Are the UK’s Trident Nuclear Weapons Vulnerable to Cyberattacks? (ITProPortal): A recent article by Mark Wilson which appeared in ItProPortal indicates that Des Browne, the former UK defense secretary believes that the Trident nuclear weapons are susceptible and could be rendered useless in a coordinated cyberattack. The article also indicates that the US had previously reported that US defenses and those of other NATO allies might not withstand a coordinated and sophisticated cyberattack. Browne, who is now the vice-chair of the Nuclear Threat Initiative says an inability to identify and mitigate cyber vulnerabilities could result in the nuclear deterrent being unavailable should the day come when it is actually needed, according to the article. Fortunately, Franklin Miller, a former White House defense policy official, believes the US nuclear system is impervious to cyberattack, according to the article. In the article, Miller states that if our nuclear command and control (“C&C”) system used the internet then this would be a very dire warning but Miller indicates that there is no issue since the Nuclear C&C system is air-gapped and not connected to the internet.
While worrisome, is this really a big deal? With the amount of nuclear weapons available and the strategic alliances that have been formed, how many nuclear weapons would have to actually remain operable in order to maintain the mutually-assured-destruction (“MAD”) deterrence between the countries currently in the nuclear club? Unless of course there exists the possibility that rather than rendering the nuclear system inoperable during a cyberattack a cyberattack could somehow allow outside control of a nuclear weapon. That is certainly a far more worrisome scenario. For instance, it is suspected that the Russian nuclear C&C system (Perimetr) was designed to initiate a launch in the event that communication links were lost. One can only hope that such a system would leverage ultra low frequency (ULF) such as is used by the US Navy and which has proven difficult to successfully attack. However, the thought that a loss in a communication link could potentially initiate the launch of nuclear weapons is enough for one to consider that this vulnerability should be assessed and addressed.
Additionally, the comments by Franklin Miller are not very reassuring. Attacks on air-gapped systems are not really novel and have been successful in the past (e.g. Iranian Nuclear Facilities and Stuxnet). Furthermore, the fact that the same government that oversaw the exfiltration of over 20 million personnel records from the Office of Personnel Management (OPM) is in charge of cybersecurity for our nuclear arsenal is not exactly reassuring. See the article below for an interesting (if somewhat dated) read on this.
- FTC Loses in LabMD Data Security Case: ALJ Sets High Bar for Consumer Harm (Cyber Law Monitor): This article in Cyber Law Monitor discusses the recent ruling by Administrative Law Judge (“ALJ”) D. Michael Chappell against the Federal Trade Comission (“FTC”) in their data security case against LabMD. The article states that ALJ held that the FTC failed to show how LabMD’s conduct caused actual harm to consumers based on the FTC’s allegations that LadMD failed to “provide reasonable and appropriate security for personal information on its computer networks.” ALJ ruled that the FTC had shown that harm was possible but failed to demonstrate that it actually occurred or that there was a probability of harm, according to the article. The full article is here; the decision is available below.
- Safe Harbor 2.0 Framework Falling Apart (SearchSecurity): A coalition of 34 human rights and privacy Non-Government organizations (“NGO”)s from the U.S. and EU provided a letter to U.S. Secretary of Commerce Penny Pritzker and the EU’s Commissioner for Justice, Consumers and Gender Equality Věra Jourová, according to the article. This letter states that the updated Safe Harbor framework is flawed as it does little to “reestablish trust for consumers” and the new framework is nothing more than a revision of the previous “… self-regulatory principles that lack legal effect”, according to the article. The article also states that the revised framework is quite likely to be found invalid by the Court of Justice of the European Union (“CJEU”). The letter can be found here; whereas the article is available here.
