skip navigation

More signal. Less noise.

Daily briefing.

A widely reported Russian hack of Burlington Electric, a Vermont utility, amounts to far less than alarmists feared. An employee's laptop, not connected to grid controls, linked to an IP address associated with, but not exclusively used by, threat actors. Inspection revealed signs of the Neutrino exploit kit on the device, but this is very circumstantial evidence, at best, of the Russian hacking initially reported. There are indeed risks to the North American grid, but this doesn't appear to be one of the serious ones. Links to initial reports as well as subsequent qualifications and critiques appear below.

Russian disinclination to retaliate for US expulsion of Russian diplomats last week is drawing generally favorable (usually begrudgingly favorable) notices. Security analysts tend to agree that, while it's reasonable to conclude there were GRU and FSB intrusions into US political party networks during the election season, voting itself was not manipulated. The US Intelligence Community has high confidence in its attribution of the hacks to Russian intelligence services, but last week's FBI and NCCIC Joint Analysis Report on Grizzly Steppe draws tepid reviews, its case seen by many as disappointingly circumstantial.

Anonymous resurfaces in the new year, defacing a Bilderberg Group website to demand a change of heart from the Bilderbergers' elite membership.

ISIS is back online, claiming responsibility for massacres in Istanbul and Baghdad. The declared motive of the former (responding to Abu Bakr al-Baghdadi's inspiration) was "revenge" against Turkey. The latter was intended simply to kill "a gathering of Shia."


Today's issue includes events affecting China, Estonia, European Union, Georgia, Germany, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Moldova, Pakistan, Russia, Syria, Turkey, Ukraine, United Kingdom, United States.

From all of us at the CyberWire, best wishes for a happy, safe, healthy, and prosperous 2017 to our readers and listeners.

The CyberWire podcast returns to its regular programing today, featuring an interview with ICS expert Joe Weiss on the Burlington Electric incident and other, more significant, concerns about the cyber security of the North American power grid. We'll also hear from our partners at Level 3, as Dale Drew shares some predictions for 2017.

If you've been enjoying the podcasts, please consider giving us an iTunes review.

Today we also have a new special edition of our Podcast. The topic is buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Cyber Attacks, Threats, and Vulnerabilities

lslamic State claims responsibility for Istanbul nightclub attack (Washington Post) The Islamic State claimed responsibility Monday for a deadly rampage at an Istanbul nightclub on New Year’s Eve, an assault by a single gunman that killed dozens of people and served as an ominous reminder of the consequences of Turkey’s expanding war against the Islamic militants in Syria

IS conflict: Baghdad suicide car bomb blast kills 35 (BBC) At least 35 people have been killed in a suicide car bomb attack in a busy square in Iraq's capital, Baghdad, security and medical sources say

Major cyber-attack on Turkish Energy Ministry claimed (Hurriyet Daily News) Sources from the Energy Ministry claim that a major cyber-attack is the source of the widespread electricity cuts across Istanbul in recent days, according to reports in the Turkish media

Anonymous Hacks, Defaces Bilderberg Group Website Against World Crisis (HackRead) Anonymous and HackBack Movement says “They are watching the group”

Russian Hackers Suspected of Attacking War Monitor (Infosecurity Magazine) International war monitor the Organization for Security and Co-operation in Europe (OSCE) last week revealed it has been on the receiving end of a “major” cyber-attack

Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation (Washington Post) As federal officials investigate suspicious Internet activity found last week on a Vermont utility computer, they are finding evidence that the incident is not linked to any Russian government effort to target or hack the utility, according to experts and officials close to the investigation

Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say (Washington Post) Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid

Russian hack on US power company a false alarm (Computing) Investigators jumped to the wrong conclusions on the basis of a single IP address

"Fake News" And How The Washington Post Rewrote Its Story On Russian Hacking Of The Power Grid (Forbes) On Friday the Washington Post sparked a wave of fear when it ran the breathless headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability"

Russia Hysteria Infects WashPost Again: False Story About Hacking U.S. Electric Grid (Intercept) The Washington Post on Friday reported a genuinely alarming event: Russian hackers have penetrated the U.S. power system through an electrical grid in Vermont. The Post headline conveyed the seriousness of the threat

Opinion: Confusion over Vermont Utility Underscores Risks of Cyber Attribution (Security Ledger) In-brief: errant reports about a Russian government hack of a Vermont utility are the first byproduct of a flawed report on Russian hacking of U.S. interests. They won’t be the last

