skip navigation

More signal. Less noise.

Daily briefing.

LizardSquad boasts that it played a role in the Sony Pictures attack as well as the PlayStation hack.

How this will affect attribution of the Sony Pictures affair remains to be seen. Norse briefed the FBI Monday on evidence that the attack was the work of a disgruntled (laid-off?) insider. While the Bureau may be entertaining (off the record) the hypothesis that the DPRK outsourced some of the hacking, it's sticking to its findings that the North Korean government was responsible.

Several follow-ups to developing stories appear, including incursions into control networks of a still-unnamed German metallurgical firm and (allegedly) a South Korean nuclear power station. Blue Coat compares tools used in the Sony attack to the Inception campaign and its descendants and says they're in a different league — the Sony attackers are rank amateurs compared to the parties behind Inception.

Der Spiegel considers a fresh tranche of Snowden-pilfered NSA documents, mostly dealing with the agency's crypto ambitions. The German government denies fresh reports of compromise by allied intelligence services; observers note that fears of a threat from ISIS eclipse whatever dudgeon Berlin may feel toward the Five Eyes.

This week's leading phishbait includes "The Interview" streams and news of the AirAsia tragedy.

In the wild, the Internet Systems Consortium website is taken off-line as it's found to redirect to the Angler exploit kit. A 64-bit version of the Havex RAT has also been spotted.

InformationWeek thinks the Sony hack means the end of enterprise networks as we've known them.


Today's issue includes events affecting Afghanistan, China, Germany, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Russia, United Kingdom, United States.

The CyberWire will take New Year's Day off, returning as usual on January 2. We hope you continue to enjoy the holidays.

Cyber Attacks, Threats, and Vulnerabilities

A Q&A with the hackers who say they helped break into Sony's network (Washington Post) Lizard Squad. That's the hacker group whose name is suddenly on everyone's lips after it took credit for ruining Christmas for PlayStation and Xbox gamers everywhere

FBI Fixated on North Korea for Sony Hack Despite New Evidence (Daily Beast) The agency says Pyongyang acted alone even as more signs point toward the attack starting as an inside job

U.S. suspects North Korea had help attacking Sony Pictures: source (Reuters) U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month's massive cyberattack against Sony Pictures, an official close to the investigation said on Monday

FBI briefed on alternate Sony hack theory (Politico) FBI agents investigating the Sony Pictures hack were briefed Monday by a security firm that says its research points to laid-off Sony staff, not North Korea, as the perpetrator — another example of the continuing whodunit blame game around the devastating attack

The Sony Hack Question: If Not North Korea, Then Who? (SecurityWeek) The prevailing narrative for the recent devastating cyber-attack against entertainment giant Sony sounds like a script: a small country angry about a movie about to be released sends a group of elite hackers to stop the film release. But some experts don't believe that's what happened

Stop Saying North Korea Didn't Hack Sony (Business Insider) At this point, anyone who doubts that North Korea helped hack Sony is disagreeing with several top cybersecurity firms and the US intelligence community

Sony hack gives cover to Iran: Column (USA TODAY) With eyes on North Korea, growing threat from Tehran gets overlooked

South Korean nuclear plant finds malware connected to control systems (Verge) After scouring their systems for evidence of a breach, workers at South Korea's nuclear regulator have discovered an embarrassing surprise: a malware-infected device connected to the air-gapped system that controls one of the nation's nuclear reactors. There's no evidence that the malware copied itself over onto the system, and there's also no indication that the program would have had harmful effects if it had made it onto the systems

Cyber Espionage Malware Taps Smartphones, Sends Chills (IEEE Spectrum) A mysterious malware campaign resembling an attack on Russian officials from earlier this year could be the most sophisticated cyberattack yet discovered

NSA Can Circumvent HTTPS, According To Snowden Report (ReadWrite) Monitoring Facebook chats and decrypting Russian email also happens

Tor, TrueCrypt, Tails topped the NSA's 'most wanted' list in 2012 (CSO) Three out of three? That could be the score for the U.S. National Security Agency's cryptographic "most wanted" list of 2012

