skip navigation

More signal. Less noise.

Daily briefing.

BlackHat's begun, and stories about vulnerability demonstrations and new products spike accordingly. Among the more interesting vulnerability demonstrations are hacks of vehicular, navigational, and smart home systems. The Internet-of-things and personal smartphones are also shown notably vulnerable to surveillance.

The Syrian Electronic Army hits Viber again. Turk Hack Team defaces websites linked (it believes) with East Turkistan ethnic repression. Istanbul's airports have recovered from last week's attacks on their passport control systems. Various hackers claim attacks against Algerian, Venezuelan, and Emirati networks or accounts. Zimbabwe's government appears to be conducting a pre-election cyber campaign against its opposition.

US White House staffers find their gmail accounts hacked. Also in the US, the Securities and Exchange Commission has problems with data security and management.

June's attack on Raley's stores affects the Redwood Credit Union. A denial-of-service attack on Region Bank draws venture capital attention to security firms.

PRISM leaks continue to damage US IT firms' international market share. They also prompt some analysts to (no doubt prematurely) foretell the demise of an international Internet, and its replacement by government-controlled national or regional Webs. Consumer interest in online privacy tools rises.

Boeing's EA-18G Growler electronic warfare aircraft will receive upgraded cyber capabilities (suggesting continued convergence of electronic and cyber warfare).

SourceFire's founder reflects on Cisco's acquisition of his firm. L-3 prepares for layoffs. Huawei security concerns become an election issue in Australia.

Controversy over NSA surveillance continues in the US, with opposition to current programs apparently growing in Congress. Russia mulls extraditing Snowden.

Notes.

Today's issue includes events affecting Algeria, Argentina, Australia, Brazil, China, Ecuador, India, Philippines, Russia, Syria, Turkey, United Kingdom, United States, and Zimbabwe..

The CyberWire will provide special coverage of SINET's Innovation Summit, meeting in New York August 6. Panel topics include: Cybersecurity Opportunities in Commercial and Federal Markets, Policy and Legislation Impacts on Cybersecurity and Critical Infrastructure, Advancing Intellectual Property Threat Facing Executives Traveling Abroad, Successful Technology Transfer and Collaboration Models, and From the Intelligence Community to the Board Room - Risk Mitigation.

Cyber Attacks, Threats, and Vulnerabilities

Website of Algerian Embassy in Argentina Hacked by HighTech Brazil HackTeam (Hack Read) The HighTech Brazil HackTeam from Latin America has hacked and defaced the official website of embassy of Algeria in Argentina (embajadaargelia.int.ar). Hackers hacked the site on 25th june, 2013 and left their deface page along with a message on hacked site in Spanish language but the reason for attacking the site was not mentioned anywhere

Viber's Apple App store hacked, description changed by Syrian Electronic Army (Hack Read) Last week I reported that the famous and widely used Viber messenger was hacked by some Syrian Electronic Army and they also defaced the support page by writing that this Israeli based Viber messenger is tracking you and spying you. Having said that, a similar incident occurred today when the description page of Viber on the Apple store has been hacked and defaced by hackers. They defaced this description

430 Websites Hacked by Turk Hack Team (Hack Read) A hacker going with the handle of Black-Spy from Turk Hack Team has hacked and defaced 430 websites from different countries around the world. The sites were left with different deface pages along with messages but somehow more understandable message has been mentioned below with a message that was left by the team with the site list on Pastebin, explaining which sites were targeted and why

Istanbul airports hit by cyber attack (Hong Kong Standard) The passport control system at Istanbul Ataturk Airport's International departure terminal is now restored after being locked due to an alleged cyber attack on

Venezuela Military Domains Hacked by Dr.SHA6H and Colombian Hacker (Hack Read) In two different cyber attacks three official sub-domains of Venezuelan military server were hacked and defaced by hackers going with the handle of Dr.SHA6H and ColombianH. First attack was conducted by Dr.SHA6H on 19th July 2013 in which two sub-domains of Venezuelan military websites were hacked and left defaced with a message about ongoing war in Syria. The deface message was expressed in follow

Official Twitter account of UAE's Foreign Minister Hacked and Restored (Hack Read) Just few moments ago the official Twitter account of United Arab Emirates (UAE)'s Foreign Minister Sheikh Abdullah bin Zayed Al Nahyan was hacked by an unknown hacker. The Twitter account with more then 813,333 account was illegally acceded by intruder found tweeting the Foreign Minister's blackberry pin number but for privacy reasons we will not post any screenshot containing the minister's blackberry pin

