skip navigation

More signal. Less noise.

Daily briefing.

If you're keeping score in the hacktivists' mug's game, the Bangladeshi-Indonesian cyber riot continues, and McDonalds gets caught in the crossfire. OpIsrael leaks 33,000 Israeli citizens' login credentials as OpIslam continues to fizzle.

Opinions differ over attribution of the recent White House staffer hack: CrowdStrike thinks the attackers may have been Ottoman revanchists of 1923Turk-Grup deliberately pointing to the Syrian Electronic Army. Such solidarity (or provocation) is not unknown—governments and others increasingly use false flags against opposition networks.

The Izz ad-Din al-Qassam Cyber Fighters may be back—some see their work in last week's denial-of-service attacks on JPMorgan Chase, U.S. Bancorp and Regions Financial Corp. Akamai Technologies thinks the Cyber Fighters' preferred tactic—quick multiple strikes—is showing up in trends toward bigger, shorter attacks.

Ubuntu forums suffer another breach. Blackhole spam containers are seen using shortened urls. Recon services for cybercriminals are offered on the black market. Delaware schools' bad week continues as 70,000 University of Delaware confidential records are hacked. US Airways and American Airlines are victimized in separate hacks.

Joint ventures with Chinese firms seem to increase an aviation company's risk of cyber attack. Concerns about tech trade with China rise on two fronts, as Lenovo remains under credible suspicion of cyber espionage, and China prepares import restrictions.

UCLA researchers make interesting (and very large) claims of a breakthrough in software encryption. They say it makes cyber recon and reverse engineering effectively impossible.

Bradley Manning is acquitted of aiding the enemy, convicted on several lesser charges.

Notes.

Today's issue includes events affecting Australia, Bahrain, Bangladesh, Belarus, Canada, China, Ghana, Indonesia, Israel, New Zealand, Saudi Arabia, South Africa, Syria, Turkey, United Kingdom, United States..

The CyberWire will provide special coverage of SINET's Innovation Summit, meeting in New York on August 6. Frank Montoya, Jr., National Counterintelligence Executive, Counter Intelligence Branch, Office of the Director of National Intelligence, will deliver the opening keynote.

Cyber Attacks, Threats, and Vulnerabilities

Cyber War: McDonalds Indonesia and 914 Websites Hacked by BD Grey Hat Hackers (HackRead) Cyber war between Bangladeshi and Indonesian hackers is at peak where hackers from both sides are attacking each other's cyber space, this time the official website of McDonalds Indonesia was hacked and defaced by BD Grey Hat Hackers. The same day a Pakistani hacker aiding Bangladeshi hacker going with the handle of Dr@cul@ had hacked and defaced 914 Indonesian websites yesterday. Both hacks were announced

#OpIzzah & #OpIsrael: Login Details of 33,895 Israelis Leaked by Phr0zenMyst (HackRead) A hacker going with the handle of @Phr0zenM on Twitter has claimed to leak 33,895 login details of Israeli citizens after breaching several Israeli websites

Turkish Group Might Be Behind White House Hacks, Analysts Say (Nextgov) CrowdStrike also employs former FBI top cyber cop Shawn Henry and Dmitri Alperovitch, an investigator who uncovered several allegedly Chinese-sponsored

Pro-Assad hackers compromise White House emails, Reuters Twitter feed (CSO) The Syrian Electronic Army has social engineered email accounts maintained by White House Staffers, in addition to the Twitter feed maintained by Thompson Reuters

From Bahrain To Belarus: Attack Of The Fake Activists (TechWeek Europe) EXCLUSIVE: Activists in Bahrain are being targeted by IP trackers via Twitter, whilst fake domains are causing problems for civil society groups across the globe. Politically speaking, little has changed in Bahrain, especially when compared to its Middle Eastern neighbours where the Arab Spring brought governments to their knees. Whilst opponents of the Bahrain regime are still very much active, their efforts have brought limited disruption to the rule of the al-Khalifa family