Hacking Too Close to Home: Why the Vermont Electric Grid “Laptop” Malware Matters, and What Needs to be Done Now (Bayshore Networks) The recent political furor over state sponsored hacking took an ugly and dangerous turn, on the morning of December 30th when a tiny Vermont electric utility reported that Grizzly Steppe – the spear-fishing process used to access DNC emails – had been found on one of their systems

Russian Hacking Code Found in Vermont Power Utility Computer (Bloomberg) Utility said the laptop wasn’t connected to the power grid. Homeland Security alerted power providers to search for code

Russian hackers strike Burlington Electric with malware (Burlington Free Press) A Russian hacking group, suspected of trying to influence the U.S. presidential election, struck Burlington Electric, one of Vermont’s electrical utilities, according to the Department of Homeland Security

Did the Russians Hack the U.S. Power Grid? A Grid Crash Would Change Life as We Know It in America Overnight (Inquisitr) Russian hackers may have been attempting to hack the United States power grid, according to statements made by an unnamed government official to the Washington Post. A hacking code which is reportedly associated with a Russian hacking operation deemed, “Grizzly Steppe” by the Obama administration, was detected within a Vermont electrical utility system

The Burlington Electric Department cyber attack story has been misreported even though malware is in our US electric grids (Control Global) December 30, 2016, the Washington Post broke the story: “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say”. There are numerous questions and concerns that arise from this incident. I will focus on the technical issues and leave political discussions to others

Cyberattacks Raise Alarm for U.S. Power Grid (Wall Street Journal) Experts believe Russian hackers linked to the DNC breach are also behind attacks on utilities in Ukraine and U.S., leaving domestic power grid exposed

Russian cybersecurity intelligence targets critical U.S. infrastructure (Washington Times) U.S. intelligence agencies recently identified a Russian cybersecurity firm, which has expertise in testing the network vulnerabilities of the electrical grid, financial markets and other critical infrastructure, as having close ties to Moscow’s Federal Security Service, the civilian intelligence service

Campaign Evolution: pseudo-Darkleech in 2016 (Palo Alto) Darkleech is long-running campaign that uses exploit kits (EKs) to deliver malware. First identified in 2012, this campaign has used different EKs to distribute various types of malware during the past few years. We reviewed the most recent iteration of this campaign in March 2016 after it had settled into a pattern of distributing ransomware. Now dubbed “pseudo-Darkleech,” this campaign has undergone significant changes since the last time we examined it. Our blog post today focuses on the evolution of pseudo-Darkleech traffic since March 2016

Droidpak: A sneak attack on Android devices via PC malware (Storm Infosec) Symantec researchers have found what they are calling the first known example of Windows malware specifically designed to infect Android devices. “We’ve seen Android malware that attempts to infect Windows systems before,” mentioned Flora Lui, author of the Symantec post announcing Droidpak. “Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices

How a U.S. Utility Got Hacked (Wall Street Journal) Michigan utility paid $25,000 ransom to get back into its systems after hackers from overseas took over its computers

Attack and loss: ransomware 2016 (360 Total Security) Ransomeware, a special version of trojan virus that encrypts files, has become a new and tremendously growing type of cybercrime. The 2016 Ransomware Report released by 360 Security Center lately presents that

Brit cyber warriors fight off two hacking attempts against the state every day (Mirror) The National Cyber Security Centre has foiled 86 attacks in its first month - most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs

Social Engineering Attacks on Government Opponents: Target Perspectives (Proceedings on Privacy Enhancing Technologies) New methods of dissident surveillance employed by repressive nation-states increasingly involve socially engineering targets into unwitting cooperation (e.g., by convincing them to open a malicious attachment or link). While a fair amount is understood about the nature of these threat actors and the types of tools they use, there is comparatively little understood about targets’ perceptions of the risks associated with their online activity, and their security posture

Record wave of phishing comes to an ebb in autumn 2016 (Help Net Security) The Anti-Phishing Working Group reports that the year’s record wave of phishing subsided in the autumn. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing websites detected in the third quarter of 2016 was 364,424, compared with 466,065 in the second quarter — a decline of 25 percent

Super Mario Run Android Update: Security Threats All Users Should Consider Before Downloading (Mobile Apps) Android users have been given a warning by experts that they should not get too eager for their new Super Mario Run Android game. The game is finally Google Play Store official, but its actual release date is yet unknown, and this eagerness is being exploited by criminals

Android Was 2016's Most Vulnerable Product (Bleeping Computer) With 2016 officially over, we can crown Android as 2016's product with most vulnerabilities, and Oracle as the vendor with the most security bugs

How to tell if your Snapchat has been hacked, and how to get it back (Graham Cluley) What to look out for, and what to do about it!

