There's much discussion, especially in the US, but elsewhere, too, of what constitutes an act of war in cyberspace. SIGNAL publishes a piece by retired Admiral Stavrides deploring muddled thinking on how to recognize a cyber attack. Just Security says no serious authority doubts the law of armed conflict applies to cyberspace as well as physical space, but the conditions under which a cyber operation could warrant physical retaliation are murkier. The Hill reflects recent (bipartisan) Congressional sentiment favoring expansive views of hacking as terrorism or war, but Defense One thoughtfully points out the problems such conflation involves. (Defense One's piece was written before yesterday's sad horrors in Paris, but one might with profit contrast the attack on Sony with the massacre at Charlie Hebdo.)
Norse's contention of insider involvement in the Sony hack receives support from ex-Sony employees who mutter about motive and opportunity.
Anti-Assad hackers hit a UN target-of-opportunity in Pakistan.
Apparent ISIS-sympathizers of the "CyberCaliphate" work mischief in Maryland, attacking Salisbury television station WBOC's website and Twitter account.
F-Secure explains why it thinks Duke the work of Russian security organs.
AOL takes steps to close malvertising on its ad network.
Inadvertent release of the wrong documents in a Freedom-of-Information-Act response exposed US water and power vulnerabilities (doubly unfortunate given the unrelated indictment of a NOAA employee for stealing dam information that may have found its way to China).
Management unrest (the obverse of labor's) appears in cyberspace: a lawsuit alleges Netjets impersonates its (unionized) pilots on Twitter.
Today's issue includes events affecting China, Denmark, European Union, France, Germany, Iraq, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Russia, Switzerland, Syria, United Kingdom, United Nations, United States.
Hackers hit website of French defence ministry(The Local (France)) Internet activists launched an attack on the website of the French defence ministry on Tuesday to protest the death of a young environmentalist during clashes with police last year
Ransomware on Steroids: Cryptowall 2.0(Cisco Blogs) Ransomware holds a user's data hostage. The latest ransomware variants encrypt the user's data, thus making it unusable until a ransom is paid to retrieve the decryption key. The latest Cryptowall 2.0, utilizes TOR to obfuscate the command and control channel. The dropper utilizes multiple exploits to gain initial access and incorporates anti-vm and anti-emulation checks to hamper identification via sandboxes. The dropper and downloaded Cryptowall binary actually incorporate multiple levels of encryption. One of the most interesting aspects of this malware sample, however, is its capability to run 64 bit code directly from its 32 bit dropper. Under the Windows 32-bit on Windows 64-bit (WOW64) environment, it is indeed able to switch the processor execution context from 32 bit to 64 bit
AOL advertising network used to distribute malware(SC Magazine) Ransomware is being distributed to visitors of The Huffington Post website, as well as several other sites, via malicious advertisements served over the AOL advertising network, according to researchers with Cyphort Labs
Malformed AndroidManifest.xml in Apps Can Crash Mobile Devices(TrendLabs Security Intelligence Blog) Every Android app comprises of several components, including something called the AndroidManifest.xml file or the manifest file. This manifest file contains essential information for apps, "information the system must have before it can run any of the app's code." We came across a vulnerability related to the manifest file that may cause an affected device to experience a continuous cycle of rebooting — rendering the device nearly useless to the user
Users Report Malicious Ads in Skype(Threatpost) Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update
Thieves Jackpot ATMs With 'Black Box' Attack(KrebsOnSecurity) Previous stories on KrebsOnSecurity about ATM skimming attacks have focused on innovative fraud devices made to attach to the outside of compromised ATMs. Security experts are now warning about the emergence of a new class of skimming scams aimed at draining ATM cash deposits via a novel and complex attack
Hacking the Tor Network: Follow Up(Infosec Institute) In a previous post, I presented the main techniques used to hack Tor networks and de-anonymize Tor users. Law enforcement and intelligence agencies consider "de-anonymization" of Tor users a primary goal
Attacking UEFI Boot Script(Bromium Labs) UEFI Boot Script is a data structure interpreted by UEFI firmware during S3 resume. We show that on many systems, an attacker with ring0 privileges can alter this data structure. As a result, by forcing S3 suspend/resume cycle, an attacker can run arbitrary code on a platform that is not yet fully locked. The consequences include ability to overwrite the flash storage and take control over SMM
Speed Racer: Exploiting an Intel Flash Protection Race Condition(Bromium Labs) In this paper we describe a race condition that allows an attacker to subvert a component of the firmware flash protection mechanisms provided by Intel chipsets. Although the impact of this attack is mitigated by additional chipset flash protection features, we discuss how these additional features can also be overcome in practice
