The CyberWire Daily Briefing 07.27.16

Summary

By The CyberWire Staff

Most security experts have reached consensus that the DNC hack was a Russian job, and in all likelihood a Russian-government job (albeit in a deniable, green-manish way). Evidence remains necessarily circumstantial, but a great deal of it has accumulated. Why the Russian government would be interested in hacking the DNC remains an open question—perhaps the sheer inertia of collection, possibly a desire to influence US elections.

As Turkey cracks down on dissenters and moves closer diplomatically to Russia, some see the DNC hacks as part of President Putin’s long game to discredit post-Cold-War democracy and dismantle sustaining institutions like NATO and the EU.

Why WikiLeaks released the hacked documents is no mystery at all: Julian Assange says he timed the release to damage US Democratic Presidential nominee Hillary Clinton, whom he views as an inveterate opponent and the author of many of Assange’s troubles.

ISIS claims credit online for the horrific attack outside of Rouen. Its haste to do so suggests the sort of content it finds effective in information operations.

Bastille Networks describes “KeySniffer,” a keylogging vulnerability in low-cost Wi-Fi keyboards that don’t encrypt keystrokes before sending them to the Wi-Fi dongle. (Bluetooth devices aren’t affected.)

Rapid7 reports nine vulnerabilities in Osram’s Lightify smart lightbulbs, the most serious of which could permit attackers to capture authentication handshakes. Osram has patched four of the nine bugs.

Insinia Security reports finding UK telco O2 customers’ credentials for sale on the dark net. The credential stuffing problem originates in password reuse.

Notes.

Today's issue includes events affecting Algeria, Bulgaria, China, Estonia, European Union, France, Germany, India, Iraq, Ireland, Israel, Japan, Jordan, Republic of Korea, Latvia, Lithuania, Morocco, Palestine, Russia, Saudi Arabia, Slovakia, Slovenia, Syria, Taiwan, Tunisia, United Kingdom, United States

A note to our readers: We'll be at Black Hat this year, talking to people and keeping our ears open, as usual. You'll see coverage in our daily briefing and hear it in the podcast.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Dale Drew from our partners at Level 3 describes the recent uptick in DDoS attacks they’ve been seeing. We'll also speak with Vince Crisler, CEO of Dark Cubed, on his company's experience protecting the Republican National Convention from cyber attacks. (And as always, if you enjoy the podcast, please consider giving it an iTunes review.)

Sponsored Events

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

Experts: U.S. more prepared for cyber attack on paper than in reality (Daily Energy Insider) A discussion panel of cyber security and electrical industry stakeholders on Sunday examined what can be done to protect public utilities in the U.S. and other countries from cyber attacks, as well as what steps can be taken to mitigate the effects on the grid during a high-risk event

Enterprises Are Poorly Equipped To Handle External Cyberattacks (InformationWeek) Most organizations lack the tools and processes to handle external cyberattacks -- which lie outside a company's firewalls. Such attacks primarily leverage digital channels, and responsibility for monitoring these channels often falls outside traditional IT and security functions

How cybersecurity mismanagement can destroy value (HelpNetSecurity) Cyber security remains a critical business challenge and a growing concern with a potentially devastating impact on company brands and bottom lines. Despite these damaging ramifications, many cybersecurity executives indicate that information protection may not be the strategic corporate imperative that it should be

Gemalto & Ponemon Institute Study: Cloud Data Security Still a Challenge for Many Companies (ACN Newswire) Half of all cloud services and corporate data stored in cloud not controlled by IT departments

Legislation, Policy and Regulation

Is Europe Helpless? (Wall Street Journal) A civilization that believes in nothing will ultimately submit to anything

Vladimir Putin’s Best Summer Ever (Defense One) Hacking the Democratic Party’s servers is part of Putin’s plan to prove that democracy doesn’t work

