skip navigation

More signal. Less noise.

Daily briefing.

Russian intervention in Crimea becomes increasingly aggressive and lethal, but little new on the cyber front. One sidelight: a University of Illinois internal investigation dismisses suspicions that the university's servers had been hacked to deliver information operations support for Russian-supported Crimean secession from Ukraine. So a negative result, but an interesting illustration of how cyber conflict fears spread rapidly and globally.

The Syrian Electronic Army continues to claim successful intrusion into US Central Command networks, which CENTCOM continues to deny.

Researchers find a major Linux/Unix exploit circulating in the wild. "Operation Windigo" has hijacked more than 25,000 servers, from which some 500,000 PCs have been attacked daily.

Win-Spy, a commercial-off-the-shelf stealth monitoring tool, has been implicated in criminal attacks on at least one financial institution. The tool is effective against both Windows and Android devices.

Malaysia Air Flight MH370 spawns more phishbait and waterholing lures. The press continues to speculate on the aircraft's disappearance; analysts speculate amid a paucity of evidence that the hijacking (if such it was) was accomplished or supported by cyber means.

Target breach post mortems continue, with lessons drawn for paycard-handling networks.

Avast reports finding that attacks against Windows XP already dramatically exceed attempts on later versions of Windows.

Google patches a Compute Engine bug with the potential to affect Google Cloud.

Despite the manifest advantages of attack information sharing, most organizations remain reluctant to do so, fearing reputational damage or regulatory blowback.

Trustwave acquires Cenzic.

In the US, Senator Wyden again criticizes NSA and CIA.

Notes.

Today's issue includes events affecting Brazil, European Union, Germany, Malaysia, New Zealand, Russia, Switzerland, Syria, Ukraine, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

No links between University and cyber attack (Daily Illini) An investigation by the University has found no evidence that the computer attacks against the website that served to promote the referendum vote in Crimea, referendum2014.ru, came from the University's campus computer network

Did Syrian Hackers Dig Deep Into U.S. Military Secrets? (Fiscal Times via Yahoo! News) Beware the ides of March, give or take a day. On March 14, the Syrian Electronic Army said it made good on a threat from earlier this month by posting a screen shot of what it says are more than 21,000 documents belonging to U.S. Central Command, also known as CENTCOM, which is responsible for overseeing military operations in the Middle East and other parts of Asia. The screen shot also includes document folders pertaining to several Air Force programs

Researchers Uncover Attack Campaign Leveraging 25,000 Unix Servers (SecurityWeek) A team of security researchers has uncovered a widespread attack campaign that has infected more than 25,000 Linux and UNIX servers around the world

Over 500,000 PCs attacked every day after 25,000 UNIX servers hijacked by Operation Windigo (WeLiveSecurity) If you run a website on a Linux server or are responsible for the security of your company's Unix servers, there's something very important you should do right now

Commercial RAT Used by Malicious Hackers (InfoSecurity Magazine) Win-Spy is a commercial off-the-shelf (COTS) stealth monitoring tool. "Start Spying on any PC or Phone within the Next 5 minutes," says its website. With such products generally available, why should hackers go to the trouble of developing their own RATs? Indeed, according to a FireEye analysis following an attempted intrusion on a US financial institution, they don't

Windows Spy Tool Also Monitors Android Devices (Threatpost) Win-Spy, a commercial Windows remote administration tool, has added Android monitoring capabilities. Researchers have discovered Win-Spy used in targeted attacks against a U.S. bank

How cyber criminals are exploiting the mystery of flight MH370 (RTE News) Cyber criminals are exploiting the disappearance of a Malaysia Airlines plane by luring users to websites purporting to offer the latest news in order to steal their personal information

Could Malaysia Air Flight 370 have been hacked? (America Blog) The disappearance of Malaysia Airlines Flight 370 has become a modern Mary Celeste mystery, and it's a guarantee the embellishments and inaccuracies will expand over time

MH370: what the air traffic controllers knew about how to stop 'flying blind' (The Guardian) No matter where it is, the Malaysia Airlines jet suffered from outdated technology. Eyes in the tower saw this coming

How Target's sophisticated security failed to stop credit card hackers (FierceCIO: TechWatch) In the largest security breach experienced by a retailer in the history of the U.S., Target saw payment card information numbering in the tens of million stolen and copied out of its network by hackers as part of a meticulously planned attack

Target Breach: Where The Weak Points Were (Dark Reading) What played out with the Target breach is another example that, in security, the technology is the easy part

