A hacktivist (who "wishes to remain anonymous," as Motherboard primly puts it) releases what he alleges are personal data on some 20,000 FBI employees and about 8000 US Department of Homeland Security personnel. It's unconfirmed whether the data are genuine. The dump was accompanied by a pro-Palestinian message.
One hacktivist tactic, which ESET calls "haxposure," may see greater use this year — the Hacking Team and Ashley Madison breaches would be examples. The goal is typically reputational damage. Widespread availability of indifferently protected information and the tools to extract and disseminate it are thought likely to drive an increase in haxposure.
Hackers have made off with UK tax filers' self-assessment records, using the information to file fraudulent claims for tax repayment.
Researchers continue to work on the TeslaCrypt ransomware infesting WordPress sites.
Researchers also wonder who's been subverting Dridex malware download sites to server up anti-virus software. The (presumed) white-hat is now being called "Batman."
Kaspersky researchers report that banking malware has begun to adopt some of the APT techniques hitherto principally associated with cyber espionage.
In the marketplace, a broad selloff continues to affect cyber security stocks. Observers cite weakness in allied IT sectors as a partial cause, along with concerns about possible over-valuation and the unsettling story of Norse Corporation's apparent "implosion."
Intelligence services research ways of mining social media for threat indicators and warnings, but the data remain in many ways resistant to such analysis.
Twitter reports that it's deleted more than a hundred thousand accounts for extremism.
Today's issue includes events affecting Australia, China, Ethiopia, European Union, Iraq, Democratic Peoples Republic of Korea, Libya, New Zealand, Nigeria, Pakistan, Philippines, Russia, Rwanda, Spain, South Africa, South Sudan, Sudan, Syria, Tanzania, Uganda, United Arab Emirates, United Kingdom, United Nations, United States, Uzbekistan, and Zimbabwe.
Hacker Plans to Dump Alleged Details of 20,000 FBI, 9,000 DHS Employees(Motherboard) A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned
Cyber-thieves hack the taxman(Sunday Times) Criminals are stealing money by hacking into people's online tax returns on the website of HM Revenue & Customs and hijacking their self-assessment records, The Sunday Times can reveal
Android system processes can be infected by Trojans(Dr. Web) Virus makers continue to complicate architecture of malicious programs for Android. First samples had rather primitive structure, but their today's counterparts, on the contrary, are almost equal to the fanciest Trojans for Windows. Doctor Web specialists registered a whole pack of multifunctional malicious programs for Android this February
The 2016 cyber security roadmap(Information Age) Another year, another round in the escalating fight against cyber crime. Looking ahead, Information Age asked industry experts what themes they think will dominate the agendas of security professionals in 2016
What Is Cyberwarfare?(Semiconductor Engineering) Tens of billions of dollars are being spent on this growing threat, but so far no one can define it
What Motivates Cyber-criminals and Who Are They Targeting?(Infosecurity Magazine) There is a part of me that finds hackers, or cyber-criminals, of fascinating interest. Whether it's the clandestine nature of their 'profession' or the untapped genius with which some of them operate that I find curious, I do not know
The emerging threat of haxposure(IT Online) One 2015 cyber threat trend was not widespread, but deserves attention because of a pair of high-profile security breaches: Hacking Team and Ashley Madison
Hey, Business — We Have It on Good Authority You're on Your Own(PivotPoint Risk Analytics) You've heard, maybe, about how the Feds indicted some officers of China's Peoples Liberation Army for hacking trade secrets from US manufacturers in Pennsylvania? It was solid work, and kudos to the FBI's Pittsburgh office for stellar investigative work
CFTC Commish Says Cybersecurity Risks Disrupting Markets(Law360) The U.S. Commodity Futures Trading Commission's J. Christopher Giancarlo on Thursday released a podcast outlining the biggest trends currently impacting the global financial markets, saying that cybersecurity risks and other technological developments are the most disruptive
CatIQ conference speakers discuss 'cyber cats,' Lac-Mégantic response(Canadian Underwriter) A malicious computer program reported to have interfered with uranium enrichment in Iran was a "game changer" in cyber security, but there is no historical data that actuaries could use to assess potential losses arising from "cyber cats" affecting industrial control systems, a computer science professor recently told insurance professionals
