The CyberWire Daily Briefing 12.30.15

Summary

By The CyberWire Staff

Officials in the US and UK continue to simultaneously warn of ISIS intentions to attack critical infrastructure while deprecating the soi-disant Caliphate's technical capabilities to do so.

ISIS remains most active in social media, of course, and War on the Rocks has an account of ISIS Twitter usage — the familiar story of a factitious community's appeal to the disaffected. Prosecutions of ISIS adherents in London and Texas highlight both the possibilities and limitations of monitoring social media for clues to terrorist activity: useful in investigation and prosecution, but in prediction the signal-to-noise ratio is frustratingly low.

New accounts of US intelligence collection against foreign targets appear. The operations are said to have had collateral collection of US parties to electronic conversations as their side effect.

Windows 10's recovery feature sends user encryption keys back to Microsoft. Several observers offer suggestions for working around what's generally unwelcome functionality.

Non-jailbroken iOS devices can bypass the protections of the app store and load apps — many of them potentially dangerous — from rogue marketplaces using what Proofpoint calls "DarkSideLoaders."

Microsoft has issued an emergency advisory for Edge and Internet Explorer that addresses vulnerabilities recently discovered in Adobe Flash Player.

In industry news, FBR Capital forecasts very high demand for cyber security products and services in 2016; it also foresees a wave of mergers and acquisitions in the sector.

US cyber legislation remains controversial as its implications are digested. India deliberates information sharing and Internet sovereignty. Businesses worldwide consider the effects of China's new security laws.

Notes.

Today's issue includes events affecting China, France, Germany, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Russia, Syria, Turkey, United Kingdom, United States

The CyberWire will be taking this Thursday and Friday off for the New Year holidays. We'll be back as usual on Monday, January 4. In the meantime, best wishes for a safe, secure, and happy 2016.

Selected Reading

Cyber Trends

As Internet Gets Faster, Volume of DDoS Attacks Grows, Akamai Reports (eWEEK) Broadband speeds aren't the only thing on the rise. The volume of security risks are also increasing, says Akamai's 3Q15 State of the Internet report.

Your Next Big Break: 2016 Data Breach Predictions (Legaltech News) LightCyber's David Thompson breaks down past breaches to find the trends for the year ahead.

The weird and wacky of 2015: strange security and privacy stories (Naked Security) These wacky stories remind us how important cybersecurity and online privacy have become in all areas of our lives.

Security's Biggest Winners and Losers in 2015 (WIRED) 2015 had several wins for privacy and security—but they were kept in check by losses and failures.

Consumers Facing New Cyber Security Challenges In Upcoming Year (WSPA) Cyber security experts are predicting what kind of hacks we might face in 2016.

This Was the Year the Media Started Doubting the Web (WIRED) As ad-blockers made publishers doubt the web, the media industry has become dependent on Facebook, Twitter, and Apple to reach readers.

Legislation, Policy and Regulation

International cyber security law developments in 2015 (Economic Times Blog) The year 2015 saw the strengthening of cyber security thought process by nations. Nations very quickly realized in 2015 that there were no international treaties, arrangements which would prevent breaches of cyber security. The absence...

The terrorist in the data (The Economist) How to balance security with privacy after the Paris attacks

North Korea’s dissident-tracking computer software is a dictator’s wet dream (Quartz) The system secretly watermarks files to show who's accessed them.

Parliament: Store Critical Data in India (InfoRiskToday) To ensure cybersecurity, a Parliamentary panel urged DeitY to relocate Internet servers for critical sectors to India. Security critics discuss the legal and

Is India Ready for an Information Sharing Act? (InfoRiskToday) As the US government enacts its Cybersecurity Information Sharing Act, the question becomes: Is India ready for such legislation? What bottlenecks await, and how

Why Tech Companies Need to Follow China's New Anti-Terrorism Law (Legaltech News) While the law “creates the duty” without defining how it will be “exercised” companies should watch how it will be written into regulation

White House finally delivers on cyber deterrence policy (FederalNewsRadio.com) The Obama administration will use law enforcement and even military force to deter cyber attacks in new policy.

Landmark Cybersecurity Legislation Included in Omnibus Package (JD Supra) Action Item: Congress included the Cybersecurity Act of 2015 (the “Act”) in the Consolidated Appropriations Act, 2016 (P.L. 114-113), passing...

Will a new cybersecurity law make us safer? (PBS NewsHour) Folded into the massive spending and tax cut bill was a significant and controversial new law on cybersecurity. The act encourages private companies to share data about hacks with the government, but it's raising questions among security advocates and privacy groups alike. Jeffrey Brown talks to James Lewis of the Center for Strategic and International Studies and Elissa Shevinsky of JeKuDo.

