The Stroz Friedberg Cyber Brief

email : Webview : Cyber Brief: Hackers Breach Democratic Party
The Cyber Brief
Today's Top Story
MONDAY, JUNE 20, 2016
The U.S. Democratic National Committee and cybersecurity firm CrowdStrike said on Tuesday that two groups of hackers backed by the Russian government spied on the political party’s internal communications and stole opposition research on Donald Trump, the presumptive Republican presidential nominee. Some of the hackers reportedly had access to the DNC network for about a year, but all were expelled recently in a major computer cleanup campaign, the committee officials and experts said.

On Wednesday, a person using the handle Guccifer 2.0 took responsibility for the breach and published hundreds of documents purportedly stolen in the heist, including names and contributions of large DNC donors. Security analysts say that the posted documents are either authentic or part of an elaborate hoax. If they are real, they would appear to suggest that either CrowdStrike misattributed the breach or failed to detect that at least one more hacker had gained high-level access to DNC servers. (WaPo, Reuters, Ars Technica)
Virtual Currency: A hacker stole more than $50 million from an experimental virtual currency project. The theft has prompted a heated debate about the viability and principles of virtual currencies like Bitcoin and Ether. (NYT)

Wire Fraud Scheme: The FBI reported that hackers have sought to steal more than $3 billion from businesses in a fast-growing type of scam in which criminals impersonate company executives in emails and order large wire transfers. (Reuters)

Digital Underground: Researchers at Kaspersky Lab say that a major online marketplace is selling access to more than 70,000 compromised servers, allowing buyers to carry out widespread cyberattacks. Access goes for as little as $6 per server. (Reuters)

ISIS Algorithm: A team of researchers from the University of Miami has devised an equation that tries to explain the online activity of Islamic State sympathizers, and might eventually help predict attacks. (NYT)
Net Neutrality: The U.S. Court of Appeals for the District of Columbia Circuit upheld the Obama administration's landmark “net neutrality” rules that bar internet service providers from obstructing or slowing down consumer access to web content. In siding with the FCC, the court treated the internet like a public utility and opened the door to further government internet regulations. (Reuters)

ISIS: A hacker from Kosovo, Ardit Ferizi, pleaded guilty in Virginia federal court to charges of providing material support to the Islamic State. It was the first known prosecution of a hacker joining forces with a terror group in a bid to carry out terrorism, the government said. (Ars Technica)

Bangladesh Heist: The U.S. attorney's office in Manhattan has reportedly opened an investigation of the cyber heist of $81 million from Bangladesh Bank's account at the Federal Reserve Bank of New York. Meanwhile, a U.S. congressional committee has launched a probe into the Fed's handling of the incident. (Reuters)

Paris Attacks: A victim’s family has filed a civil lawsuit against Twitter, Google, and Facebook claiming the companies provided material support to ISIS. It is similar to one filed against Twitter earlier this year. Legal analysts say both face a high hurdle because of a provision of the Telecommunications Act of 1996 that gives online platforms broad immunity from harms done by third parties on their sites. (The Hill)
Cyber Threats: The departments of Homeland Security and Justice released a document saying that the Cybersecurity Information Sharing Act, passed last year, allows businesses to share cyber threat information with industry interests as well as government. (The Hill)

Drone Rules: The Federal Aviation Administration could as early as this week unveil its first rules permitting businesses to fly drones for limited uses. Analysts say the move is likely to spark broader demands for loosening restrictions on unmanned aircraft. (WSJ)
NATO: There is a general recognition that the Western security alliance has yet to develop a strategy to counter Russia’s increasingly aggressive action in cyberspace. As NATO leaders prepare to gather early next month, there are reportedly no serious military plans, apart from defending the alliance’s own networks. (NYT)

Air Force: The military service has lost thousands of inspector general's records dating back to 2004 after a database crash. Cybersecurity professionals at the Pentagon are working to recover some information. (UPI)
Apple: The company is beginning the first major overhaul of the Mac filing system in nearly two decades, allowing files to be encrypted with multiple keys. The updates will provide an extra layer of security against attackers and/or law enforcement agencies. (The Hill)

TalkTalk: The chief executive of the British telecom received more than $4 million in pay and share bonuses for the last 12 months, despite the company suffering a cyberattack in October that put the data of thousands of customers at risk. (Reuters)
South Korea: The country’s Cyber Defense curriculum, started in 2012, trains young digital warriors for free in exchange for students making a seven-year commitment to serve as officers in the army's cyber warfare unit. Last year, South Korea estimated that the North's "cyber army" had doubled in size over two years to 6,000 troops, and the South has been scrambling to ramp up its capability. (Reuters)
Must Reads
How Terrorism Watch Lists Work: “Of all the details investigators have uncovered about Orlando terrorist Omar Mateen, perhaps the most infuriating is the fact that he spent 10 months on a government watch list, yet had no trouble buying an assault rifle and a handgun...Here’s a look at what the lists are and how someone gets their name on one,” writes Kim Zetter in Wired.

West Must Respond to Russia’s Cyber Aggression: “Russia’s greatest cyber advantage is its wealth of the most important cyber asset: skilled and well-educated people. The government recruits and harnesses individuals with innovation and aplomb — for example, allowing its intelligence services to offer employment to hackers convicted of cyber crimes in lieu of prison. But the more important trend is making common cause with criminal hacker groups: the government allows them safe haven in return for services on demand. In this way, the Russian government has been intentionally blurring the lines between cyber activists, criminals, and state-paid spies and hackers, adding a new layer of obfuscation to the tricky problem of attribution,” writes Jarno Limnell for Defense One.

The Downside of Smart Devices: “The intelligence given to these devices really serves twin purposes: information collection and control. Smart devices are constantly collecting information, tracking user habits, trying to anticipate and shape their owners’ behaviors and reporting back to the corporate mother ship. Data is our era’s most promising extractive resource, and tech companies have found that connecting more people and devices, collecting information on how they interact with one another and then using that information to sell advertising can be enormously profitable,” writes Jacob Silverman in the New York Times Magazine.
Top Op-Eds
Follow us:

Stroz Friedberg
powered by emma