DDoS is Back; 3 Banks Attacked (Bank Info Security) Experts Analyze Whether There's an al-Qassam Connection. A week after the self-proclaimed hacktivist group Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a fourth phase of attacks against U.S. banks it's still not clear whether the group has resumed its distributed-denial-of-service activity

DDoS attacks getting bigger but shorter in duration (CSO) Hacktivist group Izz ad-Dim al-Qassam Cyber Fighters's strategy said to be driving up raw number of attacks and depressing their duration. Distributed Denial of Service (DDoS) attacks are getting bigger, but their duration are getting shorter, according to an analysis released this week by Arbor Networks

Ubuntu Forums Security Breach (Internet Storm Center) Ubuntu forums are currently down because they have been breached. According to their post, "the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database." [1] They have advised their users that if they are using the same password with other services, to change their password immediately. Other services such as Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected. Their current announcement is can be read

More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability (Internet Storm Center) Thanks to a reader for sending in this log entry from his Apache Server

Blackhole Exploit Kit Spam Campaigns Now Using Shortened URLs (Trend Micro Threat Encyclopedia) Recently, we've been receiving samples of spam campaigns leveraging the notorious Blackhole Exploit Kit. These spammed messages (which spoof official notifications from organizations such as Facebook, eBay and VISA), while harmless and sport no malicious attachments, do insist that readers click upon their links. These links invariably lead to a malicious site hosting the exploit, and thus system infection. This kind of behavior is noted as typical of attacks that use the Blackhole Exploit Kit

DIY commercially-available "automatic Web site hacking as a service" spotted in the wild (Webroot Threat Blog) A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is 'private exploitation techniques' capable of compromising any Web site

Facebook spam / deltaoutriggercafe.com (Dynamoo) These guys are busy. This fake Facebook spam leads to malware

Recent Reports of DHS-Themed Ransomware (Newsroom America) The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security Division. Users who are infected with the

Malware Hijacks Social Media Accounts Via Browser Add-ons (TrendLabs Security Intelligence Blog) We spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts - specifically, Facebook, Google+, and Twitter accounts

Airports' passport controls SHUT DOWN by 'malware' — report (The Register) Think Heathrow queues are long? Take a gander at Istanbul. Border control systems at both of Istanbul's main airports were thrown into chaos last Friday following a suspected malware outbreak

72000 confidential school files hacked at University of Delaware (Philly.com) School officials also said they are working closely with the Federal Bureau of Investigation officials and Mandiant, a computer security firm, over the issue

Universities Putting Sensitive Data at Risk via Unsecure Email (CIO) Survey finds half of institutions allow naked transmission of the personal and financial data of students and parents. Colleges and universities are putting the financial and personal information of students and parents at risk by allowing them to submit such data to the school in unencrypted email

Cloud storage debacle marks hospital's third privacy incident in a year (FierceHealthIT) Information for more than 3,000 patients at Oregon Health & Science University was put at risk when medical residents stored the data on a password protected cloud computing system, the institution announced this week. The potential data breach is the third such reported incident to occur at the university in less than a year, and the fifth since 2008

US Airways Acknowledges Data Breach (eSecurity Planet) Employees' names, Social Security numbers and total taxable W-2 wages may have been exposed. US Airways recently began notifying its employees that programming error at ADP may have made it possible for other US Airways employees to view their names, Social Security numbers, and total taxable W-2 wages for the tax years 2010, 2011, and/or 2012

American Airlines Spam Delivers Malware (eSecurity Planet) The extremely convincing e-mails link to sites hosting the Blackhole exploit kit. Barracuda Labs researchers recently came across impressively convincing fake ticket confirmation e-mails from American Airlines, which link to a subdomain of www.aa.com.reservation