Zimbabwe's Election Cyberwar (Cyberwarzone) Zimbabwe's government has blocked mass SMS text-message bursts ahead of next week's election, hobbling a powerful source of non-official information in the tightly controlled southern African state, activists and a phone company source said on Friday

EXCLUSIVE: GPS flaw could let terrorists hijack ships, planes (Fox News) Captain Andrew Schofield and Todd Humphreys, a GPS expert at the University of Texas, used a GPS flaw to take control of the sophisticated navigation system aboard an $80 million, 210-foot super-yacht in the Mediterranean Sea. The GPS navigator on a ship is an essential piece of gear -- and new research shows that hackers can easily take it over with false signals. The world's GPS system is vulnerable to hackers or terrorists who could use it to hijack ships -- even commercial airliners, according to a frightening new study that exposes a huge potential hole in national security

Tampering with a car's brakes and speed by hacking its computers: A new how-to (Ars Technica) The "Internet of automobiles" may hold promise, but it comes with risks, too

Hackers to publish blueprint for taking over Toyota,Ford (Cyberwarzone) Two well-known computer software hackers plan to publicly release this week a veritable how-to guide for driving two widely owned automobiles haywire. According to Reuters, Charlie Miller and Chris Valasek will release the findings - as well as related software - at the Def Con hacking convention in Las Vegas, showing how to manipulate a Toyota Prius and Ford Escape

When 'Smart Homes' Get Hacked: I Haunted A Complete Stranger's House Via The Internet (Forbes) The Hatleys' home was at my command after a Google search. "I can see all of the devices in your home and I think I can control them," I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning

Google Play store inundated with scam apps, Symantec says (CSO) The applications, which may contain just a link to a website, can be hard to assess using automated analysis

CVE-2013-4854: A specially crafted query can cause BIND to terminate abnormally (ISC Knowledge Base) A specially crafted query sent to a BIND nameserver can cause it to crash (terminate abnormally)

Dovecot / Exim Exploit Detects (Internet Storm Center) Sometimes it doesn't take an IDS to detect an attack, but just reading your e-mail will do. Our read Timo sent along these two e-mails he received, showing exploitation of a recent Dovecot/Exim configuration flaw

Header Spoofing Hides Malware Communication (TrendLabs Security Intelligence Blog) Spoofing - whether in the form of DNS, legitimate email notification, IP, address bar - is a common part of Web threats. We've seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection

DNS Amplification Attack: Is Belgium Safe? (Rootshell Blog) For a while, DDoS are back on stage and one of the classic techniques still used today is the DNS Amplification attack. I won't explain again the ins and outs, there are plenty of websites available which describe it - like the good article from CERT.be. This type of attack is well-known and can be fixed in one click or by changing one line on a configuration file for most DNS servers! A few days ago, I asked myself: "And what about Belgium? Do we still have lot of vulnerable DNS servers in the wild?". As you probably imagine, the answer is... "Yes, there are!" But how to have an good idea of the disaster? To collect some statistics, I looked for DNS servers in the Belgian IP space

Cheap Monitoring Highlights Dangers Of Internet Of Things (Dark Reading) Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices. While consumers and workers typically know that their mobile devices are frequently sending off data to the Internet, most do not understand the implications of carrying around an always-on connection in their pockets

If you use apps, you may want to read this (Sydney Morning Herald) Many smartphone app developers are not using encrypted protocols to secure the apps they create, leaving users vulnerable to being hacked when they connect to public Wi-Fi networks, researchers say

Cybercriminals Stealing Payment Card Data Using Card Redirection (SecurityWeek) Computer security researchers have stumbled upon a nifty trick being using by identity thieves to hijack credit card data during transactions on e-commerce sites

Watching Your Every Move: Your Phone Could be Snooping on You Right Now (McAfee) Let's just say it. The world is going mobile. Practically any task you can perform on your computer, you can also do with a mobile phone, and there are even a few that your computer can't do. In just moments, you can simultaneously shop for shoes, deposit a check and then quickly buy a plan ticket all while checking in and posting a photo of the view from where you're standing. Really, everyone is going mobile--cybercrime included