Putin, Erdogan mend ties as post-coup Turkey turns toward Russia (Chicago Tribune) Turkish President Recep Tayyip Erdogan will have talks with Vladimir Putin in Russia next month amid a rapid warming in relations following the failed military coup in Turkey

Geraldo Vouches for US General Accused of Plotting Failed Turkish Coup (Fox News) The retired U.S. Army general and former NATO commander accused of masterminding the recent failed coup in Turkey has an alibi -- he was having a beer with Fox News Channel's Geraldo Rivera

Cybersecurity top of mind during pre-G20 trip to Beijing (Fedscoop) “The U.S. government is signaling that ‘the war is not won,’ the decline could be temporary, and they are expecting Beijing to follow through," said one expert

The US can’t go stomping on other countries’ laws. Period. (CNBC) With the flick of a finger, you can, if you wish, travel to France. Not physically, of course, but you can, from the comfort of your own home in America, watch a live-stream of events from Paris. If you read French you can peruse today's copy of Le Monde

Obama publishes directive for cyber attack response (ZDNet) In the event of a significant cyber attack, the FBI would take the lead in responding to the threat, the directive says

White House breaks down cyberattack response roles (The Hill) The White House on Tuesday released a new directive clarifying the government’s role in the event of a cyberattack

Remarks by APHSCT Lisa O. Monaco at the International Conference on Cyber Security (The White House) Since his first day in office, President Obama has recognized the great promise and peril of our 21st-century, interconnected world. That’s why, immediately after taking office, he ordered a top-to-bottom review of our approach to cybersecurity—to identify how best to safeguard our security and prosperity. As he said then, “It’s clear this cyber threat is one of the most serious economic and national security challenges we face as a nation.” It was also clear, even as we made addressing these threats a top priority, that we would have to continually evolve our response to this rapidly-changing threat

Countering the Cyber Threat (FBI) New U.S. cybersecurity policy solidifies FBI as key cyber leader

DHS on PPD-41, Cyber Incident Coordination (American Security Today) Statement by Secretary Jeh C. Johnson re PPD-41, Cyber Incident Coordination. As Secretary of Homeland Security, I am often asked “who’s responsible within the federal government for cybersecurity? Who in the government do I contact in the event of a cyber incident?”

FBI to lead nation's cyberattack responses (Computerworld) But doubts remain about whether feds have their cybersecurity act together

Obama Created a Color-Coded Cyber Threat 'Schema’ After the DNC Hack (Motherboard) George W. Bush’s Homeland Security Advisory System—the color-coded terrorism “threat level” indicator that became a symbol of post-9/11 fear mongering—is getting its spiritual successor for hacking: the “Cyber Incident Severity Schema”

Experts: Obama’s color-coded rankings oversimplify cybersecurity threats (Christian Science Monitor Passcode) The DNC hack is a prime example of why President Obama’s new cybersecurity policy directive does not adequately account for the complex nature of the digital security threat, experts say

Why The US Government Needs a Cyber National Guard (Motherboard) I knew the federal government had a real problem with cybersecurity. But there was one moment, during an oversight hearing with the senior security officer at the Social Security Administration (SSA), that I realized it was even worse than I originally thought

NASA hires former Microsoft director, cybersecurity veteran as CISO (CSO) Jeanette Hanna-Ruiz has her work cut out for her. NASA was the only agency to receive a failing grade on the most recent Federal Information Technology Acquisition Reform Act scorecard

Products, Services, and Solutions

NSS Labs Announces 2.0 Version Of Its Cyber Advanced Warning System (NSS Labs) NSS Labs, Inc., the world’s leading cyber security product research, testing, and advisory company, today announced the version 2.0 release of its Cyber Advanced Warning System™ (CAWS), a 24/7 real-time security instrumentation service that provides a forward-thinking way to monitor security product effectiveness against active threats. This upgrade significantly expands upon the capabilities of CAWS version 1.5 by providing detailed contextual data on exploits as well as protection capabilities of various security products

