Cyber Round Up: Hacking in Outer-Space; N.Korea and Cyber; Shadow Brokers and NSA

  • Outer-Space Hacking a Top Concern for NASA’s Cybersecurity Chief (Bloomberg Law):  Many of NASA’s projects in space have lasted longer than they ever expected, which causes problems when it comes to security.  A recent article explained that while the longevity of these projects provides masses of valuable information, it is only a matter of time before someone hacks the outdated computer systems.  Some specific concerns articulated in the article involve the commandeering of spacecraft as well as potential complications in partnerships with Russia.  The full post can be read here.

  • DHS Head: North Korea more of a cyber threat (The Hill):  The most imminent threat from North Korea may not be nuclear after all, a recent article says.  DHS Secretary John Kelly said it is much more likely that Kim Jong Un would take action in the cyber realm.  The article discusses the current situation with North Korea, but doesn’t go in depth into North Korea’s cyber capabilities.  The full interview with Secretary Kelly will air Sunday, April 16 on Meet the Press.  The full article can be found here.
  • Shadow Brokers Redux: Dump of NSA Tools Gets Even Worse (Lawfare):  The Shadow Brokers, who first emerged last summer when they released information on hacking devices used by the NSA, have come back with another big disclosure.  A piece written for Lawfare explains that the group’s ultimate motivation is financial gain, as they are holding an auction for the new batch of information.  The post says that the new info would supposedly include operational notes from the NSA’s targeting of banks in the Middle East.  The post says this would be the most crippling action against the NSA since Snowden, and could have diplomatic repercussions as well.  The full post can be found here.



Cyber Round Up: Rollback of Net-Neutrality Rules; Budgets Hindering Cyber Buildup; Data Breaches Costing Shareholders Billions

  • Fight Looms Over Planned Rollback of Net-Neutrality Rules (WSJ):  More changes are coming to internet regulation, but not without a fight, an article earlier this week said.  FCC Chairman Ajit Pai announced that he plans to rollback Obama’s net-neutrality regulations, which were intended to increase competition by requiring internet service providers such as cable and wireless firms to treat all internet traffic the same. Democrats and internet providers favor the regulations, while Republicans say they went too far.  The rollback would shift oversight from the FCC to the FTC. The full analysis of the regulation change can be found here.
  • Budget woes hinder US cybersecurity buildup (The Hill):  Another stopgap budget won’t be very good for U.S. cybersecurity, an article reports.  Continuing Resolutions do not provide the flexibility needed to prioritize certain issues, and according to Rep. Jim Langevin (D-R.I.), a member of the House Armed Services and Homeland Security committees, “Cyber is certainly potentially one of them.”  The reason this dilemma exists is because Continuing Resolutions rely on previous years budgets and do not allocate funds for changing needs, including bringing on new personnel. Eric Trexler, director of national security and civilian programs at the cybersecurity firm McAfee, explained that cyber is a constantly evolving field and with these short term budget fixes, the government will end up with outdated technology.  The full article can be read here.
  • Cyber breaches have cost shareholders billions since 2013: report (Reuters):  Data breaches have a long term impact not just on companies, but on shareholders, an article earlier today reported.  Oxford Economics and IT company CGI put together a report on the financial impact of data breaches to shareholders. At the time of this post, the full report was not readily available to the public. According to the article, which summarized the results, data breaches caused firms’ stock prices to drop 1.8% on a permanent basis.  Investors in an average firm that was evaluated would lose £120 million, or nearly $150 million.  The full summary of the study can be read here.



2016 Data Breach Investigations Report from Verizon

Last year, Verizon released its annual analysis of data breaches in 2015.  The 85 page report looks at trends in who was a victim of breaches, common points of focus, vulnerabilities, and breach trends.  The report acknowledges that the 9 major incident classification patterns identified in the 2014 version are still accurate.  Those categories include: Web App Attacks; Point-of-Sale Intrusions; Insider and Privilege Misuse; Miscellaneous Errors; Physical Theft and Loss; Crimeware; Payment Card Skimmers; Cyber-espionage; and Denial-of-Service Attacks.  89% of breaches had either a financial or espionage motive.

The report contains a plethora of graphs, charts, and data.  The following excerpt is from the report’s introduction, and the full report is included in this post.

“This year’s dataset is made up of over 100,000 incidents, of which 3,141 were
confirmed data breaches. Of these, 64,199 incidents and 2,260 breaches
comprise the finalized dataset that was used in the analysis and figures
throughout the report. We address the reasons for culling the dataset in
Victim Demographics and provide additional details when we discuss motives
in Breach Trends. Of course, we would never suggest that every last security
event of 2015 is in this report. We acknowledge sample bias, and provide
information about our methodology as well as links to resources that we
encourage you to look into to help collect and analyze incident data within your
own organization, in Appendix E.

