The CyberWire Daily Briefing 4.3.17

Summary

By The CyberWire Staff

The two major competing jihadist brands pursue somewhat different lines of attack. ISIS concentrates on information operations (currently going through a rough patch with countermessaging, counterhacking, and arrests making inroads against it) with an incipient threat to infrastructure hacking that UK authorities seem to be taking seriously. Al Qaeda is apparently working to hide bombs in IT devices for smuggling through airport security.

Two new RATs are observed in the wild: Felismus (by Forcepoint) and RedLeaves (by JPCERT).

The International Association of Athletics Federations (IAAF) reports being compromised by Fancy Bear, the latest in a series of athletic association hacks since a number of Russian Olympians were booted from Rio last year on doping beefs.

Attribution skepticism induces some to call official findings of Russian DNC doxing a "cyber Tonkin Gulf" incident. (Recent skepticism from the left speculates that the DNC emails were leaked by an insider.) We don't know about this case (there's much evidence of active Russian influence operations, so this doesn't look like radar ghosts and dolphin wakes), but we do agree that hasty and mistaken attribution is problematic, especially when governments consider kinetic retaliation for cyberattacks. (And the CyberWire has been warning about the possibility of a cyber Tonkin Gulf incident since October 2013.) FBI investigations continue, as do those in both houses of Congress. The Senate's hearings are concentrating on Russian disinformation operations.

WikiLeaks' latest dump of purported CIA cyber-operations documents is said to reveal Langley's obfuscation techniques (which some read as a false-flag capability).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, Germany, Israel, Japan, Democratic Peoples Republic of Korea, Malaysia, Monaco, Philippines, Romania, Russia, Singapore, United Kingdom, and United States.

A note to our readers: The CyberWire covered SINET ITSEF 2017 last Tuesday and Wednesday. You'll find our complete coverage of the conference here.

On the Podcast

In today's podcast we hear from our partners at Webroot, as David Dufour reviews the company's recent threat report. Our guests are US Naval Academy Midshipmen Svetla Walsh and Deja Baker, whom we met last week at the Women in Cyber Security conference. They talk to us about their upcoming coding event.

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security.

Sponsored Events

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Hear stories of triumph and tribulation, advice and inspiration from some of Maryland’s diverse and dynamic female cybersecurity professionals. Join us in-person for this free event or register to view the live stream online.

2nd Annual Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Is your enterprise investing enough to protect against cyber-attack? Are you putting your resources where they have the most impact? How can you be sure? Senior security executives come together at Borderless Cyber to uncover new strategies, make new connections, and leave better prepared to defend their cyber practices--in the computer room and the Board room. The conference will take place at the historic U.S. Customs House in lower Manhattan on 21-22 June. Receive an extra $100 off the corporate rate. Use the discount code Cyberwire when registering. Special government rates and Early Bird savings are also available. We look forward to seeing you this June in NYC!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Inside the Site Teaching Islamic State Supporters How to Use Encryption (Motherboard) A 34-year-old man from Cardiff was arrested for creating videos offering cybersecurity tips that were then posted on an Islamic State supporter site.

The hackers beating Isis' propaganda machine (The Independent) “Owned again! Your site is ours Daesh. You have nowhere to hide. You are weak,” reads a message by hackers waging war on Isis’ online “caliphate”.

What I Learned from Reading the Islamic State’s Propaganda Instruction Manual (Lawfare) Charlie Winter takes an inside look at how the Islamic State approaches its propaganda strategy.

Anonymous hacks ISIS website; infecting users with malware (HackRead) Amaq, the official news agency of ISIS or Daesh terrorist group is informing its users about a potential compromise in the security of its website.

WikiLeaks Releases CIA Tool Used to Impede Malware Attribution (Security Week) WikiLeaks has released information and source code for a framework allegedly used by the U.S. Central Intelligence Agency (CIA) to make analysis of its tools and attribution more difficult.

Wikileaks releases code that could unmask CIA hacking operations (Ars Technica) "Marble" libraries include code used to obfuscate—and unscramble—CIA malware.

WikiLeaks’ latest release of CIA cyber-tools could blow the cover on agency hacking operations (Washington Post) The material includes the secret source code of an “obfuscation” technique used by the CIA so its malware can evade detection by antivirus systems.

Cyber Tops List of Looming National Security Threats (SIGNAL Magazine) By far, concerns emanating from the cyber domain outrank conventional conflict hazards posed by the Chinas, Irans, North Koreas or Russias of the world.