I was taught to dox by a master(Daily Dot) There are few things more startling than seeing your private information released online. It makes you feel vulnerable and on-edge, knowing that anyone has the details necessary to throw a brick through your window at a moment's notice
DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities(Homeland Security Newswire) On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps
Security Threat Trends 2015(Sophos) Cybersecurity is experiencing enormous growth, as an industry and as a theme in the daily lives of people and businesses using technology. And because our technology keeps changing at an astounding rate, threats are evolving fast too — with cybercriminals finding new and creative ways to exploit users and technology all the time
Happy New Year — Unless You're A Startup(TechCrunch) As we enter a new year, innovation is advancing across a broad front — mobile, data analytics, virtualization, security, the sharing economy, payment systems and more. That's the good news
SuperCom to Acquire Cyber Security Company Prevision Ltd.(MarketWatch) SuperCom SPCB, +0.20% a leading provider of Electronic Intelligence Solutions for e-Government, Public Safety and Mobile Payments announced today its intent to acquire Prevision Ltd. (Prevision) as part of its strategy to offer complimentary security products and solutions to its growing customer base
In Their Own Words: Brendan Hannigan Of IBM Security Systems(Forbes) It's been a while since I put together one of these "In Their Own Words" interviews, and this one breaks tradition in some ways. The previous interviews have focused on founders and CEOs, but this time I am diving in to learn more about Brendan Hannigan, a general manager with IBM Security Systems
Silent Circle appoints Connor as CEO(Telecompaper) Global private communications service, Silent Circle has appointed F. William "Bill" Connor as chief executive officer and member of the board of directors, effective immediately. As CEO of Silent Circle, Connor also joins the board of directors of Blackphone
Promisec Signs SYNNEX Corporation to Deliver Endpoint Security Solutions to the Channel(PRNewswire) Promisec, a leader in endpoint security, compliance and system management, has signed a distribution agreement with SYNNEX Corporation, a leading distributor of IT products and services, to provide a range of endpoint security solutions to solution providers in the channel. SYNNEX, which distributes a range of integrated security and other IT solutions to businesses, now offers its customers a variety of endpoint security solutions from Promisec
SPARTA — Network Infrastructure Penetration Testing Tool(Kitploit) SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results
Rails security scanner Brakeman 3.0.0 released(Help Net Security) Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development
UL upgrades EMV Personalisation Validation Tool(Finextra) UL's flag ship product for EMV and cloud-based payment product personalization validation, the Collis EMV Personalization Validation Tool 4.0 (EMV PVT 4.0), is filled with new features and added functionality
Toshiba releases FlashAir III wireless SD card(Help Net Security) Toshiba introduced the FlashAir III wireless SD card, a third generation memory card that serves as its own wireless LAN access point, allowing users to share images, videos and files wirelessly. Now with enhanced photo sharing and management features, users can quickly designate which photos to instantly share and easily manage files from a web browser on a PC
Technologies, Techniques, and Standards
A Critical Review of Tom Rid and Ben Buchanan's "Attributing Cyber Attacks"(Digital Dao) Thomas Rid and Ben Buchanan recently tackled the problem of attribution in cyber attacks in "Attributing Cyber Attacks", an academic paper published by Taylor & Francis. I don't know Ben Buchanan but I do know Tom Rid to be a very bright and honest individual. I believe that this paper is his and Ben's best effort. Unfortunately, they only managed to serve up the same flawed recipe for attribution that information security companies have been using for the past 15 years
CES: F.T.C. Chairwoman Notes Concerns Raised by Connected Devices(New York Times) The head of the Federal Trade Commission on Tuesday offered a prescription for protecting consumer data collected by Internet-connected gadgets like wearable fitness trackers and "smart home" devices, previewing themes of a coming report by the agency on Internet privacy and security
Six Strategies for Reducing Vulnerability Risk(Tripwire: the State of Security) There's little doubt that effectively remediating vulnerabilities is an important part of a comprehensive information security strategy. Vulnerabilities in desktops, servers, laptops and infrastructure are commonly involved in intrusions and incidents
Moonpig breach highlights need for app and API testing(Netcraft) A severe vulnerability in the API used by Moonpig's Android app has highlighted the need for organisations to apply greater scrutiny to the security of their apps and endpoints. Through its apps and website, the custom greetings card company sends out more than 12 million cards every year and turned over £53 million last year
2015 — the year automated malware protection and firewalls become worthless?(BetaNews) Whether you're a home or business user, one thing you've probably had drummed into you for years is the importance of virus protection, an effective firewall and malware guards. Well, as we start our journey into 2015 such security tools may not be anywhere near as effective as they used to be. Is it worth investing in them at all?
