skip navigation

More signal. Less noise.

Daily briefing.

The Syrian Electronic Army (SEA) opens 2014 by hacking Skype's blog and social media accounts. It's a protest against Microsoft; user accounts appear unaffected.

Turkish hacktivists deface the United Nations Development Program for Ecuador. Neither Ecuador nor the UN are the targets: Ayyildiz Team's patriotic ire is directed against the United States, Israel, Armenia, and domestic opponents.

Exploiting a database vulnerability SnapChat had previously disclosed and dismissed as "theoretical," hackers compromise and expose more than 4 million SnapChat user accounts. Their stated objective was to shame SnapChat and other companies into improving their security.

Another online gaming site, Runescape, was attacked over the holidays, but service has now been restored.

Websense researchers explain how they believe Microsoft Windows crash reports afford hackers "a significant advantage," and promise more details at RSA.

Addressing the Chaos Conference in Hamburg, Wikileaks' Assange calls for massive online retaliation against NSA and its partners.

The Cloud Security Alliance and others predict movement toward a "zero–trust" security model. Augmented reality is seen as the up–and–coming hacktivist target. A ZDNet story purports to explain why Macs, despite vulnerabilities, remain safer than PCs: with PCs relatively easier to exploit, it's not worth hackers' while to go after Macs.

Concerns about government surveillance appear to be stoking an industry bandwagon for encryption solutions. French companies especially seem to be jumping on early.

Indictments are coming in South Korea's cyber command scandal. Ars Technica gives its four legal stories to watch in 2014: NSA litigation, Megaupload, Silk Road, and Lavabit.

Notes.

Today's issue includes events affecting Armenia, Ecuador, Estonia, European Union, Finland, France, India, Israel, Republic of Korea, New Zealand, Philippines, Syria, Turkey, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

'Syrian Electronic Army' hacks Skype's Twitter and blog accounts (The Guardian) Hacking group briefly takes over messaging service's social media accounts to allege sale of data to governments and publish Steve Ballmer contact details " but Skype accounts unaffected

Turkish Ayyildiz Team Hacks UNDP Ecuador Website, Leaves Anti–Israeli Message (Hack Read) The online hactivists Ayyildiz Team from Turkey has hacked and defaced the official website of United Nations Development Program (UNDP) designated for Republic of Ecuador. Hackers left a deface page along with a message on the hacked UNDP website which contains abusive messages against US, Israel and Armenia in Turkish language

4.6m Snapchat names and phone numbers leaked by hackers (CNet) Personal details of 4.6 million Snapchat accounts have been hacked and posted online. The hugely popular photo–sharing app has been targeted by hackers looking to shame Snapchat " and by extension, other apps and companies " into improving security, with experts warning "everyone is still at risk"

Predictably, Snapchat user database maliciously exposed (ZDNet) Snapchat is a textbook example of why responsible disclosure is a failure. On January 1, 2014, an anonymous user announced the release of SnapchatDB and 4.6 million usernames and matched phone numbers in a Hacker News post. The Snapchat accounts — even those marked 'private' — were exposed in a database hack that Snapchat knew about for four months, ignored, then told press last week was only "theoretical"

Malware and the Self–Deleting Batch File Method (Journey into Incident Response) Data destruction is an anti–forensic technique where data is deleted to limit the amount of forensic evidence left on a system. One data destruction anti–forensic technique leveraged by malware are self–deleting droppers and downloaders

Cryptolocker ransomware protection: A new reason for old advice (SearchITChannel) As with anything in technology, it is only a matter of time until a newer, faster version is available. Unfortunately, this is not always for the betterment of all. Earlier this year a new ransomware virus, called Cryptolocker, began infecting computers owned by individuals and businesses alike

Updated: Runescape Victim Of Cyber Attack (Gamesided) The Runescape website and affected servers have been restored. The group has been targeting yet another Twitch user, but nothing major has come of it just yet

More than 800 incidents of data loss in NHS health boards (STV News) There have been more than 800 incidents of data loss by health boards in the last five years, new figures have revealed

Unencrypted Windows crash reports give 'significant advantage' to hackers, spies (Computerworld) Windows' error– and crash–reporting system sends a wealth of data unencrypted and in the clear, information that eavesdropping hackers or state security agencies can use to refine and pinpoint their attacks, a researcher said today

WikiLeaks Julian Assange asks Hackers to Unite Forces Against NSA Surveillance (Hack Read) While addressing a large number of hackers and computer experts at Chaos Communication Congress in Hamburg, the WikiLeaks founder Julian Assange urged hackers from all over the world to join forces against National Security Agency (NSA)'s PRISM surveillance program

Significant Deficiencies' at Election Commission Put Agency At Risk (Threatpost) The Federal Election Commission (FEC) is highly vulnerable to intrusions and data breaches after an audit discovered "significant deficiencies" in the FEC's IT security program

Cyber Trends

Cloud computing 2014: Moving to a zero–trust security model (Computerworld) Another industry group, the Cloud Security Alliance, predicted a similar backlash due to concerns by Europen companies that the U.S. government