4 Lessons CIOs Can Learn From the Target Breach (CIO) Retail giant Target made headlines after announcing that 110 million Americans were affected by a massive data breach at its stores. If you want to avoid the same fate, pay attention to these four lessons learned in the wake of the Target breach

Sally Beauty payment card data breach confirmed (Help Net Security) International cosmetics retailer Sally Beauty Holdings has confirmed that it has suffered a data breach that resulted in the possible theft of payment card data stored in their systems

Avast: Windows XP users already attacked 6 times more often than Windows 7 users (CIO) And that's BEFORE Microsoft discontinues Windows XP security support on April 8

Google Glass spyware app is cute but not the end of the world (Ars Technica) Sneaky app takes photographs without informing the user

Virus nails hospital, causes massive data breach (Government Health IT) No hospital is too small, evidently, to serve as fodder for hackers. The latest hospital cyber-attack is reported by a small-town rural hospital in Colorado. The hospital discovered it had a computer virus that had collected and encrypted patient data in a hidden file system. As a result, some 5,400 patients were mailed breach notification letters on March 17

20 infamous hacker security vendor break-ins (CIO) Companies providing IT security and software have been the target of hackers out to steal source code, compromise products or services, steal customer information or just to make them look foolish. Here are 20 of the most notorious known break-ins over the past decade

Security Patches, Mitigations, and Software Updates

Google fixes potentially serious bug in Google Compute Engine (FierceCIO: TechWatch) Google has fixed a serious bug in its public cloud that it admits could have "catastrophic" consequence in certain scenarios

The Windows XP Rundown is Really About Security (infosec island) April 8 is quickly approaching, which as we know means the end of support for Windows XP SP3. Why does anyone care? Well, according to Netmarketshare, Windows XP users still make up approximately 29 percent of the desktop operating system (OS) market. So, with just a few weeks left before the big day, now is an appropriate time to discuss the implications of the end of XP support and explore what the rundown is really all about: security

Cyber Trends

Without proper security measures, smart homes are just begging to be targets (NetworkWorld) Smart devices are exceedingly vulnerable to attack, and it's up to users to keep them from becoming a front door to their entire networks

Internet of Things threatens to overwhelm data centers, open security holes (FierceMobileIT) The Internet of Things will overtax data centers and open up the enterprise to greater security risks, warns Gartner

Oracle: Security concerns stymie BYOD adoption in Europe (FierceMobileIT) Forty-four percent of European companies don't allow employees to bring their own device (BYOD) and 29 percent allow only senior employees to use BYOD, finds the Oracle European BYOD Index. What's more, 20 percent of European businesses have no rules in place for BYOD

Wide Gap Between Attackers, BIOS Forensics Research (Threatpost) Vendors have made important strides in locking down operating systems, patching memory-related vulnerabilities and other bugs that could lead to remote code execution or give hackers a stealthy presence on a machine. As the hurdles get higher for the bad guys, the better ones will certainly look for other means onto a system

The principle of privacy is worth fighting for (The Guardian) From encryption of our day-to-day communications to well-scrutinised opensource hardware and software, securing our communications needs to become a mainstream behavior

Cyber attacks on the energy industry (Energy Global) The global energy sector is becoming increasingly vulnerable to cyber attacks and hacking, due to the widespread adoption of internet based or open industrial control systems (ICS) to reduce costs, improve efficiency and streamline operations in next generation infrastructure developments. A new report from Marsh, Advanced Cyber Attacks on Global Energy Facilities, energy firms are being disproportionately targeted by increasingly sophisticated hacker networks that are motivated by commercial and political gain

Many Organizations Don't Go Public With Data Breaches Or Share Intel (Ars Technica) Some 60 percent of organizations worldwide have an incident response team and plan in place to prepare for an attack, new report finds

#SXSW 2014 and the future of digital security (Webroot Threat Blog) Security and privacy were hot topics at this year's SXSW Interactive festival, and deservingly so. While at the event in Austin, Grayson Milbourne had the pleasure of participating on a panel discussing malicious mobile apps, mobile device security and user privacy

Marketplace

Despite Target, Adobe breaches, content security gateway revenue declined last year (FierceITSecurity) McAfee beat out Blue Coast, Cisco to take top spot, says Infonetics

Trustwave Acquires Cenzic for Undisclosed Sum (SecurityWeek) Trustwave announced on Tuesday that it has acquired Cenzic, Inc., a maker of application security testing solutions, for an undisclosed sum

