skip navigation

More signal. Less noise.

Daily briefing.

Cyber operations in Israel and the Palestinian Territories have become relatively quiet recently (reports of Anonymous-led #OpSaveGaza browser performance degradation aside) but Israeli security agencies prepare for a post-Ramadan surge in attacks.

The pro-Russian (probably Russian controlled) CyberBerkut gang publishes what it claims are internal emails from a colonel assigned to Ukraine's Ministry of Defense. Their content renders them implausible, particularly given recent Ukrainian advances into insurgent territory. Twitter blocks access to @b0ltai, a persistent burr under the Russian government's saddle. MH17 scams proliferate.

"Anonymous Kenya," which Kenyan authorities call an Indonesian hacktivist group, hijacks Kenyan military Twitter accounts to criticize Kenyan operations against Somali pirates and jihadists.

Attacks on Indian firms cause observers to question the state of that country's cyber preparedness.

Android apps pose security risks, with as many as one in ten thought to be malicious. Trend Micro believes it understands the flaws in Android's security model.

Google bots and other Internet scanning activity concern security researchers.

More research on the threat of network steganography is out.

Ransomware advances in sophistication, and its criminal business models co-evolve with the technology.

A new criminal service offers to drain your competitors' Google AdWords budgets.

Security workarounds for TAILS are announced, but a full patch remains aspirational. Journalists and other TAILS users consider what the threat to anonymity means for them.

Key industries receive cyber security grades.

The Aspen Security Forum displays much current US thought on cyber security.

China calls for international cyber cooperation as it raids Microsoft offices.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Germany, India, Indonesia, Israel, Italy, Kenya, Latvia, Palestinian Territories, Poland, Russia, Spain, Ukraine, United States.

Cyber Attacks, Threats, and Vulnerabilities

Israel to intensify cyber security as end of Ramadan approaches (Jerusalem Post) IDF, Shin Bet preparing to deal with activities of hackers from around the Muslim world, Gaza Strip in coming days

No sign of Anonymous cyber attack on Israel Friday (USA Today) The hacking group Anonymous said it planned to launch a concerted attack against Israel on Friday, but as night fell little had happened

Israeli watchdog confirms recent cyber attacks have badly affected the Internet browsing (HackRead) Anonymous hackers along with other elite hackers from around the world have been attacking Israeli cyber space for ages, but since the beginning of Israeli attacks on Gaza there has been a massive increase in such attacks under the banner of #OpSaveGaza. This has been accepted by Israeli based newspaper Haaretz and Israeli homeland security website itself

Hackers claim to leak Ukrainian Ministry of Defense emails (HackRead) Hackers from Cyber Berkut group are claiming to hack and leak personal emails belonging to Colonel V.M. Pushenko. of the Ukrainian Ministry of Defense

Officer who leaked information to Russian special services found in ATO headquarters (Kyiv Post) The Ukrainian security services have found in the headquarters of the anti-terrorist operation (ATO) an officer who passed secret information on the holding of the operation in the Donbas to Russian special services, Deputy Secretary of the National Security and Defense Council Mykhailo Koval has said

Twitter "Blocks" Access to Russia's Most Infamous Hackers (Global Voices) Russia's Twitter users no longer have access to @b0ltai, an account belonging to a hacker collective that has leaked several internal Kremlin documents to the Internet over the past seven months. The hacker group, which RuNet Echo profiled last month, has published stolen emails belonging to high-profile members of the Russian government, inside reports on the state of Russian politics, and the Kremlin's instructions to state-controlled TV news channels

Cybercriminals Exploiting Malaysia Airlines Flight MH17 Tragedy (SecurityWeek) The crash of the Malaysia Airlines flight MH17 in eastern Ukraine on June 17 continues to make headlines, making it a perfect event for cybercriminals to leverage in their malicious campaigns

'Anonymous Kenya' group hacks government Twitter accounts (CSO) Kenyan officials say government sites hit by Indonesian hacker. Hack calls government security preparedness into question

Indian Firms Hit by Fresh Wave of APT Attacks (Infosecurity Magazine) Spearphishers use geopolitical content to trick users into opening malicious attachments