Pakistan automotive giant PakWheels Hacked, 700k accounts stolen (HackRead) The breach took place months ago but users only got reset notification last week

OurMine Group Hacks Nat Geo Photography’s Twitter Account (HackRead) The group asked “Hannah” to contact them and they will stop tweeting from the hacked account

Ransomware author tries to blackmail security researcher into taking down 'educational' malware project (Graham Cluley) The author of the Magic ransomware unsuccessfully attempted to blackmail a security researcher into taking down two open-source 'educational' malware projects on GitHub

Cyber Trends

2017: The tipping point for cybersecurity (IT Pro Portal) In this digitally changing climate, everything has become a target and anything can be a weapon

Data breaches through wearables put target squarely on IoT in 2017 (CSO) Security needs to be baked into IoT devices for there to be any chance of halting a DDoS attack, according to security experts

Transition to Trump Administration: The Cyber Risks (InfoRisk Today) Booz Allen Executive predicts 'test attacks' by nation-states

More attacks, new technologies: Cybersecurity predictions for the year ahead (Help Net Security) Every day, the cybersecurity landscape changes. Each new device connected to the network presents a new target for attackers that needs to be secured, and each new social media post creates new risks for phishing attacks or social engineering

G DATA blickt in die Zukunft (Trojaner-Info) Einen Ausblick auf IT-Security Trends und Prognosen für 2017 hat das IT-Sicherheitsunternehmen G DATA erstellt. Die Prognosen umfassen wichtige Themenfelder wie die „Cloud“, Phishing und Spam mit persönlichen Daten, Adware, Smartphones, gezielte Angriffe auf Unternehmen, Ransomware, das Internet der Dinge und aufstrebende Technologien

A 2017 Forecast for HIPAA Enforcement (Healthcare Info Security) Attorney David Holtzman sizes up outlook for HHS activities

54% of organizations have not advanced their GDPR compliance readiness (Help Net Security) More than half of organizations have failed to begin any work on meeting minimum General Data Protection Regulation (GDPR) compliance, according to a study conducted by Vanson Bourne

90 Percent of IT Pros Worry About Password Reuse (eSecurity Planet) And 94 percent have implemented two-factor authentication for at least one application, a recent survey found


The Age of Resilience – Security in 2017 (Flipboard) Security is one of the few tech sectors that thrives primarily thanks to the cruel intentions of bad actors. White hats and black hats exist symbiotically. Without the criminal element to create demand, CISOs would just hang up their spurs and call it a day

Exploring trends in automated crypto trading (Help Net Security) Despite the risks, many traders continue to be attracted to cryptocurrency trading due to the earning potential it offers. Sasha Ivanov, CEO of Waves, explains that the crypto market is inefficient, opportunities for arbitrage exist between exchanges, and the market is very volatile and unregulated with a constantly shifting landscape

E-wallet companies grow fast, but not covered for cyber attack (Economic Times) Mobile wallet companies, expanding rapidly to cash in on the opportunity of the government's push to scale up digitisation, are not taking adequate insurance cover against an obvious risk of cyber attacks and that could put their customers' money in jeopardy in case of attack, industry insiders said

Yahoo Feels Pressure After Second Big Hacking Attack (Acumin) Yahoo is remaining in the spotlight after the online search company admitted that it had been a victim of a second significant hacking in 2013

Quick Heal in talks to buy encryption, cloud companies (The Hindu) IT security firm Quick Heal could soon enter into IoT, encryption and cloud security market as it looks to acquire companies in these domains

Gigamon: A Falling Knife, And Some Nasty Cuts, But Some Significant Share Price Opportunities (Seeking Alpha) Gigamon is a company most often considered to be in the cybersecurity space. It basically sells data visibility solutions that are often used as part of a cybersecurity fabric. The shares have been noticeably weak since making a high a few weeks ago and have pulled back by 25%. The company introduced its long awaited joint solution with AWS in the last few weeks. The consensus growth forecast for 2017 seems significantly compressed compared to a more likely progression. In the wake of the share price pullback, valuation parameters, while not at value levels, have reached what many consider to be an attractive entry point