We will also acknowledge what isn’t in this report. For those looking for
proclamations about this being the year that mobile attacks bring us to
our knees or that the Internet of Things (IoT) is coming to kill us all, you will
be disappointed. We still do not have significant real-world data on these
technologies as the vector of attack on organizations. If you feel we are in
error, put down the torches and pitchforks and share any breach data that you
have. We are always looking for avenues to shine lights into areas in which we
may not have sufficient illumination. Also, their absence is not a suggestion to
ignore these areas in your risk management decision-making.”



Cyber Round Up: DOJ CCIPS and FBI Cyber Division Kelihos botnet takedown

Breaking News

Press Release from; reprinted below:

Department of Justice

Office of Public Affairs


Monday, April 10, 2017

Justice Department Announces Actions to Dismantle Kelihos Botnet



Search Warrant






Search Warrant Application

TRO Memo


The Justice Department today announced an extensive effort to disrupt and dismantle the Kelihos botnet – a global network of tens of thousands of infected computers under the control of a cybercriminal that was used to facilitate malicious activities including harvesting login credentials, distributing hundreds of millions of spam e-mails, and installing ransomware and other malicious software.

Acting Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division, Acting U.S. Attorney Bryan Schroder for the District of Alaska, Assistant Director Scott Smith for the FBI’s Cyber Division and FBI Special Agent in Charge Marlin Ritzman of the AnchorageDivision made the announcement.

“The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks.   The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” said Acting Assistant Attorney General Blanco.  “Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics. The Department of Justice is committed to combatting cybercrime, no matter the size or sophistication of the scheme, and to punish those who are engaged in such crimes.”

“Cybercrime is a worldwide problem, but one that infects its victims directly through the computers and personal electronic devices that we use every day,” said Acting U.S. Attorney Bryan Schroder for the District of Alaska.  “Protecting the American people from such a worldwide threat requires a broad-reaching response, and the dismantling of the Kelihos botnet was such an operation.  We are lucky that we have talented FBI agents and federal prosecutors with the skillsets to help protect Americans from this pervasive cybercrime.”

“On April 8, 2017, we started the extraordinary task of blocking malicious domains associated with the Khelios botnet to prohibit further infections,” said FBI Special Agent in Charge Ritzman. “This case demonstrates the FBI’s commitment to finding and eradicating cyber threats no matter where they are in the world.”

Kelihos malware targeted computers running the Microsoft Windows operating system.  Infected computers became part of a network of compromised computers known as a botnet and were controlled remotely through a decentralized command and control system.  According to the civil complaint, Peter Yuryevich Levashov allegedly operated the Kelihos botnet since approximately 2010.  The Kelihos malware harvested user credentials by searching infected computers for usernames and passwords and by intercepting network traffic.  Levashov allegedly used the information gained from this credential harvesting operation to further his illegal spamming operation which he advertised on various online criminal forums.  The Kelihos botnet generated and distributed enormous volumes of unsolicited spam e-mails advertising counterfeit drugs, deceptively promoting stocks in order to fraudulently increase their price (so-called “pump-and-dump” stock fraud schemes), work-at-home scams, and other frauds.  Kelihos was also responsible for directly installing additional malware onto victims’ computers, including ransomware and malware that intercepts users’ bank account passwords.

As with other botnets, Kelihos is designed to operate automatically and undetected on victims’ computers, with the malicious code secretly sending requests for instructions to the botnet operator. In order to liberate the victim computers from the botnet, the United States obtained civil and criminal court orders in the District of Alaska.  These orders authorized measures to neutralize the Kelihos botnet by (1) establishing substitute servers that receive the automated requests for instructions so that infected computers no longer communicate with the criminal operator and (2) blocking any commands sent from the criminal operator attempting to regain control of the infected computers.

In seeking authorization to disrupt and dismantle the Kelihos botnet, law enforcement obtained a warrant pursuant to recent amendments to Rule 41 of the Federal Rules of Criminal Procedure.  A copy of this warrant along with the other court orders are produced below.   The warrant obtained by the government authorizes law enforcement to redirect Kelihos-infected computers to a substitute server and to record the Internet Protocol addresses of those computers as they connect to the server.  This will enable the government to provide the IP addresses of Kelihos victims to those who can assist with removing the Kelihos malware including internet service providers.