Marillyn Hewson: Lockheed Seeks Aviation IT Business Growth Through BEONTRA Buy (GovConWire) Lockheed Martin (NYSE: LMT) has bought airport planning and forecasting tools provider BEONTRA AG for an undisclosed amount The (ISC)² body of certified information and software security professionals is now accepting nominations for its 2014 US Government Information Security Leadership Awards (GISLA)

(ISC)² Opens Nominations for US Government Security Awards (InfoSecurity Magazine) The (ISC)² body of certified information and software security professionals is now accepting nominations for its 2014 US Government Information Security Leadership Awards (GISLA)

As cybersecurity industry grows, Howard County firms flex muscle (Baltimore Sun) High-profile cyber attacks on organizations such as Target and Neiman Marcus have drawn increased attention to the cybersecurity industry — an industry that continues to thrive in Maryland, and specifically in Howard County

Hexis Cyber Solutions Executive Named 2014 CRN Channel Chiefs Award Winner for Second Consecutive Year (MarketWatch) Hexis Cyber Solutions, Inc. (Hexis), a subsidiary of The KEYW Holding Corporation KEYW +3.66% , today announced that John Hopkins, Director of Global Channel Sales for Hexis, was named a winner in the 2014 CRN Channel Chiefs Awards Program for the second consecutive year. The CRN Channel Chiefs are selected by the publication's editorial staff and recognizes executives that are driving an organization's channel strategy and building successful relationships with reseller partners worldwide

Products, Services, and Solutions

Mozilla to stop developing Metro Firefox for Windows 8 (FierceCIO: TechWatch) In a surprising turnaround, Mozilla announced the decision to abandon its effort to build a hybrid browser that will compete with Internet Explorer 11 on touch-enabled Windows 8 devices. This was all the more surprising given that the browser was almost two years in the making, with nine dedicated engineers and two product managers at the time of the announcement

Threatglass Tool Gives Deep Look Inside Compromised Sites (Threatpost) Trying to enumerate the compromised sites on the Internet is a Sisyphian task. Luckily, it's not a task that anyone really needs to perform any longer, especially now that Barracuda Labs has released its new Threatglass tool, a Web-based frontend that allows users to query a massive database of compromised sites to get detailed information on the malicious activity and the threats to visitors to those sites

After @N hijack, software engineer starts two-factor authentication directory (Ars Technica) A quick and easy way to see which companies support it and which don't

Want More Privacy In Your App? Wickr Resells Its Encryption, Self-Destructing Tech To Other Apps (TechCrunch) Wickr, one of the wave of messaging apps built on the idea of private, encrypted and self-destructing data, has vowed never to make money off its users — with its app remaining free, and user data never getting sold on or accessed by others. But it is starting the process of making money regardless

Technologies, Techniques, and Standards

Can data lakes solve cloud security challenges? (CSO) What is a "data lake?" And can enterprises use differing data lakes to address cloud security concerns? "Data Lake" is a proprietary term. "We have built a series of big data platforms that enable clients to inject any type of data and to secure access to individual elements of data inside the platform. We call that architecture the data lake," says Peter Guerra, Principal, Booze, Allen, Hamilton. Yet, these methods are not exclusive to Booze, Allen, Hamilton

US Army red faced after phishing test sets off Defense Department email storm (CSO) Well-intentioned 401k "attack" causes panic

Despite Pwn2Own 2014 hacks, application sandboxing still critical (TechTarget) For enterprise information security professionals, the Pwn2Own 2014 hacking contest produced a clear lesson that goes beyond any one vulnerability: Even the most hardened software is vulnerable, so prepare accordingly

Design and Innovation

Exelon Partners with Economic Alliance of Greater Baltimore for Tech Startup Event (MarketWatch) Startups pitch ideas to Exelon during two-day "Dancing with Startups" event in Baltimore

Research and Development

Researchers develop algorithm to rapidly track down malicious cyber content (Phys.org) Cyber attacks are the primary domestic security threat facing the United States, FBI Director James Comey told the Senate Homeland Security Committee last year. In our brave new world, traditional warfare is now inextricably linked to economic and cyber warfare. In just one example, cyber strikes have the potential to derail a nation's power grid, causing widespread damage, chaos, and loss of life. That's why surveillance programs must keep one step ahead of the perpetrators to secure civilian networks, cyberspace, and infrastructures essential to daily life

'Nobel Prize in Computing' goes to distributed computing wrangler Leslie Lamport (NetworkWorld) Microsoft Research principal Leslie Lamport wins 2013 A.M. Turing Award

Academia

Sponsor ADMI & Help Expand the Minority Workforce in Cybersecurity (PRWeb) In an effort to broaden the talent pool the Center for Systems Security and Information Assurance (CSSIA) recently partnered with the Association of Computer and Information Science/Engineering Departments at Minority Institutions (ADMI) to promote cyber security student skills-based competitions