Cyber Round Up: Belgium to Join NATO CCDCOE, Anonymous ‘Intel’ Encounters Credibility Issues, U.S. Congressional Commission Recommends Consideration of Hackbacks
- Belgium to Join NATO CCDCOE (CCDCOE): Belgium is set to join the NATO Cooperative Cyber Defense Centre of Excellence (“CCDCOE”) as a Sponsoring Nation, according to the organization’s website. According to the website, the CCDCOE is a “knowledge hub” that focuses on interdisciplinary applied research and development in the field of cyber security. Belgium already plays an important role in several cyber defense cooperation efforts in the region, the post continued. The post specifies that the status of “Sponsoring Nation” is designation reserved for NATO members nations. Belgium will join current Sponsoring Nations, the Czech Republic, Estonia, France, Germany, Greece, Hungary, Italy, Latvia, the Netherlands, Poland, Slovakia, Spain, Turkey, the United Kingdom, and the United States, the organization reported. Non-NATO members have also joined, including Austria and Finland, and hold the “Contributing Participants” status, which is designated for non-NATO members, concludes the post. The CCDCOE’s post can be found here.
- Anonymous ‘Intel’ Encounters Credibility Issues (Breibart): After Anonymous released a list of alleged “ISIS targets”, the group is under fire for releasing bad intel, according to Breibart. The article specified that the U.S. authorities announced that claims made by the group warning about possible threats were not credible. As a result, members of the hacktivist group have begun to distance themselves from the social media accounts associated with the group, the article continued. Even other hacktivist groups have criticized Anonymous, according to the report. The full article can be found here. Releasing information haphazardly causes intelligence blunders such as this, and may result in innocent actors being targets of attacks, cyber or physical. Perhaps counterterrorism operations should be left to governments with oversight and accountability mechanisms, rather than anonymous parties with little to zero obligation or willingness to accept responsibility.
- U.S. Congressional Commission Recommends Consideration of Hackbacks (USCC.GOV): The U.S.-China Economics and Security Review Commission (the “Commission”) has released its 2015 Annual Report to the Congress. The report covers U.S.-China economic and trade relations and security and foreign policy issues involving China. According to the report, the Commission recommends that Congress should consider whether to allow private companies that have been hacked to engage in counterintrusions, i.e., hackback, to recover, erase or alter data that has been stolen by bad actors. Additionally, the Commission recommended that Congress consider the feasibility of developing a foreign intelligence cyber court that will hear evidence from U.S. victims of cyber attacks and ultimately decide whether the U.S. government may take counterintrusion operations on the behalf of the victim. The full 2015 Annual Report can be found here. The Executive Summary and Recommendations can be found here.
Section 702, the Fourth Amendment, and Article III: The Muhtorov (Non-)Decision (Just Security): A recent article in Just Security discusses a recent ruling issued out of the District Court for the District of Colorado. According to the article, Judge Kane denied the motion to suppress evidence obtained under section 702 of the Foreign Intelligence Surveillance Act (“FISA”). The article from Just Security is here while the full text of Judge Kane’s decision is available here.
U.S. District Attorney Claims that Encrypted Data Impedes Law Enforcement
U.S. District Attorney Cyrus Vance has indicated that encrypted data on cell phones impedes law enforcement investigations, according to an article in Bloomberg. Vance is quoted as saying “The line to protect the public should not be drawn by two companies who make smartphones”, which was a specific reference to Apple and Google, according to the article. According to Bloomberg, Vance unveiled a 42-page white paper on the issue of access to encrypted data during a cybersecurity conference in New York.
The Bloomberg article highlights a number of areas within Vance’s report:
- Going Dark: Vance indicated that after ISIL finds someone they deem to be a worthy recruit, they move communications to mobile apps that are encrypted end-to-end which renders the communications completely invisible to law enforcement;
- ‘Safety Check’: Vance points to Facebook’s Safety-Check feature which allows users to instantly let their social media contacts know that they are alright as a sign that technology companies can promote public welfare. Vance indicates that this spirit of “public-mindedness” should shame smartphone manufacturers into negotiating a solution to encrypted data access;
- Encryption Technology: Vance claims he is only interested in “data-at-rest” and not in-flight data (data at rest resides on a device while data in-flight is traveling from one device or entity to another). Vance says that consequently his proposal could not be used for electronic eavesdropping since the data is not moving;
- Congressional Action: Vance has urged Congress to pass legislation requiring developers of operating systems for smartphones or tables either made or sold in the U.S. to ensure that data on the devices can be accessed by law enforcement if they have a valid search warrant;
- Encryption Helps Criminals: Vance published an op-ed in the Washington Post that said the full-disk-encryption employed by companies like Apple and Google in the post-Snowden revelation era was helping criminals evade law enforcement.
It is always refreshing when someone takes the time to understand an issue fully and completely. Thus, when I saw that the Manhattan DA’s Office had published a 42-page white paper on smartphone encryption and public safety I was interested to learn more about Cyrus Vance, Jr. the Manhattan U.S. Attorney.
Strangely enough when I looked into Mr. Vance I did not see what I expected. I did not find a practicing attorney with a background in technology. I did not find someone that had technology credentials. I did not find someone that had lectured on the intersection of cybersecurity and law. That is OK, perhaps the message is still sound even if it is being proferred by someone whose understanding of encryption is probably limited to the impenetrable, walled fortress analogy.
So, I looked not at the author but rather at the content. This is where things get interesting. Vance’s white paper indicates that they are not looking for backdoors or the use of “golden keys” that can decrypt anything. No, Vance merely wants hardware and software designs that render technology fully breachable by lawful government searches.
So, essentially Vance is looking to step back in time to a pre-encryption world where everything is fair game. There is no cause for alarm because as we all know, just because the government has access to encrypted data there are safety checks and the government won’t look at anything unless someone, somewhere is able to convince a court that the purpose is “lawful”.
We also should not worry about lighter encryption making us less secure. Based on Vance’s logic, we could simply outlaw the unlawful decryption of data and, therefore, prevent any unlawful breaches of poorly-encrypted data by would-be criminals.
Vance’s white paper makes it a point to limit the scope to data-at-rest; indicating that they take no position with respect to data-in-motion. Essentially, this seems to indicate that on your mobile devices data from one device or one entity to another is not secure when it is sitting on a device but it may be secure and isn’t subject to the DA’s office wire-sniffing while it is in transit. So, I guess that the concept of securely encrypted data then is like the shark, so long as it is moving it is safe but once it stops — oxygen levels, or encryption levels drop, and all bets are off.
Furthermore, this paper talks extensively and exclusively about handheld mobile devices. What about laptops? Those are pretty small and easy to carry. Can I encrypt my laptop or my home computer? Either Vance is pursuing this police-state as a phased-approach: Step 1: access all of the mobile handheld devices, Step 2: access all computing devices, Step 3: gain access to big data’s servers and storage — or Vance really doesn’t understand how criminals and terrorists could sidestep his world of unencrypted mobile devices by switching to larger, more powerful computing platforms.
Cyber Round Up: US Government Agencies Ignoring Cybersecurity Warnings, Post-Paris Renewed Debate About Government Access to Encrypted Data, On Encryption: Big Tech Is Not Budging
- U.S. Government Agencies Ignoring 840 Warnings on Poor Cybersecurity (Sputnik News): According to this article by Sputnik News, the Government Accountability Office (“GAO”) made approximately 2,000 recommendations to improve information security in U.S. government agencies over the past six years and to-date, the government has implemented slightly over half of the recommendations (1,160). Weaknesses included both design and implementation of information security controls in such key agencies as the Department of Homeland Security, according to Sputnik. Meanwhile, the report also indicates that cyber-hacking incidents have increased from 5,503 in 2006 to 67,168 in 2014. The full article can be found here.
- Overnight Cybersecurity: Post-Paris fears spark encryption debate (The Hill): In the wake of the terrorists attacks in Paris, several key players, such as CIA Director John Brennan, and Senator Dianne Feinstein (D-CA), are becoming increasingly vocal about law enforcement’s need to access encrypted data, according to the article. The article indicates that unnamed European counterterrorism officials told the New York Times that they believe the attackers leveraged some form of encryption in order to communicate, and coordinate the attacks. Additionally, it appears that several lawmakers are pushing for legislative action to ensure that the government has access to encrypted data (Senate Intelligence Committee Chair Richard Burr (R-NC), and Sen. John McCain (R-AZ), specifically), according to the article. The Hill also reports in the same article that lawmakers are issuing warnings about the lack of security measures in the Department of Education’s database which contains sensitive information on hundreds of millions of Americans. Perhaps the Education Department should employ encryption techniques? The full article is here.
- On Encryption – Beg Tech Will not Yield (CNBC): On the flip side, the tech industry continues to remain steadfastly opposed to government access to encryption, according to CNBC. Mark Cuban, using his Cyber Dust messaging app (which deletes messages 24 seconds after they are read), stated “Encryption is a fundamental underpinning of the freedom of speech”, according to the article. The article also quotes the Electronic Frontier Foundation’s (“EFF”) Executive Director, Cindy Cohn: “These heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy.” Peter Firstbrook, an analyst with Gartner says the common argument against backdoors to allow government access to encrypted data is the “if you have nothing to hide…” which Firstbrook believes fails to acknowledge that everyone has private details they would not want exposed and the shift to a surveillance state would fundamentally alter the way that people interact and behave, according to the article. The full article can be found here.
As you scroll through your news feed, take notice all the articles on hacktivist groups and activities. Through issues like the Sony and Ashley Madison breaches and the release of U.S. military personnel information by ISIS supporters, hacktivism has earned a place in our daily vocabulary. After almost any big “real-world” event, you can now expect “cyber” action from these hacktivist groups. They are hailed as “heroes” by some, and “terrorists” by others. It only took a couple of days for Anonymous and Ghost Security Group, two hacktivist groups, to respond to ISIS after the Paris attacks. But who are these so-called hacktivists? More importantly, why does it seem like law enforcement organizations only take action against them when their activities affect governmental interests, and not when their activities target the ‘bad guys’?
Attacks directed at Corporate or Government Interests
There have been numerous law enforcement operations and legal action taken against members of Anonymous. In May 2014, two Australian nationals and alleged members of Anonymous were arrested for hacking government computers in Australia and Indonesia, ABC news reported. In October 2013, a federal grand jury indicted thirteen members after the group allegedly targeted financial institutions who refused to process payments for WikiLeaks, according to Yahoo News. In March 2012, “top members” of Anonymous, and another hacktivist group, LulzSec, were arrested in the United Kingdom, Ireland, and the United States, according to an article in the Daily Mail. In July 2011, sixteen suspected Anonymous members were arrested after the group attacked PayPal over its action against WikiLeaks, Fox News reported. The trend shows that action against members of these groups usually follow cyber operations against entities in which governments have an interest in — WikiLeaks is the prime outlet for revealing leaked government secrets, and is a target of a criminal investigation by the U.S. Department of Justice and the FBI, according to an article by the Guardian.
Attacks directed at “bad” Actors
It seems that law enforcement organizations largely remain silent, however, when these groups use the very same cyber tools to conduct operations against extremist groups. In January 2015, Anonymous launched #OpISIS, an operation to take down websites it claimed to be jihadist sites supporting ISIS, as well as websites it claimed to be used by ISIS for recruiting purposes, the Telegraph reported. Even so-called ‘lone wolf’ hacktivists have joined the fight against extremists online. An example of a lone wolf hacktivist is The Jester who has reportedly taken down 170 Jihadist websites since 2010, according to an NBC 5 interview, (More on The Jester can be found here). More recently, as stated above, Anonymous and another hacktivist group, GSG, have declared war against ISIS following the attacks on Paris. GSG, itself, claims to provide intelligence to “federal governments and the intelligence community”, according to the group’s website. So far, however, there have been no law enforcement action (that I can find) taken against these groups after they conduct these types of cyber-vigilanté activities.
Are governments willing to turn a blind eye to some types of activities, but not to others, even when both are being carried out by the same actors? Could this ‘acquiescence’ be construed as legitimization by governments of such groups? More importantly, how does one differentiate between these cyber-vigilantés and actual national security threats?
- Anonymous Declares War on ISIS (NBC News): Anonymous, the hacker group, has reportedly declared war on ISIS following the attacks on Paris, according NBC News. A video has been released, although not yet verified, where a “spokesperson” for the group warned ISIS of “massive cyber attacks”, the article continued. A tweet from the group’s official Twitter account announced that the group was at war with Daesh, another name for ISIS, reported NBC News. According to another report by the International Business Times, the group has also released 1,000 Twitter accounts associated with ISIS and its supporters. The full article can be found here. The video can be found here.