German government denies falling victim to cyber attack (Deutsche Welle) Germany's government says its offices have not fallen prey to hackers. The malware Regin, which has been linked to US and British spy agencies, was allegedly found on a USB stick belonging to an aide of Angela Merkel

Merkel staffer's laptop infected by US/UK spy malware — report (Russia Today) An aide to the German chancellor has become the victim of a cyber-attack, according to media. The highly-sophisticated Regin virus that was found on her infected USB stick is reported to be a product of British and US spy agencies

Cyber attack on Afghan Government Websites? Was it really an attack? (Khaama) The news was big, Afghan Government websites attacked by Chinese hackers and reported by an American cyber security research company. Local newspapers and TVs started talking about the issue as if our country was attacked and intruded by China! National Security Council begun investigating the issue. What happened later on, none of us really know

Fake "The Interview" app is really an Android banking trojan (Graham Cluley) The must-see movie of the moment is surely not "The Hobbit: Battle of the Five Armies", "Unbroken" or even "Paddington". No, the one movie that everyone is talking about is "The Interview"

Missing AirAsia Flight QZ 8501: Cyber-criminals minting money on your misery (Tech 2) Cyber-criminals now have a new target. They have turned their focus on exploiting the incident of the missing AirAsia Indonesia Flight QZ 8501 which had lost contact with Air Traffic Control yesterday at 7:24 a.m

Facebook Users Targeted Via Android Same Origin Policy Vulnerability (SecurityWeek) Researchers at Trend Micro say attackers are actively exploiting a vulnerability in Android's WebView browser in order to compromise Facebook accounts

Internet Systems Consortium Site Redirects to Angler Exploit (Threatpost) The Internet Systems Consortium website is offline today after the non-profit domain name service maintainer announced its website had possibly become infected with malware

64-bit Version of HAVEX Spotted (TrendLabs Security Intelligence Blog) The remote access tool (RAT) HAVEX became the focus of the security industry after it was discovered to have played a major role in a campaign targeting industrial control systems (ICS). While observing HAVEX detections (known by different vendors as Dragonfly, Energetic Bear, and Crouching Yeti), we noticed something interesting

WTF? Malware spreads via Steam chat (Graham Cluley) If you are one of the many people enjoying playing games via Steam this holiday season, be wary of chat messages inviting you to click on a link

Repackaging HTML5 Apps into Android Malware (TrendLabs Security Intelligence Blog) Predictably, with the finalization of HTML5 standard by World Wide Web Consortium (W3C) last October, there will be a rapid growth of new HTML5 web apps coming out in the near future. Considering the platform independent characteristic in web apps, we foresee that HTML5 will accelerate the repackaging from web apps to mobile apps for malicious intent

Target Hackers Hit (KrebsOnSecurity) Parking services have taken a beating this year at the hands of hackers bent on stealing credit and debit card data. This week's victim — — comes compliments of the same organized crime gang thought to be responsible for stealing tens of millions of card numbers from shoppers at Target and Home Depot

"How a North Korean cyber attack could cripple Britain". The Daily Mail goes bonkers (Graham Cluley) There's nothing like serious journalism, which avoids sensationalism and instead serves up a sensible, level-headed exploration of complex issues for the edification of the public

Cyber Attack Causes Physical Damage at German Iron Plant (eSecurity Planet) The attack caused 'massive damage to the whole system,' according to Germany's BSI

Can malware and hackers really cause giant physical disasters? (Naked Security) Right back to the 1980s, when computer viruses first appeared in any number, people have been asking, "Can malware and hackers cause giant physical disasters?"

USBdriveby, how to compromise a PC with a $20 microcontroller (Security Affairs) USBdriveby is a device designed to quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB

Re-Gifting Digital Gadgets Can Lead to Identity Theft Woes (PC Magazine) If you received a shiny new gadget for the holidays, you may be thinking about passing your existing device to a new owner. It works just fine, and it's better to pass it on than to throw it away, right?

