 'Hacker' Reveals Why He Attacked Consoles (Sky News) A hacker tells Sky News the Christmas Day cyber attack on Xbox and PlayStation services was "amusing" and exposed poor security

Gamers upset over another cyber attack (KNOE 8 News) A possible hack may have hit Sony again; this time interfering with its Playstation network and also taking Microsoft's X-box Live down in the cyber attack

UPDATE: 13k PSN, Xbox leak by Anonymous is copy paste from previous leaks? (HackRead) Yesterday, a Twitter account associated with the online hacktivists Anonymous claimed to leak a list of what it said were usernames and passwords of 13,000 accounts from VPNCyberGhost, UbiSoft, VCC, Brazzers, UFC TV, PSN, Xbox Live Gamers, Twitch TV, Amazon, Hulu Plus, Dell, Walmart and (EA) Games

Lizard Squad hacking gang moves from PlayStation, Xbox Live to Tor (Register) Floods network with 3,000 relays, project devs shrug

Tor Responds To The Cyber Attack On Its Network, Allegedly Executed By The Same Hacker Gang That Took Down Xbox Live And PlayStation Network (Business Insider) The Tor Project on Saturday morning acknowledged a cyber attack on this network, and provided the following statement to Business Insider

Tor Users Were Not At Risk During Attack (Ubergizmo) Lizard Squad, a hacker group, has been pretty busy over Christmas. First it knocked down PlayStation Network and Xbox Live, bringing online gaming on PlayStation and Xbox consoles to a standstill, and then set its sights on an anonymity network called Tor. Lizard Squad shifted its focus over the weekend, saying that it would "no longer attack" gaming services, and instead go after Tor with a zero-day exploit. Simply put, a zero-day exploit is one that leverages an unknown vulnerability

TorrentLocker ransomware campaign hit Spain and Italy (Security Affairs) Experts at S21sec firm recently detected a new ransomware campaign based on TorrentLocker that infected users prevalently in Italy and Spain

"Rocket Kitten": Is it still APT if you can buy it off the shelf? (Internet Storm Center) Gadi Evron and Tillmann Werner presented an interesting case at 31C3 Conference in Hamburg yesterday, that shows how commercial software can be used to launch APT style attacks. In this case, several similar attacks where discovered against targets in Israel and Western Europe. In all cases, the attack started with a simple Excel spreadsheet which was sent as an attachment [1]. The email itself was brief and unremarkable, but used fake and plausible "From" headers

Evolution of Banking Malwares, Part 2 (infosec Institute) This technique is used in scenarios where critical information such as Social Security Number (SSN) or Personal Identification Number (PIN) is otherwise not easily available

The 5 Most Dangerous Software Bugs of 2014 (Wired) Dealing with the discovery of new software flaws, even those that leave users open to serious security exploits, has long been a part of everyday life online. But few years have seen quite so many bugs, or ones quite so massive. Throughout 2014, one Mothra-sized megabug after another sent systems administrators and users scrambling to remediate security crises that affected millions of machines

Top Data Breaches of 2014 (Security) 2014 was a very busy year for hackers. For those keeping a tally of data breaches, the year offered no respite

Honey Pot Entertainment — SSH (Internet Storm Center) The Christmas period is a nice time to play with some honeypots and share some of the info they have been collecting. Currently I only have two functioning, both of them are located in the US. Each receives 20K or more login attempts per day. I'm using a standard kippo installation, running as a non root user and using authbind to run the honeypot on port 22. Results are sent to a logging server for collection

Yes, I got an iTunes gift card for Christmas — but HOW DID THE CROOKS KNOW THAT? (Naked Security) You are being doubly cautious for phishing campaigns over the holiday season, aren't you?

Hacker Generates Fingerprint of German Defense Minister from Public Photos (Softpedia) Recreating a fingerprint can be done without having access to an object touched by the targeted individual

Beware! Hackers are eyeing your car's safety features to extort money (Deccan Chronicle) Motoring experts have warned that hackers can exploit one's car by attacking the safety features to steal information, extort money or even control vehicles

TAB told who could be responsible for cyber attack (ONE News) The TAB says it is remaining vigilant after falling victim to a cyber attack - and that it has told the police who could be behind it. The betting agency's website crashed on Boxing Day after it became the target of a "concentrated cyber attack" that has caused problems since

Cyber attack takes down City of Columbia website (ABC 17) Columbia Deputy City Manager says a hacker group took responsibility for the attack on

Bulletin (SB14-363) Vulnerability Summary for the Week of December 22, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Cyber Trends

Chief Security Leaders Fear They Are 'Outgunned,' Survey Reveals (Tech Times) Sony Pictures CEO Michael Lynton says he was advised that 90 percent of American businesses would have fallen victim to the cyberattack that has left his company doubled over

If It Can Happen To Sony, It Can Happen To You (Business World) Sony is only the most recent case of a major co with dedicated security teams, facing hacking. Bottom line, nobody is immune to emerging threats, says Andrew Del Matto, CFO, Fortinet, Inc