White House Employees' Personal Email Hacked (Nextgov) Three White House staffers have had their personal Gmail accounts breached in what appears to be a malicious operation directed at the team responsible for the Obama administration's social media outreach, according to individuals familiar with the incident

Staff data leaks out of the SEC (Help Net Security) A serious data breach at the Securities and Exchange Commission transferred personal data about current and former employees into the computer system of another federal agency, a letter sent by the SEC to staff reveals

US SEC data leak shows lax data access practices (Help Net Security) When a former employee of the US Securities and Exchange Commission left the organization for a job with another federal agency, he "inadvertently and unknowingly" took with him sensitive personal data of SEC employees and transferred it on the computer system of his new employer, The Hill reports

Regions Bank website outage caused by cyber attack (updated) (The Birmingham News) Regions Bank was the target of a cyber attack -- more specifically, a distributed denial of service (DDos) attack -- on Friday, causing service issues for

California Credit Union Debit Cards Hit by Hackers (Credit Union Times) Raley's Family of Fine Stores announced on June 6 that a portion of its computer network systems may have been the target of a complex, criminal cyber attack

11,000 users fell into a WhatsApp scam (Total Defense) A young Spanish hacker developed a fictive application, which offered users to spy on private messages of their WhatsApp friends. Thousands users went into the site, which required them to register their mobile number. Whoever typed the number fell into a huge fraud by automatically being assigned to an advertisements site that sends ads for a fee, which gave the young hacker around 53,000 dollars in a period of only two months

Blount hit by cyber scammers: Cons use seals of FBI, Justice Department to extort money (Blount County Daily Times) If your computer is locked up and the notice on the screen says the FBI has blocked your computer, you're probably the victim of a scam. A Maryville computer repair expert says he has seen many of these lately

Immune No More: An Apple Story (Kaspersky Lab Daily) For a very long time, Apple and its pseudo-religious user-base prided itself on being a platform free of malware; those days are inarguably and unequivocally over. Its emergence as the early winner on the mobile computing market and its increasingly robust share of the traditional computer and laptop market has - for the last few years at least - drawn the attention of cybercriminals that once found it hard to make money targeting the Cupertino, California tech giant's machines

Access to Apple developer site partially restored (Reuters) Apple Inc has partially restored its main website for developers, eight days after shuttering it in response to a cyber attack that prompted a

Security Patches, Mitigations, and Software Updates

LinkedIn closes OAuth hole that could have let people tinker with your CV (Naked Security) Heaven forbid a malware author erases your years of slaving as a sysadmin

Wireshark 1.8.9 and 1.10.1 Security Update (Internet Storm Center) Wireshark fixes the following security issues to both versions. The following dissector could go into a large loop in both versions

Cyber Trends

69 Percent of C-Level Executives Worry About Vulnerability to Cyber Attacks (eSecurity Planet) Still, 42 percent say they don't have a dedicated incident response team employed, and 47 percent aren't leveraging advanced malware analysis tools

Cyber 3.0: Where the Semantic Web and Cyber Meet (Cyberwarzone) The term "Cyber 3.0" has been used mostly in reference to the strategy described by U.S. Deputy Defense Secretary William Lynn at an RSA conference. In his Cyber 3.0 strategy, Lynn stresses a five-part plan as a comprehensive approach to protect critical assets

Identity is the new currency (SC Magazine) The internet has evolved to become a vast social and interactive space, and with this evolution, new threats have emerged which are designed to target business and users' identity and trust in online services

Cyber security is central to long-term economic growth (Help Net Security) An increase in attacks on corporate websites should focus attention on the actions businesses should take to reduce the impact of cybercrime. The word of caution comes in the wake of the government

Infographic: Remote workers, mobility add to 'IT friction' (FierceMobileIT) The increasing number of remote workers and the flood of mobile devices and apps into the enterprise are expected to greatly exacerbate the friction between IT and employees tracked in the IT Friction Index

Marketplace

Edward Snowden's not the story. The fate of the internet is (The Guardian) The press has lost the plot over the Snowden revelations. The fact is that the net is finished as a global network and that US firms' cloud services cannot be trusted

The NSA damages US tech biz overseas (PC Advisor) A Cloud Security Alliance (CSA) survey found that 10% of 207 officials at non-US companies have canceled contracts with US service providers following the