Cyber attack that blocked out Columbia's website fits in denial-of-service category (Missourian) It was about 11 p.m. on Christmas Eve when city officials became aware of a possible cyber attack on the city government website, Work began immediately to resolve the issue

What the ultimate merry prankster can teach the media about hoaxes (Quartz) One of the things I love about New York is Stuyvesant High School, and one of the things I love about Stuyvesant is that Frank McCourt once taught there

That's it, we can never trust bankers again (Quartz) Are all bankers liars? Of course not. Then again

Security Patches, Mitigations, and Software Updates

Facebook Rewards Researcher For Reporting Critical Vulnerability (SecurityWeek) A researcher has found a way to upload potentially malicious code to Facebook's servers by hiding it inside a harmless-looking Microsoft Word document file

Cyber Trends

Sony Fallout: The Terrorists Win Our Networks (InformationWeek) It's time to get serious. Sony hack may mark the end of enterprise networks as we know them

The Year's Biggest Winners and Losers in Privacy and Security (Wired) In most contests the winner isn't simultaneously the loser. But that wasn't the case this past year in the unofficial contest to determine computer security and privacy winners and losers

A 2014 Lookback: Predictions vs. Reality (Dark Reading) It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication

Standardizing and Strengthening Security for MSPs: Five Key Takeaways (MSPMentor) MSPs face multiple challenges when it comes to the need to secure their customers in the most efficient and scalable way possible. From troublesome users to cumbersome tools to the challenges of onboarding new customers, it can be difficult to consistently and fully protect each endpoint


20 Startups To Watch In 2015 (Dark Reading) Check our list of security startups sure to start (or continue) making waves in the coming year

FBI seeks tech gurus for 'hacking' positions (Chicago Tribune via the Star Tribune) To battle hackers, you have to think like one

Nomura Securities Remains Bullish On FireEye (FEYE) Stock (Bidness ETC) Nomura Securities analyst Rick Sherlund has maintained a Buy rating and a $40 price target on FireEye Inc stock

BAE increases apprentice intake to new record (Telegraph) Defence group BAE Systems has hired a record 710 trainees

BAE turns its fire on tax evasion (Financial Times) With its Eurofighter jets and Bradley tanks, BAE Systems has a long history of protecting countries from military attack. But now it is building weapons to go after an altogether different enemy: tax fraudsters

Phoenix aims to become "Cyber Security Valley" (Arizona Republic) Welcome to "Cyber Security Valley," the emerging label for the Phoenix area, thanks to a concerted effort by successful and well-funded tech security leaders and government agencies

Gene Ray, Jay Cohen to Serve in Interim Exec Roles at Decision Sciences (GovConWire) Decision Sciences International CorpDecision Sciences International Corp. has named former Titan Corp. CEO Gene Ray as interim CEO and former Department of Homeland Security Undersecretary Jay Cohen as interim chief operating officer

Products, Services, and Solutions

The Enormous Implications Of Facebook Indexing 1 Trillion Of Our Posts (TechCrunch) A whole wing of the Internet just got added to our collective conscience, like websites by Google or knowledge by Wikipedia before it

Microsoft Is Rumored To Be Building A New Browser That Is Not Internet Explorer (TechCrunch) Remember when Chrome was fast? Microsoft might, if ZDNet's Mary Jo Foley's recent report that the software company is building a lightweight browser, codenamed "Spartan," bears out

Technologies, Techniques, and Standards

Will 2015 be the year we finally do something about DDoS? (Internet Storm Center) Among the events of the past few days during the holidays was a DDoS attack on Sony's Playstation network and on Xbox Live's network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not precisely the profile of a highly sophisticated attack. Such attacks have increased in both intensity and frequency in the past year but, to an extent, are not terribly new

Is Threat Intelligence Actually Fueling Prevention? (Infosecurity Magazine) Phishing remains all too easy for today's hackers, with the latest ruse involving emails purporting to be from the World Health Organization concerning Ebola. A major problem with digital communication is that it's often difficult to differentiate between an authentic email and one that's been falsified. Basic security intelligence is championed as a crucial way of protecting business infrastructure — whether it's looking for unusual changes in URL hyperlinks or the anomalous use of certain names in email 'from' fields — as this can indicate if malicious activity is at work inside a business, or attempting to penetrate it. However, a big question is 'how much of the threat intelligence data gathered is actionable?'

