skip navigation

More signal. Less noise.

Daily briefing.

Chinese media continue to blame the country's recent Internet outage on hacktivists (Falun Gong prominently mentioned in dispatches), but outsiders aren't so sure: they think that in this case the Great Firewall may have jammed itself.

The Assad's Syrian Electronic Army is back, and it's after CNN Twitter accounts. (They were quickly ejected.) InfoSecurity Magazine runs an SEA overview that predicts the state-coordinated group will become more active in 2014.

Neiman Marcus releases more information on its part of the BlackPOS/Kaptoxa campaign. The US FBI warns retailers to expect more of the same. Industry observers think Target's cyber insurance policy may not hold up if the insurers find compliance issues in the company's security posture.

Researchers at Sweden's Karlstad University find a small number of Tor exit relays sniffing traffic and conducting man-in-the-middle attacks, thus reminded us that "anonymous" isn't synonymous with "secure."

The researcher who developed it has published the Chrome eavesdropping exploit. Google dismisses it as a stunt, and no real threat.

Krebs reports that Foscam IP cameras and baby monitors are vulnerable to exploitation by snoops with access to their IP address.

Crowdstrike's 2013 retrospective continues to draw attention, particularly in its conclusions that fifty groups dominate global cyber crime, and that Russia is engaged in a sustained campaign targeting the energy sector.

Attention small businesses: Cisco patches its widely reported unauthorized access vulnerability.

McAfee observes a disturbing rise in security-aware malware, showing again the inadequacy of legacy perimeter and signature-based defenses.

The European Court scrutinizes GCHQ.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, France, Israel, Bailiwick of Jersey, Netherlands, Poland, Russia, Sweden, Syria, Taiwan, United Arab Emirates, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

China Blames Massive Internet Blackout On Hackers (InformationWeek) Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say

China's Great Firewall blamed for eight-hour Internet blackout (CSO) The extraordinary Internet outage that left hundreds of millions of Chinese Internet users unable to access the web on Tuesday afternoon lasted for eight hours and spread its effects across the globe, monitoring firm Compuware has reported

Syrian group hacks CNN social media accounts (AFP via Yahoo!News) The Syrian Electronic Army claimed responsibility for hacking some of US broadcaster CNN's social media accounts. The network said the compromised accounts included its main Facebook page, its Twitter page and blogs for "The Situation Room" and "Crossfire"

Syrian Electronic Army Escalated Tactics Over 2013; Poised for More this Year (InfoSecurity Magazine) The hacktivist group known as the Syrian Electronic Army was a particularly active adversary in the second half of 2013, and remains one of the top global threat actors to watch in the coming year as the Syrian conflict drags on — not least because of the group's ability to morph its techniques to keep things interesting

Target Breach: 5 Unanswered Security Questions (InformationWeek) Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers

Exclusive: FBI warns retailers to expect more credit card breaches (Reuters) The FBI has warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases in the past year that involved the same kind of malicious software used against Target Corp in the holiday shopping season

Neiman Marcus confirms and apologizes for data breach (UPI via TMCnet) U.S. retailer Neiman Marcus said Thursday a major breach of customer data from mid-July through October resulted in about 2,400 individual thefts

Don't Be the Next Target (SecureState) Target's $100 million policy is likely to be worthless if it is determined (and it will be) that they were not compliant. However, let's assume for a minute that Target's policy is actually deemed valid, and not determined to be voided by misrepresentation. For example, if Target is able to demonstrate that there were no gaps in their security controls, and that every precaution was taken to prevent this type of breach, they would still be covered by the multiple policies they have and would potentially be subject to less severe regulatory fines

Neiman Marcus data breach affects up to 1.1M customer cards (The New York Post) Luxury department store giant Neiman Marcus said that cyber thieves quietly lifted as many as 1.1 million customers' cards during a four-month period last year

Small number of malicious Tor exit relays snooping on traffic (Threatpost) A small number of Tor exit relays are misbehaving, conducting man-in-the-middle attacks and monitoring encrypted traffic from users of the anonymity network