The efforts to disrupt and dismantle the Kelihos botnet were led by the FBI’s Anchorage Office and New Haven Office; Senior Counsel Ethan Arenson and Harold Chun, and Trial Attorney Frank Lin of the Computer Crime and Intellectual Property Section; and Assistant U.S. Attorneys Yvonne Lamoureux and Adam Alexander of the District of Alaska.  Critical assistance was also provided by foreign partners, and invaluable technical assistance was provided by Crowd Strike and The Shadow server Foundation in executing this operation.

The details contained in the civil complaint and related pleadings are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

The Government has and will continue to share samples of the Kelihos malware with the internet security community so that antivirus vendors can update their programs to detect and remove Kelihos.  A number of free and paid antivirus programs are already capable of detecting and removing Kelihos, including the Microsoft Safety Scanner(link is external), a free product.


The original press release can be found here.


Tags: , ,

Cyber Round Up: House Committee Works on Public-Private Relationships; Cyber in 2025; Putting a Price on “Cyber Hurricane”;

  • Cybersecurity: House Committee Looks to Build on Public-Private Partnerships (RAPS):  Many proposed plans or recommendations for addressing the myriad of cyber security challenges today involve some emphasis on establishing relationships between the public and private sector.  According to one report earlier this week, the House Energy & Commerce Committee held a hearing to explore how to build these relationships.  Specifically, the committee was looking at the healthcare industry, where cyber concerns have become a popular issue.  The full recap of the hearing can be found here.
  • Cybersecurity in 2025: the skills we’ll need to tackle threats of the future (Wired):  Cyber security has most of its challenges in the present, but it’s worth looking ahead to what the future holds as well. An article  earlier this week addressed certain skills that should be added to the cyber repertoire if they haven’t been already.  The list proposed by the article includes ethical hacking, artificial intelligence, and Internet of Things security skills.  The explanation of why these three are some of the most important moving forward can be found here.

  • Insurers Scramble to Put a Price on a Cyber Catastrophe (MIT Technology Review):  While the cyber insurance industry is growing rapidly, insurers are still struggling to put a price tag on cyber incidents, a recent article says.  Cyber insurance was a $2.75 billion industry in 2015, and one estimate has it growing to as large as $7.5 billion in 2020.  Some have begun to view cyber security as a business risk rather than as an IT problem, the article suggests.  This means recognizing that cyber challenges are complex and there is no one clear solution, and instead is better handled by just mitigating the risks involved.  Given that there hasn’t been a “cyber hurricane,” which is the analogy the article draws, and that we’re not exactly sure what that will look like, insurers do not know how to value that coverage.  The full article can be read here.


Americans Still Don’t Know Much About Cyber, Pew quiz says

The Pew Research Center recently conducted an online survey on cyber security.  The majority of participants were unable to answer even half of the questions correctly.  The article reporting the results contains a link to the 13 question quiz so you can see how you compare to the average American.

According to the article, the quiz results show that despite the increasing importance of good cyber hygiene, most people still don’t understand important cyber security issues and terms.  The results seemed to indicate that most people understand the basics, like password strength and public Wi-Fi networks.  More technical issues, the article explains in depth, is where people run into problems.

The article contains many useful graphics depicting the results.  The quiz results and analysis can be found here.



Syracuse University #1 ranked cyber security program by Military Times

Syracuse University came out on top in new rankings for the best college cyber security programs.  Military Times produced the rankings, which had University of Nebraska-Omaha, Drexel University, Bellevue University, and University of Maryland finishing two through five, respectively.

An article discussing the results and methodology explained that several factors were taken into consideration. One factor that was given considerable weight was recognition from the National Security Agency as a Center of Academic Excellence.  Syracuse received this designation in multiple programs.

Other factors included the presence and number of ABET-accredited computer science programs at a school, the proportion of degrees awarded at a school that fall under computer science generally, and the proportion of degrees awarded at a school that fall under computer security specifically.

The article also noted Syracuse University’s partnership with the Air Force Research Laboratory, which allows students to participate in a Cyber Engineering Semester where they receive cyber security training.

The Military Times article, which includes quotes from Syracuse University Professor Shiu-Kai Chin, can be read here.



Cyber Round Up: Gorsuch on Cyber Part Two; Obama issued late Operational Directives on Cyber; AI and Cyber: Changing the Locks

  • Gorsuch on Cyber-Related Issues: Part Two (Lawfare):  Two weeks ago, we recapped the first in a series of posts covering Supreme Court Justice nominee Neil Gorsuch and his depth of knowledge in cyber.  The second part was posted last week and covered computer searches, specifically in the context of timeliness and particularity. The post discusses Gorsuch’s decision in U.S. v. Christie, where he analyzes two separate lines of cases that are relevant to the issue. The blog also noted that Gorsuch makes a “bold” argument that not just the “what” of the search matters, but also the “how.”  The full blog post, including some analysis of other Gorsuch decisions, can be read here.
  • DHS issued two more Binding Operational Directives on cyber in final months of Obama term (Federal News Radio): DHS is benefiting from expanded authority given to it by Congress in 2014.  That authority, an article explains, gives DHS the ability to force other agencies to improve their cyber security measures. The article explained that while two directives were already made public, former DHS Secretary Jeh Johnson issued two more late in the Obama administration’s tenure.  The first ordered agencies to remedy vulnerabilities in Cisco products.  The second mandated compliance with the 2014 Federal Information Security Modernization Act.    The full report can be read here.

