Anonymous, having announced counter-jihad action #OpCharlieHebdo last week, appears over the weekend to have succeeded with a denial-of-service attack against the French-based Islamist site Ansar al Haqq. But (as Anonymous itself could well testify in other contexts) it's difficult to shut down online propaganda: witness the widespread dissemination of kosher-market killer Amedy Coulibaly's video avowal of fidelity to the caliphate, made before French police ended Coulibably's life, but distributed post mortem by Coulibably's sympathizers.
As authorities in France and elsewhere respond to the Islamist violence of the Charlie Hebdo attacks, they turn to the low-hanging fruit of cyber-intelligence. The US President and the UK's Prime Minister will soon meet to discuss even closer cooperation, and the US Attorney General calls for more international cyber intelligence and law enforcement collaboration. Defense intellectuals continue to debate what constitutes casus belli in cyberspace; the US NSA Director says cyber attacks should be met with "consequences."
North Korea's alleged involvement in the Sony hack prompts unusual scrutiny of the DPRK's home-grown (largely stolen) OS and browser. Researchers find them both vulnerable, with the additional fragility any monoculture carries.
Researchers find more commonalities among CosmicDuke, Miniduke and OnioDuke.
TorrentLocker ransomware crops up in Australia and New Zealand.
Google squabbles with White Hat over the security of the former's Aviator OS. Microsoft criticizes Google's open publication of vulnerabilities as hasty and irresponsible.
The Sony hack continues to spur cyber insurance growth. Some venture capitalists think the endpoint security market saturated. TechCrunch publishes leaked Palantir business documents.
Today's issue includes events affecting Australia, France, Iran, Ireland, Democratic Peoples Republic of Korea, New Zealand, Russia, United Kingdom, United States.
Anonymous shuts down first Jihadi website in 'Op Charlie Hebdo'(HackRead) Yesterday we reported Anonymous' plan to conduct cyber attacks on Jihadi websites under the banner of #OpCharlieHebdo, and today the hacktivists have initiated the op by conducting a DDoS attack and shutting down a France based website promoting Jihadi content
RedStar OS reveals all of North Korea is one giant intranet(CSO) North Korea is…interesting. I've never been to North Korea, so I don't have any firsthand experience to share, but from the outside, the reclusive nation seems like it's a real-life incarnation of George Orwell's 1984 — with pervasive control and manipulation of its population. Robert Hansen, VP of WhiteHat Labs at WhiteHat Security, recently learned that the scope of the North Korean government's control of its people seems to extend even to its state-developed operating system and Web browser
Attacking 'Red Star': Leaks Show Just How Easy It Might Be To Hack North Korea(Forbes) North Korea's Red Star operating system, a clone of Apple's Mac OS X, was leaked online as the world said goodbye to 2014. This gave researchers a chance to poke around the state-tweaked version of Linux and its browser. They've already uncovered some glaring vulnerabilities and some basic coding mistakes
The Sony Hack in Context(CTO Vision) The good news for the moment is that the North Korean attack on Sony Pictures is in the headlines and has the nation discussing cyber security issues. The bad news is that neither the press nor the government is placing the Sony attack in context
TorrentLocker Ransomware Hits ANZ Region(TrendLabs Security Intelligence Blog) We recently reported that the EMEA (Europe-Middle East-Africa) region experienced a surge in ransomware, specifically, crypto-ransomware attacks. It appears that these attacks are no longer limited to that region. Research from Trend Micro engineers shows that the ANZ (Australia-New Zealand) region is the latest to be greatly affected by this type of malware — this time by TorrentLocker ransomware
Lizard Stresser Runs on Hacked Home Routers(KrebsOnSecurity) The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers
Google Engineers Critical of Aviator Browser Security(Threatpost) Within hours on Thursday of WhiteHat Security releasing its Aviator browser to open source, a remote code execution vulnerability was disclosed, along with a handful of other coding issues that Google security engineers said jeopardized the security and privacy of Aviator's users
Risks in Retail: New POS Vulnerabilities and Malware(CSO Australia) In 2014, large retailers, franchises and small businesses alike were affected by new vulnerabilities and malware targeting point-of-sale (POS) devices, systems and vendors. One recent vulnerability affecting POS devices and systems was detailed by the US-CERT in its Vulnerability Notes Database
