The Stroz Friedberg Cyber Brief

  FEATURED STORY            



"Highly professional" hackers last Wednesday stole around 4,700 Bitcoin valued at nearly $80 million from NiceHash, a leading mining service based in Slovenia. The company said the attack was probably made from an IP address outside the European Union. Local and international authorities are investigating, NiceHash CEO said.


The incident is one of at least three dozen heists on exchanges that buy and sell digital currencies since 2011. Mt. Gox, once the largest Bitcoin exchange, collapsed in 2014 after being robbed of more than $470 million. Other Bitcoin exchanges have faced criminal charges of money laundering.

The hack on NiceHash came days before Bitcoin futures started trading for the first time on Sunday. (Reuters, WSJ, BBC)


Iran: Researchers at FireEye say that a new network reconnaissance group, dubbed Advanced Persistent Threat 34, has spent the last few years digging deep into critical infrastructure companies in the Middle East. FireEye says it has moderate confidence that its hackers are Iranians. (Wired)


Uber: An unidentified 20-year-old Florida man was reportedly responsible for the large data breach at Uber last year. And he was paid by Uber to destroy the data through a so-called “bug bounty” program. (Reuters)

Phishing: A security researcher has revealed an array of methods for spoofing email in more than a dozen common email clients, including Apple Mail for iOS and macOS, Mozilla’s Thunderbird, Microsoft Mail, and Outlook 2016. Experts say the potential for phishing schemes is enormous. (Wired)


Bank Heist: Bangladesh’s central bank has asked the Federal Reserve Bank of New York to join a lawsuit it plans to file against a Philippines bank for its role in one of the world’s largest cyber-heists. Unidentified hackers stole $81 million from Bangladesh Bank’s account at the New York Fed in February last year. (Reuters)

Botnet: Working with authorities in Europe, the FBI dismantled one of the longest running malware families in existence, called Andromeda (also known as Gamarue). Andromeda was reportedly associated with scores of malware families and, in the last six months, was detected on or blocked an average of over one million machines each month. (Europol)

  ON THE HILL                                    

SEC: The Securities and Exchange Commission said that its newly created cyber unit filed its first charges against an “initial coin offering,” alleging that PlexCorps and its top two officials defrauded investors. (Ars Technica)


Unmasking: Director of National Intelligence Dan Coats said a new unmasking policy is due by January 15. It is expected to tighten restrictions on how the names of Americans are held secret in intelligence reports and can be revealed during presidential transitions. (Reuters)

Net Neutrality: A scrappy 10-person nonprofit called Fight for the Future has helped lead the opposition to the Trump administration’s proposed changes to net neutrality rules. FCC chair Ajit Pai and his two Republican colleagues have committed to passing their changes at the agency’s meeting this Thursday. (NYT)

  PRIVATE SECTOR                             

YouTube: The video-sharing site is planning to add 10,000 human reviewers to remove videos that violate its guidelines. The hiring announcement comes after advertisers pulled ads from YouTube after reports that the ads were appearing alongside videos of children in states of undress or being subjected to disturbing treatment. (NYT)

  THE WORLD                                     

EU: The European Commission called on internet companies like Facebook and Twitter to do more to stem the proliferation of extremist content on their platforms. The EU has said it will come forward with legislation next year if it is not satisfied with progress. (Reuters)

China: Authorities in China are increasingly monitoring private internet messages for content they deem offensive. Most people caught posting objectionable content just see it deleted and sometimes receive a warning. However, heavier punishment is sometimes handed out to known political critics or social activists. (WSJ)


The Future of Misinformation: “The fake news debate to date has focused on misleading or blatantly false articles made to look like credible news reports that go viral online. The next frontier promises even more disruption. As the technology develops, the next wave of misinformation will involve not only written lies, but manipulated audio and visual content. The three-minute 'Access Hollywood' recording from 2005 is precisely the kind of content that technology will be able to convincingly manufacture in a short timeframe, and frameworks for dealing with misinformation need to take this risk into account,” writes Evelyn Douek on the Lawfare Blog.


Why Russia Tried to Cheat Its Way to Glory: “Russia’s two subversions, of global sports and American democracy, have more in common than you may think. Both involve intelligence agents, Russia’s will to win and the same cyberespionage team. Both have prompted millions of dollars of investigations and challenged public confidence — in the purity of sport and in the strength of democracy. The two breaches are at the heart of how President Vladimir Putin has suggested he wants to reclaim Russia’s past: by weakening Western democracy and dominating world sports,” writes Rebecca R. Ruiz in the New York Times.

How to Encrypt All Things: “Cryptography was once the realm of academics, intelligence services, and a few cypherpunk hobbyists who sought to break the monopoly on that science of secrecy. Today, the cypherpunks have won: Encryption is everywhere. It’s easier to use than ever before. And no amount of handwringing over its surveillance-flouting powers from an FBI director or attorney general has been able to change that,” writes Andy Greenberg in Wired.



Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.