The Inside Story of Tor, the Best Internet Anonymity Tool the Government Ever Built (Bloomberg BusinessWeek) Last year, Edward Snowden turned over to the Guardian, a British newspaper, some 58,000 classified U.S. government documents. Just a fraction of the files have been made public, but they outline the National Security Agency's massive information-collection system. They've thrown light onto the methods of an arm of the government used to working in the shadows and started an intense debate over national security and personal liberty

Chrome Eavesdropping Exploit Published (Threatpost) The developer of the annyang speech recognition JavaScript library has published exploit code for a bug in Google's Chrome browser that could allow a malicious website to eavesdrop using a computer's microphone long after a visitor has left a website

Google Dismisses Chrome Browser Microphone Snooping Exploit (Dark Reading) A researcher has released an exploit that abuses flaws he discovered in Chrome that could allow an attacker to snoop on phone calls or other conversations at your desktop, but Google says it's compliant with W3C

Malware infects Android-run devices via PCs (Help Net Security) Researchers have recently discovered a PC Trojan whose ultimate goal is to compromise the target's Android-running smartphone or tablet with information-stealing malware

Most top 500 Android mobile apps have security and privacy risks (Help Net Security) After testing the top 500 Android applications, MetaIntell identified that approximately 460 of those 500 Android applications (available in apps stores such as Amazon, CNET, GETJAR, and Google Play)

Bug Exposes IP Cameras, Baby Monitors (KrebsonSecurity) A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device's Internet address to view live and recorded video footage, KrebsOnSecurity has learned

"Give" me Coins" website hacked, 10K Litecoins worth $230k stolen (eHackingNews) One of the largest Litecoin mining pools "Give Me Coins" website (give-me-coins.com) has been hacked. 10,000 Litecoins worth $230,000 have reportedly been stolen

'Watering holes' become popular attack vector for targeted attacks (FierceITSecurity) CrowdStrike report says watering holes have a number of advantages over spearphishing

Global cybercrime dominated by 50 core groups, CrowdStrike report finds (CSO) Cybercrime in 2013 was dominated by a core of around 50 active groups, including Russian and Chinese 'threat actors' whose activities are only now coming to light, a report from monitoring firm CrowdStrike has found

Energy Sector Under Attack (Industrial Safety and Security Source) A cyber espionage campaign targeted hundreds of organizations from Europe, America and Asia and it appears the Russian government is behind it, researchers said. IT security firm CrowdStrike said Russia has been launching cyber attacks in an effort to steal sensitive information which it can use to gain an economic advantage over its opponents

Health data breach count tops 800 (FierceHealthIT) The "wall of shame" for health data breaches at the Department of Health and Human Services has seen a lot of action this month

Howard schools recover from possible cyber attack (The Baltimore Sun) Howard County Public School System officials said last week that Internet outages that persisted for nearly a week earlier in the month were caused by a possible cyber attack. Internet outages started occurring the first week in January, according to emails from various schools in the county, and continued until about Monday, Jan. 13

Phishing via Social Media (Internet Storm Center) The use of social media as an attack vector is nothing new; We've all seen plenty of stories in the media of fake FaceBook profiles such as the one for American Admiral James Stavridis back in 2012 [1]. This tends to mean we're more wary of Facebook and Twitter, but many of us still use LinkedIn as it is a great tool to build out professional networks, tap in to like-minded groups or be stalked approached by recruiters

T-Mobile: Hack May Have Revealed Personal Information (TechnoBuffalo) T-Mobile is reportedly gearing up to reveal that personal information may have been exposed in an "authorized access" incident, according to a report published Thursday. The details were provided by CSO, which discovered a letter that was recently published by the California Attorney General. The letter suggests T-Mobile discovered the breach back on Nov. 26, 2013, so we're not quite sure why details are only surfacing now