Three Reasons to Be Concerned About So-Called Anonymity Apps(IBM Security Intelligence) A time-honored proverb from a Boston politician on how to be discrete goes something like this: "Never write if you can speak; never speak if you can nod; never nod if you can wink." Today, in sharp contrast, a growing number of digital natives are throwing such discretion to the wind as they flock to a new category of so-called anonymity apps
Bulletin (SB15-012): Vulnerability Summary for the Week of January 5, 2015(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
A Call for Better Coordinated Vulnerability Disclosure(Microsoft Security Response Center) For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We've been there with you, as have others. And we aren't going anywhere. Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and services people have come to depend on and trust. Just as malicious acts are planned, so too are counter-measures implemented by companies like Microsoft. These efforts aim to protect everyone against a broad spectrum of activity ranging from phishing scams that focus on socially engineered trickery, to sophisticated attacks by persistent and determined adversaries. (And yes, people have a role to play — strong passwords, good policies and practices, keeping current to the best of your ability, detection and response, etc. But we'll save those topics for another day)
Why criminals pick on small business(CSO) Small and midsized businesses are now the preferred targets for cybercriminals — not because they are lucrative prizes individually but because automation makes it easy to attack them by the thousands, and far too many of them are easy targets
The Four Horsemen Of The Cyber Apocalypse(TechCrunch) If 2014 did anything good for cybersecurity, it showed us just how exposed major corporations, governments and militaries are to cyber attacks. From vulnerabilities in our power grids to our cash registers, cyber attacks have become the $400 billion problem. And while the attacks differ in motive and method, there are four consistent perpetrators charging at us at full speed — and we need to rein them in
Sony Was Just the Beginning(Newsweek) In 1964, the Stanley Kubrick movie Dr. Strangelove sported an alternate title, How I Learned to Stop Worrying and Love the Bomb. An existential atomic anxiety permeated society: We lived with the dread that just a button push could unleash new technology that would, ironically, end modern life
Ireland on frontline in cyber war as hackers box clever(Independent) As the fallout from the Sony hacking debacle worries cyber-security experts worldwide, Irish firms are now regarded as a 'prized target' by criminal hackers — because of our business links with multi-nationals
Sony Hack Shows Need For Cyber Coverage On Many Fronts(Law 360) The massive Sony Pictures Entertainment Inc. hack raises concerns beyond the privacy and data liability issues seen in other recent high-profile cyberattacks, underscoring the need for companies to acquire comprehensive insurance coverage to shield themselves from other cyber-related risks such as business interruption, attorneys say
Leaked Palantir Doc Reveals Uses, Specific Functions And Key Clients(TechCrunch) Since its founding in 2004, Palantir has managed to grow into a billion dollar company while being very surreptitious about what it does exactly. Conjecture abounds. The vague facts dredged up by reporters confirm that Palantir has created a data mining system used extensively by law enforcement agencies and security companies to connect the dots between known criminals
IBM in the midst of massive reorganisation(Business Cloud News) IBM has appointed Robert LeBlanc to the role of senior vice president of cloud, with the company set to implement a massive reorganisation, according to multiple reports confirmed by BCN sources
Threat Data ≠ Threat Intelligence(iSight Partners) We spent most of our limited time on the exhibit floor at the 2014 RSA Conference being very nervous. In a blog prior to the show, Forrester analyst Rick Holland had invoked Office Linebacker Terry Tate to bring the pain train to abusers of the term "actionable intelligence." From what we heard at the various booths, we half-expected Terry to sack the pitchman in the first few minutes of many conversations since many were with organizations claiming to have actionable intelligence
Regulating Nuclear Cyber Security: The Core Issues(Langner) If there is anything such as "critical infrastructure" where a cyber attack must be prevented by all means, it's certainly the international fleet of nuclear power plants and associated facilities for the production, processing and storage of nuclear material. Potential cyber attacks against these facilities don't cause concern in respect to the confidentiality, integrity, and availability of information, but in respect of public health and national security
