Late Friday the US Intelligence Community reported that Russian intelligence services were acting against the candidacy of Democratic nominee Clinton during the US Presidential election. The evidence of intent to influence the election in favor of the Republican nominee consists largely of the dog that didn't bark—no Republican National Committee documents were leaked even as WikiLeaks vigorously doxed the Democratic National Committee. While some insiders say the Republican National Committee wasn't hacked, the general opinion is that they probably were, and that the take was withheld to influence the election. President Obama has directed an investigation. One interesting sidelight: the Russians appear to have been as surprised as anyone by President-elect Trump's success.
The State of Georgia's request that the Department of Homeland Security explain apparent attempts to penetrate the firewall around the state's election systems spawns an investigation. There are several possibilities: nefarious DHS attempts on the system, benign vulnerability scans, attack by a rogue employee, or nothing at all. The second seems likeliest, but investigation is in its earliest stages.
North Korea issues its customary denial of responsibility for malware found in South Korean military networks.
Motherboard outlines the record of companies selling lawful intercept tools to Syria's Assad regime.
War on the Rocks publishes an interesting overview of ISIS information operations, and why they work.
International police sweeps round up DDoS suspects.
Netgear works to patch flaws in its home routers.
An unusually repellent ransomware campaign offers free decryption in exchange for your infecting your neighbors.
Today's issue includes events affecting Afghanistan, Australia, Bangladesh, Belgium, China, European Union, France, Germany, Hungary, India, Iraq, Democratic People's Republic of Korea, Republic of Korea, Lithuania, Netherlands, Norway, Pakistan, Portugal, Romania, Russia, Spain, Sweden, Syria, United Kingdom, United States.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Emily Wilson from our partners at Terbium Labs talks about the availability of drugs and pharmaceuticals on the dark web. (They're there, but caveat emptor.)
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Russian Hackers Acted to Aid Trump in Election, U.S. Says(New York Times) American intelligence agencies have concluded with “high confidence” that Russia acted covertly in the latter stages of the presidential campaign to harm Hillary Clinton’s chances and promote Donald J. Trump, according to senior administration officials
Trump team disputes Russian influence on US election(Boston Globe) An extraordinary breach has emerged between President-elect Donald Trump and the national security establishment, with Trump mocking U.S. intelligence assessments that Russia interfered in the election on his behalf, and top Republicans vowing investigations into Kremlin activities
North Korea denies involvement in cyber attack on South Korea's MND(IHS Jane's 360) North Korea has denied any involvement in a hacking attack against South Korea's Ministry of National Defense (MND), saying Seoul is pulling off "a childish plot" to divert public attention from a political crisis, Yonhap news agency quoted North Korea's state-run Uriminzokkiri website as saying
European Surveillance Companies Were Eager to Sell Syria Tools of Oppression(Motherboard) In 2007, Syrians could only access the internet through state-run servers, and services like Microsoft Hotmail and Facebook were sometimes blocked. But Bashar al-Assad, who had been head of the Syrian Computer Society before becoming president, knew the internet would inevitably spread more, and he knew he had to tighten his grip over it
Lighting the Path: The Story of the Islamic State's Media Enterprise(War on the Rocks) The Battle for Mosul kicked off earlier in the fall and this campaign to end Islamic State control of the historic city continues. As Patrick Ryan and Patrick Johnston noted recently in War on the Rocks, this will not be the end of the Islamic State movement any more than its defeat in 2007 in the face of the “surge” and the Awakening movement. It is likely that nothing can convince this movement’s core leadership and dedicated members to give up their political vision of achieving the Caliphate. While its products are often examined by analysts for its influence on foreign fighter migration or macabre efforts to terrorize its enemies, the Islamic State’s media department itself is understudied — a remarkable oversight since it was a crucial part of keeping the dream of a Caliphate alive during the dark years of 2008 to 2011
CERT Warns Users to Stop Using Two Netgear Router Models Due to Security Flaw(Bleeping Computer) The United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security (DHS), has published a security alert yesterday, warning owners of Netgear R6400 and R7000 models against using their routers for the time being, because of a severe security flaw