Internet Hide And Seek…Are Consumers Reacting to Privacy Concerns? (Procera) On June 6, 2013, Internet privacy had a worldwide spotlight shined on it with the release of the Guardian reports on worldwide monitoring of Internet usage. As the revelations continue to leak out about privacy (or lack of) on the Internet, one would think that we would see a sharp rise in people securing more of their traffic using common security techniques like encryption or anonymity software. The Guardian even released an article explaining some of the options that can be used to increase privacy for consumers on the internet. But are they? This is a global phenomenon, not just a US or UK-based issue, so you would expect to see some increase in the use of secure technologies worldwide. Almost all websites that have any kind of "personal" data support Secure HTTP (HTTPS) or other forms of encryption today. Financial and Webmail are the obvious ones, but many sites have not been secured by default until relatively recently - Facebook for example started in late 2012 to use HTTPS by default (Twitter did so in 2011). In addition, many anonymizer solutions have popped up on the market to help "hide" consumers from the constant barrage of cookies and usage tracking. Anonymizers have expanded usage to hide from BitTorrent spies (avoiding RIAA or MPAA tracking specifically), and have also added support for location shifting for watching streaming media outside of a specific region, for services like Netflix or Hulu. Tor is the most well known anonymizer solution and was originally designed, implemented, and deployed as a third-generation onion routing project of the Naval Research Laboratory

Cyber and security of NBN emerging as election issues (Financial Review) The federal government has accused the Coalition of not taking security threats seriously, pointing to its questioning of the decision to ban China's Huawei from the national broadband network. "The Coalition should take more seriously ASIO's [Australian Secuirty Intelligence Organisation] advice that Huawei shouldn't be allowed to invest in the central nervous system of Australian communications," federal Labor member Michael Danby told Sky News on Sunday

Exchanges face up to cyber attack threat (Financial News) Stock exchanges once viewed technological prowess as their greatest asset, but it may increasingly become a chink in their armour. Bourses all around the

Surge in demand from companies seeking cyber attack insurance (Globalnews.ca) When Brian Rosenbaum started pitching cyber insurance to companies in 2006, he was met with blank stares from risk managers and resistance from information technology experts, who insisted their networks were impenetrable

Top 3 reasons why Regions Bank cyber attack provides new opportunity for venture capitalists ((International Venture Capital Post)) Regions Bank was attacked Friday, leading customers confused and worried. Clearly, security for banks still has plenty of room for improvement. Therein lies the opportunity for venture capitalists

Shifting Numbers Cast Doubt on Federal Data Center Consolidation (SIGNAL) Recent government initiatives to trim the number of data centers in the federal government have been beset by unforeseen delays in meeting target goals. Government officials now admit they underestimated the scope and complexity of the federal data center realm

Navy awards contract to Boeing to prepare EA-18G Growler electronic warfare jet to accept Next-Generation Jammer (Avionics Intelligence) U.S. Navy officials are asking combat aircraft designers at the Boeing Co. in St. Louis to prepare the company's EA-18G Growler carrier-based electronic warfare jet to carry the Next Generation Jammer (NGJ), for which Raytheon Co. was selected to build earlier this month

Martin Roesch on Snort' History and the SourceFire Acquisition (Threatpost) Dennis Fisher talks with Martin Roesch, the author of the Snort IDS and founder of Sourcefire, about the evolution of Snort from a side project to an open-source security powerhouse to the technological basis for a hugely successful company

Sourcefire founder: Cisco deal is 'a good match' (Baltimore Sun) Martin Roesch on the planned $2.7billion purchase and the ever-changing cybersecurity landscape.Who would have guessed 15 years ago that Martin Roesch's free computer network-security program would turn into a $2.7 billion deal

L-3's Utah employees receive buyout offers ahead of possible layoffs (Salt Lake Tribune) L-3 Communication Systems West is inside L-3's Command, Control, Communications, Intelligence, Surveillance and Reconnaissance business unit. The unit's

Kaseya Eyes Cloud, MDM With New Acquisitions (CRN) Kaseya is looking to boost its presence in cloud and mobile device management by making two acquisitions this month

Michael Dell Vows To Stay At Dell Regardless Of The Outcome Of His Offer To Take The Firm Private (TechCrunch) After promising to sell his shares at a discount and increasing the price of his offer, Michael Dell, founder of Dell, has today vowed to stay at the firm regardless of the success of his bid to take the company private