Palo Alto Networks Inc.: 2016 in Review (Investopedia) Shares of Palo Alto Networks Inc. (PANW) declined 29% over the course of 2016, closing on Dec. 30 at $125.05 a share

Boeing contracted for NGJ Growler integration (UPI) Boeing has received a $308 million contract modification to provide Next Generation Jammer integration services for the U.S. Navy's EA-18G aircraft

Engility to support Air Force cybersecurity efforts (C4ISRNET) Engility has been awarded a $31 million Air Force cybersecurity contract

Wondering What To Do With Your Law Degree, Consider Cybersecurity (Forbes) Your career may not turn out as you imagined. But what you learn in the process can springboard you to new opportunities

Hacker Helps Own Victim to Combat Cyber Crime (Acumin) A cyber criminal arrested by police after he targeted a Derbyshire organisation will now be helping the firm to improve its cyber security

Products, Services, and Solutions

Cyber Threat Startup Quickly Detects Grizzly Steppe: JAR-16-20296 Threats (Satellite PR) On December 29, the Department of Homeland Security, working with the FBI, released the (Joint Analysis Report) JAR titled “Grizzly Steppe,” through US-CERT. That day, the DHS Automated Indicator Sharing (AIS) platform released machine readable indicators to detect threats discussed within the JAR document. In lay terms, DHS cyber intel analysts identified a potential threat, and distributed data used by automated cyber threat detection systems. Companies can then to use this data to automatically detect the same threat on their own systems and take appropriate steps to protect themselves

Technologies, Techniques, and Standards

Kaspersky Lab Finds a Way to Unlock Files Encrypted with CryptXXX Ransomware (Channel Post) After releasing decryption tools for two variants of CryptXXX ransomware in April and May 2016, Kaspersky Lab is releasing a new decryptor for files that have been locked with the latest version of the malware. This malicious program was capable of infecting thousands of PCs around the world since April 2016, and it was impossible to fully decrypt the files affected by it. But not anymore. The free RannohDecryptor tool by Kaspersky Lab can decrypt most files with .crypt, .cryp1 and .crypz extensions

Your 5 Totally Achievable Security Resolutions for the New Year (Wired) Whether you've never thought about your personal security at all before, or you’ve been meaning to clean some things up for awhile now, 2017 is the year to make changes. Threats like spamming, phishing, man-in-the-middle attacks, and ransomware pose real daily threats to every internet user, passwords continue to leak in massive corporate breaches, political instability roils many parts of the world, and people own more and more devices that can be compromised. Fun, right?

WTF is a VPN (TechCrunch) You’re watching a movie. A criminal is trying to evade a crime scene in a sports car on the highway. A helicopter is following the car from above. The car enters a tunnel with multiple exits and the helicopter loses track of the car

Here's US Homeland Security and FBI-approved steps to improve cybersecurity (International Business Times) Here's the list of best cybersecurity practices defined by Department of Homeland Security (DHS)'s National Cybersecurity and Communications Integration Center (NCCIC)

Appointing a Cyber Point Person to Minimize Impact of the Inevitable (New York Law Journal) As information has become an increasingly valuable commodity for all businesses, it has also become extremely valuable for hackers and criminal organizations. The tools that the bad actors are using to gain access to our systems and information are outpacing our technological advances. Regardless of the level of sophistication of the information technology infrastructure, organizations are only as strong as their weakest link, which are quite often their people

What to do if your data is taken hostage (Network World) Find out how to respond to ransomware threats

Five Signs of CISO Complacency (Security Intelligence) Chief information security officers (CISOs) are constantly challenged to avoid complacency. The seemingly insurmountable pressures of balancing escalating threats and regulatory compliance mandates can be overwhelming. When conceiving big security projects, CISOs often talk about finding the risky pain points in processes and trying to correct them. That exercise is all about management skills, but it seems they haven’t realized the interaction between information security and the rest of the company

5 Key Ways Law Firms Can Reduce the Risk of Cyber Attacks (LawFuel) News that Chinese hackers had breached law firm security to secure highly sensitive data shows that law firms remain highly exposed to such attacks

Enhanced security facilitates your safe move to the cloud (Help Net Security) If you haven’t moved at least some of your data to the cloud, you will. It’s inevitable at this point. Even the most highly secured organizations have some of their data on the cloud