Hackers Boosting Destructive Attacks Against U.S., FireEye Says (Bloomberg.com) Cyber-criminals and terrorists are increasingly pursuing destructive attacks on U.S. government networks, and many federal agencies still fail to realize they’re an easy target, according to an executive at cybersecurity firm FireEye Inc.

Turla Group Improves Carbon Backdoor (Security Week) The Russia-linked threat group known as Turla has continued to make improvements to its Carbon second-stage backdoor, with new versions released on a regular basis, ESET reported on Thursday.

Airports and nuclear power stations on terror alert as government officials warn of 'credible' cyber threat (The Telegraph) Britain's airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems.

IAAF: IAAF victim of cyber attack (IAAF) The IAAF has been a victim of a cyber-attack which it believes has compromised athletes Therapeutic Use Exemption (TUE) applications stored on IAAF servers.

That sound you hear is Splunk leaking data (Register) Visit a malicious web page and JavaScript extracts user names

Modular Felismus RAT Emerges (Security Week) A newly discovered piece of malware features a modular design and has been used in highly targeted campaigns, Forcepoint security researchers reveal.

RedLeaves - Malware Based on Open Source RAT (JPCERT/CC Blog) Hi again, this is Shusei Tomonaga from the Analysis Center. Since around October 2016, JPCERT/CC has been confirming information leakage and other damages caused by malware ‘RedLeaves’. It is a new type of malware which has been observed since 2016...

Fake SEO plugin backdoors WordPress installations (Help Net Security) Administrators of WordPress sites, beware! A fake SEO plugin is being used by attackers to compromise WP installations worldwide.

Custom phishing attacks grow as crooks create fake flight confirmations, receipts (ZDNet) Well-researched attacks designed for cyber-espionage and malware distribution are being specificially targeted at those who regularly travel by air.

Super industry under attack from cybercrooks (Technology Decisions) The $2.2 trillion Australian super industry is increasingly coming under attack from cybercriminals, and there is little chance for victims to recover their hard-earned funds.

Fileless: Evasive Intrusion Tactics Pose Challenge for Network Defense (NJ Cybersecurity) The NJCCIC assesses with high confidence that fileless and “non-malware” intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage.

'Sundown' Rises as New Threat in Depleted Exploit Kit Landscape (Dark Reading) New exploits and obfuscation tactics have made once second-tier EK a potent threat, researchers from Cisco Talos say.

Sanctions Ransomware Makes Fun of USA Sanctions Against Russia (BleepingComputer) If you want to know what some ransomware developers think about the USA, you can get a good idea from the ransom note of the Sanctions Ransomware. Dubbed Sanctions Ransomware due to the image in the ransom note, the developer makes it fairly obvious how he feels about the USA and their attempts to sanction Russia.

Point-and-pwn tool for posers dumbs down ransomware spreading (Register) I'm Guybrush Threepwood, mighty hacker

Google: Ransomware on Android Is Exceedingly Rare (BleepingComputer) Android apps spreading ransomware aren't as common as most users and security experts think, says Jason Woloz, Sr. Program Manager for Android Security at Google.

Android under siege from malware – here’s how to protect your phone (Naked Security) Android phones are a top attack target, making up 85% of all mobile device infections in the second half of 2016

Verizon's new app launcher brings spyware to all its Android phones, says EFF (TechRepublic) Verizon's impending release of a new app launcher for Android called AppFlash has some privacy experts worried, as the launcher collects a lot of personal information for advertising.

Verizon Rebuts Critics of Data-Collecting App (Threatpost) The Electronic Frontier Foundation retracted a blog post today highly critical of Verizon and the upcoming rollout of an app called AppFlash made by Evie Labs.

Why I Always Tug on the ATM (KrebsOnSecurity) Once you understand how easy and common it is for thieves to attach “skimming” devices to ATMs and other machines that accept debit and credit cards, it’s difficult not to closely inspect and even tug on the machines before using them.

Email security not keeping up with attacks (CSO Online) With clever cybercriminals finding creative new ways to get to users, has email security lost the battle to protect.

Insiders -- the invisible threat lurking in your office (Computerworld) With all of the focus in the business world recently related to hackers, we have tended to overlook a group of potential bad actors who have already penetrated our perimeter security, and have access to our facilities – our employees and contractors.

'Distributed Cybercrime' Is Making Attackers Multi-Millionaires (CXO) Ransomware and banking Trojans dominate the cybercrime mainstream today, and their technical operations are heavily analyzed.