Carl Icahn Blasts Michael Dell For Proposed Vote Change on Dell Buyout (Forbes) Billionaire investor Carl Icahn blasted Michael Dell on Monday for trying to get the special committee of Dell DELL -1.25%'s board to change a key rule in the upcoming shareholder vote on the Michael Dell and Silver Lake proposed $26.6 billion buyout of Dell

Apple SVP Bob Mansfield Disappears From Top Leadership Page (Forbes) Apple's senior vice president Bob Mansfield, who announced his retirement in June 2012 only to return at the urging of CEO Tim Cook, is no longer listed among the top management team on Apple's website

Products, Services, and Solutions

ADEL - Android Data Forensics Tool (SecTechno) Getting information from a mobile device is becoming more and more popular. ADEL (Android Data Extractor Lite) - a tool helps to automatically extract selected files SQLite database with Android-device 2.x. The program is written in Python, and to interact with the device uses Software Development Kit (Android SDK) and especially the adb deamon

Check Point Software launches 13500 Appliance (HispanicBusiness.com) Check Point Software Technologies Ltd , a global company in the business of securing…against Advanced Persistent Threats and other modern cyber-attacks

Keep Prying Eyes From Data Storage (Design News) Last month, Edward Snowden, then working for the Booz Allen Hamilton consulting firm, released classified documents obtained from the National Security Agency (NSA) concerning the monitoring of both internet and cellphone traffic from all over the globe. The monitoring project was known as SIGAD (Signals Intelligence Activity Designator) US-984XN, otherwise known as Prism, and was initiated back in 2007 in order to correlate hundreds of millions of mobile phone numbers and Internet traffic with terrorist activities

NTODefend now more effectively blocks application vulnerabilities (Help Net Security) NT OBJECTives announced that its NTODefend solution now blocks application vulnerabilities by approximately 30% more than the previous version. As a result, NTODefend's virtual patching solutions now

Preventing the exploitation of human vulnerabilities (Help Net Security) Secure Mentem released the Human Incident Response Service to specifically address the issue of exploiting human vulnerabilities. Some of the most noted attacks in recent history were only enabled after exploiting such weaknesses

Pico Computing Unveiling a Pair of Cyber Security Solutions at Black Hat USA 2013 (IT Business Net) Pico Computing, the technology leader in hardware-based acceleration, will be demonstrating breakthrough applications in password recovery and real time encryption at Black Hat USA 2013the premier cyber security conference

IID plans expansion of incident and attack sharing (SC Magazine) IID has announced plans to expand its offerings to enable Fortune 500 companies, governments, law enforcement and service providers to share attack intelligence. The company has said that it will aggregate, filter and share actionable data from thousands of contributing sources and it will work with select brands to automate the collection and dispersion of collective intelligence

ThreatBLADE technology launched by Solera and parent Blue Coat (SC Magazine) Solera has announced the launch of ThreatBLADES to help protect against and resolve targeted attacks

Bitdefender Launches Free Safepay Standalone to Protect eBanking, Shopping (MarketWatch) Bitdefender, the creator of global antivirus solutions, has launched Safepay, the technology that shields online transactions from growing criminal threats, as a free desktop app to help bring back confidence to online surfing and shopping

Apple shifts iOS in the Car into high gear (FierceMobileIT) Feeling like an also-ran in the automotive IT market, Apple (NASDAQ: AAPL) has decided to shift its iOS in the Car strategy into high gear, according to a report by AppleInsider

IBM Mainframes Nipped, Tucked For Cloud Age (InformationWeek) IBM revived the mainframe a decade ago by embracing Linux. Now it's promoting big data analytics and OpenStack cloud support on System Z

Technologies, Techniques, and Standards

Defending Against Web Server Denial of Service Attacks (Internet Storm Center) Earlier this weekend, one of readers reported in an odd attack toward an Apache web server that he supports. The server was getting pounded with port 80 requests like the excerpt below. This attack had been ramping up since the 21st of July, but the "owners" of the server only detected problems with website accessibility today. They contacted the server support staff who attempted to block the attack by scripting a search for the particular user agent string and then dropping the IP address into iptables rules. One big problem though. The attack was originating from upwards of 4 million IP addresses across the past several days and about 40k each hour. That is a significant amount of iptables rules in the chain and is generally unmanageable

