skip navigation

More signal. Less noise.

Daily briefing.

This morning's leading news is the US Justice Department's announcement that it's indicting five members of Unit 61398 (in the 3rd Department of China's People's Liberation Army) on charges of industrial cyber espionage. The indictment alleges theft of trade secrets and other proprietary information from US companies. You may recognize three of the defendants by their handles: Wang Dong (UglyGorrilla), Gu Chunhui (KandyGoo) and Sun Kailiang (Jack Sun).

While it seems unlikely any of those indicted will actually stand trial in Pennsylvania, the charges are a shot across China's bow in an increasingly tense confrontation over cyberspace activities. Coincidentally or not, China recently announced its intention to tighten Internet security in the face of threats from "overseas hostile forces."

Russian cyber operations return to the news as Belgium's foreign ministry continues to untangle itself from what is widely if unofficially regarded as a Russian campaign to support its creeping engulfment of Ukraine. Some observers see the attacks as the opening moves of a campaign against NATO.

In two unrelated campaigns, cyber rioting of unclear motivation and murky ultimate provenance afflicts Turkish and Azeri government sites.

Ransomware continues its rise in popularity among cyber criminals. Sophos offers some pointers on prevention and recovery. Microsoft reports that social engineering more often lies at the root of data breaches than do software bugs.

Plans for retailers' cyber information sharing take shape. Observers wonder whether crowd sourcing will become the future of attack attribution.

The FBI is said to be visiting BlackShades RAT buyers.


Today's issue includes events affecting Argentina, Australia, Azerbaijan, Belgium, Brazil, Bulgaria, China, European Union, France, Germany, India, Italy, Japan, Lithuania, NATO, New Zealand, Qatar, Russia, Switzerland, Turkey, Ukraine, United Kingdom, United States..

later this week the CyberWire will offer special coverage of Georgetown University's Cybersecurity Law Institute.

Cyber Attacks, Threats, and Vulnerabilities

Is Putin taking on NATO in cyberspace? (iPolitics) It shouldn't be easy to shut down a European ministry for days, depriving bureaucrats of access to e-mail and the web. Someone, however, has managed to do just that to Belgium's foreign ministry — which had to quarantine its entire computer system last Saturday and only managed to restore the work of the passport and visa processing systems on Thursday

Russian Cybersnake May Be Putin's Secret Weapon (Bloomberg View) It shouldn't be easy to shut down a European ministry for days, depriving bureaucrats of access to e-mail and the web. Someone, however, has managed to do just that to Belgium's foreign ministry, which had to quarantine its entire computer system last Saturday and only managed to restore the work of the passport and visa processing systems on Thursday. Similar attacks seem to be taking place elsewhere in Europe, as Belgian Foreign Minister Didier Reynders told the Belga news agency after meeting with a senior French diplomat that "everyone (on the European level) notes at this moment a very powerful pickup in hacking activity probably coming from the east and in any case having to do with Ukraine"

Argentina Hack Team Defaces Turkish government domain, calls PM Erdogan a dictator (HackRead) A hacker going with the handle of Libero from Argentina Hack Team has hacked and defaced the official sub-domain of Kütahya city's Culture and Tourism Directorate, Turkey

Official websites of Azerbaijan Embassy in Italy, Bulgaria and Qatar Hacked (HackRead) A hacker going with the handle of 'H0rs3' has hacked and defaced the official websites of Republic of Azerbaijan embassy in Bulgaria, Italy and Qatar

Hackers are World Cup Fans (HackSurfer) On May 12, 2014, an AnonGhost member and developer of the new AnonGhost DDoS tool, nicknamed Ali KM, created an event page on Facebook announcing a cyber-campaign against FIFA websites. #OpFIFA will take place between June 10 and 12, 2014

Ransomware: Kovter infections on the rise (CSO) Researchers at Damballa have seen the number of Kovter infections double over the last month, as criminals increasingly turn to extortion as a means of generating income

Windows users warned over spammed-out gadget malware attack (Graham Cluley) Windows users are at risk of having their computers infected, after a malware attack posing as an "important company update" was spammed out

Deceptive downloads top cyber threats: Microsoft (Business World) Deceptive downloads laced with malware are the most common cyber security threats, tech giant Microsoft reported on Friday

More Mac OS X users coming down with adware infections ( The days of computer users claiming virus problems were strictly a PC-only problem are gone