- Ghost Security Group Targets ISIS Online Activities (CoinTelegraph.com): Ghost Security Group (“GSG”) has reported that it will be tracking the online activities of ISIS personnel to “collect valuable evidence for government officials, reports CoinTelegraph. GSG is a cyber vigilante group focused on combating terrorism by targeting extremist social media accounts, according to its webpage. GSG was formed shortly after the Charlie Hebdo attack, the group’s webpage explained. Members of the group work anonymously, but claim to have ex-military and cybersecurity backgrounds, the article continued. The full article can be found here.
N.Y. Regulators Weigh Cybersecurity Requirements for Banks, Insurers (Insurance Journal): According to a recent report in Insurance Journal, New York Financial Services (“NYFS”) Superintendent Anthony Albanese, indicated that “robust regulation” is needed to address cybersecurity needs within the banking and insurance industry. This article indicates that the NYFS recommendation is the result of a survey of more than 150 banks and nearly 50 insurers. The agency’s findings include:
- Companies have taken significant steps to address cybersecurity; however the rapid pace of technological change coupled with an increasingly sophisticated threat landscape will pose enduring challenges,
- Third-party providers (“TPP”)s have access to sensitive data as well as internal information technology (“IT”) systems, thereby creating a potential breach entry point,
- In order to manage TPP access, the following tools/methodologies should be utilized: (a) multifactor authentication (“MFA”), (b) data encryption, (c) loss indemnification, (d) warranties, (e) incident notices, and (f) audits,
- Regulated banks and insurers would be required to conduct annual penetration (“PEN”) testing and quarterly vulnerability assessements,
- Regulated entities would need to implement audit logging that would include privileged user access and anti-log tampering controls
- Any breached entity would be required to notify NYFS of any security incident that the entity believes “… has a reasonable likelihood of materially affecting the normal operation of the entity, including any cyber security incident”.
The full article is here.
Overall, any agency action that spurs thoughtful and relevant dialogue with respect to cybersecurity is probably not a bad thing. That being said, I worry that the creation of industry specific solutions to cybersecurity will invariably, by design, create weak spots in our cybersecurity armor. It seems that cybersecurity is the latest “flavor of the month” and everyone wants to jump on the bandwagon from industry professionals to academics, to folks running for political office. This is worrisome on a number of levels:
- cybersecurity is a discipline that covers both technology as well as the human element, trying to focus on one of these pieces solely and exclusively just is not effective,
- on the technical side, one must balance the ability to access information with the ability to limit access to information, this is not necessarily an easy balance to achieve,
- personally identifiable information (PII) and metadata about us, is pervasive, from our customer loyalty cards, to our Netflix “suggestions”, to our Tivo viewing habits — this information is pure gold to advertisers (and potentially the big brother government as well) — if we secure one industry and leave these huge gaping holes from which our PII can be accessed, we are still infinitely vulnerable,
- regulations such as those being discussed by the NYFS take a point approach to cybersecurity — such as implementing MFA for TPPs. This can help harden TPP access but if users and administrators are not using MFA then they become ripe targets for social engineering or other such attacks that focus on the human element.
- stick with what you know: the NYFS probably has some excellent protocols and procedures for regulating the financial industry — though they probably know very little about cybersecurity. With a nationwide shortage of cybersecurity professionals is it wise to put cybersecurity in the hands of any agency that is not dedicated wholly and solely to cybersecurity issues?
The International Organization for Standardization (“ISO”), International Electrotechnical Commission (“IEC”) developed a standard for information security in the mid-1990s and the latest standard is ISO27002:2013. Additionally, the National Institute of Standard and Technology (“NIST”) developed a “Framework for Improving Critical Infrastructure Cybersecurity” (“CSF”). Taken together, the ISO27002:2013 as well as NIST: CSF provide guidelines from which a cybersecurity initiative can be designed and implemented.
If Federal, State, or Local government choose to discuss cybersecurity, I am strongly in favor of doing so. In order to address cybersecurity and to ensure that a complete and cohesive strategy is developed, however, we need to start by focusing on PII, who accesses, who stores it, and who controls it. Once we understand those variables we can begin to examine cybersecurity in the context of PII rather than by looking at a specific industry and making half-baked suggestions on improving cybersecurity issues.