How to Secure Social Media Accounts (eSecurity Planet) While there is much debate over social media's impact on productivity, it clearly creates security risks. These simple practices should keep employees' social media use from endangering the enterprise

Design and Innovation

Barnaby Jack And The Hacker Ethos (Dark Reading) Barnaby Jack's untimely death should give us pause to remember why folks hack things and ultimately why pushing the boundaries of technology benefits us all

Why the Internet Needs Cognitive Protocols (IEEE Spectrum) Networks will break down without new biologically inspired routing. Perhaps as early as the end of this decade, our refrigerators will e-mail us grocery lists. Our doctors will update our prescriptions using data beamed from tiny monitors attached to our bodies. And our alarm clocks will tell our curtains when to open and our coffeemakers when to start the morning brew

Tracking the Quantified Self (IEEE Spectrum) For better or for worse, we are data-generating machines. Whenever we pay with a credit card or drive through an automated toll system, or answer an e-mail or make a phone call, we can't help but leave a steady stream of ones and zeroes in our wake. This is our digital exhaust: the trackable or storable actions, choices, and preferences that we generate as we go about our daily lives. Even when just browsing the Web, we leave behind personal clickprints that uniquely identify our surfing behavior and lengthen the paperless trails that document our electronic selves

Tech Trajectories: Four More Moore's Laws (IEEE Spectrum) We're all familiar with Moore's Law, which takes an inexorable view of technological progress, with the number of components on an integrated circuit doubling like clockwork every 18 months or so. But do other technologies follow a similar pattern of exponential improvement

OSI: The Internet That Wasn't (IEEE Spectrum) How TCP/IP eclipsed the Open Systems Interconnection standards to become the global protocol for computer networking

Should the "Reboot! Shut up and reboot!" theory be applied to programs? (Naked Security) Tech-savvy website Ars Technica recently invited comments on an interesting thought about programming. "Should programs randomly fall on their swords?"

Research and Development

The materials breakthrough that might lead to computers thousands of times faster (Quartz) As the technology for making silicon circuitry smaller, faster and less power-thirsty approaches the limits of physics, scientists have tried out many materials in the search for an alternative to silicon. New research by a team at the US Department of Energy's SLAC National Accelerator Laboratory may have put some other promising candidates into the race

Academia

UP student wows judges of cyber security tilt (Manila Standard) A 20-year-old Computer Science student of University of the Philippines, Diliman was awarded the "Best Elevator Pitch" at the recently concluded Kaspersky Academy Cyber Security for the Next Generation Finals held in London. Ivan Dominic Baguio earned the citation for his poised delivery of his research paper, co-written with thesis partner and classmate John Carlo Florencio, on an encryption application for Androids. Baguio bested 13 other finalists from 10 countries for the citation

Legislation, Policy, and Regulation

NSA scandal: Americans don't like 'Big Brother' (Miami Herald) The National Security Agency survived a legislative challenge in the House of Representatives last week. But senior NSA officials still face an uphill fight to convince the American public that its operations can enhance security without jeopardizing privacy

Momentum Builds Against N.S.A. Surveillance (New York Times) Backers of sweeping surveillance powers now say they recognize that changes are likely, and they are taking steps to make sure they maintain control over the extent of any revisions

With Leak, Wyden Can At Last Name His Crusade (Washington Post) To change the law and restrict domestic spying, the low-key Wyden still must overcome opposition from the White House and the leaders of both parties in Congress

Killing the NSA Softly (Slate) Congressional critics have a quiet, ad hoc strategy for making the spy agency walk back some of its powers. For a few minutes on Wednesday afternoon, Rep. Justin Amash thought he might have killed the National Security Agency's metadata collection program. He'd optimistically expected maybe 90 Republicans to back his amendment to the Department of Defense budget. Ninety-four of them did. But he ran out of votes eventually--the Democrats didn't come through--and by a 217-205 margin, the House killed his amendment

National Security Agency: Muted after 9/11, critics find their voice (TriValley Central) Rep. Justin Amash, R-Mich., comments Wednesday at the Capitol about the vote on the defense spending bill and his failed amendment that would have cut

Privacy and security (Toledo Blade) More than a decade ago, in the aftermath of 9/11, Congress approved the Patriot Act, a law that opponents warned would grant the federal government virtually unlimited authority to spy on U.S. citizens. Recent revelations about the National Security Agency's mass-surveillance program make clear that the act has been invoked to do just that