Aviation companies twice as likely to be hacked if they do business in China (Digital Dao) In anticipation of speaking at the AIAA conference in Los Angeles on August 12-14, I've been researching aviation companies with joint ventures in China and how many of them have reported being the victim of a cyber attack (successful or not). I identified 11 U.S. companies who were working with Chinese partners on the COMAC C919 aircraft and of those 11, 7 (64%) have publicly acknowledged being the victim of a cyber attack at some point in the last few years. No aggressors were named and some of the acknowledgments had to do with unsuccessful attempts only

Security and privacy risks of top mobile apps (Help Net Security) Appthority performed a static, dynamic and behavioral app analysis on the 400 most popular free and paid apps on the iOS and Android platforms. They analyzed each app for particular behaviors within a test environment

Revealed: new ways to hack critical infrastructure (Western Australia Today) Cybersecurity researchers next week will demonstrate how hackers can potentially wreak havoc on critical US infrastructure, even causing explosions by altering the readings on wireless sensors used by the oil and gas industry

Top Picks from TechEd 2013: Hacker Tools You Should Know and Worry About (TN Blogs: Server & Cloud Blog) If you look at the most popular sessions from TechEd Europe and TechEd North America, security is still top of mind for IT Pros. It should not come as shock that one of the most highly rated and viewed sessions is "Hacker Tools You Should Know and Worry About". In this session we investigate cybercrime we often find traces of commonly known hacker tools, trojans, etc. In this highly interactive demo session, we show you the hacking tools of today, the damage they can do, and how you can recognize them when they are used to attack your infrastructure

Gone in 360 Seconds: Hijacking with Hitag2 (USENIX) An electronic vehicle immobilizer is an anti-theft device which prevents the engine of the vehicle from starting unless the corresponding transponder is present. Such a transponder is a passive RFID tag which is embedded in the car key and wirelessly authenticates to the vehicle. It prevents a perpetrator from hot-wiring the vehicle or starting the car by forcing the mechanical lock. Having such an immobilizer is required by law in several countries. Hitag2, introduced in 1996, is currently the most widely used transponder in the car immobilizer industry. It is used by at least 34 car makes and fitted in more than 200 different car models. Hitag2 uses a proprietary stream cipher with 48-bit keys for authentication and confidentiality. This article reveals several weaknesses in the design of the cipher and presents three practical attacks that recover the secret key using only wireless communication. The most serious attack recovers the secret key from a car in less than six minutes using ordinary hardware. This attack allows an adversary to bypass the cryptographic authentication, leaving only the mechanical key as safeguard

Security Patches, Mitigations, and Software Updates

Breaking bad: Oracle's Unbreakable Linux website takes a break (The Register) What's in a name, eh, Larry? It might be dubbed "unbreakable", but Oracle's Unbreakable Linux website is certainly stoppable. The online support network feeding the enterprise-grade distro with fixes and updates will be taken offline by the database giant on Friday. It will be down for three hours from 3pm Pacific time (11pm UK) on 2 August, the company said, citing "scheduled maintenance

Cyber Trends

Spammers adapt and embrace popular themes (Help Net Security) According to Kaspersky Lab, the percentage of spam in email traffic in June was up 1.4 percentage points and averaged at 71.1 per cent. Malicious attachments were found in 1.8 per cent of all emails, a drop of 1 percentage point compared to the previous month

Cyber terrorists: the men behind the masks (Financial News) Saudi Arabian hacking group "Nightmare" claimed responsibility for this cyber attack, it came during a period of heightened political tension in the region

Android malware balloons in SA (ITWeb) Android malware encounters ballooned in SA over the past year. This is according to Cisco's 2013 Annual Security Report (ASR), which states that malware grew 2 577% in 2012, and that mobile malware represents only 0.5% of total Web malware encounters

Marketplace

China Closing the Door to New Technologies (CircleID) 2013 may be a promising year for global trade in technology with the kick-off of the International Technology Agreement expansion discussions, the Trans-Atlantic Trade and Investment Partnership, and as the Trade in Services Agreement gets going. But China calls its own tune, and is now threatening to restrict its market for Internet-enabled technologies through a clever device that could cost its trading partners billions