An IT emperor with no clothes, India lays bare to cyber attacks (Times of India) Ironically for a country that is seen as an IT superpower, India is stunningly vulnerable to cyber attacks. Our approach to the exponential growth of cyber crime and warfare is marked by ignorance and nonchalance. This has to change quickly to avoid catastrophe

Almost 1 in 10 Android apps are now malware (Help Net Security) Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses, roughly 9% of the total. Compared to previous years, this is a 153% increase from the number of infected files in 2013

Open Socket Poses Risks To Android Security Model (TrendLabs Security Intelligence Blog) The security of the Android platform is based on its sandbox and permission protection mechanism, which isolates each app and restricts how processes can communicate with each other. However, because it is designed to be open to include other open source projects like Linux and OpenSSL, it can inherit many features as well as vulnerabilities

Criminals ride Google coattails in DDoS attacks (CSO) Cybercriminals are pretending to be Google web crawlers in launching distributed denial of service attacks against websites

"Internet scanning project" scans (Internet Storm Center) A reader, Greg, wrote in with a query on another internet scanning project. He checked out the IP address and it leads to a web site, [redacted], which states: "Hello! You've reached the Internet Scanning Project"

'Masquerading': New Wire Fraud Scheme (BankInfoSecurity) A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers

This Emerging Malware Sends Secret Messages and is Practically Impossible to Detect (Nextgov) As if computer malware that steals your data weren't enough, now there's a new kind to worry about: Malware that does it via covert messages that are practically impossible to detect. And it's becoming more prevalent, according to a new paper by researchers at the Warsaw University of Technology, the National Research Council of Italy, and Fraunhofer FKIE, a private information security research institute

Hidden and Uncontrolled — On the Emergence of Network Steganographic Threats (Arvix) Network steganography is the art of hiding secret information within innocent network transmissions. Recent findings indicate that novel malware is increasingly using network steganography. Similarly, other malicious activities can profit from network steganography, such as data leakage or the exchange of pedophile data. This paper provides an introduction to network steganography and highlights its potential application for harmful purposes

Andromeda bot spreads Tor-using CTB-Locker ransomware (SC Magazine) Last week a security researcher posted that the Angler Exploit Kit was delivering new ransomware advertised as CTB-Locker — now researchers with Kaspersky Lab have identified the Tor-using threat being spread by another malware known as Andromeda bot

New type of ransomware bucks established trends (Help Net Security) Ransomware is now one of the fastest growing classes of malicious software, says Kaspersky Lab researcher Fedor Sinitsyn. This should not comes as a surprise, when we know that 35 percent of those who get infected by it end up paying the ransom

Critroni — Newest Addition to Encrypting Ransomware (Webroot Threat Blog) In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It's a successful "business model" and I don't see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This one even targets Russians! Presenting Critroni. This newest edition of encrypting ransomware uses the same tactics of contemporary variants including: paying through anonymous tor, using Bitcoin as the currency, changing the background, dropping instructions in common directories on how to pay the scam

New backdoor 'Baccamun' spreads through ActiveX exploit (SC Magazine) Attackers using a newly discovered backdoor program, called "Baccamun," are spreading the malware via an ActiveX exploit, researchers revealed

Hackers exploiting Internet Explorer to expose security flaws on a huge scale (Guardian) Exploits can expose software and security systems, researchers warn, helping hackers attack remote machines undetected

Service Drains Competitors' Online Ad Budget (Krebs on Security) The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Today's post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors

10 new social media scams to watch out for (CSO) Scams on social networks are nothing new, but they're constantly changing to keep up with and take advantage of the latest apps, trends, and news. Here are some of the most recent scams that are making the rounds

Anatomy of an iTunes phish — tips to avoid getting caught out (Naked Security) Do you know how to ride a bicycle? It's easy, isn't it? But do you remember how hard it turned out to be when you first tried?

