When ‘Former’ Spies Run Wild Bad Things Happen Moon of Alabama

Judith Lucy at the Opera House 🏠


Charmingly disgusting, Sarah Millican has us in the palm of her hand


£300,000 Margaret Thatcher statue needs plinth ‘to keep out vandals’ ITV

When ‘Former’ Spies Run Wild Bad Things Happen Moon of Alabama

Claims fly as Michael Cranston faces cross-examination

Former deputy tax commissioner Michael Cranston has said he was worried about his son getting involved with "bad people" when he cautioned him the tax office's organised crime unit might be auditing one of his son's business associates. Mr Cranston took the witness stand at the NSW District Court on the first day of his defence over charges that he allegedly used insider information and his influence to benefit his son, Adam. Former ATO deputy commissioner Michael Cranston says bikie

Tax officers 'did exactly what Michael did', Cranston trial told

Record $1.3B methamphetamine haul intercepted


Police and lawyers talk often': force denies use of criminal solicitors as informants

Informer 3838 explosive revelation: Police registered informer 10 years earlier than they admitted, commissioner resigns

Explosive new information has revealed the defence barrister at the centre of the Informer 3838 scandal was registered as a police informer 10 years earlier than Victoria Police previously admitted, a development police blamed on an administrative "shortcoming".

Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE Reuters. That’s nice. Neera Tanden’s CAP took UAE money until last week (unless she simply converted them to anonymous donors).

Legendary New York newspaper columnists Pete Hamill, left, and Jimmy Breslin. (Courtesy: HBO/Brian Hamill)

Newspaper rock stars There was a time not long ago when politicians didn’t run New York City. A couple of newspaper columnists did. HBO is profiling both in a terrific documentary about the lives, times and careers of legendary New York newspaper columnists Jimmy Breslin and Pete Hamill. The documentary “Breslin and Hamill: Deadline Artists’’ debuted Monday night, and will continue to air throughout February. Here’s a preview. And here’s more about the project. “Sometimes they were colleagues at the same paper,’’ said Jonathan Alter, who directed and produced the film along with John Block and Steve McCarthy. “Sometimes they were rivals. But they were always good friends.’’ What else were they? “These guys were like superstars,’’ filmmaker and lifelong New Yorker Spike Lee says in the documentary. “They were able to connect and that’s why people saw them as the voice of true New Yorkers.’’ The two wrote memorable columns about the Kennedy assassinations, the Son of Sam murders (Son of Sam is believed to have personally written Breslin during his murder spree), the Bernhard Goetz shooting, the AIDS crisis, the Central Park Jogger case and the 9/11 terrorist attacks. In addition, Breslin’s column after John Lennon was shot and killed is revered among journalists. The HBO film also features interviews with such famous people as Tom Wolfe, Gloria Steinem, Robert DeNiro, Shirley MacLaine, Andrew Cuomo and Garry Trudeau. You will also hear voice passages of stories written by Breslin and Hamill. Breslin died in 2017 at the age of 88. Hamill is 83 and lives in Brooklyn. The film is especially interesting to those who loved newspapers in their glory days, but it’s sad, too. As pointed out in the film, the New York Daily News, where Breslin and Hamill both worked at times, had 400 reporters and editors in 1988. By 2018, that number had dwindled to 45. “It’s like a drug.’’ Speaking of HBO, one of the most dogged reporters in journalism will be featured tonight on the network. Adam Schefter, who covers the NFL for ESPN, will be profiled on “Real Sports With Bryant Gumbel.’’ No one breaks more NFL news than the 52-year-old Schefter. “There are few things in life more satisfying than getting a big story,’’ Schefter said in this preview clip. “It’s like a drug. You become addicted to it.’’ In the story, Schefter relays what happens when so many people (he has more than 7.2 million Twitter followers) turn to him for breaking NFL news. “It’s a serious responsibility when there is that many people viewing,’’ Schefter said. “And there is that many people waiting for you to fall off the high wire.’’ Like the time he reported former Cowboys quarterback Tony Romo would miss the rest of the season with an injury, even though Cowboys coach, Jason Garrett, said the quarterback was “day to day’’ and Schefter’s colleagues were telling Schefter to walk back the story. Schefter did not and, as it turned out, Romo did miss the rest of the season. “There’s a certain sense of satisfaction that comes along in the end when, basically, you’re acquitted,’’ Schefter said. The show airs at 10 p.m. Eastern. Intelligence heads warn of more aggressive election meddling in 2020 Politico January 29, 2019 Foreign adversaries are likely already planning to interfere in the 2020 U.S. election, the nation's top intelligence official warned on Tuesday. In a worldwide threat assessment to the Senate Intelligence Committee, Director of National Intelligence Dan Coats wrote that competitors such as Russia, China and Iran “probably already are looking to the 2020 U.S. elections as an opportunity to advance their interests.” In his statement, he predicted that these countries "will use online influence operations to try to weaken democratic institutions, undermine U.S. alliances and partnerships and shape policy outcomes in the United States and elsewhere." Furthermore, he said, they'll "refine their capabilities and add new tactics as they learn from each other’s experiences, suggesting the threat landscape could look very different in 2020 and future elections." The assessment offered by Coats, based on input from the entire U.S. intelligence community, predicts Russian social media campaigns will focus on "aggravating" social and racial tensions and striking back at anti-Kremlin politicians. Moscow may also seek to spread disinformation, launch cyberattacks and manipulate data. Lawmaker: Congress Needs Fewer Committees with Cyber Oversight Nextgov January 29, 2019 Unless Congress consolidates authority over cyber issues, it won’t be able to move fast enough to respond to the latest digital threats, according to one of Capitol Hill’s top cyber advocates. Rep. Jim Langevin, D-R.I., on Tuesday argued the current congressional committee structure hinders lawmakers’ ability to bolster the country’s cyber posture. Because some 80 groups claim some jurisdiction over cybersecurity, he said, it can take cyber legislation a disproportionately long time to get put to a vote. With online threats evolving every day, measures to fight back shouldn’t get gummed up in referrals and reviews, he said. “We as a Congress are going to have to move with greater agility to respond to the cybersecurity threats we face going forward, and we can’t do it under the current construct,” Langevin said at the 2019 State of the Net conference. Democrats worry hackers exploited the shutdown Politico January 29, 2019 Warning that the longest government shutdown in U.S. history may have opened the U.S. up to new national security risks because of undetected cyberattacks, Democratic lawmakers on Tuesday pressed the Trump administration to explain how furloughs disrupted efforts to defend federal computer systems from hackers. Six Senate Democrats sought answers from senior administration officials about how the government will overcome delays in contracts with firms that safeguard U.S. networks. They also worried that, during the shutdown, agencies weren't able to quickly implement an emergency Department of Homeland Security order to secure web traffic. The lawmakers also expressed alarm about the shutdown's effect on the morale of federal cybersecurity workers, especially as Washington struggles to compete with the private sector for top talent. ADMINISTRATION Census adds bug bounty, ‘red team’ testing to 2020 cybersecurity arsenal Federal News Network February 1, 2019 The Census Bureau will join a growing number of agencies in offering a bug bounty program as it ramps up security preparations for the 2020 population count. Atri Kalluri, the head of the decennial information technology division, said Friday that the agency recently completed “red team” testing, where staff playing the role of malicious hackers added fraudulent responses in a copy of its 2018 field test data. The exercise aims to test the accuracy of the Census Bureau’s self-response quality assurance system, which is supposed to flag suspicious incoming data. The Department of Homeland Security will coordinate with the intelligence community and industry partners to launch census-specific threat support “similar to what was provided during the recent elections,” Kalluri said at the Census Program Management Review. Secrecy Reigns as NERC Fines Utilities $10M citing Serious Cyber Risks The Security Ledger February 1, 2019 In a 250 page regulatory filing, NERC fined undisclosed companies belonging to a so-called “Regional Entity” $10 million for 127 violations of the Critical Infrastructure Protection standards, the U.S.’s main cyber security standard for critical infrastructure including the electric grid. Thirteen of the violations listed were rated as a “serious risk” to the operation of the Bulk Power System and 62 were rated a “moderate risk.” Together, the “collective risk of the 127 violations posed a serious risk to the reliability of the (Bulk Power System),” NERC wrote. The fines come as the U.S. intelligence community is warning Congress of the growing risk of cyber attacks on the U.S. electric grid. In testimony this week, Director of National Intelligence Dan Coats specifically called out Russia’s use of cyber attacks to cause social disruptions, citing that country’s campaign against Ukraine’s electric infrastructure in 2015 and 2016. The