Predicting cyber hacktivists acts for 2014 (InformationWeek) Mobile devices will become the attack vector of choice, bringing in nastier threats and attacks. The "next big thing" that cybercriminals are waiting for could come from the world of augmented reality, says Dhanya Thakkar , Managing Director, India & SAARC, Trend Micro

Why Mac users are safer (ZDNet) The evidence is overwhelming: The opportunities to attack Mac users are plentiful, but nobody bothers. It's still too easy to get at Windows users. This has been obvious for some time and well-understood in the security community

How prepared are the financial markets for a cyber attack (The Banker) The threat of cyber attacks grows ever greater, as hackers become more and more sophisticated and an increasing level of data is handled electronically. So what are financial institutions, exchanges and governments doing to combat this threat

Shiver My Interwebs (Slate) What can (real) pirates teach us about cybersecurity

Key trends in ransomware, evasion techniques and social attacks (Help Net Security) McAfee Labs released a predictions report, analyzing 2013 trends through its Global Threat Intelligence (GTI) service to forecast the threat landscape for the coming year

4 Trends In Vulnerabilities That Will Continue In 2014 (Dark Reading) Bounty programs will continue to expand, more researchers will focus on embedded devices and libraries, and security software will find itself under more scrutiny

Marketplace

Alastair Mitchell: In–Q–Tel–Backed Huddle Starts Work on Agency Collaboration Tool (ExecutiveBiz) In–Q–Tel–backed Huddle has joined a five-year collaboration effort to develop standardized information technology operations for the intelligence community, Federal Times reported

Techies vs. NSA: Encryption arms race escalates (AP via Akron Legal News) Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies

The security industry finds a dream enemy — government spy agencies (Computerworld) Revelations about mass surveillance will fuel encryption adoption in the next year, but implementing it will take care, security experts say

French Contractors Jump Into Market for Secure Communications (Wall Street Journal) But many U.S. firms that offer communications services say that well–implemented cryptography can remain secure. U.S.–based Silent Circle

Apple denies working with NSA to create back door (MarketWatch) Apple Inc. said it never worked with the National Security Agency to create a back-door way for the organization to spy on iPhone users and it was unaware of any program to target its products

HP to cut 5000 more jobs (ITWeb) Hewlett–Packard (HP) is set to cut 5000 more jobs, bringing the total number of layoffs to 34,000 — 11% of the company's workforce

ZTE reorgs to focus on operator, device, enterprise markets (ZDNet) ZTE reorganizes into three key business units"operators, mobile devices, and enterprises"and targets three emerging market segments as it maps outs its 2014 strategy

Products, Services, and Solutions

How to be notified that your password has been stolen (ZDNet) Now you can be notified if your email address appears in any new, publicly–released data breaches

Technologies, Techniques, and Standards

Eliminating black hat bargains (SearchSecurity) When it comes to information security defense, Mike Hamilton has a tough job. As the chief information security officer for the city of Seattle, Hamilton's responsibilities extend to the networks of a variety of other groups, such as the city's police and fire departments. The complexity of securing those networks requires that Hamilton focus not just on defense, but also on causing pain to any attacker

Four reasons why audits matter (Help Net Security) We live in a world where assurance is a precious commodity. People with bad intentions are getting smarter every day as evidenced by the recent compromise of nearly 40 million credit and debit card

'It has outlived its usefulness': The cross–border deal that sounds the death knell for physical signatures (ZDNet) One small memorandum of understanding, one big step for cross–border IT as Estonia and Finland ink deal for common online services

What's wrong with in–browser cryptography? (Tony Arcieri) If you're reading this, then I hope that sometime somebody or some web site told you that doing cryptography in a web browser is a bad idea. You may have read "JavaScript Cryptography Considered Harmful". You may have found it a bit dated and dismissed it

As the Network Shifts (SC Magazine) While 20 percent of the connections to a network are unknown, despite the investment of millions of dollars in security technology, it is critical to identify all connections within an enterprise. This 80-20 rule requires a premier discovery solution, one that will define a network perimeter and validate that unknown connections do not exist

Small Cells vs. Big Data (Foreign Policy) Can information dominance crush terrorism? The fundamental dynamic of the Cold War was an arms race to build nuclear weapons; conflict today is primarily driven by an "organizational race" to build network

To detect 100 percent of malware, try whitelisting 'ite' (Computerworld) Every antimalware scanner claims to catch 99 to 100 percent of malware. But how can that be true? If it were, our computers wouldn't get infected nearly as much as they do, and the antimalware industry would have roundly defeated its malicious foes by now

Design and Innovation

Bitcoin Is a High–Tech Dinosaur Soon to Be Extinct (Bloomberg) For all the regulatory crackdowns on Bitcoin in recent weeks, the cryptocurrency's advocates remain unfailingly optimistic. Bitcoin is the future, they tell us; it heralds a future where private, stateless currencies will dethrone the dollar and other monetary dinosaurs

