skip navigation

More signal. Less noise.

Daily briefing.

Over the weekend Der Spiegel reported widespread US surveillance—"bugging"—of EU offices and interception of other US European allies' electronic traffic. The German Foreign Minister has summoned the US ambassador to demand an explanation, and European officials say the allegations will have far-reaching effects on trans-Atlantic relations (starting with pending trade agreements). Chinese reaction is, predictably, one of satisfied high dudgeon. Current and former US officials offer a range of tu quoque defenses (seconded, in the case of Chinese cyber espionage, by the UK) but there's little doubt that the diplomatic implications of PRISM and related allegations are serious and enduring.

Last week's attacks on Korean sites are still being sorted out. About 100,000 people's personal data were exposed in the breach of the Republic of Korea's presidential site. A profile of the Dark Seoul gang emerges. Universities in Brazil and the United States also suffer data breaches.

Several new exploits are demonstrated, including an HTTPS side-channel attack and a "keyjacking" hack. The Blackhole exploit kit sniffs around Pinterest, and Opera continues to suffer from its vulnerabilities. US-CERT discloses a cyber campaign unnamed actors conducted against US natural gas pipelines earlier this year.

US policymakers continue to grapple with fallout from the PRISM affair. The Senate wants to grill DNI Clapper (again) in the wake of press reports about surveillance programs. Former DCI Hayden calls for more openness about intelligence operations. Congress-watchers think PRISM has indefinitely delayed legislative action on cyber security. India rolls out its own surveillance program.

Notes.

Today's issue includes events affecting Brazil, Canada, China, European Union, Germany, India, Iran, Republic of Korea, New Zealand, Russia, Singapore, Taiwan, Turkey, United Kingdom, United States..

The CyberWire will take a holiday this Thursday and Friday as its staff celebrates US Independence Day. We'll resume normal publication on Monday, July 8.

Cyber Attacks, Threats, and Vulnerabilities

NSA Snooping Scandal: US Spied and 'Conducted Cyber-Attack' Against EU (IBTimes.co.uk) The most chilling claim in the secret report from 2010 is that Brussels was subjected to a cyber-attack at its offices in New York and Washington, which was later traced back to a Nato building used by US officials. Papers suggest US spies eavesdropped

US reportedly bugged EU offices, computer networks (ABC Online) The allegations are based on a "top secret" document from the National Security Agency (NSA), dated September 2010, that was allegedly stolen by fugitive Edward Snowden. The document, which has been seen in part by Der Spiegel journalists, is said to

Attacks from America: NSA Spied on European Union Offices (Der Spiegel) America's NSA intelligence service allegedly targeted the European Union with its spying activities. According to SPIEGEL information, the US placed bugs in the EU representation in Washington and infiltrated its computer network. Cyber attacks were also perpetrated against Brussels in New York and Washington

Europeans Demand Answers Over Alleged US Bugging (SecurityWeek) The European Union angrily demanded answers from the United States on Sunday over allegations Washington had bugged its offices, the latest spying claim attributed to fugitive leaker Edward Snowden

European officials slam US over bugging report (Cyberwarzone) Senior European officials expressed concern Sunday at reports that U.S. intelligence agents bugged EU offices on both sides of the Atlantic, with some leftist lawmakers calling for concrete sanctions against Washington

Around 100000 members of Korea's presidential office site hacked (Arirang News) We reported earlier last week that the website of Korea's presidential office of Cheong Wa Dae came under a cyber-attack on Tuesday and on this Sunday, new reports show that personal information of around 100-thousand Cheong Wa Dae website

Research sheds light on "Dark Seoul" sabotage gang (SC Magazine) Over the past four years a politically motivated group has targeted companies, mostly in South Korea, by planting trojans capable of wiping data, shuttering websites through distributed denial-of-service (DDoS) attacks and stealing sensitive corporate information

Anonymous attack on South Korea presidential site & massive data leak (Cyberwarzone) Personal information from roughly 100,000 people was leaked in a recent hacking attack on the presidential office, a presidential official said Sunday, in the first confirmed data leakage involving the top South Korean office

University of Neoliberal Arts & REDNET Institute Brasil Hacked, Accounts Leaked (Hack Read) The hackers from NullCrew are back in news with their latest attack, this time the crew has attacked the official website of University of Neoliberal Arts and a Brazilian based technology institute REDNET. The hack was announced by the hackers on their official Twitter account which shows 146 accounts from University of Neoliberal Arts and around 1000 accounts