Mirai - now with DGA(SANS Internet Storm Center) Shortly after Mirai was attributed to massive DDOS on OVH and Brian Krebs the source code for Mirai was released on Github. This was a double edged sword. It gave security researchers insight into the code, but it also made it more available to those who may want to use it for nefarious purposes. Within days Mirai variants were detected. Now chinese researchers Network Security Research Labs are reporting that recent samples of Mirai have a domain generation algorithm (DGA) feature. The DGA is somewhat limited in that it will only generate one domain per day, so a total of 365 total domains are possible and they are all in the .tech or .support TLDs. Further investigation reveals that some of these possible domains have already been registered, presumably by the Mirai variant author
Now Mirai Has DGA Feature Built in(Network Security Research Labs) Nearly 2 weeks ago, 2 new infection vectors (aka TCP ports of 7547 and 5555) were found being used to spread MIRAI malwares. My colleague Gensheng quickly set up some honeypots for that sort of vectors and soon had his harvests: 11 samples were captured on Nov 28th. Till now 53 unique samples have been captured by our honeypots from 6 hosting servers
The TalkTalk Situation Gets Even Worse(Router Check) The situation with British ISP TalkTalk has become even worse as a variant of the Mirai worm has allowed hackers to create a large botnet from its subscribers’ routers and the ISP’s response has been insufficient
London Councils Running Outdated Software(Infosecurity Magazine) Nearly 70% of London’s borough councils are using out of date operating systems, exposing them to greater cybersecurity risk, according to new research from Databarracks
Black Hat Hackers: Counterfeit Coupons(Wapack Labs) Wapack Labs research into the hacker underground has uncovered a group of black hat hackers who claim to have taken over a coupon counterfeiting business
Security Patches, Mitigations, and Software Updates
Five-Year-Old Bait-and-Switch Linux Security Flaw Patched(Bleeping Computer) Maintainers of the Linux Kernel project have fixed three security flaws this week, among which there was a serious bug that lingered in the kernel for the past five years and allowed attackers to bypass some OS security systems and open a root shell
Yahoo patches critical XSS vulnerability that would allow hackers to read any email(Mirror) Yahoo patches critical XSS vulnerability that would allow hackers to read any email – Yahoo, which was in the limelight for revealing a massive hack on its users earlier this year, has fixed a highly critical cross-site scripting (XSS) security flaw in its email system that would have allowed attackers to access any email
On the Sixth Day of Christmas, the Industry Predicted…a Big Year for IoT(Infosecurity Magazine) The run up to Christmas is in full swing and we’ll be ushering in a new year in no time at all. So as we bid farewell to 2016 and a very busy 12 months for the cybersecurity world with a plethora of breaches and incidents making the headlines across the globe, what are the experts predicting about what we can expect to come up against in 2017?
Security startup Wallarm raises $2.3M after going through Y-Combinator(TechCrunch) Back in 2013 we covered the seed funding of Wallarm, a “next gen” web security startup which aimed to protect businesses from application level hacker attacks. The team of ex-white hat hackers had previously helped Russian companies like Mail.ru, Yandex, and Parallels to block security threats. It’s perhaps little surprise that, with Russia being a tough place to raise money these days, Wallarm re-appeared in in the US
Accenture acquisition made with an eye to improve cybersecurity for federal agencies(GSN) In a move designed to extend its advanced cyber defense and response service capabilities in support of the U.S. federal government, Accenture (NYSE:ACN) has completed its acquisition of Defense Point Security LLC (DPS). DPS is now a wholly owned subsidiary of Accenture Federal Services (AFS). Terms of the transaction are not being disclosed
Products, Services, and Solutions
Viewpost Receives 2017 CS050 Award From Leading Security Resource Publisher(Yahoo! Finance) Viewpost, the secure B2B network for electronic invoicing, payments and cash management, has been named an honoree of a 2017 CSO50 Award from IDG’s CSO. This prestigious honor is granted to a select group of organizations that have demonstrated that their security projects and initiatives have created outstanding business value and thought leadership for their companies
OpenVPN to get two separate security audits(Help Net Security) Private Internet Access (PIA) announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. However, it seems that there will be two separate security audits of OpenVPN