extensively redacted document provides no information on which companies were fined or where they are located, citing the risk of cyber attack should their identity be known. Regional Entities account for virtually all of the electricity supplied in the U.S. The Curious Case of a Kentucky Cybersecurity Contract ProPublica/The Lexington Herald-Leader February 1, 2019 In the months after the 2016 elections, state election administrators spent millions of dollars investigating and addressing the cyber intrusions that had penetrated voting systems in dozens of states. Kentucky Secretary of State Alison Lundergan Grimes emerged as one of the loudest voices calling for improvements. In February 2017, at an elections conference dominated by talk of cybersecurity, Grimes claimed to have found the perfect answer to the threat: A small company called CyberScout, which she said would comb through Kentucky’s voting systems, identify its vulnerabilities to hacking and propose solutions. Three days later, Assistant Secretary of State Lindsay Hughes Thurston submitted paperwork to give the company a no-bid two-year contract with the State Board of Elections, or SBE, for $150,000 a year. She did not inform the SBE — the agency that oversees the state’s voting systems — that she was doing so. CyberScout’s CEO and his wife had given Grimes a total of $12,400 in contributions over several elections, along with $4,000 to state Democratic groups. (All of the donations fell within state limits.) Ultimately, the contract went through — Grimes denies the contributions had any influence — and CyberScout delivered little in the way of results, according to 15 election officials interviewed for this article. CyberScout’s contract was not renewed after the first stage expired in June. Report Finds Feds Tower Over Other Sectors In At Least One Cybersecurity Metric Nextgov February 1, 2019 The federal government—so often derided for being behind the technical curve—is magnitudes ahead of every other sector in at least one domain: email authentication and security. Some 75 percent of the 5 billion email inboxes globally check Domain-based Message Authentication Reporting and Conformance, or DMARC, records to ensure that incoming emails are from a valid domain and not being spoofed by a potential bad actor. Among government agencies, 80 percent are using tools to publish DMARC records, putting government double-digits ahead of every area of the private sector, according to a report released Friday from email authentication vendor Valimail. The government’s implementation rate is even more impressive when directly compared to other sectors, only two of which topped 50 percent: Fortune 500 companies and U.S. tech companies worth more than $1 billion. Valimail researchers pointed to a 2017 binding operational directive issued by the Homeland Security Department as the main reason for such a high adoption rate. Citing cyber risk, Pentagon watchdog wants to pause JRSS FCW January 31, 2019 The Defense Department's Joint Regional Security Stacks program is behind schedule, undermanned, riddled with connectivity and security issues and needs to be shut down -- at least for now, according to an internal Pentagon evaluation report released Jan. 31. The Pentagon's CIO and the military branches "should discontinue deploying JRSS's until the system demonstrates that it is capable of helping network defenders to detect and respond to operationally realistic cyber-attacks," the Director of Operational Test and Evaluation (DOT&E) recommended. JRSS is part of major IT reform to reduce DOD's vulnerabilities and access points. But the "difficulty inherent in integrating disparate, complex commercial technologies into a functional system of systems" along with "insufficient training" and underdeveloped standard operating procedures have stalled progress, the report found. Mueller Says Hackers Spread ‘Putin’s Chef’ Case Evidence Online Bloomberg January 30, 2019 Special Counsel Robert Mueller told a federal judge that more than 1,000 confidential files compiled in his case against hackers supported by a friend of Russian President Vladimir Putin had somehow found their way onto the internet, where the evidence was widely disseminated, in defiance of the judge’s order. The revelation came in a filing involving Concord Management and Consulting LLC, a firm controlled by Yevgeny Prigozhin, who runs a large catering business and is known as “Putin’s chef.” Mueller’s team said Wednesday that “non-sensitive” evidence that had been shared exclusively with Concord’s U.S. law firm, Reed Smith LLP, ended up in an online file-sharing portal, apparently as a result of a hacking operation targeting the law firm. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller,” a posting from a newly created Twitter account named @HackingRedstone said on Oct. 22, 2018, according to Mueller’s filing. “You can view all the files Mueller had about the IRA and Russian collusion. Enjoy the reading!” Eric Dubelier, Concord’s lawyer, declined to comment on the filing. FBI, Air Force investigators mapped North Korean botnet to aid shutdown Ars Technica January 30, 2019 On January 30, the US Department of Justice announced that it had partnered with the Federal Bureau of Investigation and the Air Force Office of Special Investigations to engage in a campaign to "map and further disrupt" a botnet tied to North Korean intelligence activities detailed in an indictment unsealed last September. Search warrants obtained by the FBI and AFOSI allowed the agencies to essentially join the botnet, creating servers that mimicked the beacons of the malware. "While the Joanap botnet was identified years ago and can be defeated with antivirus software," said United States Attorney Nick Hanna, "we identified numerous unprotected computers that hosted the malware underlying the botnet. The search warrants and court orders announced today as part of our efforts to eradicate this botnet are just one of the many tools we will use to prevent cybercriminals from using botnets to stage damaging computer intrusions.” Joanap is a remote access tool (RAT) identified as part of "Hidden Cobra," the Department of Homeland Security designator for the North Korean hacking operation also known as the Lazarus Group. The same group has been tied to the WannaCry worm and the hacking of Sony Motion Pictures. Joanap's spread dates back to 2009, when it was distributed by Brambul, a Server Message Block (SMB) file-sharing protocol worm. Joanap and Brambul were recovered from computers of the victims of the campaigns listed in the indictment of Park Jin Hyok in September. Pentagon planning new steps to shore up smaller suppliers’ cybersecurity Federal News Network January 30, 2019 The Defense Department said it’s considering new steps intended to help its lower-tier suppliers tighten the cybersecurity of their IT systems, and may begin a new regime of spot checks to ensure they’re meeting security regulations that now apply to defense vendors and many of their subcontractors. The options under consideration came from a new Pentagon task force that’s re-examining the department’s contractual relationships with suppliers. Those may need to change in order to better respond to data breach or ex-filtration incidents, said Dana Deasey, the DoD chief information officer. At the end of 2017, the department implemented a new contracting rule that requires its vendors to meet the security controls in the National Institute of Standards and Technology’s Special Publication 800-171. The new rules, designed to protect controlled, unclassified information, also apply to subcontractors if they’re handling “covered defense information” as part of the work. The Pentagon’s Cybersecurity Is Falling Behind Bloomberg January 28, 2019 The U.S. military’s cybersecurity capabilities aren’t advancing fast enough to stay ahead of the “onslaught of multipronged” attacks envisioned by adversaries, the Pentagon’s combat testing office is warning. Despite some progress in fending off attacks staged by in-house “Red Teams,” the testing office said “we estimate that the rate of these improvements is not outpacing the growing capabilities of potential adversaries who continue to find new vulnerabilities and techniques to counter fixes.” Automation and artificial intelligence are beginning to “make profound changes to the cyber domain,” a threat that the military hasn’t yet fully grasped how to counter, Robert Behler, the Defense Department’s director of operational test and evaluation, said in his annual assessment of cyber threats, which was obtained by Bloomberg News. The evaluation, part of the testing office’s annual report that may be released as early as this week, comes amid other critical appraisals of the military’s ability to maintain and improves its defense against computer attacks. Why note cards can’t simulate a cyberattack Fifth Domain January 28, 2019 When American soldiers train for a cyberattack on the battlefield, they often use note cards. Although the U.S. military prides itself on being the best trained fighting force in the world, some national security experts are concerned the rudimentary training methods to simulate a cyberattack show the United States is not prepared for future battles. “Cyber injects are often done via white carding, which is the literal use of a note card intended to represent cyber friction,” wrote Jennifer McArdle, a non-resident fellow at the Center for Strategic and Budgetary Assessments, in a new paper. The document, titled “Victory over and across domains: Training for tomorrow’s battlefield," was released Jan. 25. Pentagon officials, who have quietly monitored Russia’s use of hybrid warfare in eastern Ukraine, envision a future fighting environment where traditional land battles are combined with cyberattacks and jammed radio frequencies. But McArdle identified gaps in how the American military trains for this future combined warfare. “Training