Backdoors in Lenovo equipment prompt classified network ban by 5 governments (FierceITSecurity) Laboratory testing of Lenovo's PCs and other equipment allegedly found backdoors in its hardware and firmware vulnerabilities in its chips, which has led to the equipment being banned from classified networks by five governments, the Australian Financial Review reports

Whistleblowers Blast NSA — but Not Contracting — for Leaks (Govexec) Three of the best-known National Security Agency whistleblowers lent their support to Edward Snowden, the ex-NSA contractor who exposed domestic surveillance and still was sitting in diplomatic limbo at the Moscow airport. But the three declined to fault the increased use of federal contractors in the past decade for Snowden's recent unauthorized disclosures

$6 Billion DHS IT Security Plan Advances (Gov Info Security) Initiative Could Mean Big Savings for Fed, State, Local Agencies. A new Homeland Security initiative will help federal, state and local government agencies purchase discounted wares to safeguard against IT vulnerabilities. Nevada CISO Chris Ipsen, for example, sees the potential of big savings in the program

CSC Secures More Federal Deals (Zacks) Computer Sciences Corporation (CSC - Analyst Report) has secured a number of deals to strengthen the defense infrastructure of the country. The company has been awarded a deal by the U.S. Department of Homeland Security's (DHS) Customs and Border Protection (CBP) department to support its enterprise network engineering services. These services include components such as cyber security, cloud as well as big data

STV Provided Design And Engineering Services For Newly Completed Lockheed Martin Cyber Center Of Excellence (BWW) STV, a leading planning, design and construction management firm, recently supported long-standing client Lockheed Martin (LMC) in the opening of a brand-new, state-of-the-art facility in Annapolis Junction, MD, geared towards providing LMC's customers with cutting-edge cyber mission technology

BlackBerry, Mozilla in Bug Hunting Partnership (SecurityWeek) BlackBerry and Mozilla have armed themselves with new bug-hunting tools as part of an effort to collaborate on securing the web

Cybersecurity startup Riskive raises $2.2M with local investors' help (Tehcnical.ly Baltimore) The Federal Hill-based startup benefitted from having a group of "strategic investors," said CEO James Foster.Cybersecurity startup Riskive, which specializes in social risk management for social media accounts, has raised $2.2 million in a new round of seed funding, according to a statement from the company based in the Federal Hill neighborhood

FireEye Presents Carahsoft with Outstanding Partner Performance Award (Virtual Strategy Magazine) Carahsoft Technology Corp., the trusted government IT solutions provider, announced today that it has received an award for outstanding partner performance from FireEye, the leader in stopping today's new breed of cyber attacks. The award was presented at the FireEye annual global partner conference

In–Q–Tel boosts data–analysis prowess with RedOwl funding (Gigaom) Intelligence agencies are about to get a boost in their data analytics savvy now that In-Q-Tel has formed a partnership with RedOwl Analytics, which finds anomalies in large piles of data

Dell buyout consortium sees deal collapsing: source (Reuters) Dell Inc CEO Michael Dell and his private equity partner Silver Lake expect their deal to buy the No. 3 PC maker to collapse unless the company's special committee changes how votes on the transaction are counted, a person familiar with the matter said on Wednesday

Products, Services, and Solutions

MokiMobility launches new app to manage your devices, their devices, all devices (VentureBeat) Thanks to the magic of apps, tablets and smartphones are now cash registers, kiosks, demo stations, public calendars, and more. Thanks to the magic of management, that tablet or smartphone in your organization could be mine, yours, or some company's

FBI launches iGuardian to standardize cyber threat data sharing (Federal News Radio) The FBI launched a new portal Monday to test out how companies could report cyber threats or attacks in real time and in a more consistent way

BAE Systems and Bayshore Networks Extend Strategic Partnership (HispanicBusiness.com) BAE Systems and Bayshore Networks, Inc. announced an expansion of their partnership to provide cybersecurity solutions to defense, intelligence and critical