Hacks are security wake-up call (Boston Herald) Experts: Cos. need to tighten network controls

Cybersecurity Hindsight And A Look Ahead At 2015 (TechCrunch) This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascos, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony

Cyber landscape of 2015 (Star Online) From targeted attacks to ransomware, security firm Symantec Malaysia predicts another challenging year in cyber security

Security in 2015: Will you care about the next big breach? (CNET) From Target to Home Depot to JPMorgan, this year was a bad one for massive security breaches. Expect more of the same next year

From ransomware to cyberwar, 2015 will be a perilous year for Internet security (South China Morning Post) Will 2015 be a happy new year for internet users? Not if cyber-criminals have their way

Hacking Is Officially the Internet's Latest Craze (RYOT) Future generations might remember 2014 as the year hacking went viral. The Sony hack, may have been the first to make international headlines and capture the attention of the general public, but the aftermath from that incident has just barely subsided and already several other major hacks or threats have surfaced

Cloud security and compliance trends in 2015, according to Vormetric's C.J. Radford (TechRepublic) C.J. Radford predicts the usage of cloud applications will accelerate in 2015, says data-at-rest protection is imperative for enterprise cloud deployment, and more in this Q&A

Spyware abuse — partner tracking reaching "epidemic proportions" (We Live Security) The use of spyware software ? used to track partner?s movements, texts and even listen in on calls in realtime — has seen a dramatic rise over the past few years, according to an exclusive report by British newspaper The Independent


Think Ukraine couldn't possibly have a thriving tech sector? Think again (The Next Web) Ukraine has had its fair share of troubles this year, with political turmoil in the east of the country making headlines around the world. However, that doesn't seem to have harmed the country's tech sector

Industrial Control System Security Market to Top $8 Billion by 2019 (SecurityWeek) According to a new market research report from MarketsandMarkets, the global Industrial Control System (ICS) Security Market is estimated to reach $8.73 billion in 2019

Why It's Time For A Board-Level Cybersecurity Committee (Forbes) Just the past 12 months have seen one massive corporate security breach after another. Major retailers (Target, Home Depot, Neiman Marcus, Sony Pictures), e-commerce sites (eBay), and financial institutions (JP Morgan) have all been victims

Time to crack the state's shortage of cybersecurity talent (Milwaukee Journal Sentinel) In the (first) Cold War, Americans worried about nuclear attack and a retaliatory Armageddon that would have reduced the world to a smoldering wreck

Cyber Security May Be A Good Sector To Invest In For 2015 (Seeking Alpha) Cyber Security stocks should continue to perform very well in 2015. Recent breaches in the security of some major corporations show the need for more vigilance. Three companies that are and will continue to perform well in the cyber security industry

Meet 4 hot security stocks as hacking attacks make headlines (Investor's Business Daily) With major hacking attacks on Sony (NYSE:SNE) and other corporations top of mind lately, it's little wonder that security software stocks are doing well

Is this the Right Time to Buy Check Point Software Stock? — Analyst Blog (Zacks via Nasdaq) Shares of Check Point Software Technologies Ltd. (CHKP) hit a new 52-week high of $80.82 on Dec 24, eventually closing at $80.44. The closing share price represents a one-year return of 26.4% and a year-to-date return of 24.7%. The average trading volume for the last three months aggregated 1,353K shares

Raytheon's Cheap Shares Have More Firepower (Seeking Alpha) Defense sector stocks are trending higher. This industry is poised for continued growth, especially with increasing global demand for cyber security and drones. Raytheon appears undervalued and could be poised for additional gains, therefore investors should consider buying, especially on pullbacks.

Banking, ePassports driving biometrics expansion says Gemalto (Biometric Update) According to analysis from Gemalto, an international digital security company, banking and border security will continue to drive the expansion of biometrics

Technologies, Techniques, and Standards

Sony breach fuels email security fears at other companies (Los Angeles Times) You're welcome to dance like there's nobody watching. But you'd better write emails like your email provider is going to be hacked

Building a Better Security Budget (eSecurity Planet) The key to smart security spending is assessing your current environment and looking for opportunities for centralization, consolidation and standardization

New Data, Same Old Dumb Bosses: 3 Lessons (InformationWeek) Corporate overlords finally take an interest in data. Too bad they don't understand it and will be tricked by crafty short-timers

What Social Enterprises Should Know About Cyber Security (Forbes) 2014 was, of course, quite the year for revelations about cyber attacks and data breaches at major companies like Sony, JP Morgan Chase, Home Depot HD +0.18%, and a host of others. But there also have been a lot of incidents at NGOs and government agencies, according to Alexander Heid, chief research officer of SecurityScorecard, a New York-based firm that analyzes clients' security vulnerabilities

Design and Innovation

Why passwords won't die next year (or the years after that) (ZDNet) Innovation will confine passwords within a broader equation around authentication type plus value of resource