Beware of Wi-Fi when using E-tax: Bitdefender (ARN) Security vendor recommends online vigilance during busy tax submission period

9 New Ways You Can Be Hacked (Fox Business) Do you know all the ways you can be hacked? My guess is you don't

Real hacks of critical infrastructure are occurring — information sharing is not working (Control Global) I gave a presentation on ICS cyber security at Cyber Endeavor 2014 at the Naval PostGraduate School and discussed both Aurora and Project Shine. Aurora is a PHYSICAL gap in protection of the electric grid that with the exception of very few utilities, is not being mitigated. Project Shine identifies control systems and control system devices directly connected to the Internet. The DOE representative at Cyber Endeavor stated that many of the control system devices found by Project Shine were just garage door openers and utilities were doing a good job on Aurora

The Top 5 Most Brutal Cyber Attacks Of 2014 So Far (Forbes) In 2014, cyber attacks and data breaches don't look like they're going to slow down. We've seen high-end data breaches of large companies, with data, personal records and financial information stolen and sold on the black market in a matter of days

Security Patches, Mitigations, and Software Updates

TAILS Team Recommends Workarounds for Flaw in I2P (Threatpost) The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that's bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet

Siemens Patches Five Vulnerabilities in Simatic System (Threatpost) Siemens released an update for two builds of its SIMATIC automation system this week, addressing a quintet of vulnerabilities, four of which are remotely exploitable

Firefox adds anti-malware file reputation service (ZDNet) Firefox has blocked known phishing and malware sites for some time. Now it will check reputation on individual files and soon use file signatures

Cyber Trends

Cybersecurity Grades Released for Key Industries (IT Business Edge) Traditionally, the complex world of cybersecurity has been left solely to information security professionals to defend the organization's sensitive information and systems. But the recent spate of high profile data breaches and warnings from regulators has caught the attention of C-level executives and board members. Cybersecurity is no longer just a technical issue as a breach can have a major impact on the viability of an organization — loss of brand reputation, jobs, customers and partners, and most importantly a negative impact on the bottom line

Global Survey: NSA, Retail Breaches Influenced Corporate Security Strategies the Most (Fort Mill Times) The majority of organizations cite privileged account takeover as the most difficult stage of an attack to detect, respond and remediate

BYOD Programs Leave Several Security Holes Open (eWeek) Just 21 percent of more than 1,100 IT security practitioners said their organizations have fully implemented BYOD policies, processes and infrastructure, according to a Vectra survey

IoT Security the New Solution Vertical, Drives Faster Adoption of M2M (PCC) With more equipments and consumer appliances catching up with the Internet of Things (IoT) and becoming M2M connected, complimentary technologies and solutions are also surfacing to complement and accelerate the development of the IoT and its adoption in industry and consumer segments

DOE learned cyber lessons 'the hard way' — deputy secretary (Energy Wire) Criminal hacking is the most "pervasive and ominous" threat facing the nation, Department of Energy Deputy Secretary Daniel Poneman said yesterday here as he recounted a spate of cyberattacks against federally funded national laboratories

Mobile security: A mother lode of new tools (Computerworld) Long, complex passwords that must be input on tiny screens, often while on the move: Such hassles make password-based security unworkable in a mobile world. But change is coming, thanks to an industrywide backlash that gave rise to a gold rush of new technologies

Cyber-Attacken in Deutschland (All About Security) Jedes fünfte Unternehmen konnte seine IT-Systeme aufgrund eines Angriffes für einen ganzen Arbeitstag nicht mehr betreiben

Marketplace

State security a challenge for global firms, says KPMG (ComputerWeekly) Global companies are being forced to pioneer international privacy standards as they face a growing number of government requests to access customer data, says consultancy KPMG

Microsoft exec: Snowden disclosures have hurt the American IT business (Aspen Daily News) As Edward Snowden's disclosures about the U.S. government's data-collection programs reverberate throughout the world, American information-technology companies have a tougher sales pitch to make to international clients, a Microsoft executive said Thursday at the Aspen Security Forum

Microsoft Exec Says Company Has Never Been Asked to Backdoor a Product (Threatpost) One of Microsoft's top security executives said the company has never been asked by the United States government to build a backdoor into any of its products, and if the company was asked, it would fight the order in the courts

The Geneva Contention: Silent Circle, KoolSpan and selling security abroad (Washington Business Journal) Silent Circle sells both mobile hardware and software to a global customer base, aimed at keeping its users' voice and data communications secure and private. So does KoolSpan

Israeli CyberSec Sector Copes with War (GovInfoSecurity) Providers deal with Hamas rocket attacks, Army call up