Microsoft announces MAPP overhaul (Help Net Security) Introduced in 2008, the Microsoft Active Protections Program (MAPP) was created to give antivirus vendors a head start against malware developers. Vendors would get information from Microsoft security

AWS cloud management APIs: Don't overlook a key security component (Help Net Security) Xceedium has enhanced Xsuite to include protection for the Amazon Web Services management APIs that advanced cloud customers use to monitor and configure their AWS environments

Umbrella by OpenDNS Service blocks advanced cyber attacks (Help Net Security) The new release of the OpenDNS Umbrella Web security platform has been enhanced with predictive detection capabilities provided by the Umbrella Security Graph. It can identify, prevent, contain

Qualys announces WAF Beta for Amazon EC2 (Help Net Security) Qualys will release the beta of its new cloud WAF solution as an Amazon Machine Image (AMI) and as a VMware virtual image for on-premise deployments starting August 1

Panda Security Combines Improved Protection and Management into a Single Integrated Platform (PR Urgent) Panda Security, The Cloud Security Company, today announced the release of Panda Cloud Office Protection (PCOP) version 6.7. This new version provides significant technological and functional improvements to help organizations combat the growing number of cyber-attacks. According to PandaLabs, Panda Security's research laboratory, one of cyber-crooks' preferred methods for attacking organizations, especially those with limited IT resources such as SMBs, is by means of zero-day malware capable of exploiting software vulnerabilities to infect system

Complí and Swan Island Networks Announce Partnership (HispanicBusiness.com) Swan's Cybero™ services and Complí Portfolio's™ compliance solutions will integrate to provide a complete suite of cyber threat awareness, compliance and

FireEye Introduces 'Fuel' Partner Program (BWW) FireEye, Inc., the leader in stopping today's new breed of cyber attacks, today announced the FireEye Fuel Partner Program to better serve a growing ecosystem of partners that rely on the FireEye threat protection platform. The FireEye platform expands the breadth and depth of solutions that can address critical Web, email, and file security problems for enterprises and government agencies. The new Fuel program further enables partners to become the trusted security advisor to organizations while accelerating their opportunities in the threat protection market

BitDefender offers 'hardened' Safepay web browser for free (FierceCIO: TechWatch) Security vendor BitDefender has announced the availability of an application that helps users access the web in a more secure way. The "hardened" Safepay works as an application that houses a custom web browser that is based on the open source Chromium project

Dell's Ophelia USB-sized computer could debut soon (FierceCIO: TechWatch) It appears that Dell's "Project Ophelia" is currently shipping to beta testers, and the company is preparing for the final product to ship in the coming months, according to a report on TechCrunch

Internet privacy in an age of surveillance (C/NET) Reassert your expectation of online privacy by using Internet services that promise to protect your confidentiality

ThreatConnect Launches Collaborative Threat Intelligence Platform (ThreatConnect News) ThreatConnect, a Cyber Squared solution, announced today the official launch of its collaborative threat intelligence platform. The ThreatConnect Platform is a unique combination of powerful analytical tools that assist in finding and analyzing threat indicators and community-based sharing features that enable communication and collaboration on emerging threats

Apple iOS 7 Ready For Fingerprint Scanner (InformationWeek) Forthcoming iPhones may authenticate valid users via a fingerprint scanner in the Home button

BlackHat: Researcher to Present Details of New Automated Malware Capability Detection System (Symantec) Companies in our field of business have long wished for a better way of discovering and describing malware capabilities than the current system. Such a system would be of great benefit to everyone who has to deal with malware and the damage they can cause. While there is currently a whole spectrum of techniques used to discover the functionality of malware, ranging from the most basic to the more advanced, most fall short because they don't describe the malware in a very complete way