New internet domain is magnet for paedophiles, charities warn (Times (London)) Millions of new website addresses, including those bearing the domain name .kids, are to be sold without basic child protection safeguards, children’s charities warn today. Child-focused addresses...

Text message scam from the Motor Registry – how not to get stung (Naked Security) How harmful can an SMS be if it’s just offering advice?

Security Patches, Mitigations, and Software Updates

Schneider Electric Patches Flaws in Modicon, Wonderware Products (Security Week) Schneider Electric has released software and firmware updates to address several vulnerabilities affecting some of the company’s Wonderware and Modicon products.

Apple’s latest iOS update patches 911 DDoS attack exploit (The Verge) Back in October, an 18-year-old coder published a simple Javascript exploit that caused iPhones to repeatedly dial 911 after a link was tapped, resulting in emergency call centers getting flooded...

Galaxy S7 edge/ S7 active on AT&T and Verizon Moto Z Play Droid get latest security update (GSMArena.com) The update is arriving as build number G935AUCS4BQC2 and G891AUCS2BQC2 for Samsung phones, and version NDNS25.137-24-1-4 for the Motorola phone.

Microsoft to end Windows Vista support this month (TWCN Tech News) Microsoft has mentioned that from April 11, 2017, onwards, it will end support to this OS, after releasing security patches for one last time on the same day

Zero-Day in Microsoft IIS 6.0 Web Server temporarily patched (TWCN Tech News) A Zero-Day Exploit on the IIS 6.0 has been unearthed. The exploit will affect any webserver running IIS 6.0 and has been temporarily patched by Security ressearchers.

Telegram Update Allows Users to Make Secure, AI-Powered Voice Calls (HackRead) Telegram, the secure instant messaging service has issued an update v.3.18 allowing users to make and receive end-to-end encrypted calls over WiFi, 3G, and

Cyber Trends

Enabled by Technology: the Rise of the Targeted Attack (The CyberWire) "The bar's gone down," said panelist Philip Martin (Director of Security at CoinBase). "You can Google your way to being an advanced attacker, or almost." What's interesting is the attacker's goal. The SINET ITSEF panel on the evolution of the targeted attack...

Leaks, Public Relations, Fake News, and Fake-Fake News (The CyberWire) Norman Pearlstine (Vice Chairman of Time, Inc.) delivered a keynote in which he offered a perspective on the way in which journalists get, vet, and develop their reporting, a matter of some interest given the recent prominence information operations have assumed in attempts to influence public opinion.

Fortinet study shows HTTPS traffic has yet to surpass HTTP traffic (SearchSecurity) HTTPS traffic hasn't taken off, despite expectations, according to a Fortinet study. Plus, new developments in the Apple extortion, and more.

IBM X-Force: Number of compromised healthcare records drops 88 percent in 2016 (MedCity News) The 2017 IBM X-Force Threat Intelligence Index says the number of healthcare records decreased significantly in 2016.

If 2016 was the year of the breach, what will 2017 be? (High-Tech Bridge) In 2016, hackers stole 4 million records per day, and 35% of employees across the UK, France, Germany and Italy admit to have been involved in a security breach.

Marketplace

Cyber resilience: A new boardroom priority (Business Inquirer) The active participation in the recent Management Association of the Philippines Forum on “Cyber Resilience: A New Boardroom Priority” shows that cyber security awareness is growing as more organizations, whether government or private, learn that their networks are vulnerable to an attack.

The likes of Deloitte, IBM and Accenture want to break up the big bang model. Can they do it? (CRN Australia) Customers are asking if big consultancies are all they're cracked up to be.

McAfee rebirth ignites branding, ease-of-business opportunities - channel chief (Channelnomics) Exec says new infrastructure allows vendor to address branding, ease of doing business

First graduates from government Cyber Retraining Academy get IT jobs in industry (V3) Graduates land interviews or jobs at the likes of Amazon, JP Morgan, Fujitsu and Huawei

PhishMe Appoints Mel Wesley as Chief Financial Officer (Digital Journal) Industry veteran to position PhishMe for continued global expansion and explosive growth

Products, Services, and Solutions

Game on Teradata 2017 EPIC Awards Open for Best Business Cases (Teradata) Call for game-changing customer or alliance partner ‘wow’ stories starts now; Winners honored at Teradata PARTNERS conference ‘orange-carpet event’

Owl Cybersecurity Dark Web Database (PYMNTS.com) Though anyone can gain access to the dark net using Tor software, the illicit and unregulated part of the internet is not for the faint of heart. Being that it’s so unstructured, the dark web is not a place where one can go without knowing exactly what they’re looking for and exactly where to find...