Good Riddance to Social Search (TechCrunch) Remember how not too long ago the future of search — at least according to the big search engines — was social search? Today, you'd be hard-pressed to find any mention of social search on Google or Bing (let alone Yahoo Search). Let's be thankful for that because social search was an ill-begotten idea to begin with

Research and Development

Researchers to give internet security layer (Nation) It could give every internet user access to simple encryption — and make the internet a far more secure place. Scientists at Scentrics, working with University College London, say they have created an algorithm that can guarantee total privacy for everything from emails and text messages. Called 'the construct', they hope the system could be used to give everything from desktop machines to mobile phones simple to use encryption

Legislation, Policy, and Regulation

"The Cyber & IT Revolution is an Opportunity" (Israel Defense) The Minister of Public Security in an exclusive interview about the lessons derived from Operation Protective Edge regarding the home front, about the arguments with IMOD and about fighting terrorism and crime

Access to Gmail Is Blocked in China After Months of Disruption (New York Times) The Chinese government appears to have blocked the ability of people in China to gain access to Google's email service through third-party email clients, which many Chinese and foreigners had been relying on to use their Gmail accounts after an earlier blocking effort by officials, according to Internet analysts and users in China

China a Likely Factor in North Korea Cyber Prowess: Experts (AFP via SecurityWeek) North Korea may be facing explosive hacking accusations, but analysts are questioning how an isolated, impoverished country with limited Internet access could wage cyber sabotage — and many experts believe China plays a role

Lindsey Graham: China Had to Know About North Korean Cyber Attack (Newsmax) Sen. Lindsey Graham said Sunday that he can't imagine North Korean hackers hit Sony Pictures' computers without China knowing at least something about it

Sony to blame for cyber security failures (Global Times) While the hacking of Sony has become front-page news across the world, its true import may be in demonstrating the need for effective cyber security regulations to force businesses to treat their online security needs seriously. The success of this hack was as much due to Sony's lack of effective Internet security as it was due to any skill on the part of its attackers. It is becoming increasingly plain that Sony knew of the flaws in its online security for some time before the latest attack and yet failed to rectify them in order to protect both the business and its employees from the attack

In Battle to Defang ISIS, U.S. Targets Its Psychology (New York Times) Maj. Gen. Michael K. Nagata, commander of American Special Operations forces in the Middle East, sought help this summer in solving an urgent problem

U.S. cannot afford to be behind in cyber security (San Diego Union Tribune) The North Korean hack attack on Sony Pictures, which The New York Times described as possibly one of the most destructive cyber attacks on American soil, highlights growing concerns about American vulnerability to cyber warfare

Stopping the Next Cyberassault (Wall Street Journal) Congress needs to expand private-sector access to classified intelligence about threats

Keating Says Law Will Boost Intelligence-Sharing (CBSBoston) A Massachusetts congressman says a new law proposed in the aftermath of the 2013 Boston Marathon bombing will help strengthen intelligence-sharing among federal, state and local law agencies

Litigation, Investigation, and Law Enforcement

DoJ's new cybersecurity office to aid in worldwide investigations (Federal News Radio) The Justice Department is taking its cyber crime-fighting efforts to a new level with the addition of a new cybersecurity unit. The unit will be operating under DoJ's Computer Crime and Intellectual Property section, and will serve to offer legal advice for cyber crime investigations worldwide

On Christmas Eve, NSA quietly releases 12 years worth of internal reports (Ars Technica) Less law-abusing, more human error — like sensitive info sent to the wrong printer

51% of UAE users faced financial cyber-attacks in 2014 (Emirates 24/7) One victim in five lost over $1,000 to online fraud: Kaspersky

Facebook to face lawsuit for 'reading' users' messages. (HackRead) U.S District Judge Phyllis Hamilton ruled that Facebook must "face the consequences" of violating its users' privacy by actually scanning the messages they have been sending to other users as a form of advertising

Judge: It's OK, Cops can trick you to be their friends on Instagram. (HackRead) A serial burglar named Daniel Gatson has a pretty interesting Instagram account, it is private so you need to request to follow him. Gatson posts pictures of cash and jewelry on his account as cops discovered after they created fake Instagram accounts and, following a request to the burglar, got access to his posts

Silk Road Money Laundering: Bitcoin Pioneer Charlie Shrem Jailed for 2 Years. (HackRead) The Silk Road marketplace was shut down back in 2013 because law enforcement agencies raided them with the accusation of buying and selling illegal drugs

Cyber swatting hits close to home (Burnett County Sentinel) The 911 call at 1:50 a.m. Thursday morning was about a boy in Grantsburg who shot his mom. An hour later, another 911 call described the same boy stabbing his dad

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybersecurity World Conference (New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...

U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market (Washington, DC, USA, January 12, 2015) Join the U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market. The value of the global cyber security market is expected to grow by 11.3% each year, reaching $120 billion by...

FloCon 2015 (Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, January 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris...

ShmooCon (Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, January 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015,...

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human...

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, January 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal,...

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives...

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.