Pwnie Express Open Sources Key IoT & Bluetooth Security Tools (MarketWired) Pwnie Express, the leading provider of device threat detection for wired, wireless and IoT devices, today announced the availability of open sourced versions of its Blue Hydra™ and Android build system software. The release of these tools enable comprehensive Bluetooth detection and community based development of penetration testing Android devices

MainOne, Radware offer measures against DDoS attacks (Nigeria Today) With the overall cost of cyber-attacks pegged globally at $400 billion in 2015 and with the growing frequency and intensity of threats, the need to pro-actively address cybersecurity threats has become critically important to most Enterprises

Dashlane extends its password management tool to mobile devices (Techseen) With Dashlane Business and Spaces for mobile devices, businesses can oversee the password health and security of their entire organization

BlackBerry says its new Android smartphone is the 'world's most secure' (Verge) The DTEK50 is a rebadged Alcatel Idol 4 for business customers

Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence (PRWeb) Centripetal Networks joins with Infoblox to offer actionable threat intelligence. The relationship further expands Centripetal’s RuleGate® Network Protection System with the addition of Infoblox’s ActiveTrust data, which combines threat intelligence from trusted white-hat allies, including law enforcement agencies and internet infrastructure providers, with vetted data from select open-source providers

Fireglass integrates threat prevention solution (Financial News) Fireglass, (NASDAQ: CHKP) has partnered with Check Point Next-Gen Firewalls and SandBlast Zero Day protection to provide a threat prevention solution that eliminates attack vendors in real time, including browsers, emails and documents, the company said

RCN Business Launches Managed Security and Monitoring Service with Versa Networks’ SD-Security (Multichannel News) RCN Business, a communications provider delivering network solutions for voice, data and video, and Versa Networks, today announced the launch of RCN Managed Security, a cloud-based managed security service enabling businesses to efficiently manage information security and monitor network activity. The service is available now to RCN Business customers using the company’s fiberbased services

TrapX Evolves Deception-Based Network Security Beyond IT (Yahoo! Finance) TrapX™, a global leader in advanced cyber security defense, today announced that it has released version 5.2 of its DeceptionGrid™ platform. Available in Q3 2016, the new version expands deception-based security beyond Information Technology (IT) assets, adding emulations for point-of-sale (POS) systems, medical devices and the Mac OS. The new features announced today offer a wider range of decoys that detect a greater number of attack vectors and extend the company's reach into key vertical markets, including retail and healthcare

Technologies, Techniques, and Standards

US Government Set to Phase Out Text-Based 2FA (Infosecurity Magazine) The US government’s National Institute of Standards and Technology (NIST) has released new guidelines designed to phase out the use of SMS-based two-factor authentication (2FA) for government service providers

6 Surprising Benefits of Threat Intelligence From the Web (Recorded Future) The internet is the single greatest learning resource ever created. Whether you’re looking into specific attack vectors or aiming to learn from others’ mistakes, the web should be your first port of call

The Dark Side: Mining The Dark Web For Cyber Intelligence (InformationSecurityBuzz) Search social media and delve into the dark web and you can find all sorts of useful data. James Parry, Technical Manager for Auriga, looks at how businesses can tap this mine of information to learn of impending attacks

CIA Director: Open Source a ‘Tremendous Advantage’ (Nextgov) The CIA gained a major intelligence advantage by embracing something available to everyone: open source data sets

9 steps for a successful incident response plan (CSO) It is of vital importance to have a plan in place before an incident hits your company

Don't Drop the Baton This Summer, Zscaler Warns of Cyber Risk (Marketwired) Summer Games challenge businesses to refocus security posture

Marketplace

Allegis Capital, Leading Early Stage Cybersecurity Venture Investor, Becomes a Strategic Partner of DataTribe (MarketWired) Venture firm catalyzes development and growth of DataTribe startups