The hackers are winning: here's how to stop them(New Daily) With the hacking of Sony Pictures Entertainment, a plethora of celebrities, Microsoft and Sony PlayStation, 2014 proved no one is safe from hackers. But is there a way to protect your online identity, your credit card and your sanity?
The one compliance lesson you need to learn(Help Net Security) We are living in a data driven society with globalizing economies, data transfer, and ubiquitous access to everything from everywhere. At the same time, we have seen an influx of compliance and data security stories flood news outlets
Breaking the (Algorithmic) Black Box in Security Affairs(War on the Rocks) Algorithms have become a buzzword in policy circles — but in many cases, using the term "algorithm" alone is akin to the common journalist errors of making every armored vehicle a tank or assault rifle an AK-47. It renders the details of the technology — and their ramifications for public policy — a black box immune to rational policy analysis. We need something more, especially when talking about ill-specified and complex computational problems that arise from particular defense applications
Resource allocation for virtual machines is like running a gym(IT World) A gym is a place I've heard about that other people visit to get fit and be healthy. The days and times that each person goes to the gym can vary greatly, but there is a general trend to the light and heavy use periods of the day. If you own the gym, you need members. You have a finite amount of equipment for your members to use, but you wouldn't stay in business long if you limited the number of members to the number of machines that you have. Instead, knowing that your member's visits will be sporadic, you oversubscribe your memberships to make better use of your resources. This is the same theory behind oversubscribing virtual machines, especially where VDI (virtual desktop infrastructure) is deployed
The Top Five Cyber Policy Developments of 2014: The IANA Transition(Council on Foreign Relations) One of the biggest cyber policy developments of the year is undoubtedly the U.S. government's announcement to transition certain critical administrative functions that keep the Internet running, known collectively as the Internet Assigned Numbers Authority (IANA) functions, to the multistakeholder community
Incoming: What Is a Cyber Attack?(SIGNAL) Unfortunately, cyberspace is an increasingly attractive venue for aggression these days. The digital domain facilitates operational maneuver in a manner that obfuscates an actor's identity, affiliation and tactics. But unlike sea, air and land, much of cyberspace's doctrine remains undefined, to include even the most fundamental of terms. We do not even have an agreed-upon definition of what constitutes an attack in cyberspace — and it is high time we did
Welcome to 21st century warfare(The Hill) As the scale and sovereign culprit behind the attack on Sony were revealed, the world awakens to the specter of an uncomfortable new normal emerging in warfare — cyber terrorism
The Problem With Calling Cyber Attacks 'Terrorism'(Defense One) Yesterday, Sen. Robert Menendez (D-NJ), the ranking member of the Senate Foreign Relations Committee, appeared on CNN's State of the Union where he proposed placing North Korea on the State Department's State Sponsors of Terrorism list. Menendez contended that the additional sanctions announced by the White House last week were insufficient, and that "we need to look at putting North Korea back on the list of state sponsors of terrorism, which would have far more pervasive consequences." Beyond claiming this would have additional consequences for North Korea, he disagreed with President Obama's characterization of the alleged Sony hack as "an act of cyber vandalism"
The State of Humanitarian Law in Cyber Conflict(Just Security) During the recent Sony incident, politicians and pundits debated whether the cyber operations allegedly launched by North Korea were an "act of war." Presumably, they were asking whether the operations qualified as an "armed attack" that allows a victim State to respond with armed force, including destructive cyber operations, under the law of self-defense
Netjets is allegedly battling its pilots by impersonating them on Twitter(Quartz) Skirmishes between companies and their unionized employees tend to bring out the worst on both sides. The conflict between Netjets, the private jet-sharing firm owned by Warren Buffet's Berkshire Hathaway, and its pilots has brought out the weird, too, if allegations in a December lawsuit are correct
FBI eyes Chinese hacking of dams database(Washington Times) A federal weather service employee charged with stealing sensitive infrastructure data from an Army Corps of Engineers database met a Chinese government official in Beijing, according to court documents that reveal the case to be part of an FBI probe of Chinese economic espionage
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Nuit du Hack 2015(Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges...
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.