IDC MarketScape Names IBM a Leader in Worldwide Managed Security Services (MarketWatch) IBM (NYSE: IBM ) today announced that it has been named a leader in the new IDC MarketScape: Worldwide Managed Security Services 2014 Vendor Assessment

Researcher sat on critical IE bugs for THREE YEARS (The Register) VUPEN waited for Pwn2Own cash while IE's sandbox leaked

CYREN WebSecurity Service to be Offered by AvailaSoft in APAC Region (Jakarta Post) CYREN (NASDAQ: CYRN), a global provider of cloud-based security solutions, today announced it signed AvailaSoft as a CYREN WebSecurity distribution partner based inHong Kong

ArcSight Co-Founder Joins Threat Intelligence Startup (SecurityWeek) ThreatStream, a security startup that offers a SaaS-based cyber security intelligence platform, announced this week that Hugh Njemanze, former co-founder, CTO and executive vice president of research and development at ArcSight, has taken the role as chief executive officer

Products, Services, and Solutions

Avast vs AVG vs Microsoft Security Essentials — Top Free Antivirus Comparison (THe Fuse Joplin) Making sure that your computer is protected is an important part of your everyday work on your computer. You need to keep your PC safe from harm, especially if you are still running the old and outdated Windows XP operating system. There are many however, that use this old version of windows, mainly because of their computer's limitations and incapability towards upgrading to a fresher edition of Windows

Trustport Antivirus is Commendable But Needs More Advanced Features (Streetwise Tech) If you have used AVG and Bitdefender in your computer system, then Trustport is a combination of the two. According to various lab tests, it is good at identifying threats. While using an antivirus software that combines the best features of AVG and Bitdefender, Trustport still lacks advanced features that every computer system needs, which the best antivirus applications have and maintained their position at the top

General Dynamics Fidelis enhancing its XPS cyber-protection service (UPI) General Dynamics Fidelis has joined the Microsoft Active Protections Program to offer faster and more comprehensive defenses against cyber-attacks

AVG announces AVG Cleaner for Android (Voxy) AVG Technologies N.V. (NYSE: AVG), the online security company for 187 million active users, have announced the release of AVG Cleaner for Android 2.1 on the Google Play store. The refreshed app features enhanced battery life functionality and has been integrated into AVG Zen so customers can easily tune-up and check the performance status of their PC, Mac and mobile devices at any time, all from their PC or Android device

Securing Banking Apps (Mobile Enterprise) Customers Bancorp, Inc. has strengthened the security of its mobile banking application via Malauzai Software, a provider of mobile banking SmartApps for community financial institutions, and Trusteer, an IBM company

Technologies, Techniques, and Standards

DHS reaches out and touches the infrastructure cybersecurity circle (CA Technologies Blog) The Department of Homeland Security is raising awareness about the new National Institute of Standards Technology Framework. What will it take for organizations to adopt?

How the Recent Tails Operating System Vulnerability Affects Journalists and SecureDrop (Freedom of the Press Foundation) On Wednesday afternoon, vulnerability and exploit research firm Exodus Intelligence disclosed a security vulnerability that would allow an attacker to deanonymize a user of Tails, the operating system that many journalists rely on to communicate securely with sources and that we have written about before. Tails is also integral to SecureDrop, our open-source whistleblower submission system, so we wanted to clarify if and how the vulnerability affects users of this system

Until the Tails privacy tool is patched, here's how to stay safe (ComputerWorld) Patches are ready for IP2, the vulnerable component in Tails, but it's not clear when Tails will update

A new cyber exercise: Test your security team's incident response capabilities (Government Technology) The Michigan Cyber Civilian Corps, state and local government cyber analysts and the West Michigan Cyber Security Consortium participated in an attack-defend-respond tabletop exercise in a virtual city called Alphaville, which exists within the Michigan Cyber Range. Here's why it matters to a town near you

Panopticlick reveals the cookie you can't delete (Naked Security) Cookies are an essential part of the way the web works and occupy a pivotal position in the online privacy arms race. Organisations who want to track and profile people give them cookies and users who don't want to be tracked disable or delete them

Can a machine detect sarcasm? Yeah, right (InfoWorld) Applying analytics to social media? Good luck — not all words can be taken at face value. Natural language processing helps, but it's no panacea

Hackers only need to get it right once, we need to get it right every time (SC Magazine) Hackers only need to find one weak point to steal valuable information. On the flip side, you need to account for every possible vulnerability across your entire infrastructure. Doesn't seem fair, but it's the world we live in — we must band together, think like the bad guys and take action to protect what matters

Cyber Attacks Happen: Build Resilient Systems (InformationWeek) You can't stop all attacks or build the perfect defense system. The higher-level objective is resilience

The evolution of backup and disaster recovery (Help Net Security) In this interview, Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and much more

Preventing Corporate Account Takeover (BloombergTV) 41st Parameter & FBI Security Advisor Frank Abagnale, Jr., and 41st Parameter Founder Ori Eisen discuss corporate account takeovers, the growing number of cyber-security threats and how companies can secure their accounts

Noodling about IM protocols (A Few Thoughts on Cryptographic Engineering) The last couple of months have been a bit slow in the blogging department. It's hard to blog when there are exciting things going on. But also: I've been a bit blocked. I have two or three posts half-written, none of which I can quite get out the door

9 tips for communicating your BYOD policy (Help Net Security) If an IT department creates a BYOD policy and no one at the company knows about it, does it actually make an impact? I'll spare you the suspense — the answer is no

Passera (GitHub) A small tool to turn any entered passphrase into a strong secure password, allowing you to easily use different strong passwords for different websites without storing them

Wardriving with Kismet and WAPMap (Shortbus Ninja Security) I have written this Python script to parse .netxml files output by Kismet and then return a CSV file that can be uploaded to Google Mapping Engine. This will simplify war driving campaigns by allowing vulnerable networks (WEP or Open) to be easily mapped on Google Maps

Questions to ask vendors to gauge their commitment to “secure products” (Senki) What follows is something that has evolved over the years as a "check list" for the operator (and the vendor). This checklist can be used in RFPs or with any vendor. It can also be used as a conversation map with the existing vendors to shape the conversation. It will work with service providers, enterprise networks, industrial networks, etc. The checklist also provides a map for new vendors to help them know what customers would expect. Please provide feedback and questions. This checklist will be improved over time

Payment Card Data Theft: Tips For Small Business (Dark Reading) For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small

Design and Innovation

Internet of Things: 4 Security Tips From The Military (Dark Reading) The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It's time to take a page from their battle plan

How to implement a self-destruct feature into free trial software? (Ars Technica) A 14-day free trial is a nice idea but it has some practical problems

Here's what automakers have to gain from connecting cars to the internet (Quartz) Carmakers from Detroit to Seoul are talking up their efforts to build "connected cars" — cars with in-built mobile connectivity

When China stops copying Western tech giants is when they should start worrying (Quartz) Why do some of China's biggest tech companies engage in the sincerest form of flattery? This week Lei Jun, the chief executive of Xiaomi — recently rebranded internationally as Mi — stood on stage in a black T-shirt and jeans and announced a new smartphone with a notable resemblance to the iPhone in front of a slide that said "one more thing"

Academia

If you want to be rich and powerful, majoring in STEM is a good place to start (Quartz) The standard narrative today is that science, technology, mathematics, and engineering (STEM) education is important because we need more data scientists, engineers, and STEM professionals. But promoting STEM education is critical for another reason: it teaches creative problem solving, which is widely applicable and more necessary than ever today. STEM education is linked to success not only in STEM fields, but in many other disciplines and even among many of the world's most wealthy and powerful people

Calling all cybersecurity pros: The NSA wants you. (US News) In recent years, it has become abundantly clear that the U.S. is facing a concerning shortage of cyber security experts. In response to this crisis, the NSA, which is the largest employer of such professionals, has taken dramatic measures. The agency's solution? To attract and recruit the next generation of cyber pros, as well as prepare them to tackle the potential security challenges that lie ahead

UMBC student wins cybersecurity scholarship (Technical.ly Baltimore) Rising senior Victoria Lentz was one of 11 winners of a scholarship aimed at supporting women interested in cybersecurity. Only 10-15 percent of the cybersecurity workforce is female, according to a recent study

Legislation, Policy, and Regulation

Chinese pressure just shuttered Hong Kong's version of the Huffington Post (Quartz) A popular pro-democracy Hong Kong news site abruptly shut down this weekend, another sign of escalation as the city girds for a showdown between demonstrators demanding universal suffrage and Chinese authorities unwilling to cede more control over Hong Kong

Best way to fight cyber threat (China Daily) Instead of desperately distracting attention from the NSA's espionage by accusing China, the US should seek cooperation

Xi: Respect cyber sovereignty (China Daily) Chinese leader stresses increasing responsibilities of emerging nations

AusCERT chief steps down (SC Magazine via IT News) Organisation now reports directly into Queensland University. The general manager of Australia's computer emergency response team (AusCERT) Graham Ingram has left the organisation after 12 years of service Read more:

NSA director: Cyber attacks need international norms (Aspen Daily News) Nations around the world need to come together and establish international standards that regulate cyber attacks, said Richard Ledgett, deputy director for the National Security Agency at The Aspen Security Forum on Saturday

ODNI General Counsel Robert Litt and NSA General Counsel Rajesh De Participate in an Aspen Security Forum Panel Discussion on Liberty and Security (Aspen Security Forum via IC on the Record) We are still in the post-9/11 era, but we are also in the post-Edward Snowden era. Citizens' expectation that the government will protect them from security threats is unchanged, but they are much less willing now than they were in the immediate aftermath of the terror attacks to grant the government virtual carte blanche to do what it thinks is necessary to respond to these threats. What is the "right" balance between security and liberty?

Collateral damage of Snowden leaks being felt in cyber, public trust (Federal News Radio) The National Security Agency's top lawyer said the disclosures from former contractor Edward Snowden not only hurt U.S. intelligence gathering capabilities, but also created a gap in the trust relationship between the agency and Congress

4 senators raise alarm about NSA collection of Americans' e-mails, phone calls (Washington Post) Four Democratic senators have sent a letter to the director of national intelligence expressing concerns about the scope of the collection of Americans' e-mails and phone calls under a National Security Agency program that targets foreigners overseas

On NSA's Subversion of NIST's Algorithm (Lawfare) Of all the revelations from the Snowden leaks, I find the NSA's subversion of the National Institute of Standards's (NIST) random number generator to be particularly disturbing. Our security is only as good as the tools we use to protect it, and compromising a widely used cryptography algorithm makes many Internet communications insecure

Silicon Valley sees hope in battle against NSA (The Hill) Tech companies and civil liberties groups are becoming more optimistic that the Senate will take major steps to rein in the National Security Agency this year

Technology Cost and Complexity Killing U.S. (SIGNAL) Advanced systems hinder as much as help

Congress finally passes cell phone unlocking bill (Ars Technica) House gives in, passes the Senate version that unlocking activists preferred

When the Administration Asks Itself to Declassify (Federation of American Scientists) In preparing its recent report on the Section 702 surveillance program, the Privacy and Civil Liberties Oversight Board (PCLOB) demonstrated an unusual mode of declassification, in which one executive branch agency asks another agency to declassify information

Reflections on the NYDFS Bitcoin Proposal and the Right of Privacy (Money and State) Today, as human society progresses onward, Coinmap broke 5,000 global business listings, South African payment processor Payfast enabled their 30,000 merchants to accept Bitcoin, and the NY Dept. of Financial Services made financial privacy a crime, supported (at least superficially) by some leaders in the Bitcoin industry

Litigation, Investigation, and Law Enforcement

Why Intelligence Whistleblowers Can't Use Internal Channels (The Atlantic) Imagine a CIA agent who witnessed behavior that violated the Constitution, the law, and core human rights protections, like torturing a prisoner. What would we have her do? Government officials say that there are internal channels in place to protect whistleblowers, and that intelligence employees with security clearances have a moral obligation to refrain from airing complaints publicly, via the modern press. In contrast, whistleblowers like Daniel Ellsberg, Chelsea Manning and Edward Snowden — as well as journalistic entities like the Washington Post, The Guardian, and the New York Times — believe that questionable behavior by intelligence agencies should sometimes be exposed, even when classified, partly because internal whistleblower channels are demonstrably inadequate

NSA: Less need now for Snowden deal (Politico) A top National Security Agency offficial says there's less need now for the U.S. Government to cut a deal with leaker Edward Snowden than there was after his wave of surveillance disclosures began more than a year ago

Plaintiffs file opposition to government’s motion to dismiss NSA spying case (Legal Newsline) The plaintiffs in a class action lawsuit against the National Security Agency and other government entities for allegedly spying on American citizens have filed an opposition to the defendants' motion to dismiss

Hacker Breached NOAA Satellite Data on a Contractor's PC (Nextgov) National Oceanic and Atmospheric Administration satellite data was stolen from a contractor's personal computer last year, but the agency could not investigate the incident because the employee refused to turn over the PC, according to a new inspector general report

EBay faces class action suit over data breach (PCWorld) EBay faces a class action suit in a U.S. federal court over a security breach earlier this year

Human Rights Court Approves Extradition of Gozi Malware Suspect to U.S. (SecurityWeek) The European Court of Human Rights (ECHR) ruled on Thursday that a Latvian man suspected of being involved in the creation of the Gozi banking Trojan would not be exposed to a real risk of ill-treatment if he were to be extradited to the United States

Chinese National Denied Bail on Charges of Hacking Boeing Network (Linkis) A Canadian court denies bail to a man accused by the U.S. Department of Justice of hacking into defense contractor Boeing's network

Chinese authorities raid several Microsoft offices (Gigaom) It's not clear why the company is being investigated, but based on earlier statements by the Chinese government it is most likely to do with the security of Windows

Chinese Regulators Visit Microsoft Offices: Dow Jones (AFP via SecurityWeek) Officials from China's corporate regulator paid visits Monday to software giant Microsoft's offices in four cities in the country, Dow Jones Newswires reported, citing people familiar with the matter

Bendert Zevenbergen: what's right about the right to be forgotten? (Imperica) The Right to be Forgotten, most well-known as a European court ruling against Google, is a big and contentious issue for search engines, publishers, ISPs, and consumers. To some, they finally have the power to manage their reputation in open communications. To others, it's a restrictive process which limits freedom of expression

On The Importance Of Forgetting (TechCrunch) The ongoing debate about Europe's so-called 'right to be forgotten' ruling on search engines has shone a light onto a key pressure point between technology and society. Simply put the ability of digital technology to remember clashes with the human societal need to forgive and forget

Nobody seems quite sure how Spain's new "Google tax" will work (Quartz) On July 22 Spain passed a law (link in Spanish) called the canon AEDE, after the acronym for Spain's daily newspapers' association. The law has been dubbed the tasa Google ("Google tax") in the Spanish press and gives these publishers the right to seek payment from any site that links to their content with a "meaningful" description of the work

Google is playing catch-up on cybercrime with Project Zero (My Broadbnd) Google's new Project Zero team adds some welcome muscle in the fight against cybercrime

Agencies Still Plugging Gaps in Smart Card Security (Nextgov) The Department of Health and Human Services was too lax in issuing smart ID cards to new employees and failed to deactivate them in a timely manner when workers left the agency, according to a new audit from the department's inspector general office

CBI arrests hacker who stole Microsoft keys worth lakhs (Zee News) CBI Friday nabbed an alleged hacker who entered into systems of software giant Microsoft to steal product keys worth lakhs and is feared to have compromised some government websites as well in the process

Indian Hacker Arrested for Breaking into Microsoft Website, Stealing Product Keys (Softpedia) Microsoft continues the struggle to reduce piracy across the world, and as part of its global efforts the company collaborated with the Indian authorities to arrest an individual who reportedly hacked its servers and stole several product keys for its software

GMU Grad Muneeb Akhter Investigated for Hacking Gift Cards (NBC Washington) A young Fairfax County computer whiz is the target of a federal probe after he boasted to a co-worker that he'd figured out how to add value to prepaid gift cards without paying for it

Toddler dad case hinges on digital sleuthing (Atlanta Journal-Constitution) Justin Ross Harris, the father of a toddler who died after police say he was left in a hot car for about seven hours, sits for his bond hearing Everyone, from prosecutors to the defense, knows Justin Ross Harris caused the death of his toddler son, Cooper, last month by leaving him in a hot car for seven hours

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Black Hat USA 2014 (, January 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning,...

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, August 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT.

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...

BSidesLV 2014 (Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...

Passwords14 (Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...

DEF CON 22 (Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

South Africa Banking and ICT Summit (Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.