The Syrian Electronic Army (SEA) opens 2014 by hacking Skype's blog and social media accounts. It's a protest against Microsoft; user accounts appear unaffected.
Turkish hacktivists deface the United Nations Development Program for Ecuador. Neither Ecuador nor the UN are the targets: Ayyildiz Team's patriotic ire is directed against the United States, Israel, Armenia, and domestic opponents.
Exploiting a database vulnerability SnapChat had previously disclosed and dismissed as "theoretical," hackers compromise and expose more than 4 million SnapChat user accounts. Their stated objective was to shame SnapChat and other companies into improving their security.
Another online gaming site, Runescape, was attacked over the holidays, but service has now been restored.
Websense researchers explain how they believe Microsoft Windows crash reports afford hackers "a significant advantage," and promise more details at RSA.
Addressing the Chaos Conference in Hamburg, Wikileaks' Assange calls for massive online retaliation against NSA and its partners.
The Cloud Security Alliance and others predict movement toward a "zero–trust" security model. Augmented reality is seen as the up–and–coming hacktivist target. A ZDNet story purports to explain why Macs, despite vulnerabilities, remain safer than PCs: with PCs relatively easier to exploit, it's not worth hackers' while to go after Macs.
Concerns about government surveillance appear to be stoking an industry bandwagon for encryption solutions. French companies especially seem to be jumping on early.
Indictments are coming in South Korea's cyber command scandal. Ars Technica gives its four legal stories to watch in 2014: NSA litigation, Megaupload, Silk Road, and Lavabit.
Today's issue includes events affecting Armenia, Ecuador, Estonia, European Union, Finland, France, India, Israel, Republic of Korea, New Zealand, Philippines, Syria, Turkey, United Kingdom, United States..
Turkish Ayyildiz Team Hacks UNDP Ecuador Website, Leaves Anti–Israeli Message(Hack Read) The online hactivists Ayyildiz Team from Turkey has hacked and defaced the official website of United Nations Development Program (UNDP) designated for Republic of Ecuador. Hackers left a deface page along with a message on the hacked UNDP website which contains abusive messages against US, Israel and Armenia in Turkish language
4.6m Snapchat names and phone numbers leaked by hackers(CNet) Personal details of 4.6 million Snapchat accounts have been hacked and posted online. The hugely popular photo–sharing app has been targeted by hackers looking to shame Snapchat " and by extension, other apps and companies " into improving security, with experts warning "everyone is still at risk"
Predictably, Snapchat user database maliciously exposed(ZDNet) Snapchat is a textbook example of why responsible disclosure is a failure. On January 1, 2014, an anonymous user announced the release of SnapchatDB and 4.6 million usernames and matched phone numbers in a Hacker News post. The Snapchat accounts — even those marked 'private' — were exposed in a database hack that Snapchat knew about for four months, ignored, then told press last week was only "theoretical"
Malware and the Self–Deleting Batch File Method(Journey into Incident Response) Data destruction is an anti–forensic technique where data is deleted to limit the amount of forensic evidence left on a system. One data destruction anti–forensic technique leveraged by malware are self–deleting droppers and downloaders
Cryptolocker ransomware protection: A new reason for old advice(SearchITChannel) As with anything in technology, it is only a matter of time until a newer, faster version is available. Unfortunately, this is not always for the betterment of all. Earlier this year a new ransomware virus, called Cryptolocker, began infecting computers owned by individuals and businesses alike
Updated: Runescape Victim Of Cyber Attack(Gamesided) The Runescape website and affected servers have been restored. The group has been targeting yet another Twitch user, but nothing major has come of it just yet
Predicting cyber hacktivists acts for 2014(InformationWeek) Mobile devices will become the attack vector of choice, bringing in nastier threats and attacks. The "next big thing" that cybercriminals are waiting for could come from the world of augmented reality, says Dhanya Thakkar , Managing Director, India & SAARC, Trend Micro
Why Mac users are safer(ZDNet) The evidence is overwhelming: The opportunities to attack Mac users are plentiful, but nobody bothers. It's still too easy to get at Windows users. This has been obvious for some time and well-understood in the security community
How prepared are the financial markets for a cyber attack(The Banker) The threat of cyber attacks grows ever greater, as hackers become more and more sophisticated and an increasing level of data is handled electronically. So what are financial institutions, exchanges and governments doing to combat this threat
Techies vs. NSA: Encryption arms race escalates(AP via Akron Legal News) Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies
Apple denies working with NSA to create back door(MarketWatch) Apple Inc. said it never worked with the National Security Agency to create a back-door way for the organization to spy on iPhone users and it was unaware of any program to target its products
HP to cut 5000 more jobs(ITWeb) Hewlett–Packard (HP) is set to cut 5000 more jobs, bringing the total number of layoffs to 34,000 — 11% of the company's workforce