Google To Supply Free Wi-Fi Hotspots For All 7,000 U.S. Starbucks Locations (TechCrunch) Google has just announced via a blog post that it will be offering free, faster Wi-Fi hotspots at all U.S. company-operated Starbucks locations, which will get up and running sometime within the next 18 months. Google says that its speeds should beat the existing hotspots at the coffee shops by at least 10x, and in Google Fiber cities like Kansas, that should jump to a 100-fold boost

New Free Service Cracks Weak Passwords (Dark Reading) Praetorian this week launched a free, cloud-based password auditing service that ferrets out weak passwords and hashes

Technologies, Techniques, and Standards

Security Vendors: Do No Harm, Heal Thyself (Krebs on Security) Security companies would do well to build their products around the physician's code: "First, do no harm." The corollary to that oath borrows from another medical mantra: "Security vendor, heal thyself. And don't take forever to do it!

Guide to Malware Incident Prevention and Handling for Desktops and Laptops (National Institute of Standards and Technology) Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim's data, applications, or operating system. Malware is the most common external threat to most hosts, causing widespread damage and disruption and necessitating extensive recovery efforts within most organizations. Organizations also face similar threats from a few forms of non-malware threats that are often associated with malware. One of these forms that has become commonplace is phishing, which is using deceptive computer-based means to trick individuals into disclosing sensitive information

Seven myths of corporate IT security (Kaspersky Lab Business) Myths and prejudices are inevitable companions to any branch of knowledge, and the information security sphere is no exception, no matter how practical it is. This article will briefly touch upon the seven most popular myths of protecting corporate infrastructure and ensuring data integrity

Research and Development

A breakthrough in cryptography could thwart a favorite attack of hackers (Quartz) Microsoft, Apple, and every maker of mobile and desktop apps on the planet all have a problem: The moment they issue a security "patch," or an update to their software designed to plug a hole that could be exploited by hackers, those same hackers work feverishly to reverse-engineer that patch in order to figure out what vulnerability it's designed to stop. Armed with that knowledge, malicious hackers can then attack whatever PCs, servers or mobile phones have yet to update their software with the new patch

New Software Obfuscation Throws Wrench Into Reverse Engineering (Threatpost) Researchers at UCLA said they've developed a game-changing obfuscation mechanism that will put a dent in hackers' efforts to reverse engineer patches and understand how an underlying piece of software works

Ayasdi Analyzes Shape Of Big Data (InformationWeek) Startup melds rarefied mathematics discipline of topological analysis with machine learning techniques to glean insights from huge data sets. Topology is a subset of mathematics that focuses on the study of shapes. The term dates back to the 19th century, but scholars were writing treatises on the subject at least a century before that. Topology isn't new, but using it to analyze and understand big data is a novel idea -- one that could empower business users to find value in very large data sets without having to consult data scientists or write algorithms or models

Metronome Software aims at cyber and mobile app security for DARPA Transformative Apps (Military & Aerospace Electronics) U.S. military researches have awarded another contract aimed at placing the right mobile software applications into the hands of warfighters for use on rugged smartphones and tablet computers -- this one involving cyber security and mobile applications security. Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., awarded a $1.8 million contract earlier this month to Metronome Software LLC of Laguna Hills, Calif., for cyber security and app security as part of the DARPA Transformative Apps program

Academia

Cyber STEM Academy is K-12 'learning environment' from Immersive 3D (Technical.ly Baltimore) Cyber STEM Academy is a "plug-and-play platform" for integrating a school's existing math and science curriculum into a 3D laboratory. In a few months time, and with a few clicks, elementary and high school students in the Baltimore region could be learning about the principles of heat transfer and robotics in a wholly online environment

Legislation, Policy, and Regulation

Two years later, Senator's criticism of NSA spying sinks in (Ars Technica) Sen. Ron Wyden (D-OR) talks to Ars about the NSA, FISC, and more. As a series of top-secret NSA documents have been leaked over the past several weeks, the issue of widespread government surveillance has been front-and-center in the public eye. For some, those documents were shocking revelations; for privacy activists and digerati who have followed cases like Jewel v. NSA, they were less surprising than they were useful. The documents leaked by a former NSA contractor offered solid confirmation of what had long been suspected—that the NSA had created a giant information vacuum sucking up all manner of data