Verizon dinged by strike, aims high with Yahoo (USA Today) Verizon already owns AOL, now the telecom company expands its media empire by adding Yahoo Mail, Yahoo Sports, Yahoo Finance and Tumblr

A10 Networks Acquires Appcito, Expanding A10's Vision to Deliver Secure Application Services for All Customers (ResponseSource) Acquisition builds on A10’s value in making customers more agile by bridging app needs, spanning data centres and public, private, and hybrid clouds

Teradata Acquires London-Based Big Data Partnership (InformationWeek) Data warehouse and analytics company Teradata has added to its training and consulting bench with the acquisition of Big Data Partnership, a London-based startup that should also extend the company's global reach

Check Point CEO: 'We Are Looking Very Actively At Acquisition Options' (CRN) Check Point Software Technologies could be the next major security vendor making acquisition moves, CEO Gil Shwed said on the company’s second-quarter earnings call Tuesday

SafeBreach grabs $15 mln Series A (PE Hub Network) Sunnyvale, California and Tel Aviv-based SafeBreach, a cyber security company, has secured $15 million in Series A funding. The investors included Deutsche Telekom Capital Partners, Hewlett Packard Pathfinder, Maverick Ventures, Sequoia Capital and Shlomo Kramer

Darktrace grows 600% (Cambridge News) Cyber defence firm Darktrace today announced that its revenue grew 600% in the last financial year, with bookings up 240%

Unisys Continues Turnaround With Strong Q2 Technology Results (eWeek) Unisys reported its second quarter results showing a revenue increase in its technology segment of nearly 31 percent

Palo Alto Networks clinch 500 customers in India in past 2 years (Economic Times CIO) Company’s expanding customer base is spread across verticals and market segments. It has seen a faster growth against the top four vendors, according to IDC

Carter christens DIUx Boston (C4ISRNET) In an active step toward what many in the public sector have called for – the growing need to partner with industry – Secretary of Defense Ash Carter broadened his department’s engagement with the opening of a second Defense Innovation Unit-Experimental in Boston

Security Patches, Mitigations, and Software Updates

Osram Fixes Flaws in Lightify Connected Light Bulbs (eWeek) Rapid7 researchers found critical flaws in Osram Lightify connected bulbs and the Zigbee wireless protocol used to control them. Osram fixed most of the flaws

Cyber Attacks, Threats, and Vulnerabilities

EXCLUSIVE: WikiLeaks' Julian Assange on Releasing DNC Emails That Ousted Debbie Wasserman Schultz (Democracy Now!) WikiLeaks founder and editor-in-chief Julian Assange joins us from London about their release of nearly 20,000 emails revealing how the Democratic Party favored Hillary Clinton and worked behind the scenes to discredit and defeat Bernie Sanders. This comes as the Democratic National Convention is opening today in Philadelphia, Pennsylvania, amid massive party turmoil. The DNC chair, Florida Congressmember Debbie Wasserman Schultz, has resigned following the leak. The emails also reveal a close relationship between mainstream media outlets and the DNC

Assange, Avowed Foe of Clinton, Timed Email Release for Democratic Convention (New York Times) Six weeks before the anti-secrecy organization WikiLeaks published an archive of hacked Democratic National Committee emails ahead of the Democratic convention, the organization’s founder, Julian Assange, foreshadowed the release — and made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency

WikiLeaks Has Officially Lost the Moral High Ground (Wired) What the heck is going on at WikiLeaks?