Cybersecurity Act of 2015 is Ineffective, Warns DB Networks (PRNewswire) Act is based on fundamentally flawed assumptions, obsolete Cybersecurity technologies

A Wake-Up Call To Fight Government Surveillance (TechCrunch) Look around any crowded place nowadays and it’s quite clear that many of us have literally become prisoners of our own devices: smartphones, tablets, laptops -- anything and everything with an Internet connection. Our lifestyles practically require us to always be on, and connected to everyone else.

Congress wants to strengthen financial sanctions against Islamic State (Stars and Stripes) With Washington at loggerheads over how to counter the Islamic State on the ground, both parties are proposing expanded financial sanctions as a strategy to assail the terrorist group's operations.

Killing the Islamic State Softly (Foreign Policy) Military power will win battles in Syria and Iraq, but only soft power can win the war.

ISIS is Not a Terrorist Organization (Small Wars Journal) The term “terrorist organization” offers little insight and limits our understanding and approach. ISIS is an insurgent organization using terrorism as a tactic.

Fighting While Friending: The Grey War Advantage of ISIS, Russia, and China (Defense One) Can democracies compete 'where powers can be fighting each other with one hand and shaking hands with the other?'

FBI Seeks to Reframe Encryption Debate (WSJ) The FBI is issuing a more direct challenge to technology companies in the wake of terror attacks in Paris and California, urging them in blunter terms to allow investigators to decrypt private communications during terror probes.

Spy agencies resist push for expanded scrutiny of top employees (Washington Post) A move by Congress to demand more details about senior spies is watered down in final bill.

Products, Services, and Solutions

Protect your Android for free – here’s a present for your new present! (Naked Security) Got a new Droid as a present? Why not protect it with our free Android anti-virus and security app?

Technologies, Techniques, and Standards

Threat Information Sharing Is Easier With STIX (Security Intelligence) STIX is the language used to share cyberthreats, and all security professionals and organizations should know how to use it effectively.

5 Tips For Getting The Most Out Of Your Firewall (Dark Reading) Despite concerns over the effectiveness of perimeter technologies, firewalls remain a staple in the enterprise security arsenal.

Using surveys to gauge employees' security perceptions (SecurityInfoWatch.com) Despite their perceived downsides, employee security surveys can be quite beneficial

10 Tips To Protect Your Business From a Cyber Security Attack (Lawley Insurance) Follow these tips to help potentially avoid a cyber security attack and keep your business data safe from hackers during Cyber Security Awareness Month

Marketplace

Crystal Ball for Software in 2016; M&A, Growth, Cloud Spending—and Another Ring for Curry? (FBR Capital Industry Update) Although we expect many of the same next-generation software technologies from the past couple of years to continue garnering investor interest in 2016, we believe the vendors disproportionately poised to benefit from increasing adoption and more broad-based consumption will be front and center as these technologies inch toward becoming the core DNA of next-generation data centers for enterprises/governments worldwide. To this point, with the ongoing explosion of data, we expect vendors with strong cloud, security, and big data analytics offerings to be well positioned to capitalize on robust market growth in 2016

A New Cyber Security ETF from Global X Is on Its Way (Revised) (Zacks Investment Research) It remains to be seen whether the porposed ETF willl be able to compete with HACK and CIBR.

Michael Dell Tweets His Own Horn Ahead Of SecureWorks IPO (Forbes) Billionaire tech entrepreneur Michael Dell recently tweeted this out to his 910,000 plus followers: "My business card in 1984, year I started. 1st space 1000 sq ft, lasted 30 days. Never forget where you came from."

Mercury Systems Eyes National Security Sector With Newly Acquired Electronics Firm (GovCon Wire) Mercury Systems (Nasdaq: MRCY) has acquired privately held electronics company Lewis Innovative Tech

Avecto Wins $49M from JMI Equity to Grow Endpoint Security Strategy (Channel Futures) Endpoint security software firm Avecto has received its first external funding with $49 million in investment from JMI Equity.

Palantir and Investors Spar Over How to Cash In (WSJ) The data-mining firm has no interest in an IPO, but some employees and even co-founders are trying to sell shares anyway.

Research and Development

IBM (NASDAQ:IBM) And Alphabet Move Towards Practical Quantum Computers (Amigobulls : Technology Stock Analysis) While IBM has been awarded multi-year IARPA quantum computing contract, Google has made significant steps towards developing practical quantum computers.

Security Patches, Mitigations, and Software Updates

Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: December 29, 2015 (Microsoft Support) Microsoft has released a security advisory for IT professionals about vulnerabilities in Adobe Flash Player in the following web browsers: Internet Explorer in Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 10 version 1511 Microsoft Edge in Windows 10 and Windows 10 version 1511…

Cyber Attacks, Threats, and Vulnerabilities

ISIL aims to launch cyberattacks on U.S. (POLITICO) Its hackers have tried to penetrate computers that regulate the nation’s electricity grid, U.S. officials say.

