As the EU this morning announces a sanction list of Russian interventionists and Crimean separatists, Crimea's breakaway parliament accuses the US of waging cyber warfare against the peninsula. Elsewhere, apparent hacktivists attacked various NATO sites over the weekend, citing allegations of NATO interference in Ukrainian affairs. This hacktivist group goes by "CyberBerkut," professes loyalty to deposed, pro-Russian president Viktor Yanukovych, and accuses the "Kiev Junta" of having hired Estonian-based NATO cyber operators to "suppress the truth" about Ukraine. It would be rash to regard CyberBerkut as operating independently of Russia's FSB.
Moscow has, probably correctly, attributed recent anti-Russian DDoS campaigns to Anonymous Caucasus, and not to Ukrainian hacktivists or government operators.
In the Middle East, the Syrian Electronic Army downs sites belonging to anti-Assad forces. The SEA also claims to have compromised US Central Command networks, but CENTCOM calls hogwash on this.
Flight MH370's disappearance remains mysterious. The incident has three cyber angles: the (far-fetched) possibility that the aircraft had been hijacked with the aid of hacking (lent currency by British security experts), the (real, extensive) importance digital forensics plays in the search, and the (depressing) uses the tragedy is finding as criminal phishbait.
LightsOut malware targeting electrical distribution is being distributed via energy sector watering holes.
In the US, Senator Feinstein's animadversions concerning CIA cyber operations draw analysis as a political pivot (and are described by former DCI Hayden as "a bit of a reach"). Representative Ruppersberger's newfound surveillance skepticism also attracts notice.
Why There's No Real Cyberwar in the Ukraine Conflict(IEEE Spectrum) Warnings of a cyberwar between Ukraine and Russia over the recent Crimean crisis have been greatly exaggerated. From the start, Russia seems to have relied upon traditional military force and a barrage of old-fashioned "information war" propaganda in its swift takeover of Crimea. Whatever cyber attacks that have occurred so far probably represent the work of Russian or Ukrainian "hacktivists" rather than strategic military strikes, experts say
New theory of 'Cyber Hijack' emerges(The Nation) A British anti-terrorism expert claimed cyber terrorists could have used a series of "codes" to hack the in-flight entertainment system and infiltrate the security software of the missing Malaysia Airlines MH 370 flight, reported International Business Times online on Monday
Multiple spamvertised bogus online casino themed campaigns intercepted in the wild(Webroot Threat Blog) Regular readers of Webroot's Threat Blog are familiar with our series of posts detailing the proliferation of social engineering driven, privacy-violating campaigns serving W32/Casino variants. Relying on affiliate based revenue sharing schemes and spamvertised campaigns as the primary distribution vectors, the rogue operators behind them continue tricking tens of thousands of gullible users into installing the malicious applications
LightOut is Latest Cyber Threat to Target Energy Sector(InfoSecurity Magazine) What happens when the energy grid goes down? Well the lights, of course, go out. A fresh advanced persistent threat (APT) targeting the energy sector is thus aptly named LightsOut, and like previous attacks, it used a watering hole method to start its system compromise
Invitations for Grand Theft Auto 5 PC Beta Testing Hide Malware(Softpedia) The PC version of Grand Theft Auto (GTA) 5 might become available at some point, but for the time being, it doesn't exist, not even in Beta. If you receive an email that appears to be an invitation for Beta testing, don't click on the links and don't open the attachment
The Long Tail of ColdFusion Fail(Krebs on Security) Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today's post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions
A Short History of Spam(Counterpunch) Objects can talk in cartoons and fairy tales: toys tell their stories. Now our domestic appliances have begun to speak, and they would like to sell us pills and porn, and for us to give them our bank details
Lockheed Martin Moves To Dominate Cyber Defense Of Electric Grid & Energy Complex(Forbes) Lockheed Marin, the world's biggest defense company, did something unusual this week. It bought a commercial cybersecurity firm called Industrial Defender. The firm is a leading player in the rapidly growing business of protecting electric grids, oil pipelines and chemical plants against cyber threats. What's unusual isn't the fact that a military contractor is buying a commercial firm; Lockheed has invested extensively in commercial ventures ranging from renewable energy to aquaculture to deep-sea mining to pilot training. What's unusual is that the company is looking outside its sprawling information-technology unit for cyber expertise. Near as I can tell, this is the first time Lockheed Martin has ever bought a cybersecurity provider
We never shared client data with NSA: IBM(Dehli Daily News) In an apparent effort to distance itself from the US National Security Agency and its controversial snooping programme, US technology giant IBM on Friday released a letter claiming that the company never cooperated with the NSA
Who is winning the 'crypto-war'?(BBC) In the war over encryption between the NSA and privacy activists, who is winning? Ladar Levison sits exhausted, slumped on a sofa with his dog Princess on his lap. He is surrounded by boxes after he moved into a new house in the suburbs of Dallas, Texas, the previous day
Fred Cohen on Simplifying Security Assessments for Critical Infrastructure(Tripwire: The State of Security) "In order to know what's going on in an enterprise you need to do a study that takes 6 months and costs $250,000," said Fred Cohen of Fearless Security in conversation with Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), at the 2014 RSA Conference in San Francisco
Mastering 4 Stages of Malware Analysis(Lenny Zeltser on Security) Examining malicious software involves a variety of tasks, some simpler than others. These efforts can be grouped into stages based on the nature of the associated malware analysis techniques. Layered on top of each other, these stages form a pyramid that grows upwards in complexity. The closer you get to the top, the more burdensome the effort and the less common the skill set
Social engineering attacks: Is security focused on the wrong problem?(TechTarget) Malicious social-engineering attacks are on the rise and branching out far beyond simply targeting the financial sector. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far
A risk equation unravels the cloud security paradox(TechTarget) How many times have you heard "the cloud provides better security" or "the cloud provides worse security" than your own environment? We've all witnessed this ongoing debate countless times in recent years. Usually, the proponents on both sides of the argument take a position based on a subset of information and some presumed state of affairs in today's data centers
Big data is not little data writ large — it changes everything(TechTarget) The origins of confusion … The real challenge with big data is that it is called big data. The nomenclature (thanks, marketing!) stimulates a reflexive response — an almost instantaneous, emotional and physiological need to compare the target term big data with its seemingly diminutive predecessor, simply data — or, as I now like to call it, little data
Mobile VPNs: Battered but not broken(ComputerWeekly) Security chiefs would be forgiven for worrying about their virtual private networks (VPNs), especially those sitting on employee-owned mobiles
UK holds cyberwar game in Churchill's WW2 bunker(AP via WTVM 9) Bent over their computers in a World War II-era bunker beneath London's streets, dozens of young techies have spent Friday racing to understand why Britain's banking network suddenly seems to have gone offline
Research and Development
New Authenticated Encryption Algorithm Features Robust Resistance to Multiple Misuse(MarketWatch) Nippon Telegraph and Telephone Corporation (tokyo:9432) and Mitsubishi Electric Corporation (tokyo:6503) announced today that in collaboration with the University of Fukui they have jointly developed an authenticated encryption algorithm offering robust resistance to multiple misuse. The algorithm has been entered in the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) project, based on which the algorithm is expected to be deployed for increasingly secure and reliable information technology
Draft EU-U.S. trade 'declaration' seeks to preserve long-standing privacy deal(Inside Cybersecurity) Trade negotiators from the European Union and the United States who have been meeting this week in Brussels have drafted a "declaration" on the progress of the talks that includes language on digital data flows intended to protect a long-standing agreement on protecting private information
Feinstein's CIA accusation seen as possible pivot(Orange County Register) Comedian Jon Stewart skewered Sen. Dianne Feinstein this week, mocking the longtime defender of aggressive intelligence gathering for being outraged when she discovered the CIA's spying was turned, as she alleges, on her own Senate staff
Michael Hayden: Dianne Feinstein charge 'a reach'(Politico) Former Central Intelligence Agency and National Security Agency Director Michael Hayden dismissed charges made earlier this week that the CIA spied on Senate Intelligence Committee staffers, saying to call it such is "a bit of a reach"
US Cyber Moves Beyond Protection(Defense News) Arguments for boosting US cyber spending over the past couple of years have largely begun with the need to greatly improve the resilience of government networks and ended with a call to grow the cyber force
It's time to let Snowden go(Slate via the Orlando Sun-Sentinel) Edward Snowden lit up the audience this week at SXSW in Austin, Texas. Speaking via webcast from Russia, he covered everything from personal encryption tactics to the future of American democracy. The encrypted interview might have had terrible audio — but the content was excellent. Whatever policy and social reforms come out of his revelations will either revitalize or discourage America's democratic progress
National Security Agency Misreads PR(O'Dwyer's) There is nothing wrong with the National Security Agency stealing or subverting encrypted material or stockpiling the data of American citizens, according to Vice Admiral Michael Rogers, who is Obama's choice to lead the spy agency
Gen. Keith Alexander: We Will Miss You(Lawfare) Throughout American history occasional strategic thinkers have transformed the way we think about new domains of warfare and security. Alfred Thayer Mahan conceived of the geostrategic role of sea power in a way that deeply influenced ideas about the role and importance of naval capabilities. General Billy Mitchell predicted the revolutionary effects of air power on 20th century warfare
Department of Defense Whistleblower Program(Department of Defense Inspector General) Inspectors General need sources. Our investigators, auditors, evaluators and inspectors rely on whistleblowers to provide information as a source of allegations and as original and corroborating evidence. Federal employees within the Executive are required to report corruption. When they do so through the Inspector General Act of 1978, the DoD IG can investigate alleged reprisal against those whistleblowers. Whistleblowing is not a 'nice to have' function; it is essential to the national security and defense mission of the Federal government
White House exec joins DHS cyber team(Federal Times) The Department of Homeland Security has filled key roles within its Office of Cybersecurity and Communications (CS&C), the agency announced Wednesday
This Open Source Coder Wants to be a Congressman(Wired) The patent system. Online privacy law. Bitcoin regulations. Net neutrality rules. In the coming years, policy makers may have as much influence on technology as the world's hackers do — if not more. So it should come as little surprise that a hacker is running for Congress
Singapore to Regulate Bitcoin Exchanges, Vendors(AFP via SecurityWeek) Singapore's central bank said Thursday it will regulate "intermediaries" for the Bitcoin virtual currency to prevent them from being used for money laundering and terrorist financing
Germany to probe wiretapping scandal(Turkish Press) German politicians are to invite U.S. whistleblower Edward Snowden to give evidence as part of a new investigation into the National Security Agency's phone and internet surveillance of senior German leaders, including Chancellor Angela Merkel
Mind your wallet: The underworld loves Bitcoin(Indian Express) Criminals may already have made off with up to $500 million worth of Bitcoins since the virtual currency launched in 2009 — and you can double that if it turns out they emptied Mt Gox
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
NSA Hawaii(, January 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by...
InfoSec World Conference & Expo 2014(, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
IT Security Entrepreneurs Forum (ITSEF) 2014(, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...
Women in Cybersecurity Conference(Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
Suits and Spooks San Francisco(, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...
East Africa Banking and ICT Summit(Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...
InfoSecIndy(Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014(, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.