Record month for Linux Trojans (Help Net Security) If you think that you are protected from malware if you use Linux, think again, warn researchers from AV manufacturer Dr. Web, who identified and examined a record-high number of Trojans for Linux this month — and the month isn't over yet

Malicious JJ Black Consultancy 'Computer Support Services' themed emails lead to malware (Webroot Threat Blog) Relying on the systematic and persistent spamvertising of tens of thousands of fake emails, as well as the impersonation of popular brands for the purpose of socially engineering gullible users into downloading and executing malicious attachments found in these emails, cybercriminals continue populating their botnets

Stolen Server Exposes Accounting Clients' Personal Data (eSecurity Planet) The unencrypted server held clients' names, addresses and Social Security numbers

Application delivery networks are increasingly at risk (Help Net Security) Data centers and modern application delivery networks are increasingly at risk, according to cPacket Networks. At the same time, the tools currently available do not allow the operational teams to detect imminent issues and correct them before they disrupt critical business activities

Bulletin (SB14-139) Vulnerability Summary for the Week of May 12, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Cyber Trends

Targeted Attack Trends: A Look At 2H 2013 (TrendLads Security Intelligence Blog) Targeted attacks are known to use zero-day exploits. However, old vulnerabilities are still frequently exploited. In fact, based on cases analyzed in the second half of 2013, the most exploited vulnerability in this time frame was CVE-2012-0158, a Microsoft Office vulnerability that was patched in April 2012. This shows how important applying the latest patches and security updates are in mitigating the risks posed by these threats

Six Observations on the 2014 Verizon Data Breach Investigations Report — Part 1 of 2 (News Center — Verizon Enterprise Solutions) At Intel Security, we believe the Innovation Economy relies on security for organizations and individuals to innovate and execute through technology. For example, the entrepreneur in his garage can't bring new disruptive ideas to life without the ability to securely develop and protect his intellectual property. The bio tech researcher can't bring her innovative new wonder drug to market if her organization can't protect trade secrets and data processes necessary for business execution

Why you are not spending enough on security (FierceCIO: TechWatch) Journalist Glenn Greenwald early this week wrote in The Guardian about an interdiction program in which networking equipment being shipped overseas was intercepted and planted with malware equipped with phone-home surveillance capabilities

U.S. industry too complacent about cyber risks, say experts (Reuters) After warning for years that the U.S. electric grid and other critical infrastructure are dangerously vulnerable to hacking, security experts fear it may take a major destructive attack to jolt CEOs out of their complacency

Cyber insecurity: The biggest threats to our British existence (Express) The Rt Hon James Arbuthnot, who stood down as chairman of the Defence Select Committee last week, warns of the key dangers to Britain's security, from assaults on our electricity system to crippling cyber attacks

'East Asia'-sponsored cyber-spying posing serious threat to India: Report (Times of India) Cyber-espionage cases have seen over three-fold increase last year as various state-sponsored and criminal groups are working with highly sophisticated and complex tools to undermine data security, with regions like "east Asia" being the epicenter of such attacks. A report released by telecom major Verizon said that the implications of this on India could be huge as it brace itself for cyber attacks from its immediate neighbours


US Retailers to Battle Cyber-attacks Through New Intelligence-sharing Body (ComputerWorld) Stung into action by a wave of devastating data breaches, US retailers have taken the historic decision to share data on cyber-threats for the first time through a new initiative, the Retail Cyber Intelligence Sharing Center (R-CISC)

Want 'perfect' security? Then threat data must be shared (ComputerWorld) Here's a surprise for you: We actually have a fairly good understanding of who is attacking us on the Internet and why. Various entities know not only which groups are doing the attacking, but also the names of the people in those groups. They know where they live, who their family members are, where they went to school, and when they go on vacation

In the next big data breach, crowd-sourcing could find the culprits (Quartz) Following last year's theft of credit card data from the retailer Target and this year's discovery of the Heartbleed bug, it's probably an understatement to say that the credit-card industry has a problem with data breaches

Target's Data Breach Should Be A Wake Up Call For Energy Companies: No More Excuses On Cyber Threats (Forbes) Last week, Target CEO and Chairman Gregg Steinhafel was forced out of his position in the wake of the late 2013 data breach of the company. Coming two months after the resignation of the company's CIO, Steinhafel's dismissal represents the first sacking of a Fortune 100 company head in response to a major cyber incident. Other CEOs should take note

German government tightens rules for sensitive public IT contracts (Reuters) The German government has tightened tender rules for sensitive public IT contracts in the wake of reports about mass surveillance by the U.S. National Security Agency, a spokesman for the Interior Ministry said on Friday

Organisations need 'adequate assurance' over cloud information security, says UK agency (Out-Law) Organisations should seek "adequate assurance" from cloud providers over claims those providers make about their compliance with information security principles, the information security arm of UK intelligence agency GCHQ has said

Tech companies and privacy practices: Who has your back? (Help Net Security) The Electronic Frontier Foundation (EFF) has published its fourth annual "Who Has Your Back" report that aims to show which major technology companies are good at protecting your data from government requests

Why Major Tech Companies Are Getting Much Better About Privacy (TIME) A new study shows dramatic improvements after Edward Snowden's NSA revelations

GCHQ Backs Challenge to Find Tomorrow's Cyber Police (CBR) British surveillance body seeks fresh talent despite on-going charges of malpractice

BAE Systems Inc. consolidating business sectors (UPI) BAE Systems Inc. is consolidating its four business sectors into three

Airbus Looks To Overseas, Cyber To Grow Business (Defense News) The free-spending days of the mid-2000s are all but over for the defense industry. And with few new start programs coming from the Pentagon in favor of more cautious — and less expensive — modernization initiatives, defense executives have become more selective in how they plan to grow their business

WatchGuard CEO Departure Won't Signal A Strategy Shift, Partners Believe (CRN) WatchGuard Technologies partners say they are not concerned about the company's health or overall direction following the resignation of its CEO this week

Accomplished Engineering Leader Joins PhishLabs (PRWeb) Steve Garritano hired as VP of Engineering at fast-growing cybersecurity firm

Products, Services, and Solutions

TCS Helps Launch Cyber Training Courses (ExecutiveBiz) TeleCommunication Systems has partnered with the International Council of Electronic Commerce Consultants to introduce its cyber training courses to help meet the demand for cybersecurity training services

National Security Agency row sparks rush for encrypted email (Economic Times) A new push to encrypt email, keeping messages free from government snooping, is gaining momentum. One new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures

Flagship information security course moved to Malvern (Worcester News) One of the world's leading information security training and education companies has relocated its flagship course to Malvern

Tech Insight: Free Tools For Offensive Security (Dark Reading) A professional penetration tester offers a look at the latest free and open-source tools available for pen testing and offensive tactics

Technologies, Techniques, and Standards

NIST to revise Industrial Control Systems security guide (Help Net Security) The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security

Experts to Assess NIST Cryptography Program (BankInfoSecurity) A group of noted cryptographers, academics and business leaders will provide an independent assessment of the way the National Institute of Standards and Technology develops cryptographic standards and guidelines

How banks stay secure: Don't stop attackers getting in, stop them getting out (ITProPortal) Banks and financial institutions are increasingly the target of cyber attack and it is becoming more and more apparent that those out to stop such attacks have accepted that you can't stop them getting in. You have to stop them getting out

Android "police warning" ransomware — how to avoid it, and what to do if you get caught (Naked Security) Ransomware has become a hot topic in recent years. One sort, such as the Reveton family, leaves your data intact but locks you out of your computer, and demands a fee to let you back in. The other main sort of ransomware, such as CryptoLocker, leaves your computer running fine but scrambles your data and demands a fee for the decryption key to get it back

First Aid for Android: How to unlock your ransomed phone (Naked Security) We all dread the moment that our computers freeze up on us

Public Hotspots Are a Privacy and Security Minefield: Shield Yourself (Forbes) Protecting your data from prying eyes while on the move is important and easier than ever

Détecter les signaux faibles des cyberattaques… ou pourquoi vous devriez analyser vos logs! (L'Observatoire-FIC) On l'a dit : en matière de sécurité informatique, les attaquants ont souvent un coup d'avance sur les défenseurs, et le combat est inégal; le défenseur devant protéger des milliers de systèmes tandis que l'attaquant n'en vise qu'un

Cyberwarfare: Protecting 'soft underbelly' of USA (CNBC) A small-scale city in New Jersey has suffered from repeated electrical grid failures, train derailments, and water purification problems. However, the problems aren't keeping visitors away. In fact, they're the reason the micro-city exists in the first place

Smart-chip cards are safer, but they're hardly foolproof (Atlanta Journal-Constitution via the Buffalo News) Target may have lost our data, but it gave us some new vocabulary words: "EMV card," or, perhaps, "smart-chip card"

Airmen and Soldiers unite to battle cyber threats (DVIDS) Thirteen service members from the Pennsylvania and Virginia National Guards trained in cyber security operations May 15 here at the Cyber Range parallel to the Vigilant Guard exercise

Research and Development

New algorithm shakes up cryptography ( Researchers at the Laboratoire Lorrain de Recherches en Informatique et ses Applications (CNRS/Université de Lorraine/Inria) and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC) have solved one aspect of the discrete logarithm problem. This is considered to be one of the 'holy grails' of algorithmic number theory, on which the security of many cryptographic systems used today is based. They have devised a new algorithm that calls into question the security of one variant of this problem, which has been closely studied since 1976

Crypto-guru slams 'NSA-proof' tech, says today's crypto is strong enough (The Register) Reminder: The maths is good, it's the implementation that sucks

'Apple Picking:' 5 Ways to Lose (& Retrieve) Mac Data (Dark Reading) Apple platforms are far from invincible, as these common loss scenarios demonstrate

The camera on your phone might be the best defense you have (The Verge) Could random data from your smartphone save you from hackers?


Cutting-edge initiative brings cyber talent to federal agencies (FedScoop) No one was yet talking about cybersecurity or secure technology solutions, yet the directive mentioned these concepts as key areas to watch out for as part of the country's future vision

Legislation, Policy, and Regulation

China says Internet security necessary to counter 'hostile forces' (Reuters via the Chicago Tribune) A Chinese official in charge of regulating the Internet has said Beijing must strengthen Internet security because "overseas hostile forces" are using the Internet to "attack, slander and spread rumors", state media said on Sunday

Japan to enhance gov't role in cybersecurity (Zee News) Amid a spurt in global online criminal activities, Japan today said it will take a more active role in bolstering cyberspace security

Russia threatens to ban Facebook and Twitter within minutes (HackRead) The Russian Internet regulatory authority has warned that it can block Twitter and Facebook. This threat came up when Russia is trapped in the fears of strangling the Internet in the country

Former special forces chief Duncan Lewis appointed next spy boss (ABC) The former boss of Australia's special forces has been appointed as the head of the country's intelligence security service

Obama's NSA spying reforms fail to satisfy cyber experts (Reuters) Obama administration actions to change some of the National Security Agency's surveillance practices after the leaks of classified documents by contractor Edward Snowden are falling short of what many private cyber experts want

Post Snowden, Obama privacy director backs NSA and GCHQ transparency (SC Magazine) President Obama's former director of privacy has urged NSA and GCHQ to work together to become more transparent when carrying out surveillance

Post-Snowden, the NSA's future rests on Admiral Rogers' shoulders (Reuters via the Chicago Tribune) As U.S. National Security Agency Director Mike Rogers seeks to repair the damage to the agency caused by leaks about its electronic spying programs, the abuses of government revealed in the wake of the Watergate scandal are very much on his mind

Cisco boss calls on Obama to rein in surveillance (Financial Times) Cisco's chief executive has written to President Barack Obama warning of a collapse of trust in US technology after evidence emerged showing the National Security Agency breaking into his company's equipment

The NSA, Cisco, And The Issue Of Interdiction (TechCrunch) It's been a hectic week of NSA news in light of Glenn Greenwald's recently published book, which furthered the revelation that the NSA intercepts (interdicts) hardware from US companies. The agency then reportedly compromises the equipment before it is delivered to overseas customers

Feinstein blasts critics of NSA phone program (The Hill) Senate Intelligence Chairwoman Dianne Feinstein (D-Calif.) on Sunday defended a National Security Agency (NSA) program that collects data about Americans' phone calls, saying it is not a surveillance program

"We're at greater risk": Q. & A. with General Keith Alexander (The New Yorker) Since Edward Snowden's revelations about government surveillence, we know more about how the National Security Agency has been interpreting Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. We've learned some new words —"bulk metadata," "selector," "reasonable articulable suspicion," "emphatic-access restriction"—but we don't really know how much of this works in practice

The NSA can 'collect-it-all,' but what will it do with our data next? (Daily Beast via WOAI) In the summer of 2008, Gen. Keith Alexander, the recently resigned director of the National Security Agency, posed an audacious question to intelligence analysts at the Menwith Hill eavesdropping station in North Yorkshire, in the United Kingdom: "Why can't we collect all the signals all the time?"

Online advertising poses significant security, privacy risks to users, US Senate report says (CSO) The online ad industry should offer better protections against 'malvertising,' a US Senate investigation found

Tom Carper: Senate Homeland Security Committee to Work on DHS Cyber Hiring Bill (Executive Gov) A Senate committee is working to expand the Department of Homeland Security's authority to hire for its cyber operations, Federal News Radio reported Friday

States, pols in race for cyber jobs (Politico) For one of the state's biggest cybersecurity battles, Maryland officials last May drove 35 minutes past the home of the Pentagon's cyber army, beyond a corridor of tech giants that specialize in combating hackers and spies — and right to the host site of a horse race

Governor McAuliffe Names Members of Virginia Cyber Security Commission (Insurancenewsnet) Today, Governor McAuliffe announced the members of the Virginia Cyber Security Commission, a group established by executive order which will bring public and private sector experts together to make recommendations on how to make Virginia a leader in cyber security. The Commission will be co-chaired by Secretary of Technology Karen Jackson and Richard Clarke, Chairman and CEO of Good Harbor Security Risk Management

Litigation, Investigation, and Law Enforcement

Chinese military members charged with cyber-espionage against U.S. firms (Washington Post) The Justice Department on Monday charged members of the Chinese military with conducting economic cyber-espionage against American companies, marking the first time that the United States has leveled such criminal charges against a foreign country

Customers of BlackShades RAT reportedly being raided by FBI (eHacking News) If you have ever bought the Popular Remote Administration tool "BlackShades", you should expect FBI at your doorsteps

How FBI brought down cyber-underworld site Silk Road (Marshfield News Herald) Criminals who prowl the cyber-underworld's "darknet" thought law enforcement couldn't crack their anonymous trade in illegal drugs, guns and porn. But a series of arrests this month, including the bust of the black market site Silk Road, shows the G-men have infiltrated the Internet's back alley

Inside the US government's war on tech support scammers (Ars Technica) PCCare247 allegedly collected millions in ill-gotten fees. But the FTC fought back

Gawker Attacker Turned FBI Informant, Pursued Other Hackers (Dark Reading) Unsealed court documents reveal that "Eekdacat" hacked Gawker, but related charges were dropped after the hacker helped the FBI nab other hackers

Cyber attack on Home Office website denied by Stoke man (BBC) A man has denied a cyber-attack on websites belonging to the Home Office and Home Secretary Theresa May

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...

CyberMontgomery (Rockville, Maryland, USA, May 22, 2014) Montgomery County, MD is home to over 18 federal agencies including NIST, FDA, NOAA, and the National Cybersecurity Center of Excellence (NCCoE). NCCoE is an exciting addition to Montgomery County's growing...

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...

How the SBIR/STTR Program Can Help Grow Your Business (Halethorp, Maryland, USA, May 27, 2014) The SBIR/STTR programs promote small business innovation and profitability while simultaneously meeting the government's research and development needs. Every year, small businesses receive millions of...

AFCEA DC Chapter 5th Annual Cybersecurity Symposium (Washington, DC, USA, May 28, 2014) 5th Annual Cybersecurity Symposium featuring Government Keynotes and "Latest and Greatest" Information on Cyber Trends, Initiatives, Threats & more. This event attracts upwards of 800 folks annually. Break-out...

Maryland Cybersecurity Roundtable (Hanover, Maryland, USA, May 29, 2014) U.S. Senator Barbara A. Mikulski and Governor Martin O'Malley will launch the Maryland Cybersecurity Roundtable on Thursday, May 29, at 1:30 p.m., at The Hotel at Arundel Preserve, Hanover, Md. They'll...

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

17th Annual New York State Cyber Security Conference and 9th Annual Symposium on Information Assurance (Albany, New York, USA, June 3 - 4, 2014) The 17th Annual New York State Cyber Security Conference (NYSCSC '14) and 9th Annual Symposium on Information Assurance (ASIA '14) is a two day event co-hosted by the New York State Office of Information...

Cyber Security Summit (Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.