Cyberbit selected by Delek Pi Glilot to protect critical infrastructure against cyberattacks (Global Security Mag Online) Cyberbit, whose cybersecurity solutions protect the world’s most sensitive systems, announced that leading energy company Delek Pi Glilot Limited Partnership has selected Cyberbit’s SCADAShield solution to protect critical national assets against cyberattacks. The companies intend to expand their collaboration and leverage Cyberbit’s entire security portfolio to address Delek’s long term cybersecurity strategy.

Teradata IntelliFlex Delivers Unprecedented Jump in Performance, Storage Density and Energy Efficiency with All-memory SSD Platform (Benzinga) Upgraded Teradata IntelliFlex and new Teradata IntelliBase platforms give customers choice and flexibility to support wide-ranging workloads, budgets and technologies...

Telstra to open two new security operations centres in Sydney and Melbourne (CRN Australia) Getting serious about managed security services.

Inside Telstra's massive mission-critical cloud migration to IBM Bluemix (CRN Australia) Plans to take one in five heavy applications to IBM's cloud.

Chain Looks to Secure Blockchain Transactions With Thales' Hardware (CryptoCoinsNews) Chain Inc., a provider of blockchain networks, has integrated a hardware security module from Thales, a provider of data protection solutions, to generate and secure keys used for blockchain transactions.

Monkton Announces Initiation of NIAP Accreditation Process (PRWeb) Monkton's NIAP Assessment process will formally validate two mobile apps, enabling customers to build NIAP compliant mobile apps.

CrowdStrike Falcon Intelligence Wins SANS Best of Award for Threat Intelligence (Yahoo! Finance) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that SANS Institute recognized CrowdStrike Falcon Intelligence™ as the winning product for the SANS Best of 2016 Awards Threat Intelligence Category.

Israeli firm to protect critical infrastructure with ‘cyber insurance’ (The Jerusalem Post) Industrial facilities around the globe have become increasingly vulnerable to cyber attacks.

Technologies, Techniques, and Standards

Insider Threat Programs: Security and Due Process (The CyberWire) This SINET ITSEF panel opened with two questions. What it would take to get people to focus on the insider threat? And why do those with government experience seem to get the magnitude of the insider threat more readily than those without such experience? The answers and consequent discussion would suggest that private enterprises have found their preparation for the insider threat moving naturally down the legal channels prepared by not only government practice, but by law, regulation, and the prospect of civil litigation.

Intelligent Use of Threat Intelligence (The CyberWIre) There's general agreement on, or at least universal lip-service paid to, the importance of threat intelligence to effective cybersecurity. But actually using it effectively has often proven problematic in practice. A panel at SINET ITSEF on March 28, 2017, put the question this way...

Crowdsourcing Confronts Cyber Challenges (SIGNAL Magazine) An offshoot of social media, crowdsourcing could hold solutions to some of the biggest cybersecurity problems the U.S. Defense Department faces.

Lessons learned from DoD's bug bounties highlight talent gap, 'security is not security' (FederalNewsRadio.com) DoD has carved a bug bounty path that civilian agencies can follow, as long as they don't try to compare their results to the same level as Defense.

Didn't we offer you enough? Google's $350,000 Project Zero prize attracts junk entries (ZDNet) Was Google's Project Zero prize too difficult or was the prize just too small?

Cryptocurrency Certification Consortium to Standardize Security across Crypto-Platforms (NEWSBTC) Cryptocurrency Certification Consortium has recently released Cryptocurrency Standard Security guidelines for the entire crypto-industry. Read more...

Encryption Is Key to a More Secure Cyber Future (SIGNAL Magazine) The increase in cyberthreats from both internal and external sources has put the onus on government agencies to implement strong cybersecurity architectures.

E-Discovery Heads In-House, and It's Not Just Because of Cost (Legaltech News) In an industrywide survey, legal technology expert Ari Kaplan found corporate e-discovery is being leveraged more toward information governance and analysis tasks.

USB Canary Sends an SMS When Someone Tinkers with Your USB Ports (BleepingComputer) A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations.

How to Prevent Identity Theft in 2017 ? 100 Advanced Tips ! (Elite Personal Finance) Identity theft is one of the most alarming, yet under-discussed problems affecting American consumers.

Design and Innovation

The rise of InsurTech: How young startups influence a mature industry (Help Net Security) Artificial intelligence and the Internet of Things now account for almost half of total investment in insurance technology (insurtech) startups globally.