Blockchain Startups Suggest New Approaches to Counter Cyberattacks and DNS Poisoning(CoinTelegraph) Banks, financial institutions, government agencies and large corporations are still struggling to deal with cyber attacks and DNS poisoning, that often lead to billions of dollars in losses every year. Several Blockchain startups are attempting to solve the Internet’s vulnerability issues by integrating an immutable and public ledger into the Internet’s existing framework
FPC Tops Deloitte EMEA Rankings(Find Biometrics) Fingerprint Cards has been ranked first in the Deloitte Technology Fast 500 EMEA program, which Deloitte describes as “an objective industry ranking that recognizes the fastest-growing technology companies in Europe, the Middle East, and Africa” for the past four years
USAF accepts Lockheed Martin's SBIRS Block 10 ground system(Air Force Technology) The US Air Force (USAF) has accepted Lockheed Martin's newly upgraded space-based infrared system (SBIRS) Block 10 ground system, designed to support missile warning, missile defence, battlespace awareness, and technical intelligence
Digital Rights Foundation Launches Pakistan’s First Ever Cyber Harassment Helpline(Feminism in India) Digital rights are not a very commonly known section of the human rights issues – especially in the South Asian context. The masses are unaware of the effects that their presence in online spaces can have and are often oblivious of the crimes they commit while being in digital spaces. Education regarding digital rights and privacy is in a very nascent phase right now in the South Asian countries – particularly in countries like Pakistan, India, Bangladesh, Afghanistan etc. Though there are organizations working to raise awareness regarding privacy and digital rights and responsibilities, the number is limited and the burden is overwhelming
Technologies, Techniques, and Standards
New minimum code signing requirements for use by all CAs(Help Net Security) The Certificate Authority Security Council (CASC), an advocacy group committed to the advancement web security, announced the Code Signing Working Group has released new Minimum Requirements for Code Signing for use by all Certificate Authorities (CA)
Buying stolen data(TechCrunch) Think about your most prized possession. Imagine it in your mind’s eye. Maybe it’s a family heirloom, or something a close friend gave you, or something you worked hard to afford. Now imagine it gets stolen
5 Questions to Ask your IoT Vendors; But Do Not Expect an Answer.(SANS Internet Storm Center) This year shapes up to become the year that IoT exploits started to become "mainstream news." Mirai, car hacking, and ubiquitous router exploits are now being discussed outside security conferences. One question that comes up from time to time is what a "minimum standard" could look like for IoT security. Today, default passwords and basic web application security flaws are the number one issue. But we all know that as one vulnerability is being patched, two more are discovered. Asking vendors to deliver a "vulnerability free" product is not realistic. So what should we ask our vendors?
Never Stand Alone: Collaboration In The Face Of Cyber Threats(Information Security Buzz) The world’s increasing interconnectivity has given rise to greater efficiency and the easier exchange of data. However, as networks become borderless and institutions freely exchange data with partners, a data breach in one organisation’s network can now provide hackers with an avenue into multiple other companies. Before any can respond, a chain reaction of breaches
12 tips for implementing secure business practices(Help Net Security) Optiv Security shared a list of a dozen tips for implementing secure business practices during the 2016 holiday season. Security experts developed these recommendations to help security and IT teams better prepare their companies and employees to address the increase in cyber threats that occur during this time of year
Learning in the Dark: Lessons Learned in Unsupervised Learning(CyberPoint) CyberPoint has seen great success in using supervised machine learning for malware detection. A while back, however, some colleagues and I set out to investigate whether we could make any interesting discoveries by applying unsupervised learning to CyberPoint's malware dataset
China’s Cybersecurity Law: Game over for foreign firms?(IDG Connect) The “de-Americanisation of China’s IT stack” has taken another major step forward with the introduction of the new Cybersecurity Law. It not only enshrines strict new rules for foreign companies in various industries trading in China, but will also further restrict the online freedoms of citizens inside one of the most surveillance-coated nations on earth. But while the reports talk of “dismay” and “rattled” foreign multi-nationals, did they really think it would be any other way?