Are We Asking the Right Questions in the Wake of the Sony Pictures Breach?(Wired) Much has been written about the Sony Pictures data breach and no doubt, more will be revealed as time goes on. It is the latest in a string of high-profile attacks that adds Sony, for the second time in recent years, to a litany of marquee breaches that includes eBay, Target, Home Depot, JPMorgan Chase and others
How Sony could've avoided a 'wipe-out'(Information Age) Malware development has reached a new threat level with the emergence of catastrophic 'wiper' worms, such as that used in the attack against Sony Pictures
Website Hacking, Part VI: Input Validation and Filtering in PHP(Infosec Institute) In this part of the series, we are going to examine the different ways to escape HTML characters in PHP in order to add security to your web project. We will also give a brief introduction to PHP's Perl-compatible regular expressions and show how they can be used for input validation. We are also going to examine PHP 5's built-in input validation and filtering methods
Examining Shellcode in a Debugger through Control of the Instruction Pointer(SANS DFIR) During the examination of malicious files, you might encounter shellcode that will be critical to your understanding of the adversary's intentions or capabilities. One way to examine this malicious code is to execute it using a debugger after setting up the runtime environment to allow the shellcode to achieve its full potential. In such circumstances, it's helpful to take control of the instruction pointer to direct the debugger towards the code you wish to examine
Guest Post: Changing the Cyber Security Playing Field in 2015(D&O Diary) As I have noted in a number of recent posts, there have been a host of significant cyber security developments, including among the Sony Pictures Entertainment hack attack. These developments have a number of important implications for the cyber security arena in the year ahead. In the following guest post, Paul Ferrillo of the Weil Gotshal law firm takes a look at the implications of these developments for companies and their executives. A version of this alert was initially distributed as a Weil client alert
Cloud Adoption Practices & Priorities Survey Report(Cloud Security Alliance) The benefits for enterprises moving to the cloud are clear: greater business agility, data availability, collaboration, and cost savings. The cloud is also changing how companies consume technology. Employees are more empowered than ever before to find and use cloud applications, often with limited or no involvement from the IT department, creating what's called "shadow IT." Despite the benefits of cloud computing, companies face numerous challenges including the security and compliance of corporate data, managing employee-led cloud usage, and even the development of necessary skills needed in the cloud era. By understanding the cloud adoption practices and potential risks, companies can better position themselves to be successful in their transition to the cloud
The Evolution of Web Application Firewalls(Tech Cocktail) Technological advances related to computing and the Internet have affected every one of us. The Information Revolution that the Internet has made possible is affecting society just as dramatically as the Industrial and Agricultural Revolutions of the past, but there is an unpleasant side to progress
Cyber Marines get tactical during Bold Alligator(Marine Corps Times) Developers with the Office of Naval Research are pushing cyber warfare training further than ever by incorporating it into tactical crisis response scenarios, including those at Exercise Bold Alligator 14
Design and Innovation
Exit Bitcoin, enter block-chain technology(Euromoney) Negative publicity around cryptocurrencies such as Bitcoin has deflected attention from the potential of the underlying technology to facilitate real-time — and therefore much cheaper — international payments
Little known facts about crypto currency technology(Business Quarter) 2014 was an eventful year for cyber security with many cyber breaches, spying scandals, and privacy violations hitting the news. Crypto currencies, a new form of digital payment, have also made headlines of late. PwC's Paul Esparon reveals several little known facts about the technology
Research and Development
Computer scientists "crack" poker(Naked Security) This week's red-hot "Wow, Science!" news is the pronouncement, as many articles are happy to present it, that Poker Is Solved
In Britain, Spy Chief Calls for More Power for Agency(New York Times) Britain's domestic intelligence chief has demanded greater authority for spies to help fight the threat of Islamist extremism, a sign that the attack on a satirical newspaper in Paris is likely to sharpen the security-versus-privacy debate in Western countries