Academia

The Cyber IQ Challenge (The CyberWire) A common undertone throughout SINET ITSEF (as it is at most cybersecurity conferences) was concern over the shortage of qualified labor. Ways of addressing range from increased reliance on artificial intelligence to efforts to inspire elementary school students to think about careers in science, technology, engineering, and mathematics (generally) and in information security (specifically). These approaches would redress shortfalls in the labor market over the longer term.

Scholarship program would help Georgia rise to meet cybersecurity threat (Augusta Chronicle) In the face of ever-evolving attacks from our adversaries, we must strengthen our cyber defense capabilities.

Legislation, Policy and Regulation

US is ready to confront North Korea, says Trump (Times (London)) President Trump delivered an ultimatum to China yesterday, insisting that if Beijing failed to use its influence on North Korea to disable the country’s nuclear programme, America would confront...

PLA Strategic Support Force: The 'Information Umbrella' for China's Military (The Diplomat) Beyond cyber and space warfare, the SSF will play a key role in conventional joint operations.

Govt adopts cyber security declaration (Daily Star) The government has adopted a cyber-security declaration 2017 asking organisations to develop actionable cyber

Britain Downplays Security Row as Brexit Wrangling Begins (The Bull) Britain sought to downplay a row over future security ties with the EU on Thursday, as London and Brussels drew up the first battle lines at the start of their two-year divorce.

Hancock unveils government push for firms to adopt Cyber Essentials (SC Magazine UK) In a speech in London today, the minister for digital and culture announced the government is ramping up pressure on organisations to adopt Cyber Essentials.

Who's Responsible for Protecting Internet Users against Cyberattack? (The CyberWire) The panel's question comes down to one of balance: what's the right balance to strike within a responsibility that's clearly shared among governments, the private sector, and individuals?

Trump Extends Obama's EO for Sanctioning Hackers (Dark Reading) EO ultimately led to sanctions against Russia for hacking and other attempts to tamper with the outcome of the US election.

Letters to DHS and MITRE Regarding Performance of Critical Cyber Database (US House of Representatives Energy and Commerce Committee) Excerpt: "We seek your assistance in evaluating the management and performance of the Common Vulnerabilities and Exposures (CVE) program, which has become an essential service for modern cybersecurity practices..." Excerpt: "The program provides a reliable, standardized mechanism for describing information technology and cybersecurity vulnerabilities. Recent reports indicate it may not be keeping up with the increasing vulnerabilities and related risks inherent in modern cybersecurity."

Trump Team Seems to Stay the Course With the Last Administration’s Cyber Efforts (Defense One) Two recent moves suggest the White House isn’t seeking a sea change in international cyber policy.

SecDef adviser: '99 percent sure we'll elevate' CYBERCOM (C4ISRNET) The Defense Department is making the elevation of Cyber Command to a full unified combatant command a key priority.

Federal inspectors general report recommends improvements for intelligence sharing (The Washington Times) U.S. federal agencies tasked with preventing terror attacks have improved their ability to share counterterrorism information, but additional steps can be taken to increase the dissemination of intelligence reports and to make information sharing more efficient, according to a new watchdog report.

"Strategic and Tactical Cyber Actions the New Administration Needs to Get Right" (The CyberWire) The topic was about advice to the current Administration, but the discussion was mostly budgets and agency equities. Chaired by Greg Touhill (former US Federal CISO), this SINET ITSEF panel included Peter Kim (CISO, US Air Force), Roopangi Kadakia (Chief Cloud Strategist, US Department of Veterans Affairs), and Chris Wlaschin (CISO, US Department of Health and Human Services).

Why you shouldn’t chip in to buy politicians’ browsing histories (Naked Security) There are a few red flags about the idea to buy the data of lawmakers and CEOs: it’s a nice idea, but you can’t

Litigation, Investigation, and Enforcement

The Russia “Hacking” Allegation: A Cyber-Gulf of Tonkin? (Global Research) There was no “Russian hacking” of the 2016 election

Part 3: STILL No evidence of Roger Stone’s collaboration with Russia - Artvoice (Artvoice) The US Intelligence Community has concluded with ‘high confidence’ that hacks which led ...

Senate Hearing to Focus on Russian Disinformation Tactics (PPP Focus) There was little chance that Thursday’s hearing would be as explosive as the House intelligence committee’s first public hearing last week, which started off with FBI Director James Comey confirming the FBI is investigating possible coordination between Trump campaign aides and Russian officials and included Trump himself fighting back during the hearing on Twitter.