University of South Carolina Acknowledges Security Breach (eSecurity Planet) More than 6,000 students' names, e-mail addresses and Social Security numbers may have been exposed

HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft (Dark Reading) Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds. A new side channel vulnerability in HTTPS traffic could make it possible for targeted attackers to dig up secrets like session identifiers, CSRF tokens, OAuth tokens, and ViewState hidden fields without users ever being the wiser, say researchers who will explain how the attack could work at this year's Black Hat

How cybercriminals create and operate Android-based botnets (Webroot Threat Blog) On their way to acquire the latest and coolest Android game or application, end users with outdated situational awareness on the latest threats facing them often not only undermine the confidentiality and integrity of their devices, but also, can unknowingly expose critical business data to the cybercriminals who managed to infect their devices

Blackhole Exploit Kit Campaign Takes Interest in Pinterest (TrenLabs Threat Encyclopedia) Pinterest has actively been used in different spam campaigns in the past - from basic phishing to complicated spam techniques incorporating salad words and invisible ink. Blackhole Exploit Kit (BHEK) spam campaigns have also been known to us for quite some time. BHEK spam campaigns are known to use popular brand names and websites to lure users

TSPY_FAREIT.ACU (TrendLabs Threat Encyclopedia) This malware guises as an Opera update. Cybercriminals behind this threat stole an outdated Opera digital certificate, which they used to sign this malware

Malwarebytes finds Malware Pretending to be Emulator of Xbox One (SpamfighterNews) Malwarebytes the security company says that its researchers have found one malware that pretends to be an emulator of the movie-game Xbox One, while dupes gamers keenly looking forward to the forthcoming online games console such that they'll download the malware

Anatomy of a browser trick - you've heard of "clickjacking", now meet "keyjacking"… (Naked Security) An Italian security researcher has rediscovered a trick known as user interface redressing

Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps (Threatpost) A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann. The vulnerabilities in the GNU ZRTPCPP library already have been addressed in a new version of the library and Silent Circle has implemented a fix, as well

Facebook's outmoded Web crypto opens door to NSA spying (CNET) It's relatively easy for the National Security Agency's spooks to break outdated Web encryption after vacuuming up data from fiber taps, cryptographers say. But Facebook is still using it

Cyber Attacks Targeted Key Components of Natural Gas Pipeline Systems (SecurityWeek) Attackers Used Brute Force Attacks Against Internet-Facing Controls Systems at Gas Compressor Stations. In its latest monthly report designed to promote preparedness, information sharing, and collaboration across infrastructure sectors, The Department of Homeland Security's ICS-CERT publicly revealed information on a series of attacks that targeted gas compressor station operators earlier this year

Opera developers explain why malicious "update" wasn't detected (Help Net Security) Opera Software has finally come out with more details about the recent compromise of its internal infrastructure, the theft of an expired code signing certificate, and the delivery of malware signed

IE, Chrome Browser Attack Exploits Windows PCs (InformationWeek) Microsoft says the social-engineering vulnerability, which uses "pop-under" browser notifications and a fake Captcha, isn't a Windows bug

Security Patches, Mitigations, and Software Updates

Microsoft Moves To Weekly Software Updates (InformationWeek) Microsoft aims to match competitors with weekly updates to Office, Outlook and other Windows 8 apps beginning later this year

Cisco issues IronPort patch (The Register) Vuln exposed systems to remote crash, takeover. Cisco has issued a patch for vulnerabilities that exposed its IronPort AsyncOS software for the Cisco e-mail security appliance to cover denial-of-service and command injection problems

Cyber Trends

Britain: Cyber-Attacks on 'Industrial Scale' Steal Business Secrets (IBTimes.co.uk) Though GCHQ has not attributed attacks to any specific foreign intelligence service, the United States previously implicated China in cyber-attacks against American businesses. China, Saudi threat. In a recent annual report to US Congress, The Pentagon

Cyber Threat is Real and Mobile (Mobile Enterprise) The company works with the U.S. Central Command and the Department of Homeland Security among other agencies. "The way we view cyber -- and it's disturbing to some -- but cyber is not tangible," he said. The U.S. military covers sea, air, land and