What Makes a Great Risk Management Team? (Chartered Management Institute) Keeping steady hands on the corporate tiller, risk managers have very specific traits that can flourish in contrasting yet complementary ways

Information Security and Enterprise Risk: How Do They Relate? (RSA: Speaking of Security) As of 2014, information security has become a board-level concern. Senior business executives — including the president, chairman, and board of directors — are paying attention to enterprise risk and information security in a way they never have before

The Right Security Framework For Your Small Business (Tripwire: The State of Security) So you're a small business. You may be a small school district, a local restaurant chain, or even a non-profit helping your community; whatever you are though, resources are tight, especially when it comes to IT. With the tidal wave of security incidents in the news lately you are curious about how to better secure your information

Design and Innovation

Cheap randomness — real security (ZDNet) Modern cryptography protocols require real randomness. Sadly, most Random Number Generators (RNG) are pseudo-random and, therefore, hackable. Here's a cheap RNG for the rest of us


RIT cyber-security scholarship (13WHAM) The Rochester Institute of Technology has established a cyber-security scholarship program called "CyberCorps Scholarship for Service"

Legislation, Policy, and Regulation

Chinese internet users 'should accept blocking of Gmail in China': Global Times (South China Morning Post) An editorial in the Chinese newspaper Global Times this morning said Chinese internet users should accept the blocking of Gmail

Backlash in Berlin over NSA spying recedes as threat from Islamic State rises (Washington Post) In a crescendo of anger over American espionage, Germany expelled the CIA's top operative, launched an investigation of the vast U.S. surveillance programs exposed by Edward Snowden and extracted an apology from President Obama for the years that U.S. spies had reportedly spent monitoring German Chancellor Angela Merkel's cellphone

Officials Taking Aim At Cyber Risks (InsuranceNewsNet) Federal and state officials are ramping up their efforts to deal with cyber risks, a risk highlighted by the recent high-profile data breach at Sony Pictures

Litigation, Investigation, and Law Enforcement

NSA Reports to the President's Intelligence Oversight Board (IC on the Record) Late last week, in response to a Freedom of Information Act lawsuit, the NSA released reports previously submitted to the President's Intelligence Oversight Board from the fourth quarter of 2001 to the second quarter of 2013 as well as four annual reports

The NSA's Ongoing Efforts to Hide Its Lawbreaking (Atlantic) The spy agency touts its commitment to transparency and following the rules. But there are many good reasons to reject its characterizations

Kremlin critic Alexei Navalny gets suspended sentence but brother jailed (Guardian) Navalny, who led anti-Putin protests, was sentenced for embezzlement in trial seen as part of campaign to stifle dissent

Что хочу сказать (Navalny) Ведь штука в том, что в Кремле сидят уже даже не деловитые жулики: воры, которым улыбнулась удача в виде Ельцина, передавшего им власть в 1999 году и материализовавшие свою фартовость в миллиарды долларов на швейцарских счетах от продажи ресурсов нашей страны

Bitcoin Extortionist Swatting Cryptographers (Cryptocoins News) When Satoshi Nakamoto, a name widely believed to be a pseudonym for a small group, published the specifications for Bitcoin back in 2008 the effort was not widely recognized at first. One of those who did understand the implications was cryptographer Hal Finney. His early entry into mining Bitcoin provided him with the funds he and his wife Fran needed for his five-year battle with Lou Gehrig's disease

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

Upcoming Events

Cybersecurity World Conference (New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...

U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market (Washington, DC, USA, January 12, 2015) Join the U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market. The value of the global cyber security market is expected to grow by 11.3% each year, reaching $120 billion by...

FloCon 2015 (Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, January 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris...

ShmooCon (Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, January 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015,...

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human...

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, January 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal,...

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives...

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.