Keygens For Engineering, Scientific Software Leads To FAKEAV (TrendLabs Security Intelligence Blog) In the past few weeks, we have seen increasing numbers of infections related to the TROJ_GATAK, especially in the North American region. This malware family is not particularly well known; we discussed it in 2012 in relation with file infectors that were hitting Dutch users

Breach Among Largest Ever in Canada (GovInfoSecurity) Health data breaches involving unencrypted devices aren't just an American problem. The recent theft of an unencrypted laptop from an IT consultant working for Medicentre Family Health Care Clinics in Edmonton has resulted in what is believed to be one of the largest health data breaches ever reported in Canada

Security Patches, Mitigations, and Software Updates

Cisco WAP4410N Wireless-N Access Point — PoE/Advanced Security (Cisco) Just Released! Fix for the Unauthorized Access Vulnerability in WAP4410N

Apple patches many vulnerabilities in iTunes (ZDNet) 25 vulnerabilities are addressed in the new version 11.1.4. 24 of them affect only the Windows version of iTunes

Cyber Trends

Security-Aware Attacks: The Bad Guys Just Got a Whole Lot Smarter (McAfee) In the battle between cybercriminals and security companies, the threat of escalation has always been present. Until recently, most malware attacks could be avoided by blocking known or suspicious file types before they entered the network

Top 10 DDoS attack trends (Help Net Security) Prolexic Technologies, a provider of DDoS protection services, published its top 10 attack trends for 2013. Throughout the year, metrics were collected from all DDoS attacks launched against the

IT managers not confident their firms could pass security compliance audit (FireceITSecurity) DataMotion survey finds disconnect between IT, non-IT employees

The Cybersecurity Risk Paradox (Microsoft Security Intelligence Report Special Edition) Around the globe, societies are becoming increasingly dependent upon information and communications technology (ICT) which is driving rapid social, economic, and governmental development. Yet with this development, new threats to digital infrastructures have emerged

12 privacy-destroying technologies that should scare you (CSO) Technology is not evil, only its use or misuse. But in the case of this dirty dozen, the potential for abuse is frightening

Cloud computing: Powerful tool for cyberattacks? (CIOL) As cyber warfare against enterprises grows more brutal by the year, cloud computing technology is also at risk for cyber attacks such as malware and phishing, which have increased the demand for technologies to combat these threats

Citigroup CEO Corbat: Threat of Cyber Attack Is Real (Value Walk) In an interview to appear on FOX Business Network's (FBN) Countdown to the Closing Bell (3PM/ET), Citigroup Inc (NYSE:C) CEO Michael Corbat speaks with anchor Liz Claman about the company's recovery. Corbat says, "I think when we look back, we've done a pretty monumental transformation of the company" and that "we feel like we've got the right business model and the right mix of businesses." Corbat also comments on cyber security saying, "I think the threat of cyber security is absolutely real" and that this is "an area where we dedicate a lot of resources, people, hours, money, to making sure that we've got the best technology

CEOs in the dark about cyber-attacks (Real Business) A Lancope, Inc. report, entitled "Cyber Security Incident Response: Are we as prepared as we think?", shows that while security threats are imminent, CEOs and other members of the management team are in the dark about potential cyber-attacks against their companies

Cyber criminals find new avenues to steal data [Gulf News (United Arab Emirates)] (Gulf News) The top security story in 2013 was no doubt that of the National Security Agency (NSA) whistle-blower Edward Snowden. His revelations about the breach of user privacy by the US government have had a ripple effect

Leon Panetta warns of 'crippling' cyber attack in Monterey speech (The Monterey Herald News) Former Defense Secretary Leon Panetta, in a wide-ranging speech at the Monterey Conference Center on Thursday, said cyber attacks are the "most dangerous potential threat" to the United States

Financial Data Leads The Malicious Spam Hit List For Third Year In A row (Dark Reading) In some spam categories commercial advertising is being gradually displaced by criminal mailings

Socially Engineered Behavior To Blame For Most Security Breaches (Dark Reading) KnowBe4 analysis shows effectiveness of security awareness training on employees

