skip navigation

More signal. Less noise.

Daily briefing.

The Syrian Electronic Army becomes more ambitious and aggressive. Analysts see it as a regime-directed mix of state agencies and patriotic hacktivists.

NSA's XKeyscore hits the news as the NSA Director speaks at BlackHat. Reports are breathless, but the reality appears more anodyne—in any case the tool seems to fall far short of the Sauronian omnivigilance the Guardian reports.

Active attacks present a familiar rogues' gallery: Zeus, Carberp, Blackhole, Comfoo, etc. Two lessons may be drawn: first, even known, commodity malware damages poorly protected networks, and second, that commodity malware can evolve into new threats legacy defenses miss.

As BlackHat winds down researchers demonstrate vulnerabilities in Apple chargers, smart-home systems, smartphones, and Internet advertising platforms.

Huawei works to dominate African IT markets. Lenovo remains in bad odor with Western intelligence services. The Financial Times thinks Huawei and ZTE products will inevitably make their way into the US market (note that ZTE already had derivative products on the GSA Schedule). US cloud providers face a comparable reception in international markets, post-PRISM.

NSA's General Alexander addressed BlackHat yesterday. (Our onsite correspondent thought he did better, and had more audience sympathy, than reports would lead one to think.) He invited the cyber community to contribute better, civil-libertarian-friendly approaches to national security. He stressed NSA programs' roots in Constitutional and statutory law, their active oversight by all three branches of government, their technical and policy safeguards against abuse, and their auditability.

Meanwhile, Edward Snowden has received a year's worth of asylum in Russia.


Today's issue includes events affecting African continent generally, China, Ecuador, Russia, Syria, United Arab Emirates, United States..

SINET's Innovation Summit is sold out, but you'll be able to follow the proceedings via the CyberWire's special special coverage, beginning August 6. Panelists at the Summit will include Debora Plunkett, Director, Information Assurance, National Security Agency, and Rosemary Wenchel, Deputy Assistant Secretary Cybersecurity Coordination, National Protection and Programs Directorate, Department of Homeland Security.

Cyber Attacks, Threats, and Vulnerabilities

Syrian Electronic Army no longer just Twitter feed jackers…and that's bad news (The Register) Hackers now target VoIP apps, directories, spewing Trojans as they go - infosec bods. The Syrian Electronic Army is starting to pose a serious risk to enemies of the Assad regime in both Syria and further afield, according to security watchers. Reports that the SEA managed to take over three personal email accounts of White House employees remain unconfirmed. However, recent worrying attacks on VoIP apps Viber and Tango mean that officials and security researchers need to keep a closer eye on the group, argues anti-malware tools firm FireEye

Syrian Electronic Army Hacks Major Communications Websites (FireEye) Syrian Electronic Army (SEA) has recently compromised three widely-used online communications websites, each of which could have serious real-world consequences for Syria's political opposition

What is the Syrian Electronic Army? (Infosecurity Magazine) As the Syrian Electronic Army (SEA) continues its hacking spree across largely Western organizations, it is worth pausing to question: what is the SEA, how does it operate, and what are its motivations

[NSA] Press Statement on 30 July 2013 (NSA) As the IC and NSA have stated previously, the implication that NSA's collection is arbitrary and unconstrained is false. NSA's activities are focused and specifically deployed against - and only against - legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interest. Public release of this classified material about NSA collection systems, without context, does nothing more than jeopardize sources and methods, and further confuse a very important issue for the country. Although it is impossible to provide full details of classified programs and still have them remain effective, we offer the following points for clarification

Newly exposed NSA tool, XKeyscore, sees 'nearly everything we do online' (Naked Security) The only thing US surveillance needs to read the contents of your email, with no prior authorization whatsoever, is your email address. Are we sick of PRISM yet, or do we still have room for outrage

Snowden's XKeyscore revelations challenged (The Register) Job ads for latest NSA horror ran in 2010. Edward Snowden's latest revelations about NSA snooping, the Xkeyscore program, have quickly been called into question

What's XKEYSCORE? (The Week) If you regularly search LinkedIn profiles for national security information, you'll find hundreds of highly compensated individuals who worked for NSA and who list, as one of their skills, the fluency in XKEYSCORE. Glenn Greenwald's publication today of one of the training presentation PowerPoints is sufficient to give us all that skill. (Marc Ambinder: now proficient in advanced web and document production, French, and XKEYSCORE.) I quibble with the Guardian's description of the program as "TOP SECRET." The word is not secret; its association with the NSA is not secret; that the NSA collects bulk data on foreign targets is, well, probably classified, but at the SECRET level. Certainly, work product associated with XKEYSCORE is Top Secret with several added caveats. Just as the Guardian might be accused of over-hyping the clear and present danger associated with this particular program, critics will reflexively overstate the harm that its disclosure would reasonably produce

The NSA's Evil Google: XKeyscore Tool Enables Vast Warrantless Search of Online Communication and Activity (HotHardware) One of the contentious issues that's swirled around the NSA since whistleblower Edward Snowden began leaking information on the organization's capabilities is exactly what it can -- or can't -- do. Snowden has stated that as a contractor with Booz Allen Hamilton, "I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email"

Xbox One Mag Hacked by Ecuadorian Cyber Army (eSecurity Planet) 2,035 users' full names, e-mail addresses and mailing addresses were published online

Vulnerabilities in D-Link network video recorders enable remote spying, researcher says (CSO) The vulnerabilities allow attackers to gain access to devices used to monitor surveillance cameras or provide remote access to stored data

ZeroAccess malware revisited—new version yet more devious (Naked Security) Guess what? The authors of the infamous ZeroAccess malware have pushed out another update, and this time they're using some interesting techniques to stay alive longer. James Wyke of SophosLabs explains

Malware using GoogleCode for distribution (zscaler ThreatLab Blog) Malware hosting sites rarely stay up for too long. After the first few instances are seen by security vendors, they are added to blacklists which, in turn, are fed into other blacklists throughout the industry. Malware writers are now turning to commercial file hosting sites to peddle their warez. If these legitimate file hosts are not scanning the content they are hosting, it may force network administrators to block the service altogether. The kicker is that this time we see that GoogleCode seems to have swallowed the bad pill

Got an account on a site like Github? Hackers may know your e–mail address (Ars Technica) If you have an account on Github, StackExchange, or any one of countless other sites, there's a good chance hackers can identify the e-mail address you used to register it. That's because Gravatar, a behind-the-scenes service that says it works with millions of sites, broadcasts the information using cryptography that in many cases is trivial to crack

RBN's Fake Account Suspended Notices (Danchev) In the last quarter of 2007, under the public pressure put on the Russian Business Network's malicious practices, the RBN started faking the removal of malicious domains from its network by placing fake account suspended notices, but continuing the malware and exploit serving campaigns on them. And since I constantly monitor RBN activity, in particular their relationship with the New Media Malware Gang and Storm Worm, a relationship that I've in fact established several times before, a recently assessed malicious domain further expands their underground ecosystem. Let the data speak for itself

New Warning on Citadel and Reveton Issued (Infosecurity Magazine) The FBI's Internet Crime Complaint Center (IC3) has issued a new warning on a Citadel and Reveton ransomware campaign. Reveton is the ransomware, and Citadel is the malware platform used to deliver it

Why Carberp, ZeuS, and Other Vintage Malware Have a Bigger Bite Than You Think (FireEye) As a sales engineer working at FireEye, I spend my days running production pilots with prospects, discussing advanced persistent threats (APTs), customer's security posture, and the current advanced threat. While the focus here at FireEye is all about detecting the zero-day or advanced targeted attacks, I'm constantly surprised by how much plain old "commodity malware" or "crimeware" I find in networks

Secrets of the Comfoo Masters (Dell SecureWorks) The details of organized cyber-espionage campaigns are becoming more public. So-called "Advanced Persistent Threat" (APT) attacks are common news as individuals and corporations discover the data on their hard drives is part of a country or competitor's "shopping list." The actors behind these attacks are generally well-equipped in terms of training, finances, and access to resources. The missions of APT threat actors are usually of strategic importance, and the actors exercise virtually unlimited patience in penetrating and persisting inside their specific target's network until they accomplish their goals

The Current State of the Blackhole Exploit Kit (TrendLabs Security Intelligence Blog) The Blackhole Exploit Kit is one of the most notorious exploit kits currently in circulation among the cybercriminal underground today. Thus, we continuously monitor for incidents and attacks involving the exploit kit itself

FireHost Report Suggests Commodity Cloud Providers Are Bolstering Botnet Agility (Dark Reading) Q2 2013 sees sharp increase in blended, automated attacks. Secure cloud hosting company, FireHost, has today announced its Q2 2013 Web application attack statistics, which form part of FireHost's quarterly Superfecta report. These statistics track the prevalence of four distinct types of cyberattacks that pose the most serious threat to businesses, comprising CSRF, XSS, SQL Injection and Directory Traversal. For additional information on FireHost's Q2 2013 Superfecta report, visit Booth #621 at BlackHat USA 2013 in Las Vegas

The DNS Infrastructure of the Money Mule Recruitment Ecosystem (Dancho Danchev) What's the most static element of the vibrant money mule recruitment ecosystem? It's the DNS infrastructure that the the cybercriminals behind the campaigns repeatedly use to push new scams

Carriers Should Ditch Femtocells Over Security Risks: Researchers (SecurityWeek) After demonstrating how easily rogue femtocells can be used to intercept voice calls and text messages, researchers from iSec Partners called on carriers to stop using the network devices altogether

Black Hat: Researchers Use iPhone Charger As Hacking Tool (SecurityWeek) At Black Hat USA Wednesday in Las Vegas, a trio of researchers from The Georgia Institute of Technology demonstrated how to abuse USB functionality of Apple iPhones to compromise the device. Using a Beagleboard, the researchers built a proof-of-concept malicious charger they refer to as Mactans

Buy an ad, own a browser botnet (Threatpost) Researchers have figured out how to leverage the reach of online advertising networks to distribute javascript of their choosing, creating the equivalent of a botnet of ad impressions capable of crashing underlying webservers or distributing malware on a massive scale for pennies on the dollar

Video: Hacking home automation systems (SC Magazine) In this video, David Bryan and Daniel Crowley, researchers at Trustwave's SpiderLabs, discuss their recent work with home automation systems with SC Magazine's executive editor, Dan Kaplan, at this year's Black Hat conference in Las Vegas. The major vulnerabilities found in the technology could allow attackers to take control things like door locks, thermostats, and garage doors in homes

Spy phones: How everyday hackers can turn your devices against you (VentureBeat) You downloaded an app from a third-party marketplace you don't trust. Sure, the app might function like it's supposed to, but it might have just turned your phone into a stealthy spy machine

Polish CERT Polska and NASK Pull the Plug On .pl TLD On Malicious Registrar, Domain Silver (CircleID) Today we publish an overview of domains registered through Domain Silver, Inc, a registrar operating in the .pl domain. This Registrar started operating in May 2012. Since that time, the CERT Polska team started to observe a large increase in the amount of malicious domains registered in .pl and to receive many complaints concerning domains registered through Domain Silver

Canonical reveals details of Ubuntu Forums hack (Help Net Security) Canonical has published a postmortem on the recent Ubuntu Forums hack and has shared a blow-by-blow account on how the attack was carried out. At 16:58 UTC on 14 July 2013, the attacker

Cyber Trends

Most health data breaches malicious, not accidental (FierceHealthIT) The number of health data breaches is growing with the push to electronic records, and increasingly thieves are targeting their attacks, according to data security firm ID Experts

The Most Capable Cyber Attackers Are Less Likely to Attack (SIGNAL Online) The most damaging cyber attacks possible are among the least likely to happen, because the powers capable of undertaking them are unlikely to launch them, according to an expert with the Office of the Director of National Intelligence (ODNI). Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council, ODNI, told the audience at the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that cyber attack capability need not translate to immediate threat

Email from social media safest, financial services riskiest (CSO) Study finds one in seven emails from financial brands poses risks to consumers. Email from social media brands is some of the safest on the Internet, while electronic posts from financial services brands is some of the riskiest, says a report released this week by an email security provider

APWG Report: Phishing Attack Numbers Drop 20 Percent from Historical Highs (BusinessWire) Cybergangs alter infrastructure abuse techniques in shift to crimeware-based attacks. The APWG reports in its Q1 2013 Phishing Activity Trends Report that phishing attack frequency declined 20 percent from Q4 2012 to Q1 2013, due to a precipitous drop in virtual server phishing attacks. Statistics indicate that phishing levels are returning to the levels seen prior to the record-setting highs of 2012

Cyber attackers turning toward states (Statescoop) s the federal government improves its cyber defenses, nefarious actors are turning their attention toward state and local governments, said Center for Internet Security CEO William Pelgin

The dying art of computer viruses (Graham Cluely) I think the first time I ever heard someone talk seriously about computer viruses was in 1988

CIO concerns over security obstructing enterprise mobility (Help Net Security) Despite a clear understanding of the benefits and drivers from the end-user community, companies have not mobilized many applications - and a large percentage are delaying full deployment of enterprise apps on mobile devices due to concerns around cost, complexity and security


Is Huawei wiring Africa for surveillance? (Quartz) The Chinese telecoms firm is offering exceptionally competitive prices, generous financing, and running networks to win local governments' trust

Huawei technology and price advantages to outweigh US cyber concerns in long-term (Financial Times) Despite fresh allegations that Chinese telecom companies such as Huawei Technologies and ZTE pose a major cybersecurity threat to the US, market pressures may allow the companies to establish a strong presence in the world's largest economy over time. "Eventually the Chinese makers will be present in the US market," Chris Simkins, the CEO of Chain Security, who previously represented the Department of Justice (DoJ) on the Committee on Foreign Investment in the United States (CFIUS), told PaRR

Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition (Dark Reading) U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced

PRISM: No Reason to Shy Away From U.S. Cloud Providers (BWW) PRISM has brought many European and Asian companies to believe that using a U.S.-based cloud services provider is insecure and will allow the U.S. Government to snoop on their data. As a result, some are predicting a slow-down in cloud adoption, specifically the uptake of cloud services based in the United States. Unfortunately, the victim in this scenario is the enterprise themselves, since many of the leading and most in-demand cloud SaaS offerings are based in North America. But with the proper security solutions in place, enterprises can confidently adopt cloud services based anywhere in the world while keeping their data resident and within their full control, thereby eliminating concerns about 3rd parties accessing their sensitive corporate information

Silicon Valley Could Become Collateral Damage In NSA Leaks (Forbes) Much of the reaction to recent revelations of NSA surveillance activity has focused on the privacy implications for U.S. and foreign citizens and possible ramifications for U.S. international relations and national security. Yet the disclosure of the PRISM program – which the NSA used to collect e-mails, social media content, and other Internet traffic – set off a firestorm that threatens to engulf Silicon Valley boardrooms as well. American tech companies face two significant challenges. First, they could soon be caught in a Catch-22 arising out of contradictory legal systems on either side of the Atlantic. Second, they face the prospect of a declining market share as portions of their customer base seek out providers deemed to be less exploitable by U.S. intelligence agencies

No, Edward Snowden's Leaks Weren't Due to Sequestration (Atlantic Wire) A small detail from a Washington Post interview with Edward Snowden's father has been seized upon by political observers today. Lon Snowden disputes his son's claim that he went to work for Booz Allen Hamilton in order to steal more documents. Instead, Lon blames a scarier opponent: government sequestration, which cost his son his prior contract position

DOE NNSA IARC Receives CNDSP Authorization (Herald Online) OnPoint Consulting, Inc., today announced that the Department of Energy's (DOE) National Nuclear Security Administration's (NNSA) Information Assurance Response Center (IARC) became only the second federal civilian, non-Department of Defense (DOD), provider to receive a Computer Network Defense Services Provider (CNDSP) authorization

KEYW Announces the Formation of Hexis Cyber Solutions, Inc. (Virtual-Strategy Magazine) Hexis Cyber Solutions comprises KEYW's "Project G" organization and Sensage, Inc., acquired by KEYW in October 2012. Chris Fedde has been named

Dr. Sameer Bhalotra, Former White House Cybersecurity Executive, Joins Invincea Board of Advisors (ProductivityApps) Distinguished Authority on Nation's Highest Priority Cybersecurity Initiatives Brings Public Sector and Critical Infrastructure Expertise to Recognized Endpoint Security Pioneer

Cyber Security Firm to Call Howard County Home (WBAL) AirPatrol Corporation announced Wednesday the company will expand and relocate its corporate headquarters to Howard County. The company said they chose the location after looking for a new home in both Maryland and Virginia

Siemens CEO goes quietly, but revenue's still lurching (FierceMedicalDevices) Despite reports he planned to kick, scream and break a thing or two, Siemens ($SI) CEO Peter Löscher has agreed to peacefully step down from the German giant, leaving CFO Joe Kaeser to clean up months of lagging sales and alarming stock performances

Dell Board Denies Michael Dell Buyout Vote Rule Change (CRN) The Dell (NSDQ:Dell) special committee overseeing the shareholder vote that will determine the fate of the computer maker shot down Michael Dell's proposal to raise his buyout offer by 10 cents contingent on a change in the way shareholder votes would be counted

Products, Services, and Solutions

Accuvant launches Threat Intelligence Briefing service (Help Net Security) Accuvant announced at Black Hat USA 2013 the availability of its new Threat Intelligence Briefing (TIB) service. Delivered by Accuvant LABS research experts, the service gives organizations

Validian 1st–To–Market With Major Cyber Security Breakthrough for Mobile Device Privacy (ITBusiness) Validian Corp. (OTCQB:VLDI), the first-to-market with the next generation of cyber security technology for the management and protection of digital information, data and assets, today announced a major cyber security breakthrough for protecting the storage, access and transfer of Digital Information on mobile devices

Rabid trolls prompt Twitter to promise 'Report Abuse' button on all messages (Naked Security) Following the savagery unleashed by trolls on a UK journalist who managed to get a woman's face onto a banknote, then further bomb threats to other female journalists, and the subsequent outrage and promised boycott of Twitter for making it so hard to report abuse, the platform didn't have much

Cylance PrivateDetect takes a unique approach to security (CSO) Stuart McClure, and the rest of the team at Cylance have been in the trenches of cyber security for years. They know what works, and they've been in a position

Introducing ThreatWatch: A New Way to Explore the Evolving World of Cyber Dangers (Defense One) Welcome to the World Wide Web of threats. Nextgov's new feature, ThreatWatch, is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves

Android tablet gives rare glimpse at North Korean tech (NetworkWorld) Thanks to a tourist, a detailed look at one of North Korea's latest tablet computers is possible. An Android tablet brought back from North Korea by a tourist has provided a glimpse at some of the restrictions placed on IT users in the famously secretive country

Novell ZENworks Mobile Management 2.7 (SC Magazine) ZENworks Mobile Management from Novell allows for full control of a mobile device from both a security and policy perspective. With this product deployed, administrators can easily mange a device's security settings, such as requiring a PIN or password on the device, as well as device encryption and file-sharing requirements. Along with security settings, administrators can also pass down policy for specific or groups of devices that include browser access or use of device functions, such as the camera or Bluetooth connection

HackShield bags prevent physical and digital intrusion (Help Net Security) Das Keyboard launched highly secure, radio frequency blocking bags. Known as HackShield bags, the company's one-of-a-kind backpack and messenger bags empower professionals on-the-go with a new level of protection against physical and digital intrusion

Web application scanner and vulnerability assessment tool launched in beta (SC Magazine) A cloud-based web application security assessment tool has been launched by High-Tech Bridge

Kaspersky to end hosted services this month (SC Magazine) In an email to SC Magazine, Kaspersky confirmed its announcement from August 2012 that it was ceasing to sell Kaspersky Hosted Security (KHS), but that all existing customers would be fully supported through to August 2013

Facebook turns on secure browsing by default (ComputerWorld) Facebook turned on a key security feature by default on Wednesday that scrambles data sent by users to the company's servers, following similar moves in recent years by Web services such as Google and Twitter

SSH Communications Security Unveils General Availability Of SSH Risk Assessor Tool (Dark Reading) Free tool provides users with a clear report on risk and compliance exposures in Secure Shell environments. Black Hat USA Booth #437 -- SSH Communications Security, known the world over as the inventor of the ubiquitous Secure Shell and SFTP protocols, today announced the general availability of SSH Risk Assessor (SRA), a free tool that provides users with a clear report on risk and compliance exposures in Secure Shell environments. SRA is now available for download on SSH's website

Malware Beware: Introducing The Spyder Initiative (ThreatTrack) One of the biggest challenges cybersecurity professionals face these days is reducing the lag time from identification to remediation for malware that infects a corporate network. That's about to change. ThreatTrack Security will showcase the next big advance in security technology, The Spyder Initiative, at this week's Black Hat USA 2013 conference in Las Vegas. Through The Spyder Initiative, ThreatTrack Security will develop a new breed of cyber-defense solutions that will help users identify and eliminate any threat targeting their network, including APTs and Zero-day threats evading traditional signature-based detection

Technologies, Techniques, and Standards

How To: Setting Up Google's Two-Factor Authentication In Linux (Internet Storm Center) We can already use two-step authentication in GMail with the Google Authenticator Android app. The idea is creating a secret key shared between the service and the Android app, so every 30 seconds we get a randomly generated token on Android that must be provided to login in addition to the password. That token is only valid in that 30s time frame

IT system security authorization more dynamic than in past, says NIST official (FierceGovIT) Perceptions about the information technology security authorization process as being archaic and bureaucratic aren't keeping pace with a shift to a risk-based approach being fostered by the National Institute of Standards and Technology and the Defense Department, said Ron Ross, a NIST cybersecurity official

World War B: Surviving a Global Business Breach Event (SecurityWeek) Data breaches are not designed for your convenience. They don't stick to one state or one regulator. They don't even stick to one country. There are HR files from the US, customer files from Canada, and marketing campaigns full of personally identifiable information from the UK. One breach can trigger laws around the globe, each with different responses

5 ways to be invisible online (MarketWatch) The NSA is reportedly tracking your activities on the Internet. Online, everyone's an open book -- but now the National Security Agency is also keeping tabs on consumers' activities online. Users increasingly wear their hearts on their screens, but security experts say there are ways to minimize your Internet footprint

Hide and go seek, not hide and go tweak (THe Honeynet Project) On July 31, 2013, Jason Geffner of CrowdStrike will discuss a new tool called "Tortilla" that allows incident responders and computer security researchers to hide behind the ToR network as they poke and prod malicious software infrastructure. Were I there (hint, hint, to those who are ;) I would ask Jason this question: What things should I not do while using Tortilla, and why shouldn't I do them? I know Jason and respect his technical skills, but if he and CrowdStrike don't have a good answer, that will say a lot about our field's collective ability to reason about actions along the Active Response Continuum

Is social sign-on the next step for online security? (SC Magazine) Han van Meegeren was born at the end of the 19th Century in the Netherlands and went on to become one of the world's most prolific art forgers. A talented artist, the story goes that van Meegeren turned to fraud when he became frustrated by critics' failure to lavish praise on his own original works. He decided to use his undoubted technical skill as a painter to create a new work in the style of Vermeer and pass it off as a hitherto-undiscovered original

Inside the Black Hat 2013 Wi-Fi Network (eSecurity Planet) What does it take to provide connectivity to one of the most hostile network environments on Earth? In this exclusive, eSecurity Planet finds out

Design and Innovation

What IT security pros can learn from a Dyson vacuum cleaner! (IS Decisions) How can IT security professionals better succeed when engaging others on information security and awareness? Bruce Hallas is the creator and founder of The Analogies Project and the owner and principle consultant at Marmalade Box Ltd


UD offering credit monitoring following cyber breach (NewsWorks) University of Delaware is urging current and former employees to be on the lookout for information regarding the steps they need to take following a major cyber security breech earlier this month

Switch in college focus pays off for cybersecurity contest winner (Baltimore Sun) Anne Arundel student excels in Homeland Security-sponsored camp

Legislation, Policy, and Regulation

NSA Chief Speaks At Black Hat (NPR) After Bradley Manning and Edward Snowden and Congressional pushback, NSA Chief Gen. Keith Alexander speaks to Black Hat, a conference for security professionals. The gusher of news on the NSA and surveillance keeps coming. This week, one of the keenest audiences is in Las Vegas: hackers and security geeks and execs. Lots of them. At the conferences called Black Hat and DEF CON, where hacker T-shirts say "Hack Naked" and "Stay Anonymous."

General Alexander heckled during Black Hat keynote address (CSO) General Keith Alexander, Director of the National Security Agency, kept a cool head as he was heckled by attendees during his keynote address at the Black Hat security conference in Las Vegas on Wednesday

NSA Director's Defense of PRISM, Surveillance Programs at Black Hat Draws Mixed Reviews (SecurityWeek) A year ago, NSA Director Gen. Keith Alexander spoke at the DefCon security conference and made a direct appeal for the hacker community to help secure the Web. Twelve months and several leaks of classified data later, the feds were discouraged from attending DefCon, and Alexander took the stage at Black Hat USA to defend his agency's electronic surveillance programs

NSA chief asks a skeptical crowd of hackers to help agency do its job (Washington Post) It doesn't get much stranger than this, even in Vegas. Gen. Keith B. Alexander, director of the National Security Agency, stood in front of a standing-room-only crowd Wednesday, selling the idea of government surveillance programs

NSA Chief Justifies US Spying To Black Hat Hackers And Security Professionals (Forbes) Speaking to an audience of hackers and security professionals at the annual Black Hat conference in Las Vegas, National Security Agency Director General Keith Alexander defended the PRISM program and the NSA's cache of phone metadata as necessary to protect the lives of American citizens and overseas allies. He also said that the programs are tightly monitored and that - in addition to technical tools that limit what analysts can access -- all analysts are audited to be sure they have justification for any data they access

NSA Director Heckled At Conference As He Asks For Security Community's Understanding (Forbes) When NSA Director Keith Alexander appeared at the Las Vegas security conference Black Hat Wednesday morning, he hoped to mend the NSA's reputation in the eyes of thousands of the conference's hackers and security professionals. It didn't go exactly as planned

Franken aims to reveal scope of NSA surveillance (The Hill) Sen. Al Franken (D-Minn.) plans to introduce legislation on Thursday that would force the National Security Agency to reveal how many people in the United States it has spied on

Senators push for changes in NSA data collection (CSO) Lawmakers focus on adding transparency to the agency's phone records collection program. Several U.S. senators will push for changes in the way the National Security Agency collects the telephone records of millions of U.S. residents, with lawmakers saying they will focus on making the NSA program more transparent to the public

Glenn Greenwald Gives Civil Libertarians Momentum Despite Canceled Hearing (PolicyMic) Guardian columnist Glenn Greenwald was set to testify on Capitol Hill Wednesday for a hearing on the National Security Agency's controversial surveillance program, first revealed to the public by whistleblower Edward Snowden. The informal hearing was put on hold after President Obama scheduled a meeting with the Democratic lawmakers involved

The Fourth Amendment under assault (FiercMobileIT) The Fourth Amendment, which guarantees the right of U.S. citizens against "unreasonable searches and seizures," is under assault from the courts, law enforcement and the intelligence community

NSA acknowledges its '3 hops' get millions of Americans' phone records, not just terrorists (Washington Post) President Barack Obama's national security team acknowledged for the first time Wednesday that, when investigating one suspected terrorist, it can read and store the phone records of millions of Americans

NSA Hype Machine (Foreign Policy) Is Edward Snowden exposing the NSA -- or just buying its sales pitch? Maybe Edward Snowden wasn't such a blowhard, after all. When the NSA leaker insisted that low-level employees like him could spy on just about anyone, administration officials and NSA supporters in Congress were quick to call him an embellisher, if not an outright liar. But a pair of classified disclosures on Wednesday -- one authorized by government officials, the other most certainly not -- lend some credence to Snowden's claims. They don't clearly demonstrate that Snowden was right, but they don't exactly rule out that an analyst could use the powerful tool to spy on Americans without proper authority

Surveillance, Legal Access Could Weaken Internet Infrastructure (Threatpost) The pervasive bulk surveillance performed by the NSA and other government agencies that's been revealed in recent weeks relies on court orders, as do other kinds of legal access operations, such as wiretapping or lawful intercepts. Those orders are shrouded in secrecy and the organizations that receive them often comply immediately without asking any questions, a response that can sometimes be a mistake

Debate Over Extent Of Government Data Reach Will Last Years, Say Privacy Experts (CRN) Businesses have the ability to push back on law enforcement's secret demands for large swaths of user data or risk opening costly weaknesses that could provide terrorists and other criminals a way to conduct serious damage, according to a group of expert panelists studying the issue of privacy and civil liberties

It's Culture, Not Technology, That Inhibits Cyber Information Sharing (SIGNAL Online) Resistance to change may prove to be the biggest impediment to information sharing among the cyber intelligence community. Both government and industry must break out of their existing paradigms to share cyber intelligence that may prove vital to national security

How did low-level employees access national secrets? (CBS News) "It frightened me when I was running counterintelligence because I predicted this kind of disaster," said Joel Brenner, who was the National Security Agency's

NIST cybersecurity framework bill voted out of Senate committee (FierceGovIT) The Senate Commerce, Science and Transportation Committee passed by voice vote July 31 a cybersecurity bill that would codify into law the private sector cybersecurity framework called for by President Obama

New [UAE] Cyber Crimes Legislation (Mondaq) The UAE has introduced new federal legislation directed towards combating increased cyber criminal activity experienced in the region. This article addresses specific issues which arise out of this new law and what impact those issues might have on the insurance cover available

Litigation, Investigation, and Law Enforcement

Is the Snowden case Manning, Part II? Not quite, experts say (CNN) Bradley Manning and Edward Snowden are two American men in their 20s. They're both fascinated by -- and adept at -- computer use and held jobs that gave them access to some of their country's most secret and sensitive intelligence

US military judge to hear arguments in Manning sentencing (Reuters) The trial of Bradley Manning, the U.S. soldier found guilty on 19 counts of handing over classified data to WikiLeaks

Edward Snowden Has Left the Airport (National Journal) The NSA leaker has reportedly been granted a one-year asylum in Russia

Intelligence Official Says No One Fired over Snowden (NewsMax) The deputy director of the U.S. National Security Agency said on Wednesday that no one had been fired and no one had offered to resign over former security contractor Edward Snowden's ability to take large amounts of classified data from agency computers

ODNI declassifies bulk metadata reports (FiercGovIT) The head of the intelligence community declassified Wednesday two redacted reports to Congress on bulk metadata collection and a primary court order for metadata collection under the Patriot Act

NASA Navigates Space Better than it Navigates the Cloud (Infosecurity Magazine) An audit of NASA's progress in adopting cloud-computing technologies has revealed that the space agency's current use of cloud falls short of expectations in IT governance and risk management

Malware alert while seeking child abuse images at work earns US man 5 years in jail (Naked Security) A five-year jail term has been handed to a US man found downloading and watching child abuse imagery at work. Authorities were apparently alerted to his activities when his company computer was hit by a malware attack

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...

Third Annual SINET™Innovation Summit (New York, New York, USA, August 6, 2013) SINET™, the premiere community builder and innovation catalyst for the Cybersecurity industry hosts their third annual Innovation Summit at Columbia University on August 6th. SINET programs are where the...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...

AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...

AIAA Aviation 2013 (Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...

Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...

A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

cybergamut Technical Tuesday: A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

Resilience Week 2013 (San Francisco, California, USA, August 13 - 15, 2013) The 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...

Resilience Week 201 (San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...

Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.