Passport Seva's Simli on How to Build In Security (InfoRisk Today) Technology leader shares insights for government agencies in India

Data protection is top priority for businesses when combatting cyberthreats (Security Asia) Loss or exposure of sensitive data is the worst outcome of a cybersecurity incident, according to the findings of Kaspersky Lab’s report, “Business Perception of IT Security: In the Face of an Inevitable Compromise,” based on the 2016 Corporate IT Security Risks survey

Design and Innovation

The Very Human Problem Blocking the Path to Self-Driving Cars (Wired) It was a game of Dots that pushed Erik Coelingh to rethink his entire approach to self-driving cars. Coelingh, Volvo’s head of safety and driver assist technologies, was in a simulator, iPad in hand, swiping this way and that as the “car” drove itself, when he hear an alert telling him to take the wheel. He found the timing less than opportune

Tesla begins rolling out much-anticipated Autopilot update for its newest cars (TechCrunch) Tesla CEO Elon Musk has bold plans for self-driving cars in 2017, and his company took a step towards that goal after it began rolling out a much-anticipated Autopilot update to owners of its newer vehicles

Can Tesla’s Improved Autopilot Feature Predict Accidents? Perhaps Yes! (HackRead) A video shared by user on Twitter shows Tesla’s autopilot predicted a crash before it happened for real

Fiat Chrysler’s Portal concept is a van with a plan for autonomous driving (TechCrunch) Fiat Chrysler is getting ready for a future in which your vehicle is an extension of your living space with their new Portal concept car, which is debuting at CES this year. The Portal is an electric-powered vehicle with its own wireless network, Level 3 semi-autonomy standard and the hardware necessary for an upgrade to true Level 4 self-driving capability, and fold-flat/removable seating for flexible interior reconfiguration options

Fiat Chrysler and Google team on Android in-car tech (TechCrunch) Fiat Chrysler and Alphabet are already working together via Waymo, the former Google self-driving car project, and now Google is also teaming with the automaker for in-car system tech, using Android as the base for a new infotainment and connect car platform. The new FCA in-car system is called Uconnect, and uses Android 7.0 to deliver a range of features, including Android app compatibility alongside more traditional in-car controls like AC and heat, also with terrestrial radio

Research and Development

Narendra Modi addresses Indian Science Congress in Tirupati, highlights cyber-physical systems (First Post) Prime Minister Narendra Modi on Tuesday inaugurated the five-day annual Indian Science Congress being held at the Sri Venkateswara University in Tirupati. This time the conference focuses on 'Science and Technology for National Development' even as previous prime ministers have usually shared their vision and approach for science in India in their address. They have also used it as a platform to make policy announcements


RSA Conference 2017 debuts education program (Help Net Security) RSA Conference announced the debut of RSAC AdvancedU – a new series of programs to educate and encourage more people to pursue a career in cybersecurity and also invigorate veterans with decades of experience – at RSA Conference 2017, February 13-17, in San Francisco

Legislation, Policy, and Regulation

Putin’s Masterstroke of Nonretaliation (Foreign Policy) In refusing to expel U.S. diplomats in response to President Obama’s sanctions, the Russian leader pulled another fast one on the White House

Putin’s Real Long Game (Politico) The world order we know is already over, and Russia is moving fast to grab the advantage. Can Trump figure out the new war in time to win it?

Online voting is a serious security risk, says former MI6 chief (Computing) Sir John Sawers says uncertainty over cyber capabilities puts the world in a dangerous place

Obama Finally Wakes Up to Join the SpyWar at the 11th Hour (Observer) President-elect Trump inherits an ultimatum he cannot ignore

Russian Hacking: Obama’s Actions, Trump’s Options (National Interest) For the incoming Trump Administration, the task is to find a way to defuse tensions consistent with American interests and purpose

Rep. Schiff: Congress will push for Russia sanctions if Trump undoes Obama's action (Politico) California Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, said Sunday that there will be a stronger push for sanctions against Russia if Donald Trump moves to undo them

Sen. Blumenthal discusses cyber threat from Russia, says ‘This nation is under attack’ (Fox 61) The country is under attack, although the results may be invisible, Sen. Richard Blumenthal said on Monday at a press conference about his congressional goals for this year

Doubts Raised on Value of Sanctions Against Russia (BankInfo Security) Audio Report: ISMG editors analyze the latest developments

Russians! Under my bed! (USA Today) John Podesta fell for a phishing scam. Let's not start another Cold War over that