NSA weighs its options (Washington Post) The National Security Agency (NSA) survived a legislative challenge in the House this week. But senior NSA officials still face an uphill fight to convince the

What the Ashcroft "Hospital Showdown" on NSA spying was all about (Ars Technica) How the government sought to justify blanket collection of Internet metadata

Thousands in Germany protest NSA surveillance (Boston.com) The Associated Press Hundreds of demonstrators protest against supposed surveillance by the US National Security Agency NSA, durung a rally in Frankfurt

Dr. Joseph Bonneau Wins NSA Award, Criticizes NSA (EFF) On July 18th, Dr. Joseph Bonneau, a software engineer at Google, received the National Security Agency's award for the best scientific cybersecurity paper. According to its stated mission, the competition was created to help broaden the scientific foundations of cybersecurity needed in the development of systems that are resilient to cyber attacks. But Bonneau was deeply conflicted about receiving the award, noting on his blog that even though he was flattered to receive the award he didn't condone the mass surveillance programs run by the NSA: "Simply put, I don't think a free society is compatible with an organisation like the NSA in its current form"

The Surveillance State Strikes Back (Foreign Policy) Why Edward Snowden just might turn out to be Big Brother's best friend. When former National Security Agency contractor Ed Snowden exposed the inner workings of the country's biggest intelligence organization, he said he did so to roll back a spying apparatus that put the United States on the path to "turnkey tyranny."

Lawmakers Who Upheld NSA Phone Spying Received Double the Defense Industry Cash (Wired) House members who voted to continue the NSA's domestic phone-spying dragnet on Wednesday received more than double the campaign financing from the defense and intelligence industry than those voting to end the program, according to a new analysis commissioned by

Don't let Snowden overshadow the real cyber threat (Financial Times) The world has recently been rattled by two unexpected exposures. First, Mandiant, the cyber security specialist, managed to identify - down to the physical address - a Chinese army unit responsible for the theft of foreign intellectual property. Second, via Edward Snowden, the Booz Allen Hamilton contractor turned leaker, a lens has been turned on to the extent of the National Security Agency's practices of spying and privacy invasion

How the Nature of Warfare is Changing in the Information Age (FedTech Magazine) The U.S. Cyber Command and Navy mission partner Fleet Cyber Command/10th Fleet are performing that redesign today. At the same time, cyber opens

Cyber security domain as fifth dimension of war (Times of India) Mahratta Chamber of Commerce, Industries and Agriculture jointly with Data Security Council of India (DSCI) organised a national level seminar-cum conference on cyber security recently, which had technical sessions on topics such as 'Cyber Warfare and Cyber Security - Defence and Homeland Security Domains', 'Systems and Processes as Defence against Cyber Threats' and 'Cyber Security - Solutions and Cooperation'

Australia must rethink cyber security policies (The Daily Telegraph) Australia urgently needs to update its cyber security policies to meet the growing…election to help business and government better respond to cyber threats. The last major government policy paper on cyber security was published in 2009

Does the UK government's stance to block access to legal porn go far enough? (AVG Official Blogs) It's great news that the UK government is taking a stance on restricting access to legal porn on the Internet. But is it the right approach and has the government managed to understand reality when making this decision

Comrade! If you dare f$%^ing swear on the internet, WE'LL SHOOT (The Register) Web cuss crackdown: What the f- Websites publishing profanities will either have to delete the offending material within 24 hours or be hauled offline — so says a new amendment to a law aimed at — what else? — protecting children. Another attack on Blighty's freedom of speech? Not this time. Instead, Yelena Mizulina — head of the Russian State Duma's Committee for Family, Women, and Children — wants to amend Russia's existing rules, titled On the protection of children from information harmful to their health and development, to block "harmful information" on social networks, websites and forums if bad language is not deleted within a day

Litigation, Investigation, and Law Enforcement

"Zero privacy violations" in NSA programs, Rogers says (CBS News) There are "zero privacy violations" in the National Security Agency's collection of phone records, House Intelligence Committee Chairman Mike Rogers, R-Mich., said Sunday on "Face the Nation," just days after the chamber narrowly rejected a measure that would have stripped the agency of its assumed authority under the Patriot Act to collect records in bulk. "There's more information in a phone book than there is in this particular big pile of phone numbers that we used to close the gap - we, the intelligence services - close the gap that we saw didn't allow us to catch someone from 9/11," Rogers said

Glenn Greenwald: NSA Analysts Have Access To 'Powerful and Invasive' Search Tools (Hufington Post) Glenn Greenwald, the Guardian reporter who broke the news of the National Security Agency's mass surveillance programs, said Sunday he will soon disclose new information about the access low-level contractors have to Americans' phone and email communications

This Week in Cybercrime: Online Bank Heists Just the Latest in a Long String (IEEE Spectrum) Late last month, I began an edition of This Week in Cybercrime by noting that, "The idea that cybercrimes are the work of miscreants or gangs of hackers picking targets at random is outmoded. Analysts now see a mature industry with an underground economy based on the development and distribution of ever more sophisticated tools for theft or wreaking havoc." That updated thinking was backed up by a report released a few days earlier by researchers at 41st Parameter, a fraud detection and prevention firm

Blue chip hacking (Telegraph) What has become known as the blue-chip hacking scandal was first investigated by the Serious Organised Crime Agency six years ago but the report in to it only emerged, via a leak, this year

Been hacked? Don't dial 999: The plods are too dense, sniffs sec bigwig (The Register) 'The problem is too big for the authorities to handle.' Police are powerless to stop super-smart criminals from hacking the world's biggest companies, a top-ranking security bod has warned. Juniper Networks' security chief said there was simply no longer any point in calling the police when hackers and DDoSers came to call, because the cops can't do anything. He wants to see a world where big firms share information about potential targets and stop them before any damage can be done

Private Cyber Retaliation Undermines Federal Authority (Defense News) During the last year, several op-eds and commentaries have proposed that private companies have the right to strike back if cyber attacked and conduct their own offensive cyber operations. The demarcation in cyber between the government and the private spheres is important to uphold because it influences how we see the state and the framework in which states interact. One reason we have a nation state is, in a uniform and structured way, under the guidance of a representative democracy, to deal with foreign hostility and malicious activity

High Court Bans Car Hacking Research (TechWeek Europe) Car company wins out after British lecturer claims to have cracked the algorithm used by luxury cars, including Porsches and Bentleys. A British researcher who claimed to have cracked the cryptographic algorithm used to verify the identity of car keys has been told he cannot publish his findings

Ecuador officials disavow Snowden asylum document (San Jose Mercury News) Ecuador's diplomatic mission in London issued a safe-conduct pass so National Security Agency leaker Edward Snowden could travel to

Russia to Reply to US Attorney General's Snowden Letter (Cyberwarzone) Russia's Justice Ministry is preparing a reply to the US attorney general's letter seeking the return of fugitive former intelligence contractor Edward Snowden to America to face espionage charges, the Justice Ministry's press office said on Sunday

U.S. won't seek death penalty for Snowden, Holder says in letter to Russian official (Washington Post) Attorney General Eric H. Holder Jr. has told a Russian official that the United States will not seek the death penalty for Edward Snowden, the former National Security Agency contractor who released classified documents to reporters about U.S. surveillance and who has been holed up at a Moscow airport

After the whistle: Revealers of government secrets share how their lives have changed (Washington Post) The former high-ranking National Security Agency analyst now sells iPhones. The top intelligence officer at the CIA lives in a motor home outside Yellowstone National Park and spends his days fly-fishing for trout. The FBI translator fled Washington for the West Coast

Cisco products reseller arrested after indictment on fraud charges (San Jose Mercury News) The owner of a successful reseller of Cisco (CSCO) network equipment was arrested Thursday after being indicted on charges of knowingly buying counterfeit or stolen products and passing them on to customers after altering serial number while running Network Genesis, which brought in $37 million during the period under investigation, according to federal officials

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

Growing Maryland's cybersecurity industry: Technical.ly Baltimore Meetup (Baltimore, Maryland, USA, July 30, 2013) Join Technically Baltimore in at CyberPoint International on July 30 for a presentation about Maryland's rapidly expanding cybersecurity industry -- and how the Baltimore region's broad, general technology...

AFCEA Global Intelligence Forum (Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence...

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...

Third Annual SINET™Innovation Summit (New York, New York, USA, August 6, 2013) SINET™, the premiere community builder and innovation catalyst for the Cybersecurity industry hosts their third annual Innovation Summit at Columbia University on August 6th. SINET programs are where the...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...

AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...

AIAA Aviation 2013 (Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...

Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...

A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.