Industry leaders meet to discuss threat of Cyber attacks (IFCfeed) JT will be taking part in, and co-sponsoring, a breakfast seminar organised to debate and review a growing problem which is fast becoming one of biggest threats to businesses of all types today

Marketplace

European financial services turn to IAM products to provide secure access (FierceITSecurity) The European financial services market for identity and access management products is forecast by Frost & Sullivan to increase at a 31.2 percent compound annual growth rate through 2018

Cost of contact center fraud is rising for enterprises, customers (FierceITSecurity) Enterprises are turning to new technologies, combining voice biometrics, predictive analytics, location-based capabilities

Increasing cyberthreats to push energy security market past $200B by 2015 (FierceITSecurity) Smart grid technology opens up more opportunities for attackers, warns TechNavio

Three security startups you should keep an eye on (NetworkWorld) Skyfence, Zimperium, Bluebox Security target cloud and mobile security respectively

Is cybersecurity the right job for you? (FCW) Headlines, reports and keynote addresses describing a cybersecurity workforce crisis continue to dominate the IT security landscape, with thousands — even hundreds of thousands — of open positions for cyber pros. Are you one of the many IT workers looking to make the jump, only to fall short of getting hired? It's all too common, and there are some surprising reasons why

Cyber warriors: The next generation (Defense Systems) The U.S. military has always taken cyber operations seriously, dealing with constant scans, probes and attacks on its networks, dating to the early days of the Internet. But the breadth of the issue really hit home in 2008, following an incident that became known as "Operation Buckshot Yankee"

Facebook awards $33,500 bounty for critical flaw (Help Net Security) Facebook has announced that it has awarded $33,500 — their biggest bug bounty payout to date — to a Brazilian security researcher that discovered a remote code execution flaw affecting Facebook's

Pentagon says it didn't buy 80,000 new BlackBerry phones (CNET) Not so fast, BlackBerry investors — the government now says it did not make any new purchases from the struggling smartphone maker

Booz Allen keeps place on DISA contract (Federal Times) Booz Allen Hamilton will continue working under a DISA contract that had originally gone to another company. Booz Allen Hamilton is a major player in the Pentagon's efforts to enable more defense contractors to share cyber threat data with the government

Raytheon announces cyber technical research competition winner (PRNewswire) Raytheon UK has announced that MWR InfoSecurity is the first winner of its technical research competition aimed at SME (Small Medium Enterprise) in the cyber security domain. The competition's £40,000 prize, recognising research into an analysis tool to detect rogue code in Android applications, was presented at the "Agile Innovation for Cyber Security Boot Camp" hosted by the UK government's Department for Business, Innovation and Skills

KCG Secures First DHS Continuous Diagnostics and Mitigation Task Order under $6B Cyber Contract (Webwire) Knowledge Consulting Group (KCG), one of the largest privately held cybersecurity services firms in the United States, announced that it has been awarded the first task order off of the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) contract vehicle. The task order is to deliver solutions from McAfee and BDNA, and has a total value of $8,543,986

Lunarline, Inc. Honored with SmartCEO's Future 50 Award (Digital Journal) One of the nation's top cyber security firms recognized for outstanding growth & leadership

Cyber-Defense Specialist Gets Backing Of Major Smartphone Manufacturer And Launches New Approach To Mobile Security Threats (Dark Reading) Zimperium launches two products to protect organizations from advanced persistent threats on mobile

Qualcomm Buys Massive Palm, iPaq And Bitfone Patent Portfolio From HP (TechCrunch) Is Qualcomm preparing for the revival of the personal digital assistant? The San Diego-based Qualcomm just announced that it has acquired 1,400 patents from HP covering Palm, iPaq and Bitfone patents and pending patents. It's unclear how many are from each portfolio, but Qualcomm just made a big leap in owning a chunk of patents covering the fundamentals of mobile operating system

Overlooked lessons from Mandiant's $1B acquisition (Washington Technology) When Mandiant was acquired by FireEye at the end of 2013, I made little note of the $1 billion deal. The transaction seemed too commercial in nature