ISIS Cyber Attack? US Government, Planes Threatened With Malware, Hacking By Islamic State (International Business Times) The Islamic terrorist group has looked to carry out cyberattacks in 2016, according to a new report.

What Twitter Really Means for Islamic State Supporters (War on the Rocks) Abu Ahmad, one of Islamic State’s most active supporters online says he has had over 90 Twitter accounts suspended, but is not planning to slow down. He

Can we prevent terrorism by checking immigrants’ social media accounts? No. (Washington Post) In the wake of the recent San Bernardino attack, the New York Times published a story based on confidential sources that at least one of the perpetrators, Tashfeen Malik, had expressed anti-American sentiments and a desire to commit “violent jihad” on at least one social network before applying for a K-1 visa. The article implied […]

U.S. Spy Net on Israel Snares Congress (WSJ) Even as the White House two years ago said it would curtail eavesdropping on friendly heads of state, it decided to keep certain allies—such as Israel— under close watch. In the process, the NSA also swept up the content of private conversations with U.S. lawmakers.

The Cold War-Era Rules Designed to Protect U.S. Lawmakers’ Communications (WSJ) The rules governing the way the National Security Agency treats intercepted communications involving U.S. lawmakers date back to the Cold War.

Windows 10 covertly sends your disk-encryption keys to Microsoft (Boing Boing) Windows 10 covertly sends your disk-encryption keys to Microsoft

Microsoft may have your encryption key; here’s how to take it back (Ars Technica) It doesn't require you to buy a new copy of Windows.

Users No Longer Need to Jailbreak Apple iOS To Load Rogue Apps (Dark Reading) 'DarkSideLoader' app stores can side-load apps and circumvent official app stores on any iOS device.

Actor using Rig EK to deliver Qbot - update - SANS Internet Storm Center (SANS Internet Storm Center) SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

ProxyBack Malware Converts Your PC Into Proxy (HackRead) Palo Alto Networks researchers have identified a unique malware that infects home PCs and transforms them into internet proxies using HTTP tunnel. As per

Android Malware Poses As Google App To Ditch Security Apps (HackRead) Android Malware poses as Google app to infect Android Devices and to Block Security Apps. Recently, security researchers at Symantec Corp identified a

Hacked Website of Connecticut University Caught Spreading Malware (HackRead) Simple DNS hijacking enables attackers to distribute Fake Infected Flash Player at UConn website. On Sunday, the official web portal of the University of

Hyatt Hotels Confirm Security Breach in Payments System (Payment Week) Hyatt Hotels is the latest large-scale brand to fall victim to crippling security attacks.

Someone Hacked A Freeway Sign To Display Pro-Donald Trump Message (HackRead) On Christmas Day Caltrans Freeway sign in Corona Displayed Especial Message for Donald Trump. On Christmas Day, Caltrans Freeway sign in Corona

In A Cyber Attack, Dead ATMs Would Be The Least Of It (Forbes) The electrical grid is vulnerable to cyberattacks and it may be impossible to know where one came from, so it would be very hard to deter.

Vulnerability Summary for the Week of December 21, 2015 (US-CERT) Vulnerability Summary for the Week of December 21, 2015

Litigation, Investigation, and Enforcement

Pakistan launches crackdown on Isis (Financial Times) Pakistan has arrested eight alleged members of Isis near Sialkot in Punjab province, in the latest move by a south Asian government to counter the widening influence of the extremist Sunni Muslim group based in Iraq and Syria

'Silent bomber' couple guilty of plot (BBC News) A husband and wife are found guilty of plotting a terror attack in London ahead of the 10th anniversary of the 7 July bombings.

Editorial: Terrorism details can hide in plain sight (Dallas News) As Garland and San Bernardino cases reveal, what we know rises exponentially after the fact. What should we have known before?

Design and Innovation

Open Source Software's Role in Breach Prevention and Detection (eSecurity Planet) While proprietary vendors dominate the intrusion prevention and detection market, open source software plays a key role.

John McAfee Wants to Make Passwords Obsolete (Time) He's manufacturing a device that “unlocks” everything from your smartphone to your front door

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Orgnaization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors

CES CyberSecurity Forum (Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers to tackle current and looming cyber security challenges. Registration is limited to ensure a highly interactive experience and opportunities for networking

FloCon 2016 (Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic

Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, January 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to host this event designed to attract and educate CIO's, CISO's, CEO and Compliance officials from small to mid-sized commercial firms on the practical actions taken by the government, firms and organizations post-hack

Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

FTC PrivacyCon (Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. Our objective is to advance innovation and the growth of the cybersecurity sector by providing a platform for cybersecurity businesses, particularly small and medium enterprises (SMEs), to connect with key UK, US, and international decision makers, system integrators, investors, government policy makers, academia and other influential business executives

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.