Complacent staff weak link in combating cyber criminals (Financial Times) Many companies - like the world's superpowers - are loathe to admit explicitly just how much data they have collected and would be embarrassed to own up to a cyber attack. Governments are working to encourage more disclosure to help to form a united

Is The Internet Worth It? (Washington Post) So much depends on the Internet that its vulnerability to sabotage invites doomsday visions of the breakdown of order and trust. In a report, the Defense Science Board, an advisory group to the Pentagon, acknowledged "staggering losses" of information involving weapons design and combat methods to hackers (not identified, but probably Chinese). In the future, hackers might disarm military units

5 Tech Trends that Explain the Evolution of Online Threats (Zeltser) Information security professionals need to keep an eye on the always-evolving cyber threat landscape. Accomplishing this involves understanding how changes in people's use of technology influence the opportunities and techniques pursued by criminals on-line. Below are 5 tech trends that have affected the evolution of threats

DHS Report: Energy Sector Now a Bigger Target for Cyber Attackers (Wall Street Journal) The energy sector is reporting an enormous increase in the number of attempted cyber attacks in 2013, according to a new report from the Department of Homeland Security. Some of the new attempted attacks have included the industrial control systems of

Abuse of mobile app permissions (Help Net Security) McAfee Labs found that under the camouflage of "free" apps, criminals are able to get consumers to agree to invasive permissions that allow scammers to deploy malware. The permissions in free apps

Most Internet users have fallen victim to malware (Help Net Security) The current state of cyber-security has left US Internet users anxious about hacks and password theft. Despite constant victimization, the majority are not using two-factor authentication and are left

Marketplace

Global Cyber Crowd Convenes in Maryland (DBED) Last month, 200 cybersecurity executives from the U.S., Canada and the U.K. gathered in Annapolis for Cross Tech, a two-day conference at which attendees discussed cyber solutions and showcased collaborations in information assurance between the private and public sectors. Cyber executives from Canada and the U.K. were also given the opportunity to present their technologies and companies to U.S. experts in hopes of developing international connections, partnerships and business opportunities

Palantir is helping California police develop controversial license plate database (The Verge) According to the report, the company is party to a $340,000 contract to build the new infrastructure. The project is being spearheaded by the Northern California Intelligence Research Center -- an office set up after the 9/11 terror attacks to enable

Raytheon acquires Visual Analytics, a Maryland-based analytics business (Government Security News) As one of the largest processors of data for the intelligence community, Raytheon has extensive experience handling large data sets and providing actionable information to its customers. The acquisition of Visual Analytics, of Frederick, MD, will add

Oracle's Week Of Mega Deals Leaves Questions (InformationWeek) As Salesforce.com CEO Marc Benioff heaps compliments on Larry Ellison, what's the future for Oracle cloud apps, Force.com

Products, Services, and Solutions

Apple gains FIPS 140 level 2 cryptographic compliance for A4, A5 chips (The Next Web) According to the definitions provided by Certicom, "IPS 140-2 Validation is required for sale of products implementing cryptography to the Federal Government. If you don't have FIPS 140-2 Validation for your product, and can't show that you are going

Procera Networks to Showcase Dynamic LiveView at QUESTnet 2013 (MarketWatch) Procera Networks, Inc. (NASDAQ:PKT) , the global network intelligence company, today announced it will

Machine-Learning Project Sifts Through Big Security Data (Dark Reading) As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns. As an information-security consultant, Alexandre Pinto spent 12 years helping companies set up difficult-to-configure systems to cull security intelligence from logs and security events

Iran introduces domestically-made antivirus Padvish (Trend) Iranian engineers have managed to develop an antivirus which can compete with foreign rivals, the Mehr News Agency reported

Explore, analyze and visualize data in Hadoop (Help Net Security) Splunk announced the beta version of Hunk: Splunk Analytics for Hadoop, a new software product that integrates exploration, analysis and visualisation of data in Hadoop. Hunk drives improvements

Bitdefender's Total Security 2014 now faster, adds password manager (PC Authority) Antivirus Plus, Internet Security and Total Security all now include Bitdefender's new Photon technology, which it's claimed "tailor-fits to each user's computer for fast scanning, a quicker boot time, smooth interaction with apps and the same award

