The claimed hacking of an airliner's flight systems — specifically engine controls (claimed by either the FBI, journalists, or the alleged hacker himself — there are lot of claims circulating) continues to dominate our sector's news. Boeing doesn't believe it happened (because Boeing thinks it couldn't have happened as described) and most observers are dubious. Ars Technica reasonably poses its take as a dilemma: either the researcher exaggerated his stunt, or the researcher did something breathtakingly reckless.
The affair prompts reflection on hacking of both the "stunt" and "ethical" varieties, with application to whistleblowing breach disclosures, gray- (and white-) hat vulnerability disclosures, etc.
Panda Security says it's detected a threat to different transportation mode — oil tankers: "Operation Oil Tanker," a.k.a. "the Phantom Menace."
Allegations surface that Germany's BND snooped on Austrian, French, and Dutch targets in cooperation with the US NSA.
Penn State continues to recover from a persistent attack on its engineering school. The objective may have been intellectual property. Observers put the cost of remediation at $2.85M ($485K for outside help, the rest for replacing compromised hardware).
In the US, the St. Louis Federal Reserve discloses that it suffered a DNS breach, apparently a criminal as opposed to state-sponsored attack.
IEEE issues standards for medical device security. Malware appears in a cardiac catheterization lab, researchers describe how an artificial pancreas might be hacked, and a Pittsburgh medical center suffers a data breach.
Cisco's not buying FireEye (yet, anyway), so it gets plenty of advice on what it should buy instead.
Today's issue includes events affecting Austria, China, France, Germany, Italy, Republic of Korea, Netherlands, New Zealand, Romania, Russia, Ukraine, United Kingdom, United States.
The CyberWire will be covering the third annual Georgetown Cybersecurity Law Institute in Washington, DC, this Wednesday and Thursday. Watch for special issues Thursday and Friday.
Cyber Attacks, Threats, and Vulnerabilities
Did a hacker really make a plane go sideways?(Christian Science Monitor Passcode) A FBI affidavit in a case involving security researcher Chris Roberts claims that he took over the navigation system of an airliner. But if those claims are indeed true, they raise troubling questions about the state of airline security
FBI Claims Banned Researcher Admitted Hacking Plane Controls… But Is Someone Lying?(Forbes) Chris Roberts is not happy with the FBI officers who interviewed him last month. The security researcher was questioned for four hours after being removed from a United Airlines flight on 15 April and his equipment seized for a tweet he said was a joke, though it indicated he was able to tinker with in-flight communications to compromise the oxygen supply on the flight
'BND en NSA tapten internetverkeer Nederland'(NU) De Duitse inlichtingendienst BND en het Amerikaanse NSA zouden met medewerking van het telecombedrijf Deutsche Telecom internetverkeer naar Nederland, Oostenrijk en Frankrijk hebben afgetapt
Cyberattacks mine universities for intellectual-property data(FierceBigData) Penn State's College of Engineering was cyberattacked and security experts expect more universities to be actively mined by cyberattackers in the near future if they aren't already under attack. But these attacks are looking for more than the usual data payoff. Much more
How hackers used Microsoft TechNet to run their botnet(Win Beta) A report released by FireEye, a California based network security firm, exposed an obfuscation tactic a group of Chinese hackers employed that used Microsoft's TechNet web portal to cloak their botnet from standard counter measures
St. Louis Federal Reserve Suffers DNS Breach(KrebsOnSecurity) The St. Louis Federal Reserve today sent a message to those it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution
Can Hackers Commit the Perfect Murder By Sabotaging an Artificial Pancreas?(IEEE Spectrum) Robotic systems are, at last, beginning to take over some of the burden of managing the fluctuations in blood glucose in patients with Type 1 diabetes. But a new report warns that as the systems get adopted more widely, the risk of criminal eavesdropping and sabotage will also increase
UPMC alerts 2,200 patients to data breach(Pittsburgh Post-Gazette) UPMC is alerting 2,200 patients treated at its hospital emergency departments that information from their medical records may have been disclosed by an outside contractor
Rombertik's disk wiping mechanism is aimed at pirates, not researchers(Help Net Security) Rombertik, the information-stealing malware that was recently analyzed by Cisco researchers and which apparently tries to prevent researchers from doing so by rewriting the computer's Master Boot Record, is actually a newer version of an underground crimeware kit known as Carbon FormGrabber (or Carbon Grabber), Symantec researchers have found
G-Data Security Labs Malware Report(G-Data Security Labs) The number of new malware strains increased enormously in the second half of the year (H2); 4,150,068 were counted. There were 1,848,617 instances in the first half of 2014, meaning that the experts recorded an increase of around 125%
Adblockers are immoral and mobile networks should know better(The Next Web) As an editor, I feel resentful of people who enjoy my work but proudly run an ablocker to starve my content of revenue. Now the Financial Times reports that European mobile networks are planning to offer ad-blocking as a service to their customers. If true, those networks should be ashamed
Clients demand more of firms on data security(Global Legal Post) The increasing focus on data security and privacy, which permeates all levels of the business community, is starting to force the pace of change in the legal profession
What does the "post-Sony" world mean for IT security?(IT Pro Portal) The Sony pictures hack last November was both shocking and unexpected. Beginning with an ominous warning that the entertainment company had been "hacked by GOP." large amounts of private and sensitive information was subsequently leaked
A Tidal Wave Of Cybersecurity Jobs(Homeland Security Today) Crime involving computers and networks costs the world economy more than $445 billion annually, according to a 2014 report by the Center for Strategic and International Studies. And, all indications are that cybercrime will continue trending up in 2015. This escalation in cybercrime is fueling an explosive cybersecurity job market
How AT&T Is Virtualizing Security(Wall Street Journal) AT&T Inc.T -1.06% is rethinking how it approaches security as it upgrades its data centers and network to better handle growing data and video traffic
Avast Opens North Carolina Office(Digital Journal) Avast Software, maker of the most trusted mobile and PC security in the world, today announced the opening of its Charlotte, North Carolina office bringing 60 new IT, marketing, business development and tech support jobs to the area
5 common misconceptions about DDoS protection(IT Pro Portal) Defending organisations networks against DDoS attacks has long been a daunting challenge — but now cybercriminals are making it even more so; headlines today are rife with news of another DDoS attack, data breach or other security incidents
How to make life difficult for Internet of Things hackers(Beta News) The "Internet of Things" is a buzzword which is becoming more and more prevalent in today's society. This is mostly due to the rise of crowd funding schemes and an insurgence of low power, highly capable microcontroller platforms such as Arduino
Alibaba Reveals a New Kind of QR Code to Fight Counterfeits(Wired) Chinese e-commerce giant Alibaba has a fake goods problem. The company knows it, and the Chinese government has made abundantly clear it knows, too. Now, to combat counterfeits, the company has come up with a solution: Slap unique QR code-like tags on every product
La. Tech honored for cyber education(News Star) The National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS) have designated Louisiana Tech University as a National Center of Academic Excellence in Cyber Defense Education
New Degree in Cybersecurity Available at URock(Penobscot Bay Pilot) The University of Maine at Augusta and University College have announced that the University of Maine System (UMS) Board of Trustees approved a new Bachelor of Science in Cybersecurity
The US and a spiral of cyberfear(Christian Science Monitor) In a newly revealed strategy, the Pentagon poses the threat of a digital counterattack on those who launch a cyberattack on the US. This offensive capability, however, might trigger a cyber arms race. Is the US fear well founded to justify a possible escalation of fear?
Chris Christie: Edward Snowden Is a Criminal and NSA Fears Are 'Baloney'(Government Executive) New Jersey Gov. Chris Christie will condemn Edward Snowden as a "criminal" and charge civil libertarians with drumming up "baloney" concerns about the National Security Agency's spying practices Monday during a foreign policy speech to be delivered in New Hampshire
America Needs an Open Source Intelligence Fusion Center(Cicero) The humanitarian world often has a healthy suspicion of the military. This is understandable. It can be very dangerous for humanitarian organizations and USAID personnel to be conflated with the military, which skeptical locals sometimes consider the same thing as the CIA overseas
REcon(Montréal, Québec, Canada, June 15 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. The conference offers a single track of presentations over the span of three days along...
Cybergamut Tech Tuesday: The Truth About Security Your System(Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic...
SecTor(Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...
FS-ISAC & BITS Annual Summit(Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
2015 Honeynet Project Workshop(Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat...
Fraud Summit Chicago(Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...
3rd Annual Georgetown Cybersecurity Law Institute(Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...
AFCEA Spring Intelligence Symposium 2015(Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...
SOURCE Conference(Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...
HITBSecConf2015 Amsterdam(De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...
7th International Conference on Cyber Conflict(Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.