  • How AI can ‘change the locks’ in cybersecurity (Venture Beat):  Artificial Intelligence continues to gain traction as potential solution to cyber security challenges. A recent article explains how AI systems can help compensate the inevitable flaws that come from human error and security. The report uses the analogy of moving into a neighborhood where everyone has the same locks, and says this is the way security software works.  AI offers a solution to this program, which the article describes as a “moving defense.” The full article can be found here.



Cyber Round Up: Brenner and MIT’s Report; Germany emerging as cyber leader; FCC has flaw in communications infrastructure

  • Former NSA Inspector General Releases Cybersecurity Recommendations For Trump (WBUR Boston):   A recent article summarized an MIT report that recommended eight ways for President Trump to secure critical infrastructure. The article said that the report featured guest writing from former NSA IG Joel Brenner, and advocated for including the private sector. The article contains some quotes from Brenner where he explains the key components of the report.  The full report is included in this post, and the article can be read here.


  • Germany steps up leadership in cybersecurity (Microsoft Secure):    Recent commentary on a Microsoft blog highlighted how Germany has emerged as leader in the cyber world.  The article notes that this is significant not just because Germany is a top five world economy, but that it has major influence in the EU.  The article discusses numerous metrics and different reports produced by Microsoft, but emphasized Germany’s ability to develop fruitful public-private partnerships.  The post explains how Germany’s recent cyber strategy builds on a couple year old cyber law.  The in depth post can be found here.

  • What Is SS7? Legislators Ask FCC To Examine Security Flaw In Communications Infrastructure (International Business Times):   An article earlier this week discussed a request from two Democratic Congressmen  to the FCC to address a known vulnerability with cell phone security. Signaling System 7 (SS7) is an international communications standard, the article explained.  That standard has weaknesses that allow hackers to read texts, listen to calls, and track locations.  The vulnerability was discovered in 2014, but the U.S. lawmakers believe that the industry has not done enough to remedy the weakness.  One of their solutions, the article says, is encryption. The full article can be read here.


Cyber Round Up: Congress repeals Internet privacy protections; DHS misses cyber policy deadline; Mnuchin expresses cyber concerns

  • Congress just killed your Internet privacy protections (CNN):  Congress voted along party lines to repeal internet privacy protections yesterday.  According to one article, the fate of privacy now rests with President Trump and the White House is on the record as “strongly support[ing]” the repeal.  The rules had not yet taken effect, but would have required internet service providers to acquire customers’ consent before using personal data from browsing history, geo-location, etc.  The article lays out the main arguments from each side of the aisle, and discusses how most people aren’t aware of how their information is being shared. The full article can be read here.
  • DHS misses deadline to submit cyber strategy to Congress (The Hill):   DHS failed to meet the deadline to submit its cyber strategy to Congress, and it isn’t going to happen anytime soon, according to one article.  The National Defense Authorization Act that was passed in December required a strategy to be produced within 90 days.  According to the article, one DHS official stated that the strategy may take months to complete while Trump administration weighed in.  The lack of strategy follows the long delay of a cyber Executive Order that President Trump was expected to sign in January. The full report can be read here.
  • Treasury Secretary Mnuchin Highlights Concerns Regarding Cybersecurity (National Law Review):   A recent report says that concerns about cyber security extend to the Department of Treasury.  In a speech last week, Secretary Mnuchin identified the issue as a primary concern, the article said.  Mnuchin expressed his desire for all regulatory agencies to incorporate cyber security into their oversight functions. The brief post also mentioned the enhanced cyber risk standards set forth by banking agencies in October. The full summary can be found here.


« Previous PageNext Page »


Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Christopher w. FolkChristopher W. Folk

is a second year student at SU College of Law. Christopher is a non-traditional student, returning to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering and in addition to being a full-time student, Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Ryan D. White

Ryan D. WhiteRyan is currently a second year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.Full biography

Anna Maria Castillo

is a third year law student at Syracuse College of Law. She is also pursuing a Master of Arts in International Relations at Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She currently serves as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington. Full biography

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography