CyberSecurity Pulse 2016-05-12

CyberSecurity Pulse 2016-05-12

“An issue is held in balance by the interaction of two opposing sets of forces – those seeking to promote change (driving forces) and those attempting to maintain the status quo (restraining forces).”
Kurt Lewin

Analyst Insight

The New Twitter Policy that Worries Over a Security Agency

Twitter has blocked a data-mining company from providing analytics of real-time tweets to US intelligence agencies. Executives of Dataminr told intelligence agencies recently that Twitter did not want the company to continue providing the service to several agencies. “We have never authorized Dataminr or any third party to sell data to a government or intelligence agency for surveillance purposes”, Twitter said in a statement Sunday.

CyberSecurity Pulse 2016-05-12 In this sense, a former deputy director of the NSA, John C. Inglis, told the Wall Street Journal that Twitter was engaging in double standards by declining to offer intelligence agencies data that is already available to the private sector. The fact is that intelligence agencies are increasingly monitoring social media as some services like Twitter are widely used by terrorist organizations like the Islamic State group for propaganda and recruitment purposes.

Be that as it may, it is not the first measure that Twitter takes into account with this aim. First was the decision not to disclose to any competent authority private information about users, except in response to an appropriate legal process. Undoubtedly, it seems to be trying to distance itself from appearing to aid government surveillance, a controversial issue after former National Security Agency contractor Edward Snowden revelations about how the government was collecting information on users through the Internet and telecommunications companies.

» More information at Computerworld

Top Stories

Struggling With the Cyberwar Term

CyberSecurity Pulse 2016-05-12The Cyber Act of War of 2016 would require the President of the United State to develop a policy to determine whether a cyberattack constitutes an act of war. The bill requires the White House to compare how a cyberattack may be equivalent to conventional weapons in destruction of causalities when evaluating the attack as an act of war. “Cyberattacks on our critical infrastructure are capable of impacting our entire economy and causing significant destruction. This legislation would require the executive branch to define which of these actions constitute a cyberact of war, which would allow our military to be better able to respond to cyberattacks", the United States Senator Rounds said in a statement.

» More information at

US Developing Technology to Identify and Track Cybercriminals Worldwide

CyberSecurity Pulse 2016-05-12Now, the Pentagon wants a better way to not only identify malicious hackers but also to look for practical algorithms that can predict where that hacker might attack next. Through this new initiative, the United States military research agency DARPA hopes that agencies would quickly track and identify sophisticated hackers or criminal groups by monitoring their exact behavior and physical biometrics. In other words, this program will not only help the government characterize the cybercriminal but it will also share the criminal’s modus operandi with potential victims so as to predict the attacker’s next target.

» More information at The Hacker News

Rest of the Week´s News

Kroger Hit By W-2 Data Breach At Equifax

Kroger has alerted this week its current and former employees that their data, including Social Security numbers and birth dates, may have been compromised as a result of a breach at Equifax's W-2Express website. The grocery chain, which is one of Equifax’s many customers, has more than 431,000 employees who are registered on the W-2Express portal.

» More information at Dark Reading

10-year-old Boy Becomes the Youngest Bug Bounty Hacker

Jani, a child from Helsinki has reported recently an Instagram bug to Facebook that allowed him to delete other Instagram users' comments just by entering a malicious code into the app's comment field. Jani responsibly disclosed the vulnerability details to Facebook, who owns Instagram, in February and he has been rewarded with €9000 under Facebook’s bug bounty program.

» More information at The Hacker News

Exploiting a Vulnerability on Qualcomm Devices

Google has patched a high-severity vulnerability that has been around for the last five years, potentially leaving users' text messages, call histories, and other sensitive data open to snooping. The vulnerability affects Android versions 4.3 and earlier that use the software package maintained by mobile chipmaker Qualcomm, according to a blog post published by security firm FireEye.

» More information at FireEye Inc

Further Reading

Bangladesh Bank Says Heist Caused by Faulty Software Installation

» More information at eWEEK

Virustotal Policy Change

» More information at VirusTotal Blog

Man Arrested for Breaking Into State Election Website

» More information at Ars Technica