Products, Services, and Solutions

Antivirus Products Show Off Under Windows 8.1 (PC Magazine) Flu season is in full swing, and you've probably had your flu shot. But is your computer protected against viruses? Throughout the chilly November and December of 2013, researchers at AV-Test ran two dozen antivirusand security suite products through a barrage of tests. They've just released the latest results, identifying which products excelled in several different criteria. If you're considering which security product to choose, or considering switching from your current protection, you'll want to check these results

Microsoft Offers Choice In Cloud Storage Location Nation (Forbes) Responding to customer concerns over NSA spying, Microsoft (NASDAQ:MSFT) will be allowing non-U.S. customers to store their data in the company's cloud data centers in other countries

Panda Security Adds Cloud Cleaner to RMM Platform (eWeek) The platform is specifically designed to disinfect latest-generation viruses, such as zero-day attacks and targeted attacks

Do you need solid-gold domain name security? (ZDNet) Network Solutions is opting their high-profile customers in to a $1,850 service to super-lock domains. Make sure they don't think you're in the 1%

Smartworld offers cyber attack testing (Trade Arabia) Smartworld, a leading master systems integrator and ICT service provider, has launched a new testing service that aims to prepare and protect local businesses and government agencies from cyber attacks

Skyfence Protects Cloud Apps against Account Hijacking, Insider Attacks and Data Theft (Virtual Strategy) Skyfence Networks, the company that automates cloud app protection, today emerged from stealth mode and announced the Skyfence Cloud Gateway. Founded by former executives from Imperva and Websense, Skyfence enables organizations to protect against the leading threats identified by the Cloud Security Alliance (CSA): account/service traffic hijacking and malicious insiders. Skyfence integrates threat prevention, activity monitoring and compliance management to secure and prevent data theft on any cloud app

Startup Tackles Security Through Microsoft Active Directory (Dark Reading) New company Aorato identifies potential threats by monitoring traffic from ubiquitous Active Directory

Technologies, Techniques, and Standards

The Power to Decide (MIT Technology Review) What's the point of all that data, anyway? It's to make decisions

Stop Being "Reasonable" — Rationalize Your Security Efforts (Security Today) Commercially reasonable efforts refer to actions defined by what similar persons would do as judged by the community. This judgment is based on the common average of the community, so in times of crisis or great waves of change, the collective knowledge from community to community will be different. Communities that measure, watch and continue to learn are more aware than communities that do not value these traits

Best practices to help prevent online data breaches (Help Net Security) The Online Trust Alliance (OTA) recommended a series of best practices to help prevent online data breaches and other exploits. Leveraging preliminary year-end data from the Open Security Foundation

ENISA: Industrial Control Systems require coordinated capability testing (Help Net Security) EU's cyber security Agency ENISA published a new report to give advice regarding the next steps towards coordinated testing of capability of the often outdated Industrial Control Systems (ICS) for

Are our passwords really that bad? And does it really matter? (Naked Security) We are, as a species, very bad at learning from our mistakes — and/or very lazy

Penetration testing: Accurate or abused? (Help Net Security) According to a recent Ponemon study, since 2010 cybercrime costs have climbed 78% and the time required to recover from a breach has increased 130%. On average, U.S. businesses fall victim to two successful attacks per week where their perimeter security defenses have been breached

How To Get The Most Out Of Risk Management Spend (Dark Reading) Getting the most bang for your security buck through risk management investments

6 Tips for Stronger Encryption (Dark Reading) In the wake of revelations about NSA backdoors in encryption systems, organizations must do everything they can to ensure their encryption is as strong as possible

What the Target Breach and Edward Snowden Tell Us About Network Controls (Defense One) Target. Even the brand name lends itself to hacking. It's like painting a bright red bull's-eye on a big, juicy company with lots of money and information, just waiting to be stolen. And it was

Design and Innovation

New Israeli Security Tech Reads Your Mind (iHLS) 9/11 was the catalyst for many HLS technologies. Shabtai Shoval, founder of SDS (Suspect Detection Systems), following the terror attack, asked himself whether the event couldn't have been foreseen and prevented

Taking stock of the Dutch tech cluster: What The Netherlands needs to win the European startup scene (The Next Web) As a startup hub, Amsterdam grabs the same amount of attention as the girl with braces at the high school dance. Slowly but surely, however, we have a quietly emerging 'ecosystem' (as it is often called in tech lingo)

Academia

Cal Poly dedicates new lab for cybersecurity education (The San Luis Obispo Tribune) Cal Poly is aiming to prepare a new wave of experts to fight cyber terrorism, hacking, and identity theft with the unveiling of a new laboratory

Roberts first UNO graduate to earn a masters in Information Assurance (Dakota County Star) When Justin Roberts graduated from South Sioux City in 2008, he headed toward Omaha and started working on a degree that didn't exist yet at the school. On December 21, 2013 he graduated from the University of Nebraska-Omaha with a Master's of Science in Information Assurance — being the first student to graduate from UNO with this degree

Legislation, Policy, and Regulation

Don't let privacy trump security (Newsday) Ten years ago this July, the 9/11 Commission Report cited the failure of U.S. intelligence agencies to "connect the dots" leading to the terrorist attack — the job the National Security Agency is charged to do. The ongoing discussion about privacy, security and the NSA's programs has been important and should continue. However, we must not compromise security programs that allow us the very freedom to openly engage in this debate

BT chief rounds on Cameron over 'murky' snooping (The Times of London) David Cameron faced calls yesterday from the head of BT to clarify the "murky" world of data collection by the security services

Secure the Future of the Internet (Brookings) In 2014, President Obama should pursue policies guaranteeing an open, free-market Internet, write Peter W. Singer and Ian Wallace. Instead of waiting out the international blowback from Edward Snowden's NSA revelations, the president needs to lead a new strategy against those governments who want to regulate the way the global Internet is run

Free Speech in the Era of Its Technological Amplification: A letter to John Stuart Mill about the limits of what may be shown or said on the Web (MIT Technology Review) Greetings, Pale Ghost. I don't know what news reaches you in the afterlife—whether there is a gossipy daily bulletin, the Heavenly Gazette, filled with our doings; or if new arrivals bring stories of developments on Earth; or if you still care about us at all—but much has changed since you died in 1873. Some of those changes would gratify your liberal spirit; still others, vex. A few would baffle

This is what we should be asking our intel officials: Where is today's William Colby? (Foreign Policy) William Colby began his career in the Office of Strategic Services in World War II. Following the war, he joined the Central Intelligence Agency where he would eventually rise to be the director of central intelligence (DCI), having run the highly controversial Phoenix Program in Vietnam along the way. Mr. Colby's ascension to DCI came at the nadir of the CIA's history

Congresswoman Clarke's Statement on Bipartisan Commitment to Cybersecurity (Targeted News Service Via Acquire Media NewsEdge) Rep. Yvette Clarke, D-N.Y. (9th CD), has issued the following news release: Congresswoman Yvette D. Clarke issued the following statement on bipartisan efforts in Congress to improve cybersecurity which have resulted in a bill that would increase collaboration between federal agencies and private companies to protect our information and require additional monitoring of potentially vulnerable systems

Security professionals welcome government's child cyber safety proposals (ComputerWorld) Proposals are a "promising start", says Symantec director of government affairs

House committee approves cyber security notification bill (WAVE 3 News) The state auditor said legislation that cleared a House committee on January 23 would give Kentucky one of the strongest cyber security laws in the country

FIC 2014: French defence minister calls for unified front against cyber crime (ITProPortal) Jean-Yves Le Drian, the French Minister for Defence, has called for an international response to cybercrime, and announced the beginning of a €1 billion programme over a number of years to prepare France against the emerging threat of cyber war

Thou shalt not Tweet in an ungodly way, Church of England tells worshippers (The Telegraph) Preaching the message of modern communication, the Church of England is asking its clergy and staff to spread the world through Twitter — in a way God would approve of