Understanding Beijing's Cyber Priorities(Cipher Brief) The decentralized and global nature of the Internet is both an asset and a burden of our modern era. It provides resilience for our communication pathways and facilitates commerce and cultural exchange, yet also enables abuse like terrorist planning and recruitment, as well as criminal activity on a global scale. Less tangibly, but equally important, it poses serious challenges to traditional conceptions of sovereignty, rule of law, and privacy. Data continuously flows across national borders and is stored on servers beyond individual nations’ legal jurisdictions, creating technical loopholes for predatory actors; all while encryption lends anonymity to dissidents, criminals and terrorists alike
3rd US & China Joint Dialogue on Cybercrime and Related Issues(American Security Today) On December 7, 2016, in Washington, D.C., Attorney General Loretta E. Lynch and Department of Homeland Security Secretary Jeh Johnson, together with Chinese State Councilor and Minister of the Ministry of Public Security Guo Shengkun, co-chaired the third U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues
Espionage Strategy: Russia's Long View vs. America's Short-Term Goals(Cipher Brief) As part of our special coverage of Foreign Influence, Domestic Division: Russia, the 2016 Election, and Trump’s Rebuke of the U.S. Intelligence Community, The Cipher Brief’s Executive Editor Fionnuala Sweeney speaks to Rob Richer, former CIA Associate Deputy Director for Operations and formerly chief of Russian Operations. She asked him for his opinion on Russia’s objectives and how it conducts itself in the field of espionage
Bill to Elevate Cybercom Heads to Obama’s Desk(NextGov) A major defense policy bill that elevates U.S. Cyber Command to a full combatant command is on its way to President Barack Obama’s desk after the Senate voted overwhelmingly for passage Thursday
Will Vulnerable U.S. Electric Grid Get a New Protection Mandate?(Brink News) In the new Trump administration, protecting the electric grid will likely be a topic that garners serious attention, owing to President-elect Trump’s stated intentions to invest in upgrading and modernizing America’s energy infrastructure, which dovetails into another of his priorities: a strong focus on national security issues
The Marine Corps Is Looking For A Few Good Nerds: Gen. Neller(Breaking Defense) No thank you, Donald Trump. While the President-Elect wants to boost Marine Corps combat units by 50 percent — with 12 new battalions of infantry and one of tanks — the Commandant of the Marine Corps respectfully suggested that there are other additions the Marines need more. Don’t think good old-fashioned grunts: Think warrior nerds
Obama orders intel probe of election hacks(SC Magazine) After months of allegations that Russia had interfered in the presidential election through a series of cyberattacks on organizations and people affiliated with the Democratic party and calls for review from lawmakers on both sides of the aisle, President Obama directed U.S. intelligence agencies to conduct a full investigation and deliver a report before he leaves office January 20, according to the president's homeland security adviser counterterrorism advisor Lisa Monaco
Law enforcement operation targets users of DDoS tools(Help Net Security) From 5 to 9 December 2016, Europol and law enforcement authorities from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States carried out a coordinated action targeting users of DDoS tools, leading to 34 arrests and 101 suspects interviewed and cautioned
US: Case Challenges Mass Internet Surveillance(Human Rights Watch) A federal appeals court heard oral argument on December 8, 2016, in Richmond, Virginia, in the case brought by the American Civil Liberties Union on behalf of a broad group of organizations challenging the National Security Agency’s mass interception and searching of Americans’ international internet communications
Another Lawsuit Highlights How Many 'Smart' Toys Violate Privacy, Aren't Secure(TechDirt) So we've talked a bit about the privacy implications of smart toys, and the fact that people aren't exactly thrilled that Barbie now tracks your childrens' behavior and then uploads that data to the cloud. Like most internet-of-not-so-smart things, these toys often come with flimsy security and only a passing interest in privacy. As such we've increasingly seen events like the Vtech hack, where hackers obtained the names, email addresses, passwords, and home addresses of 4,833,678 parents, and the first names, genders and birthdays of more than 200,000 kids
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.