A large distributed denial-of-service campaign continues to disrupt Turkey's servers. Online banking has been worrisomely affected, with other sectors sustaining various degrees of disruption. The [dot]tr domain has been under attack since around December 14, and the government has resorted to blocking inbound foreign traffic in an effort to mitigate the campaign's effects. Anonymous claims credit for the operation, which it maintains is retaliation for Turkish support of ISIS (which Turkey naturally denies).
Anonymous also claims to have averted — through its own infiltration of ISIS communications, perhaps shared with various governments — a significant terrorist action in Italy. Italian authorities have nothing to say on the matter.
ISIS/Daesh over the weekend posted a new video mocking the Saudi-led coalition against extremism. ISIS sympathizers also took a poke at university websites in New Jersey. The fight against ISIS makes for strange bedfellows: Russian intelligence services are said to be cooperating closely with Afghanistan's Taliban against Daesh.
No government seems to have an answer to Daesh recruiting and inspirational chatter. Frustration moves some officials and policy wonks in the US to talk up measures to restrict strong encryption or access to jihadist websites. And China enacts a law that mandates backdoors, but this is overdetermined: it would have been attractive in any case.
A nominally independent Iranian group claims credit for the New York dam hack; downstate officials continue to press the Feds for details.
The recently disclosed Juniper Networks issues remain under investigation. Many observers perceive some government's hand in the matter.
Today's issue includes events affecting Afghanistan, Algeria, Australia, China, European Union, France, India, Iran, Iraq, Italy, Russia, Syria, Turkey, United Kingdom, United States.
We're back today, but the CyberWire will be taking this Thursday and Friday off for the New Year holidays. We'll be back as usual on Monday, January 4.
Cyber threat could drag on and haunt Turkey, experts warn(Today's Zaman) A potential wave of renewed cyber attacks on Turkey's national ".tr" domains is likely as there are fears a recent attack that has disrupted many public and private servers will evolve into what is called spam zombie networks and strike again
ISIL leader says 'caliphate' well, mocks Saudi-led alliance(USA Today) The Islamic State group on Saturday released a new message purportedly from its reclusive leader, claiming that his self-styled "caliphate" is doing well despite an unprecedented alliance against it and criticizing the recently announced Saudi-led Islamic military coalition against terrorism
Security Experts and Officials Diverge on ISIS as Hacking Threat(New York Times) George Osborne, the British chancellor of the Exchequer, said in a speech last month that Islamic State militants were trying to develop the ability to carry out digital attacks on critical systems, like hospitals, air traffic controls and power plants
Iranian Hackers Claim Cyber Attack on New York Dam(CNBC) An Iranian hactivist group has claimed responsibility for a cyberattack that gave it access to the control system for a dam in the suburbs of New York — and intrusion that one official said may be "just the tip of the iceberg"
Honeypot Trap Suggests NSA Monitoring Associated With Juniper Breach(EMQ Tech) As the final days before Christmas wind down many have been focused on family affairs and wrapping those last couple of presents before Santa's fated visit but security researchers and crypto experts at Juniper NetScreen have been scrambling the last few days to remedy a backdoor hack for they VPN firewalls
'Tis the Season for a Law Firm Scamming(American Lawyer) Just in time for Christmas, another law firm is being used in a phishing scam by hackers trying to dupe people into giving up bank account information or click on nefarious links
Security Patches, Mitigations, and Software Updates
The Cloud's Biggest Threat Are Data Sovereignty Laws(TechCrunch) The beauty of the cloud is the promise of simplification and standardization — without regard to physical or geographic boundaries. It's this "any time, any place, any device" flexibility that is driving rapid adoption
Threatposts's 2015 Year in Review(Threatpost) With 2015 more or less in the rear view mirror Mike Mimoso and Chris Brook discuss the year in security: Wassenaar, ransomware, Carbanak and Equation Group,how big of a deal Stagefright was, that Juniper backdoor, and more
The Worst Hacks of 2015(Motherboard) Last year we witnessed some of the most shocking cyberattacks ever, with North Korea allegedly hacking Sony over the release of a dumb comedy movie to unknown hackers spilling the private nude pictures of dozens of celebrities. For some, it was the year hacking truly became the norm
Don't expect comprehensive IoT security standards — ever(FierceITSecurity) The IoT market is moving at a fast pace, and that means vendors that are developing new products and services throughout the ecosystem are using their own security mechanisms — or in some cases none at all
Top 10 Reasons To Invest In Cyber Security(DDoS Today) Cyber attacks and major cyber crimes are happening on a daily basis. The frequency of the attacks is increasing fast and those who attack are getting more sophisticated by the day. Cyber attacks have undergone substantial changes and are increasingly difficulty to counteract as the attackers? technology advances
Dell's subsidiary SecureWorks files for IPO(Oceanside Post) Dell acquired SecureWorks in 2011 for $612m. The placeholder value of the IPO has been kept at $100 million, but this may change after the registration fee is taken into account
SecureWorks IPO Brings Marginal Added Value To Investors(Amigo Bulls) Dell is making its cybersecurity arm, SecureWorks, public to finance a portion of the EMC deal. SecureWorks presents impressive top-line growth but a very disappointing bottom line for a 17-year-old company. SecureWorks IPO does not offer investment opportunities over other players in the cybersecurity space
ISIS Influence on Web Prompts Second Thoughts on First Amendment(New York Times) It is one of the most hallowed precepts in modern constitutional law: Freedom of speech may not be curbed unless it poses a "clear and present danger" — an actual, imminent threat, not the mere advocacy of harmful acts or ideas. But in response to the Islamic State’s success in grooming jihadists over the Internet, some legal scholars are asking whether it is time to reconsider that constitutional line
US military drafting 'new narrative' for ISIS war(The Hill) The U.S. military is seeking to craft a "new narrative" for the war against the Islamic State in Iraq and Syria (ISIS), in part to push back on the growing perception that President Obama does not have a strategy
White House promotes whole-of-nation cyber deterrence strategy(Defense Systems) Following criticism from lawmakers regarding the lack of a cyber deterrence strategy, the Obama administration recently presented its view on the matter to relevant congressional committees, recommending an across-the-board approach to defending against threats
Is the Cybersecurity Act really government spying in disguise?(Christian Science Monitor Passcode) The Cybersecurity Act of 2015, signed by President Obama last week, promises to expand information sharing on digital threats between the private sector and government. Critics, however, call it privacy-killing surveillance legislation
New Freedom of Information Act Request Documents Released by ODNI(IC on the Record) The Office of the Director of National Intelligence is one of seven federal agencies participating in a pilot program to make records requested via the Freedom of Information Act more readily available to the public, as reflected in the recently released Third National Action Plan for Open Government
Kevin Nally Joins US Secret Service as CIO(ExecutiveGov) Kevin Nally, a retired brigadier general and former chief information officer of the U.S. Marine Corps, has joined the U.S. Secret Service as CIO, FCW reported Wednesday
NSA, FBI ask judge to dismiss Utah Olympic spying lawsuit(Deseret News) The FBI and National Security Agency have asked a federal judge to dismiss a lawsuit filed by a former Salt Lake City mayor who claims agencies conducted mass surveillance of emails, texts and phone calls during the city's 2002 Winter Olympics
Decade Old Software Bug Sets 3000 US Prisoners Free(HackRead) A software bug in Washington State Department of Corrections (DoC) has been handing freedom to the inmates well before their sentence was due to end — each year, over 3200 prisoners benefitted from this bug since 2002
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES CyberSecurity Forum(Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.