The Charlie Hebdo attack was a strike against free speech. So why is the response more surveillance?(Guardian) As politicians drape themselves in the flag of free speech and freedom of the press in response to the tragic murder of Charlie Hebdo cartoonists, they've also quickly moved to stifle the same rights they claim to love. Government officials on both sides of the Atlantic are now renewing their efforts to stop NSA reform as they support free speech-chilling surveillance laws that will affect millions of citizens that have never been accused of terrorism
Finding a balance between cybersecurity and liberty to take center stage in months ahead(Personal Liberty) Well-publicized cyberattacks on the U.S. in late 2014 have made it almost certain that government will focus heavily on the nation's technological security in the year ahead. And as cybersecurity talks heat up in Washington, policymakers will be tasked with striking a balance between protecting the nation's cyber infrastructure and enacting rules that threaten U.S. Internet liberties, such as 2012's much maligned Cyber Intelligence Sharing and Protection Act
CISPA: The Awful Anti-Privacy Law That Won't Prevent Another Sony Hack(Gizmodo) CISPA is back. You might remember the bill as the Cyber Intelligence Sharing and Protection Act — or perhaps as "the worst privacy disaster our country has ever faced." Rep. Dutch Ruppersberger reintroduced the bill to the House Intelligence Committee on Friday under the auspices of preventing another Sony hack
Armed Attacks in Cyberspace: A Reply to Admiral Stavridis(Lawfare) Last week, Admiral (Ret.) James Stavridis, former NATO Supreme Allied Commander and presently Dean of the Fletcher School of Law and Diplomacy at Tufts University, correctly expressed concern that "unlike sea, air and land, much of cyberspace's doctrine remains undefined, to include even the most fundamental of terms. We do not even have an agreed-upon definition of what constitutes an attack in cyberspace — and it is high time we did." His article, appearing in Signal, identified a key real-world shortcoming of international law as applied to cyber activities. The lawyers cannot state with any certainty when a cyber operation trips over Article 51's "armed attack" threshold thereby allowing the victim State to respond with either kinetic or cyber force
Obama to unveil plans to improve cyber security(Financial Times) Barack Obama next week will unveil plans to improve cyber security and protect consumers from identity theft, as the administration continues to grapple with the hacking of documents, personal data and emails at Sony Pictures
White House seeks cyber bounce from Sony hack concerns(Politico) The White House is preparing a policy package of executive actions and proposed legislation to promote cyberthreat information sharing — taking advantage of public worries following the Sony hack, multiple sources familiar with the planning tell POLITICO
President Obama Announces More Key Administration Posts(The White House: Office of the Press Secretary) Today, President Barack Obama announced his intent to appoint the following individuals to key Administration posts: David S. Cohen — Deputy Director, Central Intelligence Agency
Intelligence Community Inspector General Releases Evaluation of ODNI Under the Reducing Over-Classification Act(IC on the Record) Pursuant to the Reducing Over-Classification Act of 2010, the Intelligence Community Inspector General produced the following report that examined ODNI adherence to applicable classification policies and regulations. The IC IG evaluation also includes a trend analysis, which found areas that need to be emphasized across the Intelligence Community. In order to complete a thorough analysis, the IC IG waited until the other IGs at CIA, DIA, NGA, NSA and NRO completed their reports
Criminal charges recommended against Petraeus(Military Times) Federal prosecutors are recommending that retired Army Gen. David Petraeus face criminal charges for passing classified information to his former mistress, Paula Broadwell, according to two U.S. officials
E-mail warrant for all evidence of CFAA crimes violates Fourth Amendment, court holds(Washington Post) In a recent case, United States v. Shah, 2015 WL 72118 (E.D.N.C. Jan. 6, 2015), a district court ruled that a search warrant for an e-mail account for all evidence of violations of the federal computer hacking statute failed to comply with the Fourth Amendment because it did not particularly describe the evidence to be seized
Edward Snowden is Happy With Life in Russia(Government Executive) Former National Security Agency contractor Edward Snowden wants his critics to know that living is Russia is "great" and that, despite reports to the contrary, he doesn't need alcohol to enjoy his time there
Man charged with hacking 1,508 bank accounts (Tehran Times) Mohammad Mahdi Kakavan, chief of the Tehran cyber police, said a 24-year-old man in connection with hacking 1,508 bank accounts in six provinces in Iran is now in custody, the Tasnim news agency reported on Saturday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.