Litigation, Investigation, and Law Enforcement

Justify GCHQ mass surveillance, European court tells ministers (The Guardian) Judges order government to provide submission about whether spying activities violated European convention on human rights

The territorial skirmish between China and Taiwan has now gone virtual (Quartz) A new territorial dispute is emerging between China and Taiwan. But this time the territory is in cyberspace. As we explained yesterday, the Internet Corporation for Assigned Names and Numbers (ICANN), which manages the internet's addressing system, recently added Chinese characters to the mix of possible "generic top-level domains." That puts .政府 (zhengfu, pronounced "jung-foo"), which means "government," up for grabs

Social Media: Protecting Trade Secrets and Proprietary Information (JD Supra) The ability of employees to steal trade secrets, reveal customer lists, and expose proprietary business information with the press of a button is frightening. In over 85 percent of trade-secret cases, the alleged misappropriator is someone the trade-secret owner knows, typically either an employee or a business partner

Companies settle over false data security framework compliance claims (SC Magazine) Twelve U.S. companies have agreed to settle Federal Trade Commission (FTC) charges, which accuse the firms of falsely claiming to comply with an international data security framework

The U.S. Crackdown on Hackers Is Our New War on Drugs (Wired) Before Edward Snowden showed up, 2013 was shaping up as the year of reckoning for the much criticized federal anti-hacking statute, the Computer Fraud and Abuse Act ("CFAA"). The suicide of Aaron Swartz in January 2013 brought the CFAA into mainstream consciousness, so Congress held hearings about the case, and legislative fixes were introduced to change the law

Holder: I'm Open to 'Conversation' With Snowden (TIME) But the attorney general says clemency is out of the question

Edward Snowden: "Not all spying is bad" (WSTP) "Not all spying is bad," former government contractor Edward Snowden declared in an online Q&A Thursday afternoon. However, the former contractor who exposed sweeping National Security Agency surveillance programs maintains that the NSA's bulk data collection is unnecessary and doing more harm than good

Snowden considers returning to the US, and the "permanent record" (Ars Technica) In an online Q&A session, former NSA contractor-turned-whistleblower Edward Snowden answered 13 questions posed by Twitter users. The questions he considered ranged from the reasoning behind his leaks, to his hope for what the future of American intelligence programs may look like

Snowden Answers Our Burning Data Collection Question: What's The Worst That Could Happen? (TechCrunch) National Security Agency whistleblower Edward Snowden is answering the Internet's burning questions. Surprisingly, he was even gracious enough to answer my question: "What's the worst and most realistic harm from bulk collection of data? Why do you think it outweighs national security?" Snowden, who was granted protection in Russia from American prosecution, has been somewhat press-averse, only holding a few select media interviews. This time, he went directly to netizens to respond to President Obama's big national security speech last week

13 Indicted in $2M Bluetooth Skimmer Scam (Threatpost) Thirteen men were indicted this week for allegedly using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States between 2012 and 2013

Prisoner rats himself out with Facebook selfie of cell-grown cannabis (Naked Security) One of the most stupid selfies ever: a Polish prisoner's photo, taken on a contraband mobile phone smuggled into the prison, showing a lush, equally contraband and definitely illegal cannabis plant he grew from seed in his cell

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

"Cyber Threat Landscape": How the FBI is counteracting the current threats (, January 1, 1970) Donald J. Good, FBI Section Chief Cyber Operations and Outreach Section, will offer first-hand awareness of how the FBI works with other government agencies and the private sector to counteract the current...

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...

U.S. Department of Commerce Technology Expo (, January 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact...

Cyber Security 2014 (, January 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security...

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.

FBI HQ Cloud Computing Vendor Day (, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing...

New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, January 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll...

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

Nellis AFB Technology & Cyber Security Expo (, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

Trustworthy Technology Conference (, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...

Creech AFB Technology & Cyber Security Expo (, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.