Russian hacking goes far beyond 2016 pro-Trump effort (CSO Online) As the Senate Intelligence Committee begins the public phase of its investigation, experts warn of the sweeping scope of Russian hacking and disinformation efforts to advance foreign policy objectives. Cites prominent lawmakers Rubio and Ryan as recent targets.

Marco Rubio Says Hack Attempts From Russia Targeted Him, Too (WIRED) Attempted intrusions against any senator aren't surprising. But they're a reminder election hacking shouldn't be a partisan issue.

Byron York: Senate committee targets FBI No. 2 in Trump dossier probe (Washington Examiner) Sen. Charles Grassley, chairman of the Senate Judiciary Committee, has sent a letter to FBI Director James Comey demanding the story behind the FBI's reported plan to pay the author of a lurid and unsubstantiated dossier on candidate Donald Trump. In particular, Grassley appears to be zeroing in on the FBI's deputy director, Andrew McCabe...

Senator tells intel panel to 'follow the money' (Click Lancashire) Former National Security Adviser Michael Flynn is in discussions with the House and Senate intelligence committees on receiving immunity from "unfair prosecution" in exchange for agreeing to be questioned as part of ongoing probes into possible contacts between Donald Trump's presidential campaign and Russian Federation, his attorney said Thursday.

Could Michael Flynn Turn on Trump? (The New Yorker) Flynn is seeking immunity from the Justice Department and the House and Senate committees in return for his coöperation and testimony.

FBI probing whether Trump aides helped Russia a year ago (News 12 Now) CBS News has learned that U.S. investigators are looking into whether Trump campaign representatives had a role in helping Russian intelligence as it carried out cyberattacks on the Democratic National Committee and other political targets in March 2016. This new information suggests that the FBI is going back further than originally reported to determine the …

To keep classified docs from WikiLeaks secret, DOJ drops 2 child porn counts (Ars Technica) Judge: Feds relied on timestamp metadata, but withheld exploit code.

Cyber attack on Mindef's I-Net system occurred weeks before detection on Feb 1 (Today Online) A cyber attack which resulted in the theft of the personal data of about 850 national servicemen and Ministry of Defence (Mindef) employees occurred weeks before it was detected on February 1, Second Defence Minister Ong Ye Kung told Parliament on Monday (April 3).

Report: German authorities investigate high Turkish religious official (Deutsche Welle) Prosecutors in Germany are reportedly investigating one of the highest officials of the Turkish religious authority Diyanet. The inquiry comes amid worsening relations between Berlin and Ankara.

First on CNN: New terrorist laptop bombs may evade airport security, intel sources say (CNN) US intelligence and law enforcement agencies believe that ISIS and other terrorist organizations have developed innovative ways to plant explosives in electronic devices that FBI testing shows can evade some commonly used airport security screening methods, CNN has learned.

FBI Arrests Hacker Who Hacked No One (The Daily Beast) He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks’ crimes.

Hillary Clinton Had Astonishing Access to Top Secret Documents After She Left State Department (Tennessee Star) Hillary Clinton may have resigned her secretary role at the State Department in 2013 - but her access to top secret and classified information didn't end then.

IT Admin Guilty of Hacking of Former Employer (Infosecurity Magazine) IT Admin Guilty of Hacking of Former Employer. El Paso bootmaker suffered serious downtime and extra costs after incident

Romanian Man Pleads Guilty to ATM Skimming Scheme (Dark Reading) Radu Bogdan Marin allegedly used stolen account details and fake ATM cards to withdraw tens of thousands of dollars.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SeaAirSpace (National Harbor, Maryland, USA, April 3 - 5, 2017) The Navy League's Sea-Air-Space Exposition brings the U.S. defense industrial base, private-sector U.S. companies and key military decision makers together for an annual innovative, educational, professional and maritime based event. The exposition will include, among other topics, exhibits and presentations on cybersecurity.

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront of a global stage. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security and Privacy practices. Join your Information Security, Legal and Privacy leadership peers to discuss timely issues in these areas.

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the worldwide community’s increasing interconnectivity in this domain.Drawing on the experience of government practitioners, industry representatives and academic scholars, this event brings a multidisciplinary and international approach to the challenges in cyberspace from technical, corporate, legal, and policy perspectives in both the United States domestic and international realms – with several topics targeting private sector interests.

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

ISIS info ops in a rough patch. Al Qaeda threat behind airline laptop restrictions. Two new RATs. WikiLeaks dumps more alleged CIA documents. US policy, opinion makers wrangle over Russian info ops.