Google boosts BYOD management features for Android devices (FierceMobileIT) Google (NASDAQ: GOOG) announced Thursday that it is adding a number of BYOD management features to Android devices, including selective wipe and Wi-Fi configuration capabilities

An HP smartphone is in the works, says director (Ars Technica) Android? webOS? Firefox OS? Jolla? HP's allegiance is yet to be declared

Technologies, Techniques, and Standards

Certifying Forensics for Information Security (eSecurity Planet) As threats and breaches continues to grow, there is a need for a new type of certified professional. In the fight to help secure and remediate modern security risks, there is need for a host of professionals with the certified skills to get the job done. But what happens when there is no certification

NIST Cybersecurity Framework (Internet Storm Center) The NIST has published a voluntary framework to reduce cyber risk to critical infrastructure as a result of a directive inside the President's execute order for improving critical infrastructure cybersecurity

A smarter approach to defend against advanced persistent threats (SC Magazine UK) Layered security is still needed, but now you must look to new forms of malware analysis. Malware analysis involves both static and dynamic techniques

Can you trust your online backup service? (Help Net Security) While having lots of digital storage space at your physical location may be cheap nowadays, it's also very useful to have offsite backups - not only in the event of a major natural disaster or theft

Google offers tips on Wi-Fi security (FierceCIO: TechWatch) In a new post titled "Securing your Wi-Fi network" on Google's official blog, technical program manager John Munoz offered a number on tips what home users can do to improve their Wi-Fi security. Though directed at consumers, these suggestions can also be useful to wireless networks deployed within businesses, especially for branch or remote offices that may employ a more simplistic infrastructure

Lotus F1 builds a secure, reliable network (Infosecurity Magazine) While the Lotus F1 Team prepares for the British Grand Prix at Silverstone this weekend, Infosecurity talked to its CIO about the network and security demands in a very unusual business

Password complexity rules more annoying, less effective than length ones (Ars Technica) Long-length rule results in harder-to-crack passwords than a short/complex one. Few Internet frustrations are so familiar as the password restriction. After creating a few (dozen) logins for all our Web presences, the use of symbols, mixed cases, and numbers seems less like a security measure and more like a torture device when it comes to remembering a complex password on a little-used site. But at least that variety of characters keeps you safe, right? As it turns out, there is some contrary research that supports both how frustrating these restrictions are and suggests it's possible that the positive effect of complexity rules on security may not be as great as long length requirements

Design and Innovation

This might be the dorkiest security advice we've seen (VentureBeat) Symantec has put together perhaps the dorkiest security advice: an entire comic strip on how Shadow IT affects a business. And it reads like an 80s after-school special. We kind of love it

Research and Development

Is It the Dawn of the Encryption App? (Mashable) Amidst prying eyes, a small but growing group of hackers and programmers is working on applications that use cryptography -- the science of creating techniques to hide data and render it readable only to intended recipients -- to fight surveillance and

Wi-Vi: Seeing through walls with Wi-Fi signals (Help Net Security) Two MIT researchers have created Wi-Vi, an experimental system that uses Wi-Fi signals to track moving objects - usually people - behind a wall and in closed rooms. The system works on the same

Academia

St. Philip's earns NSA designation for cyber-security curriculum (San Antonio Business Journal) National Security Agency and Department of Homeland Security officials upgraded St. Philip's College's cyber-security program as a National Center of Academic Excellence in Information Assurance. St. Philip's College offers both online and on-campus

Legislation, Policy, and Regulation

Joint Chiefs Chair Talks Security at Brookings (Threatpost) General Martin Dempsey, Chairman of the Joint Chiefs of Staff, made clear yesterday in a speech to the Brookings Institution that the military, government, and private sector each has a role to play in hardening the U.S. against cyberattacks

Hayden: Open spy programs to reassure US public (MiamiHerald.com) The former director of the CIA and National Security Agency says the government should release more information about its secretive surveillance programs to reassure Americans that their privacy rights are being protected. Michael Hayden

US senators demand to know from Clapper extent and benefits of spy program (PCWorld) A group of 26 U.S. senators, cutting across party lines, are seeking "public answers" on whether the National Security Agency collected in bulk other data such as credit card purchases and financial information in the U.S. besides phone records

Ex-US spy agency chief wants controls on unchecked data access (Chicago Tribune) Former National Security Agency director Mike McConnell, who now works for defense contractor Booz Allen Hamilton, said people employed to sift through classified government data should not have solo access to the information

Spying on Allies (Lawfare) The emerging controversy about the USG spying on European allies brings to mind the ECHELON controversy a dozen years ago. (FAS has a page that collects information on ECHELON.) ECHELON was a signals intelligence collection program (or programs) by the USG and its anglophile allies. Its means and scope were always uncertain, but it involved large-scale collection, including in Europe. According to the European Parliament report on the topic, ECHELON had the global capacity "to intercept any telephone, fax, Internet or e-mail message sent by any individual and thus to inspect its contents"

E.U. Angry Over Spying Allegations (Washington Post) European leaders reacted with fury Sunday to allegations in a German newsmagazine that the United States had conducted a wide-ranging effort to monitor European Union diplomatic offices and computer networks, with some saying that they expected such surveillance from enemies, not their closest economic partner

EU Warns Trade Deal Under Threat Over US Bugging Claims (SecurityWeek) A long-awaited trade deal between the European Union and the United States could be in jeopardy over allegations that Washington bugged EU offices, European Justice Commissioner Viviane Reding warned on Sunday

Snowden's Leaks Cloud U.S. Plan to Curb Chinese Hacking (Bloomberg) The Obama administration's strategy for confronting China over the theft of commercial technology has been battered by Edward Snowden's disclosures of U.S. spying, leaving officials rushing to salvage a plan they crafted in secret over the past two years

NSA Surveillance Prompts Several Bills But Little Action In Congress (Huffington Post) In the three weeks since Edward Snowden revealed the National Security Agency's widespread surveillance programs, the legislative response to his revelations on Capitol Hill has slowed to a glacial pace and public obsession has

Outcry over PRISM spying delays CISPA and other cyber bills from moving forward (The Verge) But those bills, including the controversial Cyber Intelligence Sharing and Protection Act (CISPA), look like they will be spending even more time in legislative limbo. Bloomberg news reports today that House and Senate lawmakers are holding back on

Misinformation on classified NSA programs includes statements by senior US officials (Washington Post) Amid the cascading disclosures about National Security Agency surveillance programs, the top lawyer in the U.S. intelligence community opened his remarks at a rare public appearance last week with a lament about how much of the information being

A Trail Of Inaccuracy About NSA Programs (Washington Post) U.S. officials have parsed, hedged and misstated facts

Give it up; the National Security Agency knows everything … EVERYTHING (StandardNet) If there's one positive thing to come out of the NSA-surveillance scandal, it's that so many Americans consider it outrageous. Apparently, most of the public honestly believed the government wasn't already spying on all of us all the time

Why Obama Was Never Going To Be A Civil Liberties Champion (TechCrunch) Barack Obama was never going to be a champion of civil liberties; he leads a very old and quickly growing strain of the Democratic party that prioritizes the collective good over individual rights. This coercively inclusive worldview feels that every business, government agency, country, and citizen has an obligation to contribute to the greater good

How a 30-year-old lawyer exposed NSA mass surveillance of Americans--in 1975 (Ars Technica) Project SHAMROCK allowed the NSA to intercept telegrams sent by US citizens.US intelligence agencies have sprung so many leaks over the last few years--black sites, rendition, drone strikes, secret fiber taps, dragnet phone record surveillance, Internet metadata collection, PRISM, etc, etc--that it can be difficult to remember just how truly difficult operations like the NSA have been to penetrate historically. Critics today charge that the US surveillance state has become a self-perpetuating, insular leviathan that essentially makes its own rules under minimal oversight. Back in 1975, however, the situation was likely even worse. The NSA literally "never before had an oversight relationship with the Congress." Creating that relationship fell to an unlikely man: 30 year old lawyer L. Britt Snider, who knew almost nothing about foreign intelligence

The NSA's early years: Exposed! (Salon) "One of the gravest crises in the history of American cryptanalysis," writes historian Colin Burke, led directly to the 1949 mergingof the SIS and OP-20-G

Why the US doesn't use cyber-weapons to attack its enemies more often (Quartz) Mike McConnell, vice chairman at government contractor Booz Allen Hamilton and former head of the National Security Agency and US director of National Intelligence, says the US has the best capabilities in the world for cyber-attacking and "can do some

"Cyber Attack on the US Could be Met with Conventional Military Response" (Defense Update) Three types of teams will operate around the clock at Cyber Command, Dempsey said. National mission teams will counter adversary cyberattacks on the United States. A second and larger set of teams will support combatant commanders as they execute

US spy device 'tested on NZ public' (Cyberwarzone) A high-tech United States surveillance tool which sweeps up all communications without a warrant was sent to New Zealand for testing on the public, according to an espionage expert. The tool was called ThinThread and it worked by automatically intercepting phone, email and internet information

India's new surveillance network will make the NSA green with envy (Quartz) India doesn't seem to worry that the surveillance scandal recently rocking the US might perturb its own citizens. The country is going ahead with an ambitious program that will let it monitor any one of its 900 million telecom subscribers and 120 million internet users

Turkey heads for Twitter showdown after anti-government protests (The Guardian) Government asks Twitter to set up 'representative office' inside Turkey in move that could presage censorship of service

SAF beefs up capabilities to quash cyber threats (AsiaOne) Although more details of the Cyber Defence Operations Hub were not revealed, Mr David Siah, Trend Micro Singapore's country manager, said today's cyber attacks extend beyond delivering malware, to establishing lasting footholds inside networks

Litigation, Investigation, and Law Enforcement

Encryption Has Foiled Wiretaps for First Time Ever, Feds Say (Wired) Encryption for the first time is thwarting government surveillance efforts through court-approved wiretaps, U.S. officials said today. The disclosure, buried in a report by the U.S. agency that oversees federal courts, also showed that authorities armed with wiretap orders are

Biden asks Ecuador's president to reject NSA leaker Edward Snowden's asylum (Minneapolis Star Tribune) Vice President Joe Biden has asked Ecuador to turn down an asylum request from National Security Agency leaker Edward Snowden, the country's president said Saturday. Rafael Correa, in a weekly television address, offered little

Snowden In Limbo As Options Narrow (Wall Street Journal) As Edward Snowden entered his second week of limbo in Moscow's airport on Sunday, his decision to go to Russia is looking riskier than it first appeared, and may have left him in a worse situation than if he had stayed in Hong Kong

Snowden's Fate Is Up To Russia, Ecuador Says (New York Times) President Rafael Correa said Sunday that while there were weighty arguments for granting asylum to the fugitive American intelligence leaker Edward J. Snowden, it was up to Russia to decide what happens to him

Job Title Key To Inner Access Held By Leaker (New York Times) Intelligence officials refer to Edward J. Snowden's job as a National Security Agency contractor as ''systems administrator'' -- a bland name for the specialists who keep the computers humming. But his last job before leaking classified documents about N.S.A. surveillance, he told the news organization The Guardian, was actually ''infrastructure analyst''

Edward Snowden: The Geek Turned Deep Throat (SecurityWeek) Hunted as a US traitor and at the center of a diplomatic row, Edward Snowden got off to a less spectacular start in life: he is a self-confessed geek and high school dropout. Snowden, 30, came out of nowhere to trigger one of the biggest intelligence leaks in American history, triggering a furious standoff with Russia as he evades capture from a Moscow airport transit area

Bipartisan group of senators urges transparency on phone record surveillance (Washington Post) The senators are pressing Director of National Intelligence James R. Clapper to answer a series of questions, including how long the National Security Agency has used Section 215 authorities to engage in the bulk collection of Americans' records

Has global manhunt for Snowden turned into sideshow, sidelining debate over spying? (Washington Post) But the search for the former National Security Agency contractor who spilled government secrets has become something of a distracting sideshow, some say, overshadowing at least for now the important debate over the government's power to seize the

Who Helped Snowden Steal State Secrets? (Wall Street Journal) The preparations began before he took the job that landed him at the NSA. In March 2013, when Edward Snowden sought a job with Booz Allen Hamilton at a National Security Agency facility in Hawaii, he signed the requisite classified-information agreements and would have been made well aware of the law regarding communications intelligence

SCHEER: U.S. intelligence has many traitors (Rapid City Journal) What a disgrace. The U.S. government, cheered on by much of the media, launches an international manhunt to capture a young American whose crime is that he dared challenge the excess of state power

NSA Leak Vindicates AT&T Whistleblower (Wired) Today's revelations that the National Security Agency collected bulk data on the email traffic of millions of Americans provides startling evidence for the first time to support a whistleblower's longstanding claims that AT&T was forwarding global internet traffic to the

Secret US spy court lets Microsoft, Google reveal their petitions (The Register) We'll see their pleas to be ungagged, no actual gags will be dropped. America's most secret court will allow Google and Microsoft to reveal details of their legal battle to lift a gag order preventing them from disclosing how much data they give to spooks

GI's Trial In WikiLeaks Case Enters 5th Week (NewsOK.com) Prosecutors at the court-martial of an Army private at Fort Meade remain focused on the more than 250,000 State Department diplomatic cables he gave to the anti-secrecy group WikiLeaks

Man Disseminating Ghost RAT now under Custody of Taiwan's CIB (SPAMfighter News) According to researchers from Trend Micro, the Criminal Investigation Bureau of Taiwan recently detained a man thought to have been associated with cyber-assaults which utilized Ghost the infamous Remote Access Tool (RAT). Trend Micro, while helping

FBI Paid Off Wikileaks Insider To Be An Informant: Imagine If It Was The NY Times (TechDirt) People like to debate whether or not Wikileaks is or is not a "media property," but I can't see any definition of a media property under which Wikileaks would not fall. Yes, it publishes leaked documents, but so do many other media properties. Yes, it has a strong ideological viewpoint, but so do many other media properties. So it's rather stunning to read about the fact that a Wikileaks insider apparently spent some time as a paid informant for the FBI, handing over a variety of internet information on things happening within Wikileaks. Imagine if this was the NY Times or the Wall Street Journal, and it came out that an employee was getting paid by the FBI to reveal what those newspapers were working on. People would be up in arms, just like they were over the DOJ's spying on AP reporters and a Fox News reporter. Except, this wasn't just spying on a reporter, this was flat out paying off an insider to share internal information. That's incredible

Canadian cop claims he didn't know cyber-stalking was illegal (Naked Security) A Canadian police officer who pleaded guilty to planting spyware on his wife's BlackBerry has been sentenced to demotion, after two years' paid suspension

Alleged 'PayPal 14' Hackers Seek Deal To Stay Out Of Prison After Nearly 2 Years In Limbo (Huffington Post) Before he was charged in July 2011 with aiding the hacker group Anonymous, Josh Covelli lived what he considered the life of an ordinary 26-year-old. He spent countless hours on the Internet. He had a girlfriend. He was a student and employee at Devry University in Dayton, Ohio

Candid emails at S&P surface in case (FierceFinance) If recent history has shown anything when it comes to putting executives on trial, it's that email evidence isn't necessarily rock solid. These days, if prosecutors were to go to their supervisors with plans to go to trial with mainly email evidence, they might not get the green light

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

QUESTnet 2013 Conference (Gold Coast, Queensland, Australia, July 2 - 5, 2013) Queensland Education, Science and Technology Network (QUESTnet) is the Queensland regional component of the Australian Academic and Research Network (AARNet). The QUESTnet conference is an annual event...

Digital Forensics and Incident Response Summit (Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...

London Summer 2013 (London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...

GovConnects Business Breakfast: "Secured Space." What It Is - Who Has It - Who Needs It (UMUC, Dorsey Station, Elkridge, July 10, 2013) With today's Cyber threats, all businesses, institutions and the general public are at risk as never before. Learn about the lastest technologies, measures and solutions being used today and into tomorrow...

3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...

cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...

Remote Digital Forensics (Columbia, Maryland, Sioux Falls, July 16, 2013) Incident response, packaging, and mailing is a lengthy process averaging many days to get media into a forensics examiner workstation in Maryland. The current process primarily uses stand alone workstations.

Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.

Cancellation: Cybergamut Tech Tuesday, July 16 (Columbia, Maryland, USA, July 16, 2013) Next week's Tech Tuesday has been cancelled due to unforeseen circumstances.

2013 World Comp (Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...

EAGB Summer Quarterly Webinar (Webinar, July 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore:...

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

Growing Maryland's cybersecurity industry: Technical.ly Baltimore Meetup (Baltimore, Maryland, USA, July 30, 2013) Join Technically Baltimore in at CyberPoint International on July 30 for a presentation about Maryland's rapidly expanding cybersecurity industry -- and how the Baltimore region's broad, general technology...

AFCEA Global Intelligence Forum (Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.