Ex-CEO On How His Silicon Valley Cybersecurity Firm Crashed(Forbes) A recent story in Forbes stated that Norse Corp. — which raised more than $40 million in VC funding — looked like it may be shutting down, according to a blog posted by Brian Krebs, a well known investigative reporter who covers the cybersecurity industry
Behind the deal: What the new $10B Leidos will look like(Washington Business Journal) Leidos Holdings Inc. is going to gain considerable market share in four key areas after its deal to combine with Lockheed Martin Corp.'s (NYSE: LMT) $5 billion Information Systems & Global Solutions business, CEO Roger Krone said at an investor conference Thursday
Watch The Target, Not Just The Wire(Tripwire: the State of Security) Before I became a systems engineer a few years ago, I worked in the industry as a technical security manager for over 15 years, focusing on computer forensics, incident management and compliance
The Role of Tor in Cybercrime(RSA) In a previous blog, we explored the layers of the deep web, and briefly explained how anonymity technologies (such as Tor) facilitate illegal, underground commerce. This post aims to explain the underlying concept of how Tor functions, thus, how anonymity on the Internet is accomplished
Design and Innovation
Blockchain Won't Make Banks Any Nimbler(American Banker) In 1855, Karl Benz combined his profession of manufacturing internal combustion engines with his hobby of designing carriages to produce the first autonomously powered mobile carriage — the automobile
Contest introduces teens to booming field of cybersecurity(Chicago Tribune) The room looked like something you'd see in Palo Alto or Mountain View: pizza boxes strewn across a table at one end, young people clustered around computer screens at the other, working in near silence except for the occasional mumble or electronic bleep
Marshall receives $170K NSA grant(My Daily Tribune) A group of faculty within Marshall University's Department of Mathematics has been awarded a $170,000 grant from the National Security Agency
Mathematics Department receives National Security Agency grant(ETSU University News) East Tennessee State University's Department of Mathematics and Statistics is the recipient of a $125,000 grant from the National Security Agency for the project "Strengthening Minorities Achievements via Research Training in Mathematics"
Legislation, Policy, and Regulation
Opinion: Why China needs to rein in North Korea's hackers(Christian Science Monitor Passcode) If China blunts North Korea's increasingly aggressive hackers, and keep them from operating on its side of the border, that would go a long way toward improving security on the Korean Peninsula
UN Chief: 34 Groups Now Allied to Islamic State Extremists(AP via Military.com) Thirty-four militant groups from around the world had reportedly pledged allegiance to the Islamic State extremist group as of mid-December — and that number will only grow in 2016, UN Secretary-General Ban Ki-moon said in a report Friday
Contracting Docs: OPM Seeks to Tighten IT Security of Background Investigation Companies(NextGov) Contractors that conduct background investigations for the federal government will have to report information security incidents to the Office of Personnel Management within half an hour, are required to use smartcards as a second layer of security when logging on to agency networks and must agree to let OPM inspect their systems at any time
Understanding the E.U. Portability Rules for Digital Services(Willis Towers Watson Wire) For media companies, intellectual property assets and the ability to exploit these assets remain at the core of the business. For those companies, attending to changes in copyright law within the jurisdictions they operate is key to managing their unique risks
The feds billed him as a threat to American freedom. Now they're paying him for help.(Washington Post) The way federal prosecutors told it, Jesse Morton was an inspiration for terrorists across the world. Through his Revolution Muslim website, they said, the New York City man provided justification for violence in the name of Islam, encouraged followers to support Osama bin Laden and advocated attacks on the writers of "South Park" in retaliation for their depiction of the prophet Muhammad in a bear suit
7 Online Activities That Can Get You Arrested(Hack Read) The Internet is a wonderland. It is a place where everything from the birth of the universe to the Miley Cyrus's twerking is available with just a few clicks of your mouse!
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
Insider Threat Program Development Training — California(Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
OPSWAT Cyber Security Seminar(Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.