Senator calls telephone surveillance violations 'more troubling' than NSA admits (NBC News) Sen. Ron Wyden says "violations" of the National Security Agency's program of bulk collection of telephone call data have been "more troubling than the government has stated." In an interview on MSNBC's "Andrea Mitchell" show, Wyden, a member of the Senate Intelligence Committee, said there were "violations of court orders" by the NSA

NSA Surveillance Scandal: All Personal Records Are Relevant Is A Slippery Legal Theory To Stand On (International Business Times) Ever since the USA Patriot Act was rushed through in the immediate aftermath of the Sept. 11, 2001, attacks, some members of Congress have had buyer's remorse, realizing over the years that they gave the executive branch and especially spy agencies too much latitude to snoop on Americans' personal information. Hoping to rein in surveillance networks, in 2006 Congress placed a limit on the so-called personal business records that federal agencies can amass

Congressman Decries "Political Demagogues" Who Threaten Security Measures (SIGNAL Magazine) Many elected officials who opposed the National Security Agency's (NSA's) broad surveillance efforts were "demagogues" who did not know the real issues involved, said a member of the House Permanent Select Committee on Intelligence. Rep. Mac Thornberry (R-TX) told the morning audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the people in the House who voted to cut funding for the NSA's surveillance efforts preferred taking a stand to understanding the situation. Those who voted against cutting the NSA's funding were the people who've been getting the intelligence briefings

Mend But Don't End The NSA Data Programs (Washington Post) The National Security Agency (NSA) program based on section 215 of the USA Patriot Act, which collects phone numbers and related data, is often called a "surveillance program" or a program to "listen to phone calls." It is neither. Rather, this program collects only phone numbers and the duration and times that calls are made. When the NSA learns of a number used by a terrorist connected to al-Qaeda, it can search its database of phone records

Washington State Turns Up the Privacy for Social Media (Law Technology News) On Sunday, Washington will officially become the 11th state to enact a law prohibiting employers from asking employees for their personal social media credentials

Report recommends cyber-security white paper within a year (ABC) A new report by the Australian Strategic Policy Institute recommends the incoming government develop a white paper focusing on the country's cyber-security policy within one year

Government develops cyber security policy (Modern Ghana) The government is developing a national cyber security policy framework and strategy to deal with cyber threats, Ms Victoria Hamah, Deputy Minister of Communications, said on Monday

Moscow Metro says new tracking system is to find stolen phones; no one believes them (Ars Technica) Experts: Russians are probably using fake cell tower devices for surveillance. On Monday, a major Russian newspaper reported that Moscow's metro system is planning what appears to be a mobile phone tracking device in its metro stations--ostensibly to search for stolen phones

Litigation, Investigation, and Law Enforcement

Global Organized Crime as Big as a G20 Nation: Australia (SecurityWeek) Organised crime is so big globally that were it a country, it would be part of the G20 group of major economies, the Australian government said Tuesday

Edward Snowden and his allegedly drained laptops (Washington Post) The notion that former National Security Agency (NSA) contractor and world-famous leaker Edward Snowden somehow allowed Chinese officials to suck all

Administration To Reveal Order On Phone Records Ahead Of Hill Hearing (Washington Post) The release is set to come in advance of a hearing of the Senate Judiciary Committee at which officials from the Justice Department, the NSA and the Office of the Director of National Intelligence will face questions about NSA surveillance programs and the collection of Americans' communications data

U.S. Spy Program Lifts Veil In Court (Wall Street Journal) The Justice Department acknowledged for the first time in a terrorism prosecution that it needs to tell defendants when sweeping government surveillance is used to build a criminal case against them. The about-face, contained in a Tuesday court filing, marks another way in which the Obama administration is adjusting to revelations by former National Security Agency contractor Edward Snowden about phone and Internet surveillance by the NSA