Slide Show: 8 Effective Data Visualization Methods For Security Teams (Dark Reading) Getting the most out of security analytics data sets, large or small, by visualizing the information

Research and Development

Chipmakers Push Memory Into the Third Dimension (IEEE Spectrum) Samsung, Micron, and SK Hynix bet that transistor redesigns and chip stacking will make memory smaller and faster

Academia

Family of first CSC president donates P3M for construction of Cyber Building (Catanduanes Tribune) Just a stone's throw from the main building of the Catanduanes State University, workers are in the midst of pouring concrete for the columns of what would become the PG Tabuzo Cyber Building, named after the institution's first president: the educator Pedro G. Tabuzo of Salvacion, Virac

Deadline nears for master's program in cyber studies (Marine Corps Times) Members of the Marine Corps' cyber community — enlisted and civilian — can earn an advanced degree through the Information Assurance Scholarship Program

Une experte suisse en cybersécurité reçoit la Légion d'honneur (RTS) Solange Ghernaouti-Hélie, experte en cybersécurité et professeure à la Faculté des hautes études commerciales (HEC) de l'Université de Lausanne, est entrée mercredi dans l'Ordre de la Légion d'honneur

Legislation, Policy, and Regulation

Here's what we learned about the NSA's spying programs in 2013 (The Washington Post) On June 5, millions of Americans learned the U.S. government was collecting and storing information about their phone calls thanks to documents from former National Security Agency (NSA) contractor Edward Snowden. And over the following months, a barrage of stories revealing the extent of state–sponsored surveillance activities has held the front page of newspapers around the world captive

Good or not, change is coming to the NSA (The Washington Post) Changes are coming in the National Security Agency's offensive and defensive intelligence programs. They were run in relative secrecy by the NSA until June, when the first reports appeared based on documents that former NSA contractor Edward Snowden turned over to journalists

Obama, Congress should curb NSA (Charlotte Observer) With a federal judge's ruling last week that the National Security Agency's massive collection of U.S. citizens' telephone records is legal, President Barack Obama is getting timely cover to ignore an expert panel's recommendations for overhaul. It would be wrong and unwise for the president to do so

Security policy should be more clearcut (Rocky Mountain Telegram) President Barack Obama could help the whole world start the new year on a bright note by listening to an expert panel that has recommended reining in the eavesdropping practices of the National Security Agency

More reasons to rein in the NSA (Los Angeles Times) In addition to collecting phone data on Americans, other areas ripe for reform are uncontrolled national security letters and the use of information about Americans acquired 'incidentally'

Litigation, Investigation, and Law Enforcement

Cyber warfare official to be indicted over online smear campaign (GlobalPost) The director of the cyber command's psychological warfare team, identified only by his surname Lee, will face indictment without physical detention for

ACLU sues government over international calls (Gainesville Sun) A civil liberties group sued the U.S. government Monday, saying various agencies have failed to provide adequate documents related to what it calls the sweeping monitoring of Americans' international communications

Edward Snowden, Whistle–Blower (The New York Times) Seven months ago, the world began to learn the vast scope of the National Security Agency's reach into the lives of hundreds of millions of people in the United States and around the globe, as it collects information about their phone calls, their email messages, their friends and contacts, how they spend their days and where they spend their nights. The public learned in great detail how the agency has exceeded its mandate and abused its authority, prompting outrage at kitchen tables and at the desks of Congress, which may finally begin to limit these practices

Edward Snowden, the insufferable whistleblower (The Washington Post) Nor has living in an actual police state given the National Security Agency (NSA) whistleblower any greater appreciation of the actual freedoms that

Clues to Future Snowden Leaks Found In His Past (Washington's Blog) Only a tiny fraction of Snowden's documents have been published. What's still to come? We believe one hint comes from Snowden's past as a security specialist at one of one the NSA's covert facilities at the University of Maryland

Court Upholds Willy–Nilly Gadget Searches Along U.S. Border (Wired) A federal judge today upheld a President Barack Obama administration policy allowing U.S. officials along the U.S. border to seize and search laptops, smartphones and other electronic devices for any reason

Cyber Criminals Recorded Blackmailing U.S.–Based CEO (SC Magazine) Two Polish criminals who unleashed a sinister cyber attack to blackmail a multi-million pound Manchester-based internet company have been jailed

The top four tech legal cases to watch in 2014 (Ars Technica) While we're all wiping the champagne–induced sleep from our eyes, inevitably we have to sober up for 2014. The new year will mark new beginnings for all of us, but it will also mark the continuation (and perhaps conclusion) of a number of high–profile tech legal cases. We've chosen to highlight a few cases that could lead to profound changes in the tech landscape in years to come

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

FloCon 2014 (, January 1, 1970) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...

NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...

cybergamut Tech Tuesday: Malware Reverse Engineering: An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (, January 1, 1970) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer...

Cybertech: Cyber Security Conference and Exhibition (, January 1, 1970) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.