Analysis: Surreal US cyber diplomacy (Jerusalem Post) Since October, the US intelligence community had concluded that Russia interfered in the US presidential election

Donald Trump’s Press Secretary Won’t Say Whether Russia Was Behind The DNC Hack (Huffington Post) The intelligence report is titled “Russian Malicious Cyber Activity”

Trump spokesman: President-elect wants more info on Russia (Military Times) Incoming White House press secretary Sean Spicer is defending cryptic comments by President-elect Donald Trump that he knows "things that other people don't know" when it comes to allegations of Russian hacking

Trump’s doubts about cybersecurity alarm experts (Washington Post via the Chicago Tribune) President-elect Donald Trump has repeatedly questioned whether critical computer networks can ever be protected from intruders, alarming cybersecurity experts who say his comments could upend more than a decade of national cybersecurity policy and put both government and private data at risk

Laying Bare the Enemy's Aims: Defending Public Opinion in the 21st Century (War on the Rocks) America’s strategic center of gravity is public opinion, so why is it left undefended against foreign influence? As pressure builds in Congress to investigate Russia’s meddling in presidential politics, lawmakers must look to arm a new generation of information warriors with Silicon Valley tech and Cold War political acumen. Edward Bernays, the father of American advertising, believed that the essence of democratic society is the engineering of consent. If America wants the engineering of consent to be an exclusively homegrown activity, then Congress needs to establish a new agency with the mission to confront, expose, and challenge unlawful foreign influence both at home and abroad

U.S. Cyberwarfare: Its Powerful Tools, Its Unseen Tactics (KUOW) NPR's Ari Shapiro talks to cybersecurity expert Robert Knake on what tools the U.S. has to retaliate against Russia in cyberspace. Knake, former director of cybersecurity policy with the National Security Council, is now a senior fellow at the Council on Foreign Relations

Cybersecurity Task Force releases action plan to improve (MIssouri Times) Missouri’s Cybersecurity Task Force released its recommendations for both private and public entities to achieve greater protection against online threats

Cyber Maximizes Combat Power (SIGNAL) Yet the military faces obstacles in integrating cyber with other warfighting realms

Turkey Wants to Build Army of Hackers (Bleeping Computer) Turkish officials announced plans to hire computer experts to serve as white-hat hackers and help protect the country's infrastructure against cyber-security threats

IDF decides not to have a cyber command department (Jerusalem Post) Responsibilities to be divided between telecommunications and intelligence divisions

Litigation, Investigation, and Law Enforcement

Executive Summary of Grizzly Steppe Findings from Homeland Security Assistant Secretary for Public Affairs Todd Breasseale (Homeland Security) Department of Homeland Security Assistant Secretary for Public Affairs Todd Breasseale issued an executive summary today of the U.S. government’s findings of Russian malicious cyber activity known as Grizzly Steppe. The executive summary is below

FBI-DHS Report Links Fancy Bear Gang to Election Hacks (Threatpost) In a report released Thursday the Federal Bureau of Investigation and the US Department of Homeland Security implicated Russian hacking group Fancy Bear in attacks against several election-related targets

DHS-FBI Report Details Russian Malicious Cyber Activity (eWeek) 'GRIZZLY STEPPE' Joint Analysis Report from Department of Homeland Security and the Federal Bureau of Investigation provides insight into the techniques allegedly used by the Russian government to hack the U.S

More cases of Russian cyberattacks come to light (CBS News) U.S. government officials have been notified of new cases of attempted or potentially successful cyber intrusions, CBS News has learned

White House fails to make case that Russian hackers tampered with election (Ars Technica) US issued JAR billed itself as an indictment that would prove Russian involvement

Trump says he has inside information on hacking (CNN) President-elect Donald Trump said Saturday he has information that others lack and promised to reveal his knowledge this week, reiterating again his doubts that Russia was behind cyber-meddling in the US election

Trump hints at hacking revelation in coming days (The Hill) President-elect Donald Trump late Saturday said he will reveal new information in the next few days about alleged Russian hacking during the U.S. presidential election, saying he knows “things that other people don’t know"

Trump contradicted by his top security adviser: Russians hacked the US (Ya Libnan) A top adviser to President-elect Donald Trump said Monday he thinks the Russians were involved in election-related hacking of the US — a very different view than that held by the incoming administration