Kremlin says idea it hacked U.S. Democratic Party emails absurd (Reuters) The Kremlin dismissed as absurd on Tuesday allegations it was behind the hacking of U.S. Democratic Party emails, saying unidentified individuals were trying to cynically exploit fear of Russia for electoral purposes

Guccifer 2.0: All Roads Lead to Russia (ThreatConnect) Joe Uchill with The Hill, who has previously covered Guccifer 2.0 and the Wikileaks DNC data dump, has provided us with redacted information on his communications with Guccifer 2.0 that has raised our confidence in our current assessments and hypotheses

Evidence mounts linking DNC email hacker to Russia (The Hill) Emails sent by Guccifer 2.0 to The Hill show evidence that the hacker used Russian-language anonymity software — a language he has claimed he could not read or even recognize

‘DNC Hacker’ Unmasked: He Really Works for Russia, Researchers Say (Daily Beast) The hacker who claimed to compromise the DNC swore he was Romanian. But new research shows he worked directly for the Vladimir Putin government in Moscow

Spy Agency Consensus Grows That Russia Hacked D.N.C. (New York Times) American intelligence agencies have told the White House they now have “high confidence” that the Russian government was behind the theft of emails and documents from the Democratic National Committee, according to federal officials who have been briefed on the evidence

Why Security Experts Think Russia Was Behind the D.N.C. Breach (New York Times) Since Democratic National Committee officials first discovered their data networks had been compromised this spring, a growing chorus of experts and officials have seen evidence that the Russian government was responsible

Cybersecurity experts see merit in claims of Russian hacking (AP via Military Times) Experts who've followed the leak of Democratic National Committee documents say they believe the party's claim that Moscow had a hand in the hack, lending weight to the extraordinary allegation that the Kremlin is trying to tamper with the U.S. presidential contest

Did Russian government hackers leak the DNC emails? (TechCrunch) By now, it’s pretty clear that Russian hackers are responsible for breaches of the Democratic National Committee networks that occurred last summer and in April of this year — several forensic security firms have found evidence that traces the breach back to Russia. Now that DNC emails harvested during the breaches are starting to appear on Wikileaks, pundits are speculating that Russia leaked the emails in a bid to land Donald Trump in the Oval Office. But is the email leak also attributable to hackers on Russia’s government payroll?

Is Russia responsible for the DNC email hack? (American Thinker) American cyber-security experts strongly believe that Russia's fingerprints are all over the hack job that exposed more than 20,000 emails from the Democratic National Committee

How DNC, Clinton campaign attacks fit into Russia’s cyber-war strategy (Ars Technica) Was it to cover for hack, or part of info-war on NATO? Putin won't tell

Why Putin’s DNC Hack Will Backfire (Foreign Policy) The Kremlin has a track record of ineptitude when it comes to meddling in foreign elections. And this gambit against Hillary may not play out the way Moscow thinks it will

RNC's Preibus unwise to challenge hackers (SC Magazine) The old saying goes it's unwise to wake a sleeping tiger

Islamic State Group Claims Attack That Killed Priest of 85 (AP via MIlitary.com) Two attackers slit the throat of an 85-year-old priest celebrating Mass in a French church, killing him and gravely injuring one of the few worshippers present before being shot to death by police. A nun who escaped said she saw the attackers video themselves and "give a sermon in Arabic" around the altar

German Mood Is Shaken as Attacks Show Vulnerability to ISIS (New York Times) After a week bookended by terrorist attacks, Germans are now clear that they, too, are targets of the Islamic State, leaving them longing for the sense of order that is their pride and bedrock of success

Mass Killings May Have Created Contagion, Feeding on Itself (New York Times) The horrifying rash of massacres during this violent summer suggests that public, widely covered rampage killings have led to a kind of contagion, prompting a small number of people with strong personal grievances and scant political ideology to mine previous attacks for both methods and potential targets to express their lethal anger and despair

What do ordinary citizens in the Arab world really think about the Islamic State? (Washington Post) What do ordinary Arabs think about the Islamic State? This spring, we added several questions to the standard battery of Arab Barometer surveys to find out. We asked a scientific sample of respondents in Tunisia, Jordan, Palestine, Algeria and Morocco the following questions

How to Start a Clash of Civilizations (Foreign Policy) If the Islamic State wants to renew the Crusades by attacking churches and killing priests, Catholic France won’t run from the fight