Snowden's Father Offers Firm Defense Of His Son (Washington Post) The FBI tried to enlist the father of National Security Agency leaker Edward Snowden to fly to Moscow to try to persuade his son to return to the United States, but the effort collapsed when agents could not establish a way for the two to speak once he arrived, Snowden's father said Tuesday

His Plea Deal Largely Rejected, Bradley Manning Convictions May Mean More Than A Century In Prison (Forbes) Bradley Manning may have been happy to hear in his court martial ruling Tuesday that he didn't "aid the enemy" with his release of hundreds of thousands of classified files to WikiLeaks. But with his plea deal largely rejected and 136 years in prison still looming as a maximum sentence for the 19 other charges on which he was found guilty, any ideological victory may be cold comfort

Bradley Manning Convicted Of 19 Counts Including Espionage, Faces Up To 136 Years In Prison (Business Insider) Bradley Manning, who orchestrated the largest leak of classified information in U.S. history, has been acquitted of the most serious charge of aiding the enemy. Military judge Col. Denise Lind convicted Manning of 19 other charges, including five counts of violating the espionage act

How the Bradley Manning Verdict Avoided a Serious Chill on Whistleblowing (Nextgov) On Tuesday, Judge Col. Denise Lind convicted Army Pfc. Bradley Manning of many major charges, but Manning dodged the big one: "aiding the enemy." That charge would have come with a possible life sentence. The conviction still includes 5 charges under the Espionage Act, and Manning could face a long sentence of over 100 years. Manning had previously pled guilty to 10 of the lesser 22 charges against him, pleading not guilty to the most serious, aiding the enemy charge. The full extent of the conviction is still coming in from the court. Sentencing in the case will begin Wednesday morning

Manning Verdict Redefines 'Traitor' (USA Today) The trial of Army Pfc. Bradley Manning challenged the traditional definition of what defines a traitor. The classic case of a mole leaking sensitive documents to a foreign country has been replaced by a junior analyst releasing troves of data to the public with a few key strokes

Manning Damage Has Fallen Well Short Of Worst U.S. Fears (Reuters.com) Accused of the nation's biggest-ever security leak, U.S. soldier Bradley Manning was vilified by the government for causing irreparable damage to American national interests. In retrospect, the harm he caused seems to have been overplayed

Manning Deserves Nobel Peace Prize (USA Today) Whistle-blowers like him hold government accountable

Report to the President: MIT and the Prosecution of Aaron Swartz (Massachusetts Institute of Technology) On January 6, 2011, Aaron Swartz was arrested by the MIT Police and an agent of the U.S. Secret Service, accused of breaking and entering for events that occurred on the MIT campus. In July 2011 he was charged in a federal indictment with multiple felony offenses, specifically violations of the Wire Fraud Act and the Computer Fraud and Abuse Act. On January 11, 2013, Aaron Swartz's partner found him dead in their New York apartment, a victim of suicide

MIT clears itself of responsibility for Aaron Swartz's prosecution (The Register) Father says the university failed its 'moral obligation' to his son. Six months after the suicide of internet activist Aaron Swartz, MIT has released a 182-page report into the university's involvement in his arrest and prosecution, and has determined that it did nothing wrong

Volkswagen silences talk about security flaws in luxury cars (Graham Cluely) A security researcher is barred from talking about flaws in luxury car security systems, after Volkswagen applies for a court injunction

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

AFCEA Global Intelligence Forum (Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence...

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...

Third Annual SINET™Innovation Summit (New York, New York, USA, August 6, 2013) SINET™, the premiere community builder and innovation catalyst for the Cybersecurity industry hosts their third annual Innovation Summit at Columbia University on August 6th. SINET programs are where the...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...

AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...

AIAA Aviation 2013 (Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...

Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...

A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

cybergamut Technical Tuesday: A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

Resilience Week 2013 (San Francisco, California, USA, August 13 - 15, 2013) The 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.