To Illustrate the problem of focusing on a specific industry, consider the following:
- Agency develops protocols and procedures for cybersecurity in Industry X;
- Industry X implements the minimum cybersecurity standards to avoid fines, penalties, or additional regulation,
- PII exists in the stream of commerce and, therefore, flows from Industry X to Industry Y;
- Industry Y is not subject to same cybersecurity regulation as Industry X;
- PII is breached while in Industry Y
- Industry Y has no breach notification requirement
- Industry Y is not subject to fines, penalties, or damages
This is an admittedly simplistic look at the flow of PII but in focusing on either the technology element or the human element, or one industry, instead of all industries, we run the risk of events such as those above exposing our PII.
Cyber Round Up: Intel Security Releases 2016 Threat Predictions, Massive Hack of Prisoner Phone Call Records, Charges in JP Morgan Chase Hack
- Intel Security Releases its Threat Predictions for 2016 (ITPro Portal): According to ITPro Portal, Intel Security released its McAfee Labs Threats Predictions Report, that examines the cyber threats on the horizon for 2016 and makes predictions related to cyber threats projected into the 2020 timeframe.
This report makes several predictions:
- Intel expects an uptick in attacks on both hardware and firmware and a resulting increase in the number of tools available to initiate attacks,
- This uptick is largely the result of operating systems and hardware being hardened to currently known attacks,
- Expect an increase in the use of ransomware –> parties have been able to make money using this, which attracts greater adoption of this malfeasance,
- Intel anticipates an increased use of information sharing between public and private entities
- Massive Hack of Prisoner Phone calls (The Intercept): According to this article, a massive breach at Securus Technologies revealed that over 70 million records of phone calls were recorded between 2011 and 2014. Of particular interest is the article’s assertion that nearly 14,000 conversations between attorneys and inmates were recorded in spite of the constitutional protections afforded privileged communications. From a cyber perspective, the fact that Securus touts its service meets “rigorous standards for security” raises some concerns since a hacker was able to obtain 70 million phone call records, according to the article. The full text of the article can be found here.
- Charges Announced in JP Morgan Chase Hack (Health Care InfoSecurity): According to this article, three men were indicted for their alleged involvement in a massive hacking effort that was directed against JP Morgan Chase as well as 11 other U.S. businesses within the financial sector. These attacks took place between 2012 and 2015 and allowed these hackers to obtain personally identifiable information (PII) on approximately 100 million customers of these 12 companies, according to this article. This article indicates that this hacking effort was part of an on-going, long-term criminal enterprise which generated hundreds of millions of dollars in ill-gotten gains. The full text of the article can be found here.
Professor William Snyder
is a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.
Jennifer A. Camillo
is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.
holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington.
- UK Nuclear Weapons Vulnerable to Cyberattacks?
- Cyber Round Up: FTC Loses in LabMD Data Security Case, Safe Harbor Updated Framework Falling Apart,
- Cyber Round Up: Belgium to Join NATO CCDCOE, Anonymous ‘Intel’ Encounters Credibility Issues, U.S. Congressional Commission Recommends Consideration of Hackbacks
- Section 702, the IV Amendment, and Art. III: The Muhtorov (Non-)Decision
- US District Attorney Calls for Access to Encrypted Phone Data
- Cyber Round Up: Anonymous Declares War on ISIS, Ghost Security Group Targets ISIS Online Activities on
- Cyber Round Up: DOE and MIT Sloan Partner Up for Grid Security, DoD Needs to Focus its Hiring Efforts, USCG RDML Thomas on Port Security on
- Cyber Round Up: U.S. Strengthens Cyber Defenses while recruiting 6,000 cyber-warriors, RSA:CyberSecurity industry is ‘fundamentally broken’, Who’s Really in Charge in case of a US Cyberattack? on
- Too Big to Fail? Understanding the U.S. Power Grid Vulnerabilities in terms of Cybersecurity on
- Actual US-China MOU Following President Xi Visit on
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010