Radio Hack Steals Keystrokes from Millions of Wireless Keyboards (Wired) You should be able to trust your wireless keyboard. And yet security researchers have been warning people to be suspicious of wireless computer accessories using sketchy radio protocols for years. Those warnings peaked five months ago, when hackers at the security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, in case you missed that message, the same researchers have extended their attack to millions more devices—and this time, they can not only inject keystrokes, but also read yours, too

Low-cost wireless keyboards open to keystroke sniffing and injection attacks (Help Net Security) Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, security questions, sensitive personal, bank account and payment card info users input through them

50+ vulnerabilities found in popular home gateway modems/routers (Help Net Security) Researcher Gergely Eberhardt with Hungarian security testing outfit SEARCH Laboratory has unearthed over fifty vulnerabilities in five home gateway modems/routers used by Hungarian Cable TV operator UPC Magyarország, but also by many ISPs around the world

O2 customer data sold on dark net (BBC) O2 customer data is being sold by criminals on the dark net, the Victoria Derbyshire programme has learned

O2 customer DATA GRAB: Not-a-hack creds for sale on dark web (Register) Are you a login-recycling gaming fan?

Yes, there has been a data breach at O2. But it's not really their fault (Graham Cluley) It's not just O2 customers who should be concerned

Zero day hole can pwn millions of LastPass users, all that's needed is a malicious site (Register) Remote 'complete account compromise' possible, Google hacker finds

Unpatched Smart Lighting Flaws Pose IoT Risk to Businesses (Threatpost) A host of web-based vulnerabilities in Osram Lightify smart lighting products remain unpatched, despite private notification to the vendor in late May and CVEs assigned to the issues in June by CERT/CC

Osram’s Lightify smart bulbs blow a security fuse – isn’t anything code audited anymore? (Register) Four unpatched bugs remain after nine found

R7-2016-10: Multiple OSRAM SYLVANIA Osram Lightify Vulnerabilities (CVE-2016-5051 through 5059) (Rapid7 Community) Nine issues affecting the Home or Pro versions of Osram LIGHTIFY were discovered, with the practical exploitation effects ranging from the accidental disclosure of sensitive network configuration information, to persistent cross-site scripting (XSS) on the web management console, to operational command execution on the devices themselves without authentication. The issues are designated in the table below. At the time of this disclosure's publication, the vendor has indicated that all but the lack of SSL pinning and the issues related to ZigBee rekeying have been addressed in the latest patch set

Cyberespionage group Patchwork sets its sights on multiple industries (CSO) The group used to focus on diplomatic and government targets, but now attacks companies too

DDoS attacks increase 83%, Russia top victim (Help Net Security) DDoS attacks increased 83 percent to more than 182,900 attacks in the second quarter of the year, according to Nexusguard

Locky Rises to the Top of the Email Threat Heap (Infosecurity Magazine) The Locky ransomware has become the No. 1 email-borne threat, overtaking Dridex and making good use of JavaScript attachments to lead an explosion of malicious message volume

CryptXXX now looking to Neutrino for exploit support (Webroot) When it comes to drive-by attacks, CryptXXX is king. In fact, out of all the exploit kits dropping payloads on victims, 80% result in CryptXXX. The creators attacked vulnerabilities in Flash Player, Java and Silver Light through using the Angler exploit kit, with malvertising helping boost their success. The malware authors were able to generate $3 Million per month almost exclusively from ransomware

Orgs Must Prepare for New, More Destructive Ransomware (Infosecurity Magazine) Organizations must be better prepared to deal with future strains of ransomware that will be more sophisticated and damaging, with fragile infrastructure, poor network hygiene and slow detection rates all currently giving adversaries too much time and air cover to operate

Sophisticated ransomware: New tactics to maximize profit (Help Net Security) Organizations are unprepared for future strains of more sophisticated ransomware, according to the Cisco 2016 Midyear Cybersecurity Report. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate

Solutionary SERT Q2 Report: 88 Percent of All Ransomware Is Detected in Healthcare Industry (MarketWired) Cryptowall named top ransomware variant detected during Q2 '16, accounting for nearly 94 percent of all detections

Why hackers love health apps (CSO) Most health apps don't have good privacy or security safeguards

What Can a Hacker Do with Your Genetic Information? (Motherboard) Learning about the genetic markers stored in your DNA can be an illuminating experience, even a life-altering one. Now that direct-to-consumer genetic testing companies such as 23andMe have made these tests more accessible and affordable, it’s no wonder that more than 1 million people have shipped their spit off to be genotyped, and have all their genetic information catalogued (and sold) in the process

Facebook Phishing Scam Using Pornographic Images to Steal Login Data (Hack Read) Facebook phishing scam is stealing login credentials by using pornographic images — scammers are using Facebook groups to spread their campaign

“Honey Onions” probe the Dark Web: at least 3% of Tor nodes are rogues (Naked Security) We’ve written before about anonymity and privacy on Tor

Mac users who ignore the warning signs can be bitten by the Adwind RAT (Graham Cluley) Most Mac users have to really want an infection to get it

Russian Site Deer.io is ‘One-Stop Shop’ for Cybercrime (Infosecurity Magazine) Cyber situational awareness company Digital Shadows has unearthed an “all-in-one” outsourced online shop for cyber-criminals looking for low-cost entry methods to sell their ill-gotten assets

Hackers preying on US companies send the cash to China and Hong Kong (CNNMoney via KITV Island News) Hackers have stolen billions of dollars from American companies by impersonating CEOs in an email scam -- and the loot gets wired to banks in China and Hong Kong 83% of the time

Are you being watched? Artist uses webcam flaws to let you peer into other people's lives (Wired) Nye Thompson's Backdoored lays bare security vulnerabilities in the cameras people install to keep them safe

The tireless, automated bots that want to play Pokémon Go for you (Ars Technica) GPS-spoofing programs open up a big cheating problem for developer Niantic

We'll Always Be Able to Catch Pokémon at Fukushima (Gizmodo) Pokémon Go is everywhere, and for some, that’s a problem

Kimpton Hotels Probes Card Breach Claims (KrebsOnSecurity) Kimpton Hotels, a boutique hotel brand that includes 62 properties across the United States, said today it is investigating reports of a credit card breach at multiple locations

Litigation, Investigation, and Enforcement

EFF Sues U.S. Government Over DMCA (IEEE Spectrum) Last Thursday lawyers from the Electronic Frontier Foundation filed a lawsuit against the U.S. government on behalf of hardware guru Andrew “bunnie” Huang and computer-security researcher Matthew Green. In a nutshell, the pair allege that parts of the Digital Millennium Copyright Act are unconstitutional. Their objections center on Section 1201 of the DMCA, which makes it illegal to circumvent technical copy-protection schemes or to broadcast to others methods for doing so

EPIC Ask FTC to Investigate Privacy Risks of Pokemon GO (Electronic Privacy Information Center) EPIC has urged the FTC to launch an investigation of Pokemon GO and the app's developer Niantic. When the augmented-reality app was first released, Niantic granted itself "full access" to users' Google accounts in violation of federal privacy law

Yahoo ordered to show how it recovered ‘deleted’ emails in drug case (Naked Security) A judge has ordered Yahoo to explain how it recovered deleted emails in a drug case

CUHK student who launched cyber attack on bank avoids jail term (EJ Insight) A university student who launched a cyber attack on a bank’s website at the height of the Occupy protests in 2014 has avoided a jail term after a Fanling magistrates’ court sentenced him to 15 months on probation, the Hong Kong Economic Journal reports

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)

SANS Boston 2016 (Boston, Massachusetts, USA , August 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.