skip navigation

More signal. Less noise.

Daily briefing.

Anonymous's war against ISIS isn't proceeding particularly happily, as it appears to have degenerated into indiscriminate targeting of social media users on the basis of, at best, coarse stereotypes (like flagging an account as terror-linked because its posts are in Arabic). There's also some puerile rickrolling that's adding layers of noise atop social media signal that intelligence agencies might otherwise extract. GhostSec gets, by far, better reviews as a hacktivist response to ISIS.

The familiar hacktivist snitch phenomenon also resurfaces, as Motherboard reports one self-confessed snitch's (boastful? self-serving?) agonies of remorse as he outs himself as the "hacker" who fingered the late Junaid Hussain. There are many reasons to regard his story with skepticism, but in general cells running on inspiration are often vulnerable to snitches. (Ask Sabu.)

Silent Circle says it's taking steps to keep its Blackphone out of ISIS hands.

Observers wonder at the difficulty Western intelligence and information operations services have coming to grips with ISIS messaging. The services are said to misunderstand jihad's transcendent appeal and historical frame of reference, and to mistake those attracted to ISIS for rational optimizers. But the Caliphate cares little for any Benthamite calculus of utility. Overt Action offers suggestions for practical measures against jihadist inspiration.

Dell laptops shipped since August suffer from dangerous root certificates. Observers are reminded of Lenovo's Superfish debacle, but Dell's problems may have more inadvertent origins.

Palo Alto's earnings back up the story-stock's story.

US policymakers differ over whether cyber relations with China are actually improving.

Notes.

Today's issue includes events affecting China, France, Iraq, New Zealand, Russia, Syria, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

The Anonymous 'war on ISIS' is already falling apart (Verge) When a video first arrived announcing an Anonymous campaign against ISIS, many were skeptical

Anonymous faces backlash in cyber war against ISIS (The Hill) The hacking group Anonymous appears to be facing stumbling blocks in its self-declared cyber war against the Islamic State in Iraq and Syria (ISIS)

Hacker Outs Himself as FBI 'Snitch' and Claims He Helped Track Down ISIS (Motherboard) A hacker who in the past gained notoriety for hacking the Anonymous pseudo-official Twitter accounts, now claims he served as an FBI informant and helped the US government track down the hacker turned ISIS fighter Junaid Hussain

How Rickrolling is hindering counter-terrorism (Naked Security) When Anonymous launched its "very many cyberattacks" retaliation against the Islamic State (IS)* following the Paris attacks, we didn't really know just what, exactly, it would entail

This Group Spies on ISIS Rather Than Exposing Twitter Handles (Hack Read) The readers know about Anonymous waging war against ISIS, but hardly anyone knows about a group which has been working quietly (well, sort of) against the terror group and claims to have averted least one terror attack from ISIS

Anti-NSA Phone Developers Vow to Keep Their Product Away From Terrorists (Hack Read) Silent Circle, the developer of the self-proclaimed NSA-proof smartphone has announced that it is making sure to distances itself from criminals and terrorists like the ISIS

Is There a Method to ISIS's Madness? (Atlantic) Why trying to think like the Islamic State is so hard — and risky

Four Modest Ideas to Degrade ISIS' Media Apparatus (Overt Action) Greg Miller and Souad Mekhennet coauthored a fascinating article in the Washington Post last week about ISIS' media wing, making the group the social media juggernaut that counterterrorism professionals have come to both respect and loathe

This man went head-to-head with ISIS sympathizers on social media and won (Quartz) The two men pecked out messages on opposite sides of the country

France is in denial about what's really behind the Paris attacks (Quartz) Cosmetics are designed to conceal blemishes and the French are connoisseurs of maquillage

US intelligence officials have 'underestimated' Isil's plan to attack the West (Telegraph) In echoes of the criticisms after the 9/11 attacks, a top former intelligence official and Iraq expert has said the CIA and other key spy agencies are drawing flawed conclusions about the nature and intent of the jihadist group

Dell puts privacy at risk with dangerous root certificate (CSO) Dell shipped systems with the eDellRoot certificate's public and private key

Dell does a Superfish, ships PCs with easily cloneable root certificates (Ars Technica) Root certificate debacle that hit Lenovo now visits the House of Dell

Security Bug in Dell PCs Shipped Since 8/15 (KrebsOnSecurity) All new Dell laptops and desktops shipped since August 2015 contain a serious security vulnerability that exposes users to online eavesdropping and malware attacks

Dell security error widens as researchers dig deeper (PCWorld) Duo Security researchers found a second weak digital certificate on a new Dell Inspiron laptop

Dell support tool responsible for eDellRoot problems (CSO) Self-signed root certificate was part of a software update last August

ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns (iSight Partners) Today, iSIGHT Partners is sharing details about a highly sophisticated criminal malware framework that has been used to target point-of-sale (POS) systems at US-based retailers

Black Friday Security: Brick-and-Mortar Retailers Have Cyber Threats, Too (Dark Reading) PoS malware, ways to trick new payment technology, and zero tolerance for down-time or slow-time make for a stressful combination

Damballa warns that the enemy may already be in your network (CSO) There is an ongoing struggle in computer and network security

BizCN gate actor sends CryptoWall 4.0 (Internet Storm Center) Earlier this month, the BizCN gate actor switched IP addresses for its gate domains to 46.172.83.0/24

Stealthy GlassRAT Spies on Commercial Targets (Threatpost) A remote access Trojan used sparingly in targeted attacks has been found after living under cover for three years, undetected by most security gear

Backdoor in a Backdoor Identified in 600,000 Arris Modems (Threatpost) Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor

Pen tester sounds alert over 'gaping' flaws in Brit alarm platform (Register) To update a CSL DualCom rig rip off the glue, unscrew the box, manually flash each unit

Russian botnet hijacks B2B software firm's emails (Channel Web) PCA Predict — formerly Postcode Anywhere — praised for its quick-thinking response

How malware peddlers trick users into enabling Office macros (Help Net Security) A week ago, SANS ISC handler and freelance security consultant Xavier Mertens analyzed a Word document containing malicious macros, and unearthed in it a VBA function that changes the document layout

Patreon users — post-hack don't let extortionists scare you into paying a ransom (Graham Cluley) Nearly every day I receive emails from people not just unfortunate enough to have had their personal contact details leaked as a result of the Ashley Madison hack, but that have also received blackmail emails from hackers threatening to expose their details

Lucky escape. Worm could have exploited LinkedIn XSS vulnerability (Hot for Security) Within three hours of being reported, a serious cross-site scripting (XSS) vulnerability on LinkedIn's website has been fixed by its security team

Your Chrome extensions may be spying on you (Fusion) As internet browsers go, most security wonks generally agree that Google's Chrome is the best choice when it comes to privacy and online security

Hackers can use holes in 'Internet of Things' (Asian Age) It could be a merry holiday season for hackers, with millions of new and potentially vulnerable Internet-connected gadgets hitting the market

Trident could be vulnerable to cyber-attack, former defence secretary says (Guardian) Des Browne says there can be no guarantee that UK will have a reliable nuclear deterrent unless it can be wholly protected from cyber-attacks

Security Patches, Mitigations, and Software Updates

Dell apologizes for HTTPS certificate fiasco, provides removal tool (Ars Technica) Meanwhile, credential that posed man-in-the-middle threat found on SCADA system

United Airlines takes 6 months to patch severe security flaws (ZDNet) The fanfare surrounding the airline's new bug bounty seems somewhat pointless, now

Cyber Trends

Study Reveals Security Gaps That Could Greatly Impact 2016 (Legaltech News) Trend Micro encourages organizations and businesses to begin prioritizing security even more, and prepare for inevitable data breach attempts

Cyber capability should be on parity with established aspects of terrorist armory: Pool Re (Canadian Underwriter) A potential shift toward cyber terrorism is among the factors contributing to the United Kingdom's move last week to double funds set aside to combat cyber attacks, Julian Enoizi, chief executive of Pool Reinsurance Company Limited, notes in a recent post on the company's website

Consumer security risks require a business response (Microscope) Norton's exposure of consumer security risks has stirred some debate about what it means for the channel and the business community

21 percent of Brits have been hit by cyber gits (Inquirer) So says Deloitte

As China moves to payment cards, cybercriminals follow (IDG via CSO) Trend Micro says there's high interest in card fraud as more people move away from cash

Marketplace

Cyber attacks loom as growing corporate credit risk: Moody's (Reuters) Cyber attacks on the private sector are an increasingly important risk in corporate credit analysis, U.S. ratings agency Moody's Investors Service said on Monday

Palo Alto Networks, Inc. (PANW — $172.02*) Delivers Another Rock-Solid Quarter; Healthy Cybersecurity Deal Flow in the Field — Maintain OP (FBR) Last night, Palo Alto Networks reported another rock-solid quarter with F1Q16 (October) results coming in ahead of expectations on the top line, bottom line, and billings, while delivering an F2Q16 (January) outlook that also came in above the Street

Palo Alto now up 2.7% following earnings/guidance; billings rise 61% Y/Y (Seeking Alpha) With subscription services such as WildFire and Traps helping the company's deferred revenue balance rise 71% Y/Y to $804.5M, Palo Alto Networks' (NYSE:PANW) billings rose 61% in FQ1 to $388M, handily topping reported revenue of $297.2M (+55%). That, in turn, helped free cash flow total $127.2M, well above non-GAAP net income of $31.6M

What's Behind Microsoft's Security Moves (CMS Wire) Microsoft CEO Satya Nadella announced the launch of a new security strategy for the entire Microsoft portfolio on Nov. 17

Canberra physicists working on 'unbreakable' cyber security systems (ABC) A group of Canberra physicists have received global recognition for their work to create "unbreakable" cyber security networks

Cyber security accelerator MACH37 seeks Spring 2016 applicants (Technical.ly DC) Develop your cyber security startup during this 90 day program. It comes with a $50,000 investment for an eight percent cut

Fortinet Hires Tyson Macaulay as Chief Security Strategist and Vice President of Security Services (Marketwired) Addition to Fortinet's Security Team expands company's cybersecurity advisory services for enterprise customers

Products, Services, and Solutions

IBM's new cryptography tool Identity Mixer could help organizations better handle incoming data (FierceCIO) IBM has announced the release of a new identity verification tool on its Bluemix cloud platform called Identity Mixer that allows companies to verify user credentials without collecting personally identifiable information

Akerman Data Law Center Offers User a Cost Effective Topography of Burgeoning Data Laws (Legaltech News) Providing their expansive knowledge through a web-accessible portal, Akerman and its partners hope to offer an alternative to pricey hourly rate-based research

Can Mobile Apps Defend Themselves? Yes, Says Bluebox (eSecurity Planet) Bluebox's approach goes beyond providing just a security wrapper for mobile applications

Encrypted Messaging App SOMA Launches Group Voice And Video Calling (TechCrunch) Secure messaging app SOMA announced the launch of group voice and video calling for up to four people

Technologies, Techniques, and Standards

SAFECode Releases Framework For Assessing Security Of Software (Dark Reading) Guide for evaluating how software companies are adopting secure coding and security support practices

SIFMA Says Its Cyberattack Drill Was Successful, but More Action Is Needed (ThinkAdvisor) Just-released Quantum Dawn 3 cybersecurity report shows progress

You are 6 security steps away from Black Friday brilliance (We Live Security) Black Friday and Cyber Monday promise to offer some fantastic deals at low prices. But it's also a time of year when cybercriminal scams are aplenty. Here are six top tips to help ensure its a fun and safe experience

Proper incentives essential to protecting health data (FierceHealthIT) Misalignment of incentives can prevent healthcare organizations from committing to the proper protections of sensitive information, according to Tyler Moore, an assistant professor of cybersecurity and information assurance at the University of Tulsa

Design and Innovation

The Doctor on a Quest to Save Our Medical Devices From Hackers (Wired) The Internet of Things has introduced security issues to hundreds of devices that previously were off-limits to hackers, turning innocuous appliances like refrigerators and toasters into gateways for data theft and spying

Understanding a new security market: User behavior analytics (Help Net Security) We know that tracking enterprise log data to discover suspicious activity from hackers or malicious insider threats is not a new idea

Legislation, Policy, and Regulation

New law allows French police to seize and search electronic devices without a warrant (Help Net Security) In the wake of the Paris attacks, the French Senate passed on Friday a bill that extends the state of emergency declared after the attacks to three months

U.S. says China to take tougher stance against trade secret theft (Business Insurance) The United States Commerce Secretary on Monday said China would offer better legal protection to U.S. firms that suffer theft of trade secrets after annual trade talks that yielded scant progress on other topics like a proposed investment treaty

Counterintelligence head: Pact hasn't stopped Chinese hacking (The Hill) The head of U.S. counterintelligence operations says he is skeptical China is upholding its end of an agreement to halt hacks on U.S. companies

US Cyber Command's Veiled Threat: China 'Vulnerable' in Cyberspace (Diplomat) U.S. Admiral Mike Rogers hints at retaliatory cyber strikes should China continue malicious hacks.

McCain to Obama: Sanction Chinese Hackers (Defense News) The chairman of the US Senate Armed Services Committee said President Barack Obama should take a hard line on China over cyber espionage against the US, and that the ability of a Washington-Beijing cyber accord inked in September to curb hacking is unclear

Encryption Debate Erupts Post-Paris Attacks But Don't Expect Any Change Soon (Tech Times) Despite the lack of evidence, the Obama Administration has revived the encryption debate, pointing to encryption as an aid to the terrorists behind the Nov. 13 Paris attacks

Time for a serious talk about encryption (The Hill) Federal Bureau of Investigation Director James Comey delivered a frank message to the Senate Judiciary Committee in July: criminals are increasingly using encryption to prevent law enforcement from monitoring their communications

How Much Privacy Is Too Much? (TechCrunch) How do you reach the right balance between privacy, security, user trust and corporate data?

The government has protected your security and privacy better than you think (Washington Post) After 9/11, U.S. political leaders of all stripes demanded better intelligence and a greater ability to "connect the dots"

Presidential Hopeful John McAfee Talks Cybersecurity (NBC News) When it comes to eccentric personalities and colorful pasts, Donald Trump has nothing on John McAfee

Army looks outside the box in its Cyber Innovation Challenge (Defense Systems) The Army is looking for ways to improve cyber situational awareness in the field

DISA builds out classified versions of its mobility program (C4ISR & Networks) Officials at the Defense Information Systems Agency are well into their mobility program for unclassified users, but efforts to extend that reach to classified users is a newer, more complex push

DISA's force-multiplying cyber defenses (C4ISR & Networks) The Defense Information Systems Agency's job securing and defending the Department of Defense's networks arguably has gotten more complex, so officials there are looking for increasingly high-tech tools to carry out the mission

LTG Alan Lynn on DISA's role in securing DoD networks (C4ISR & Networks) Army LTG Alan Lynn was named has been director of the Defense Information Systems Agency and commander of the Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN) in July 2015 for three months, and as such he leads an organization and activities focused on organizing, training and equipping military and civilian personnel that secure, operate and defend the government's crucial information networks

Litigation, Investigation, and Law Enforcement

Emails show DOD analysts told to 'cut it out' on ISIS warnings; IG probe expands (Fox News) Analysts at U.S. Central Command were pressured to ease off negative assessments about the Islamic State threat and were even told in an email to "cut it out"

Former head of Defense Intelligence Agency responds to claims over ISIS intelligence (Fox News) The former head of the Defense Intelligence Agency said the White House can't say it was not made aware of the growing threat ISIS posed in the region

Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress (US Government Accountability Office) Sector-specific agencies (SSA) determined the significance of cyber risk to networks and industrial control systems for all 15 of the sectors in the scope of GAO's review. Specifically, they determined that cyber risk was significant for 11 of 15 sectors

OIG: Unimplemented plans, poorly positioned CIO threaten IT security at State Department (FierceGovernmentIT) Several control weaknesses significantly impact the State Department's information security program, attributable in part to unimplemented strategies and a chief information officer who lacks security oversight authorities, a recent report found

Audit of the Department of State Information Security Program (US Department of State, Office of Inspector General) Acting on OIG's behalf, Williams, Adley & Company-DC, LLP (Williams, Adley), an independent public accounting firm, conducted this audit to assess the effectiveness of the Department's information security program and to determine whether security practices in FY 2015 complied with applicable Federal laws, regulations, and information security standards

Trend Micro, NCA Partnership Leads to Arrests and Shutdown of Refud.me and Cryptex Reborn (TrendLabs Security Intelligence Blog) A male and a female, both aged 22 and hailing from Colchester, Essex in the United Kingdom, were arrested on suspicion of operating two services featured in many malware business models — the popular counter antivirus (CAV) service Refud.me and the crypting service Cryptex Reborn

Bad Leaver Pays The Price re: Fortinet v. Valentine (National Law Review) A former California State judge in an arbitration awarded nearly $1.7 million to an employer against its former employee based primarily on his acts taken going out the door

District Court Enters Judgment and Affirms $39.5M Jury Award Against Blue Coat Systems (Marketwired) Finjan Holdings, Inc. (NASDAQ: FNJN), a cybersecurity company, announced today that in Finjan, Inc. v. Blue Coat Systems Inc. (5:13-cv-03999-BLF), the Honorable Beth Labson Freeman entered her Order Regarding Non-Jury Legal Issues, and Judgment against Blue Coat Systems affirming the earlier Jury Verdict and Award, all of which is in favor of Finjan

Man stole special agent's identity, executed a complex identity theft scheme (Help Net Security) Rohit Jawa, 25, formerly of Cincinnati, Ohio, pleaded guilty to an indictment charging him with eight counts of wire fraud and one count of aggravated identity theft

After Dropbox finds a child porn collector, a chess club stops his knife attack (Ars Technica) "I failed my mission to kill everyone"

Nottinghamshire teen living 'virtual life' launched £18K cyber attack on gambling firm (Nottingham Post) A naive teenager who launched a cyber attack on a large-scale gambling channel had been living a "virtual life", a court heard

Kim Dotcom's New Zealand extradition trial wraps up (Ars Technica) Prosecutors: Dotcom made $175M, should face a jury for copyright crimes

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Energy Tech 2015 (Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its...

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, December 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices...

IoT Security Foundation Conference (London, England, UK, December 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of...

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government...

Enterprise Security and Risk Management (London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most...

Cargo Logistics America (San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference...

NG Security Summit US (Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network...

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, December 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...

Cyber Security Breakdown: Washington DC (Washington, DC, USA, December 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise...

2015 Cyber Security Exchange (Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...

Disrupt London 2015 (London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...

Passwords 2015 (University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...

NSA RCTCON (Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.