Eliminating black hat bargains(SearchSecurity) When it comes to information security defense, Mike Hamilton has a tough job. As the chief information security officer for the city of Seattle, Hamilton's responsibilities extend to the networks of a variety of other groups, such as the city's police and fire departments. The complexity of securing those networks requires that Hamilton focus not just on defense, but also on causing pain to any attacker
Four reasons why audits matter(Help Net Security) We live in a world where assurance is a precious commodity. People with bad intentions are getting smarter every day as evidenced by the recent compromise of nearly 40 million credit and debit card
As the Network Shifts(SC Magazine) While 20 percent of the connections to a network are unknown, despite the investment of millions of dollars in security technology, it is critical to identify all connections within an enterprise. This 80-20 rule requires a premier discovery solution, one that will define a network perimeter and validate that unknown connections do not exist
Small Cells vs. Big Data(Foreign Policy) Can information dominance crush terrorism? The fundamental dynamic of the Cold War was an arms race to build nuclear weapons; conflict today is primarily driven by an "organizational race" to build network
To detect 100 percent of malware, try whitelisting 'ite'(Computerworld) Every antimalware scanner claims to catch 99 to 100 percent of malware. But how can that be true? If it were, our computers wouldn't get infected nearly as much as they do, and the antimalware industry would have roundly defeated its malicious foes by now
Design and Innovation
Bitcoin Is a High–Tech Dinosaur Soon to Be Extinct(Bloomberg) For all the regulatory crackdowns on Bitcoin in recent weeks, the cryptocurrency's advocates remain unfailingly optimistic. Bitcoin is the future, they tell us; it heralds a future where private, stateless currencies will dethrone the dollar and other monetary dinosaurs
Family of first CSC president donates P3M for construction of Cyber Building(Catanduanes Tribune) Just a stone's throw from the main building of the Catanduanes State University, workers are in the midst of pouring concrete for the columns of what would become the PG Tabuzo Cyber Building, named after the institution's first president: the educator Pedro G. Tabuzo of Salvacion, Virac
Here's what we learned about the NSA's spying programs in 2013(The Washington Post) On June 5, millions of Americans learned the U.S. government was collecting and storing information about their phone calls thanks to documents from former National Security Agency (NSA) contractor Edward Snowden. And over the following months, a barrage of stories revealing the extent of state–sponsored surveillance activities has held the front page of newspapers around the world captive
Good or not, change is coming to the NSA(The Washington Post) Changes are coming in the National Security Agency's offensive and defensive intelligence programs. They were run in relative secrecy by the NSA until June, when the first reports appeared based on documents that former NSA contractor Edward Snowden turned over to journalists
Obama, Congress should curb NSA(Charlotte Observer) With a federal judge's ruling last week that the National Security Agency's massive collection of U.S. citizens' telephone records is legal, President Barack Obama is getting timely cover to ignore an expert panel's recommendations for overhaul. It would be wrong and unwise for the president to do so
Security policy should be more clearcut(Rocky Mountain Telegram) President Barack Obama could help the whole world start the new year on a bright note by listening to an expert panel that has recommended reining in the eavesdropping practices of the National Security Agency
More reasons to rein in the NSA(Los Angeles Times) In addition to collecting phone data on Americans, other areas ripe for reform are uncontrolled national security letters and the use of information about Americans acquired 'incidentally'
ACLU sues government over international calls(Gainesville Sun) A civil liberties group sued the U.S. government Monday, saying various agencies have failed to provide adequate documents related to what it calls the sweeping monitoring of Americans' international communications
Edward Snowden, Whistle–Blower(The New York Times) Seven months ago, the world began to learn the vast scope of the National Security Agency's reach into the lives of hundreds of millions of people in the United States and around the globe, as it collects information about their phone calls, their email messages, their friends and contacts, how they spend their days and where they spend their nights. The public learned in great detail how the agency has exceeded its mandate and abused its authority, prompting outrage at kitchen tables and at the desks of Congress, which may finally begin to limit these practices
Clues to Future Snowden Leaks Found In His Past(Washington's Blog) Only a tiny fraction of Snowden's documents have been published. What's still to come? We believe one hint comes from Snowden's past as a security specialist at one of one the NSA's covert facilities at the University of Maryland
The top four tech legal cases to watch in 2014(Ars Technica) While we're all wiping the champagne–induced sleep from our eyes, inevitably we have to sober up for 2014. The new year will mark new beginnings for all of us, but it will also mark the continuation (and perhaps conclusion) of a number of high–profile tech legal cases. We've chosen to highlight a few cases that could lead to profound changes in the tech landscape in years to come
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FloCon 2014(, January 1, 1970) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
Cybertech: Cyber Security Conference and Exhibition(, January 1, 1970) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.