The Weekly Newsletter of  
The George Washington University Cyber Security and Privacy Research Institute
APRIL 25, 2016
Cyber Security and Privacy News
  • The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, according to Reuters. "SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software," writes Jim Finkle. "Its spokeswoman Natasha Deteran said SWIFT would release on Monday a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures."
  • CNN reports that the US government is developing and using offensive cyber weapons against ISIS extremists. "U.S. is hitting ISIS with "cyber bombs" as part of its new arsenal of tactics being deployed against the terrorist group. "We are dropping cyber bombs. We have never done that before," Deputy Secretary of Defense Robert Work told reporters traveling with him. "Just like we have an air campaign, I want to have a cyber campaign. I want to use all the space capabilities I have." The full story ishere.
  • "A US Congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used," writes Dan Goodin at ArsTechnica, which carries an in-depth look at a report that first aired on 60 Minutes last week about the ease with which hackers can eavesdrop on some mobile communications.
  • The FBI paid private hackers more than $1.3 million for custom software allowing investigators to break into the locked iPhone used by a terrorist in last year's San Bernardino, Calif., attack, Director James Comey indicated last week. The Hill's Julian Hattem writes. "The bureau paid 'a lot' of money, Comey said at an Aspen Security Forum event in London on Thursday, without disclosing the specific price tag."More than I will make in the remainder of this job, which is seven years and four months, for sure," Comey reportedly said.
Meanwhile, Apple continues fighting FBI and Justice Department requests for access to data on phones of criminal suspects. In a legal filing late Friday, the tech giant argued it should not be compelled to aid federal law enforcement officials who seek to extract data from a confessed methamphetamine trafficker's iPhone because they have not exhausted all means to bypass the unit's built-in security code," according to USA Today.
  • U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released last week. "The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network," wrote Dustin Volz. Read more here.
  • has a timely yarn about budget cuts way back 20 years ago that killed off the US Office of Technology Assessment, which gave lawmakers unbiased scientific and technological information. Kim Zetter describes the problem that persists with the OTA's absence: Lawmakers who are clueless on the science behind technology and innovation. "Former congressman Rush Holt, a trained research physicist, tried to bring OTA back, but did not succeed," Zetter writes. "He noted, 'Most members of Congress don't know enough about science and technology to know what questions to ask, and so they don't know what answers they're missing.'" 
Legislative Lowdown

The Cyber Security and Privacy Research Institute (CSPRI) is a center for GW and the Washington area to promote technical research and policy analysis of problems that have a significant computer security and information assurance component. More information is available at our website,
  Follow us on Twitter
View our profile on LinkedIn
View our videos on YouTube
Upcoming Events

for event descriptions

Apr. 26, 7:45am-1:30pm, Staying Ahead of the Curve: Securing a Nation Amid Change

Apr. 26, 10:00am-1:00pm, 
National Insider Threat Special Interest Group

Apr. 28, 3:00pm-5:00pm,