Johns Hopkins looks for ways to guide promising tech students toward Baltimore jobs (Baltimore Business Journal) Johns Hopkins administrators know why Baltimore technology companies such as Millennial Media don't hire many of their graduates: Not many of them stick around

Teachers are low on the list students turn to when cyberbullied (Globe and Mail) Adopting a zero-tolerance policy may be hurting educators' ability to respond to cyberbullying among their students. That is just one of the findings of a new report that polled 5,436 students across Canada for their thoughts on cyberbullying

Legislation, Policy, and Regulation

As Prepared for Delivery - Remarks of ODNI General Counsel Robert Litt at American University Washington College of Law Freedom of Information Day Celebration (IC on the Record) Thank you, Dan, for that generous introduction, and for inviting me to speak here today. As you know, this is "Sunshine Week," a national initiative to promote dialogue about the importance of open government and freedom of information. Public knowledge about the activities of government is essential to a free and democratic society, and so on his first full day in office President Obama, who has noted our "profound national commitment to ensuring an open government," called upon the entire government to comply with both the letter and the spirit of the Freedom of Information Act. Today I would like to talk to you about the challenges of reconciling that commitment with the secrecy necessary to conduct effective intelligence operations in defense of our national interests

Sen. Ron Wyden scorches senior CIA and NSA officials and their 'pattern of deception' (Oregon Live) U.S. Sen. Ron Wyden scorched senior CIA and NSA officials, the secret doings inside the Foreign Intelligence Surveillance Court, and a controversial section of the USA Patriot ACT on Tuesday night during a lecture in downtown Portland

Father of the Web Meets a Robot Edward Snowden, Calls Him a Hero (Wired) Edward Snowden made a surprise appearance at TED today, telling the mostly supportive crowd to expect more revelations from his vast cache of secret National Security Agency documents

First Legislation Related to Missing Plane Would Penalize Nations for Skipping Passport Checks (PJ Media) Malaysia Airlines Flight MH370 is still missing under unknown circumstances, yet Congress has already come up with responsive legislation

System to block Pirate cell begins to work Monday (Globo.com) Devices without certification will still work at least until September. Mobile and tablet 'ling xing' will be prevented from using the network

Net neutrality: Industry MEPs want stricter rules against blocking rival services (Help Net Security) Internet providers should no longer be able to block or slow down internet services provided by their competitors, says the Industry Committee which on Tuesday approved rules to protect net neutrality. Under the latest draft EU "telecoms" package legislation, MEPs also voted against "roaming charges", extra costs for using a mobile phone in another EU country. These charges should be banned from 15 December 2015, MEPs say

Litigation, Investigation, and Law Enforcement

The role of the forensic accountant (ComputerWorld New Zealand) The Green Party recently called on the government to sign up to an accord that ensures financial transactions between the government and oil, gas and mineral companies are made public

New York Attorney General calls out high-speed Wall Street traders for unfair advantage (The Verge) Today, New York State Attorney General Eric Schneiderman spoke out against anti-competitive practices by high-speed trading firms, which he said use co-location to gain early access to vital market-moving data

Germany set to form NSA investigation committee (Turkish Press) The German Federal Parliament has announced a parliamentary committee to investigate how the U.S. National Security Agency carried out surveillance in Germany since 2002 will be formed on Thursday

Pentagon watchdog 'not aware' of NSA bulk phone data collection (The Guardian) Admission that DoD office doesn't have investigations open into the controversial surveillance comes as new report reveals NSA can harvest every call made in unnamed foreign country

After Snowden, Australia's cops worry about people using crypto (Ars Technica) Proposal for reform has state police asking for Web browsing history, too

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Saturdays (Laurel, Maryland, USA, March 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming...

27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, January 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be...

Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, March 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified,...

Suits and Spooks Singapore (, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Cyber Security for Energy & Utilities (, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...

Fourth Annual China Defense and Security Conference (Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...

Veritas 2014 (, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...

Black Hat Asia (, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

Cyber Security Management for Oil and Gas (, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...

CyberBiz Summit (Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...

Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

SyScan 2014 (Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...

Interop Conference (, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.

NSA Hawaii (, January 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by...

InfoSec World Conference & Expo 2014 (, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

IT Security Entrepreneurs Forum (ITSEF) 2014 (, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...

Women in Cyber­security Conference (Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Suits and Spooks San Francisco (, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

National Collegiate Defense Cyber Competition (, January 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.