today is not providing warfighters the kind of experience they need to fight in a complex battle space,” McArdle told Fifth Domain. INDUSTRY Firefox will soon warn users of software that performs MitM attacks Ars Technica February 1, 2019 The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user's HTTPS traffic. The new feature is expected to land in Firefox 66, Firefox's current beta version, scheduled for an official release in mid-March. The way this feature works is to show a visual error page when, according to a Mozilla help page, "something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox." An error message that reads "MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something like the above happens. The most common situation where this error message may appear is when users are running local software, such as antivirus products or web-dev tools that replace legitimate website TLS certificates with their own in order to scan for malware inside HTTPS traffic or to debug encrypted traffic. Hacker spoke to baby, hurled obscenities at couple using Nest camera, dad says CBS February 1, 2019 An Illinois couple said a hacker spoke to their baby through one of their Nest security cameras and then later hurled obscenities at them, CBS station WBBM-TV reports. Arjun Sud told the station he was outside his 7-month-old son's room Sunday outside Chicago and he heard someone talking. "I was shocked to hear a deep, manly voice talking," Sud said. "… My blood ran cold." Sud told WBBM-TV he thought the voice was coming over the baby monitor by accident. But it returned when he and his wife were downstairs. The voice was coming from another of the many Nest cameras throughout the couple's Lake Barrington house. "Asking me, you know, why I'm looking at him — because he saw obviously that I was looking back — and continuing to taunt me," Sud said. Airbus Hacked: Aircraft Giant Discloses Data Breach Gov Info Security January 31, 2019 Aerospace giant Airbus says it suffered a hack attack leading to a data breach. "Airbus SE detected a cyber incident on Airbus 'Commercial Aircraft business' information systems, which resulted in unauthorized access to data," the company says in a statement issued on Wednesday. "There is no impact on Airbus' commercial operations." Airbus, the world's second largest aviation and aeronautics business after Boeing, says it is continuing to investigate the intrusion. The company is headquartered in Leiden, Netherlands, although its main civilian airplane business is based near Toulouse, France. The company's and manufacturing facilities are spread across the EU - in France, Germany, Spain and the U.K. - with other facilities in China and the United States. Airbus has 129,000 employees and reported 2017 revenue of €59 billion ($67.8 billion). The company's investigation continues. "This incident is being thoroughly investigated by Airbus' experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins," the company says. So far, the aerospace giant says it doesn't have a complete tally of all of the information that attackers might have accessed. Criminals Are Tapping into the Phone Network Backbone to Empty Bank Accounts Vice Motherboard January 31, 2019 Sophisticated hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself. This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts. So-called SS7 attacks against banks are, although still relatively rare, much more prevalent than previously reported. Motherboard has identified a specific bank—the UK's Metro Bank—that fell victim to such an attack. Pay the ransom? Corporate lawyers say meeting some hackers' demands may be worth it CyberScoop January 31, 2019 Conventional wisdom says ransomware victims shouldn’t pay their attackers, but a panel of legal experts suggested Thursday that standing firm might not always be the smartest play in the real world. FBI officials, corporate bigwigs and public sector security bosses in recent years all have advised their colleagues to keep their wallets closed when ransomware hits. There’s no honor among thieves, the logic goes, and even if you pay hackers to buzz off, who’s to say they will follow through on promises to unlock encrypted data? But there are scenarios in which small and medium-sized businesses should carefully consider their decision, Mark Knepshield and Matthew Todd said during a panel discussion at the Legalweek conference in New York. “I would say, if it’s a small amount, pay it,” said Knepshield, a senior vice president at insurer McGriff, Seibels and Williams. “It’s likely just be the easiest way out of your situation.” Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones The New York Times January 29, 2019 On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call. His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report. But it wasn’t until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on 9to5mac.com, a news site for Apple fans, in an article that went viral. U.S. judge rejects Yahoo data breach settlement Reuters January 29, 2019 A U.S. judge rejected Yahoo’s proposed settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history, faulting the Internet services provider for a lack of transparency. In a Monday night decision, U.S. District Judge Lucy Koh in San Jose, California, said she could not declare the settlement “fundamentally fair, adequate and reasonable” because it did not say how much victims could expect to recover. Yahoo, now part of New York-based Verizon Communications Inc, was accused of being too slow to disclose three breaches from 2013 to 2016 that affected an estimated 3 billion accounts. The settlement called for a $50 million payout, plus two years of free credit monitoring for about 200 million people in the United States and Israel with nearly 1 billion accounts. But the judge said the accord did not disclose the size of the settlement fund or the costs of the credit monitoring, and the proposed class may be too big because the number of “active” users that Yahoo disclosed privately to her was far lower. Potential Global Cyber Attack Could Cause $85 Billion-$193 Billion Worth of Damage: Report Reuters January 29, 2019 A co-ordinated global cyber attack, spread through malicious email, could cause economic damages anywhere between $85 billion and $193 billion, a hypothetical scenario developed as a stress test for risk management showed. Insurance claims after such an attack would range from business interruption and cyber extortion to incident response costs, the report jointly produced by insurance market Lloyd's of London and Aon said on Tuesday. Total claims paid by the insurance sector in this scenario is estimated to be between $10 billion and $27 billion, based on policy limits ranging from $500,000 to $200 million. The stark difference between insured and economic loss estimates highlights the extent of underinsurance, in case of such an attack, the stress test showed. An attack could affect several sectors globally, with the largest losses in retail, healthcare, manufacturing and banking fields. Appeals court to hear case of reporter alleging surveillance AP January 28, 2019 When Sharyl Attkisson first began hearing clicking sounds on her phone and her computers started turning on and off in the middle of the night, she thought it was a technical glitch that could be easily fixed. Attkisson, then a longtime investigative reporter for CBS News, didn’t suspect anything more until her sources in the intelligence community suggested that the government might be spying on her because of critical stories she had done. Attkisson alleged in a 2015 lawsuit that former Attorney General Eric Holder, former Postmaster General Patrick Donahoe, and unnamed federal agents conducted unauthorized surveillance of her home and electronic devices in an attempt to determine who was leaking confidential information to her. A federal judge dismissed Attkisson’s lawsuit, finding that resolving the allegations would overstep the court’s authority because it “would require inquiry into sensitive Executive Branch discussions and decisions.” Attkisson’s appeal will be heard Tuesday by the 4th U.S. Circuit Court of Appeals. Tech startups are making security moves sooner. They don't have much of a choice. CyberScoop January 28, 2019 For David Cowan, the tipping point was a cyberattack from Anonymous. Cowan, a venture capitalist at Bessemer Venture Partners, had spent years asking startup founders what they planned to do if hackers targeted their business. Often, the founders on the other side of the boardroom would shrug and say, “We don’t hold any personal information, so they don’t need to come after us.” That changed, he said, after the email marketing company SendGrid was hit in 2013 with a denial-of-service attack that ultimately may have caused some of the young company’s clients to walk away, Cowan said. Attackers struck roughly 14 months after Bessemer had led a $21 million funding round for the company. As a result of that incident and others like it, Cowan spent months asking security leaders at established companies what they wished they knew in startup mode. Bessemer published the resulting research in 2015 as advice to smaller companies. INTERNATIONAL Moving the needle on cyber norms FCW February 1, 2019 Cyberattacks like NotPetya and WannaCry can have consequences in the physical world and devastating financial fallout, even if they fall below the traditional definition of war. But U.S. officials, international organizations and independent experts have so far been unable to frame a consensus about where to draw that line. The nongovernmental Global Commission on Stability in Cyberspace recently wrapped up a series of meetings in Geneva to hash out fundamental principles that states, non-state actors and private industry should follow. The commission, co-chaired by former Secretary of Homeland Security Michael Chertoff and former Estonian Foreign Minister Marina