What’s Behind Mysterious ‘Disclaimer’ on Top of DHS/FBI Big Russia Hacking Report (Law Newz) Many have noticed that on top of the Joint Report issued on Thursday by the FBI and U.S. Department of Homeland Security on the Russian hacks, there is a very peculiar thing: A disclaimer stating that “The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.” Some have speculated that the disclaimer is evidence that the federal government won’t stand by their findings. WikiLeaks drew even more attention to this detail by tweeting out a picture of the disclaimer, which was subsequently retweeted more than 7 thousand times. As a legal website, we always read the fine print too, and wanted to find out what this means

Critiques of the DHS/FBI’s GRIZZLY STEPPE Report (Robert M. Lee) On December 29th, 2016 the White House released a statement from the President of the United States (POTUS) that formally accused Russia of interfering with the US elections, amongst other activities. This statement laid out the beginning of the US’ response including sanctions against Russian military and intelligence community members. The purpose of this blog post is to specifically look at the DHS and FBI’s Joint Analysis Report (JAR) on Russian civilian and military Intelligence Services (RIS) titled “GRIZZLY STEPPE – Russian Malicious Cyber Activity”. For those interested in a discussion on the larger purpose of the POTUS statement and surrounding activity take a look at Thomas Rid’s and Matt Tait’s Twitter feeds for good commentary on the subject

Something About This Russia Story Stinks (Rolling Stone) Nearly a decade and a half after the Iraq-WMD faceplant, the American press is again asked to co-sign a dubious intelligence assessment

Russian hacking: US intelligence 'off the mark' (Brisbane Times) The "Russian hacking" story in the US has gone too far. That it's not based on any solid public evidence, and that reports of it are often so overblown as to miss the mark, is only a problem to those who worry about disinformation campaigns, propaganda and journalistic standards - a small segment of the general public

FBI/DHS Joint Analysis Report: A Fatally Flawed Effort (LinkedIn) The FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” was released yesterday as part of the White House’s response to alleged Russian government interference in the 2016 election process. It adds nothing to the call for evidence that the Russian government was responsible for hacking the DNC, the DCCC, the email accounts of Democratic party officials, or for delivering the content of those hacks to Wikileaks

Beware of Attribution Claims (LinkedIn) Jeffrey Carr makes an interesting point about the DHS attribution of Grizzly Steppe to a specific country. The joint NCCIC/FBI (National Cybersecurity and Communications Integration Center / Federal Bureau of Investigation), is very light on attribution details

McCain plans Russia cyber hearing for Thursday (Politico) Senate Armed Services Chairman John McCain has scheduled a hearing on cyber threats for Thursday, where the issue of Russia's election-year hacking will take center stage, a source familiar with the committee's planning told POLITICO

Did This Mysterious Female Hacker Help Crack the DNC? (Daily Beast) Alisa Shevchenko is a “self-taught,” relatively unknown player in Russia’s hacker scene. Why did the Obama administration target her, of all people, for sanctions?

Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm (Forbes) "We don’t make malware for the Russian government." This was the response of Russian hacker Alisa Esage Shevchenko to a blunt question I put to her in April 2015: do you provide any kind of digital weapon to the Russian government? Since then we've been in touch over encrypted mail and Twitter. Indeed, she's been a trusted resource for all things white hat hacker related, including her input for a report on Russian exploits of critical nuclear power plant technology

Politico: Obama Clemency Unlikely for Snowden, Manning, Others (Newsmax) Four people who have been involved in national security issues have asked President Barack Obama for clemency, but lawyers say that in the current environment surrounding leaks and hacking, action on their cases is not looking likely, according to Politico

The Fable of Edward Snowden (Wall Street Journal) As he seeks a pardon, the NSA thief has told multiple lies about what he stole and his dealings with Russian intelligence

Bitdefender joins European anti-ransomware initiative (GSN) Bitdefender, the innovative security software solutions provider, joined the No More Ransom initiative supported by Europol contributing to the global fight against ransomware - the fastest-growing cyber threat to date

Police in Saarland arrest Syrian over alleged car bomb plot (The Local (Germany)) German authorities said Monday that police had arrested a Syrian man who had allegedly asked the Isis jihadist group to fund an attack using explosives-packed vehicles

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Suits and Spooks DC 2017 (Arlington, Virginia, USA, January 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean...

Upcoming Events

CES® CyberSecurity Forum (Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...

SANS Security East 2017 (New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...

Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, January 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational...

Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...

ShmooCon 2017 (Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.