Kaljurand, has spent the past two-and-a-half years courting public and private stakeholders and developing language around behavior in cyberspace that it hopes will help guide not just governments but also private companies who work in the murky, somewhat norm-less field of offensive cyber operations. It plans to release a report detailing its final recommendations at the end of 2019. Stolen RDP Credentials Live On After xDedic Takedown Gov Info Security February 1, 2019 The notorious Russian language cybercrime marketplace and forum xDedic Marketplace remains offline following an international police takedown. But information security experts say customers will no doubt quickly move their business elsewhere. U.S. authorities estimate that xDedic, which was launched in 2014, helped contribute to more than $68 million in global fraud. But the U.S. Department of Justice says that on Jan. 24, "seizure orders were executed against the domain names of the xDedic Marketplace, effectively ceasing the website's operation." The takedown effort was international in its scope, reflecting the distributed infrastructure used by xDedic. The U.S. probe resulting in the seizure order was the work of the FBI and the Internal Revenue Service's Criminal Investigation unit. In parallel, a joint Belgian-Ukrainian investigation was led by Belgium's Federal Prosecutor's Office and the Federal Computer Crime Unit, together with Ukraine's National Police and Prosecutor General's Office. The EU effort was supported in turn by a Joint Investigative Team at the EU's law enforcement intelligence agency, Europol. The German Bundeskriminalamt - the federal police, known as the BKA - also helped seize xDedic's infrastructure, authorities say. Bangladesh Sues Philippine Bank Over Cyberheist at New York Fed Reuters January 31, 2019 Bangladesh's central bank on Thursday sued a Philippine bank to recoup losses it suffered when unidentified hackers stole $81 million from its account at the Federal Reserve Bank of New York nearly three years ago. In a complaint filed with the U.S. District Court in Manhattan, Bangladesh Bank accused Rizal Commercial Banking Corp (RCBC) and dozens of others, including several top executives, of involvement in a "massive" and "intricately planned" multi-year conspiracy to steal its money. Bangladesh Bank said funds were stolen with the help of unnamed North Korean hackers who used malware with such names as "Nestegg" and "Macktruck" to obtain backdoor access its network. It said funds were then funneled through RCBC accounts in New York City and to the Philippines, where much of it disappeared in that country's casino industry. Russian DNC Hackers Launch Fresh Wave of Cyberattacks on U.S. The Daily Beast January 31, 2019 Russia’s military intelligence directorate, the GRU, has been caught in a new round of computer intrusion attempts, this time aimed at the Center for Strategic and International Studies, a prominent Washington, D.C. think tank heavy with ex-government officials. The new efforts by the Kremlin hackers who notoriously breached the DNC and Hillary Clinton campaign to support Donald Trump suggests that indictments, international sanctions, a botched assassination and an unprecedented global spotlight have done little to deter Vladimir Putin from continuing to target the West with his hacker army, even as American intelligence agencies warn that Russia is gearing up to interfere in the 2020 election. Inside the UAE’s secret hacking team of American mercenaries Reuters January 30, 2019 Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy. She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy. Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies. Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance. “I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.” Cyber firm says Iranian-linked espionage group targeting telecom, high-tech industries The Hill January 29, 2019 A cyber espionage group linked to Iran has targeted telecommunications and high-tech industries in order to steal personal information, according to a new report. Cybersecurity firm FireEye announced Tuesday that it has added the newly identified group called APT39 to its growing list of advanced persistent threats. "APT39’s focus on personal information likely supports the planning, monitoring, and tracking of intelligence operations that serve Iran’s national priorities," Benjamin Read, FireEye's senior manager of Cyber Espionage Analysis, said in a statement. "Targeting data supports the belief that APT39's key mission is to track or monitor targets of interest, collect personal information, including travel itineraries, and gather customer data from telecommunications firms," the firm's latest report states. The Case of the Bumbling Spy: A Watchdog Group Gets Him on Camera The New York Times January 28, 2019 Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, has published hard-hitting research on powerful targets in recent years: Chinese government censorship, Silicon Valley’s invasion of customers’ privacy, despotic regimes’ electronic surveillance of dissidents. It’s the kind of work that can make enemies. So when John Scott-Railton, a senior researcher at Citizen Lab, got an odd request for a meeting last week from someone describing himself as a wealthy investor from Paris, he suspected a ruse and decided to set a trap. Over lunch at New York’s five-star Peninsula Hotel, the white-bearded visitor, who said his name was Michel Lambert, praised Mr. Scott-Railton’s work and pried for details about Citizen Lab. Then — “as I was finishing my crème brûlée,” Mr. Scott-Railton said — a reporter and photographer from The Associated Press, alerted by Mr. Scott-Railton and lurking nearby, confronted the visitor, who bumped into chairs and circled the room while trying to flee. At least two other men nearby appeared to be operatives — one who stood at the door, another who seemed to be filming from a table, said Mr. Scott-Railton, who himself filmed his lunch companion. The case of the bumbling spy is the latest episode involving undercover agents, working for private intelligence firms or other clients, who adopt false identities to dig up compromising information about or elicit embarrassing statements from their targets. France's Altran Tech Hit by Cyber Attack Reuters January 28, 2019 French engineering consultancy Altran Technologies was the target of a cyber attack last Thursday that hit operations in some European countries, it said on Monday. Altran said it had shut down its IT network and applications and a recovery plan was under way. "We have mobilized leading global third-party technical experts and forensics, and the investigation we have conducted with them has not identified any stolen data nor instances of propagation of the incident to our clients," it said. Altran's clients include French utility Engie, U.S. satellite operator Iridium, British online supermarket Ocado and Britain's Network Rail. Governments are increasingly warning about the risks private businesses face from cyber attacks, both those carried out by foreign governments and financially motivated criminals. Japan law will allow government to hack civilian IoT devices IT Pro January 28, 2019 Japan approved a new amendment to a law on Friday which would allow government workers to hack civilians' personal technology as part of a vast survey of the country's insecure IoT devices. The survey is being initiated as part of a plan to prevent a major cyber attack from crippling the infrastructure that will support the Tokyo Olympic Games in 2020, stemming from insecure IoT devices. The concerns aren't without merit, sporting events are fast-becoming prime targets for cyber attacks. In February 2018, Pyeongchang's Winter Olympics was hit by a cyber attack during the opening ceremony. The state-sponsored hacking initiative will begin next month with a trial of 200 million devices, just webcams and modems to start with. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications. EU Agency Says Iran Likely to Step Up Cyber Espionage Reuters January 28, 2019 Iran is likely to expand its cyber espionage activities as its relations with Western powers worsen, the European Union digital security agency said on Monday. Iranian hackers are behind several cyber attacks and online disinformation campaigns in recent years as the country tries to strengthen its clout in the Middle East and beyond, a Reuters Special Report published in November found. This month the European Union imposed its first sanctions on Iran since world powers agreed a 2015 nuclear deal with Teheran, in a reaction to Iran's ballistic missile tests and assassination plots on European soil. "Newly imposed sanctions on Iran are likely to push the country to intensify state-sponsored cyber threat activities in pursuit of its geopolitical and strategic objectives at a regional level," the European Union Agency for Network and Information Security (ENISA) said in a report. A senior Iranian official rejected the report, saying "these are all part of a psychological war launched by the United States and its allies against Iran". TECHNOLOGY Hackers Are Passing Around a Megaleak of 2.2 Billion Records Wired January 30, 2019 When hackers breached companies like Dropbox and LinkedIn in recent years—stealing 71 million and 117 million passwords, respectively—they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2.2 billion unique usernames and associated passwords and is freely distributing them on hacker forums and torrents, throwing out the private data of a significant fraction of humanity like last year's phone book. Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a patched-together set of breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes of stolen data and 25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, found that the total haul represents close to three times the Collection #1 batch.  via Nick Leiserson