Reports in the Guardian that the US National Security Agency (NSA) is receiving Verizon phone records under warrant are followed by new surveillance revelations.
Late yesterday US Director of National Intelligence James Clapper confirmed the existence of PRISM, an electronic surveillance program conducted under the Foreign Intelligence Surveillance Act. After paying tribute to the value of the information collected, Clapper offered reassurance: "[PRISM] cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States." Big data connoisseurs think "intentionally" mitigates the reassurance, but Clapper insists PRISM and the Intelligence Community fully respect civil liberties.
The Washington Post reports that NSA has access to servers at Google, Apple, Facebook, Dropbox, Microsoft, Yahoo, Paltalk, and AOL. All but the last two deny cooperating with the agency. (Paltak and AOL haven't commented.) Notably absent from the list is Twitter, consistent with that company's stiff-necked reputation with respect to privacy.
Observers note such electronic surveillance is very widespread globally.
Allegations of pervasive US Internet surveillance have two immediate international implications. First, they render the position of US tech companies in overseas markets difficult—analysts watch for customers bailing to escape NSA's alleged net. Second, they embarrass President Obama before his summit: Chinese spokesmen note PRISM confirms longstanding accusations of American cyber espionage. (Nonetheless, Congress continues advancing legislation against Chinese cyber operations.)
Elsewhere in the world, Britain tries to disentangle itself from Huawei, and Europe prepares to scratch its chronic dirigiste itch by revisiting net neutrality.
Today's issue includes events affecting Australia, Bahrain, Belgium, China, European Union, Luxembourg, Netherlands, Russia, United Kingdom, United Nations, United States..
Google, Facebook, Microsoft, others allegedly allow the US government to "watch your ideas form as you type"(Quartz) The Washington Post is reporting that a "horrified" career intelligence office has provided slides detailing a secret US government spying program in which the US National Security Agency (NSA) and the FBI allegedly have direct access to the servers of Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube and Apple. (Update: NBC says it has confirmed PRISM's existence with anonymous sources, but "a government official says it is a data collection program rather than a data mining program." Which may be so, though if one collects data, one can always mine it afterwards at one's leisure.) Here are the alleged details, as reported so far by the Post and the Guardian
U.S. Government: Reports About PRISM Contain "Numerous Inaccuracies"(TechCrunch) After the flurry of reports about the NSA's alleged PRISM surveillance program earlier today, the U.S.'s Director of National Intelligence James R. Clapper just released an official statement. According to Clapper, "The Guardian and The Washington Post articles refer to a collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous
Apple to Yahoo Deny Providing Direct Access to Spy Agency(Bloomberg) U.S. technology providers from Apple Inc. (AAPL) to Yahoo! Inc. (YHOO) said they don't give the U.S. government direct access to their systems, responding to newspaper reports of a top-secret electronic surveillance program
U.S. Says It Gathers Online Data Abroad(New York Times) The federal government has been secretly collecting information on foreigners overseas for nearly six years from the nation's largest Internet companies like Google, Facebook and, most recently, Apple, in search of national security threats, the director of national intelligence confirmed Thursday night
NSA 'top secret' spying order affects millions of Americans: FAQ(ZDNet) The U.S. government is vacuuming up millions of Verizon customer records on a daily basis, according to a leaked "top secret" court order. Here's everything you need to know. The Guardian newspaper revealed exclusively on Wednesday that the U.S. National Security Agency (NSA) has and continues to vacuum up millions of Verizon customer details, including information on phone calls both within the U.S. and between the U.S. and other countries
How total could US government surveillance be?(Quartz) Amid revelations (confirmed) that the US National Security Agency has been collecting basic data on most of the phone calls made in the US, and new claims (so far strenuously denied) that it can directly pull users' information from most of the biggest online firms, one inevitably wonders what else it might be monitoring
Panopticon at Fort Meade(National Review) Late Wednesday night, the website of the British broadsheet The Guardian broke the news that the National Security Agency (NSA) has been monitoring the phone activity of millions of Verizon cell-phone customers. Under a warrant approved by a Foreign
The NSA whistleblower who guessed exactly what was going on, six months ago(Quartz) Last December in an interview with Russia Today (video above), former NSA crypto-mathematician William Binney disclosed the extent to which he believed the US government was not only capable of, but actively engages in spying on internet data and web activity across the country. Binney said that the FBI has access to the emails of everyone in the US, holds a target list and monitors every email to and from those contained on the list
Always Outmanned, Always Outgunned(Threatpost) We were warned. Over and over again. Not just by privacy advocates and by security experts and by civil liberties organizations and by the guy on the corner in the tin foil hat shouting about the government intercepting his brain waves. We were warned by some of the very people charged with overseeing the administration's efforts to expand its domestic intelligence gathering capabilities. We were warned by politicians
The NetTraveler (AKA 'TravNet')(Securelist) This report describes multiple cyber-espionage campaigns that have successfully compromised more than 350 high profile victims in 40 countries. The focus of the paper is to describe NetTraveler, which is the main tool used by the threat actors during these attacks
#OpTurkey: Anonymous Hacks Fox Entertainment Turkey & Vodasoft, Leaks account(Hack Read) Just an hour ago a well known Anonymous hacker going with the handle of @AnonsTurkey on Twitter has hacked into the official websites of Fox Entertainment Turkey (fox.com.tr) and a Turkish based call center VodaSoft (vodasoft.com.tr). @AnonsTurkey who is very active these days for #OpTurkey, managed to breach the servers of both websites, ending up with leaking confidential information
Supposed zero-day exploit for Plesk(The H) The hacker known as KingCope has taken to the security mailing list Full Disclosure to publish what seems to be a zero-day exploit for Plesk, the hosting software package made by Parallels. KingCope says that the exploit uses specially prepared HTTP
Plesk 0-day: Real or not?(Internet Storm Center) Yesterday, a poster to the full disclosure mailing list described a possible new 0-day vulnerability against Plesk. Contributing to the vulnerability is a very odd configuration choice to expose "/usr/bin" via a ScriptAlias, making executables inside the directory reachable via URLs
Microsoft Cyber-Fraud Sting Reveals Resistant Malware Strain(American Banker) An analysis of Microsoft's (MSFT) takedown of a cyber fraud ring that stole hundreds of millions of dollars from bank accounts brings to light the growing sophistication of malware and keylogger makers, who mostly manage to stay a step ahead of antivirus software designers and corporate security officers
The most sophisticated Android Trojan(SecureList) Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated
DoS-in Your Database(Dark Reading) When I started writing SQL, I was never worried about security; I was worried that I would write a bad query that would crash the database. And it was really easy to write SQL that would consume 100 percent of the CPU power or cause disk drives to bottleneck. Queries with outer-joins, cartesian products, and complex comparison operations coupled with full tables scans could pretty much kill any database
Smart TVs vulnerable to a host of attacks(Help Net Security) Smart (connected) TVs are becoming a common fixture in Western world homes, and most users consider it a handy tool and an improvement over the basic television sets of yesterday. But most of them are
Sale of state databases puts patient info at risk(FierceHealthIT) Hospital data compiled by states and sold to researchers, marketers and others could be used to identify patients when combined with other publicly available information, according to a recently published investigation by Bloomberg. The year-long investigation found that public health databases can be paired with news stories and other information to identify patients
Fake Mt. Gox pages aim to infect Bitcoin users(Help Net Security) Mt. Gox is the the largest Bitcoin exchange in the world, and as such it and its users are being repeatedly targeted by attackers. Some two months ago, it battled a massive DDoS attack that was
Cyber attack strikes Raley's grocery chain(SFBay) A major Northern California grocery store chain is urging customers to check their credit card and bank statements after the chain's computers appeared to have been hit in a cyber attack. Officials at Raley's said Thursday a portion of the grocer's
Security Patches, Mitigations, and Software Updates
Microsoft to release five bulletins next week(Help Net Security) Microsoft released advance notification for next week's Microsoft patch and it looks like we're getting only five bulletins. We received several comments on what we can expect on Tuesday
Democracy, autocracy, or people's republic: your information is fair game for everyone(Quartz) A headline in this morning's Financial Times informed us that "UK fears grow over China's potential to eavesdrop," in reference to yesterday's release of a British intelligence committee report into the security risk posed by Huawei, the giant Chinese telecoms firm that is now deeply embedded in Britain's telecoms infrastructure. China is a great bogeyman. Surely those of us who live in modern democracies could never trust those secretive communists who spy on their own people and censor candle emoticons. But what China does quite openly, Western governments do through secret yet "entirely legal" programs, as recent bombshells about surveillance by the US National Security Agency have shown. And it isn't just America that is unable to resist snooping. Everyone is at it
Secrecy hampers battle for web(Financial Times) There is an economy you will not find measured in the pages of the FT. It is a place where goods are traded and alliances formed. Margins are high and business is good - there is no tax, no regulation, no crisis nor recession. Growth is assured. It is here that cyber criminals, terrorists and even some governments ply their trade. It is a marketplace where anything from credit card details to an attack on critical infrastructure can be bought and sold
FireEye Announces Australian Cybersecurity Findings (PRWire) FireEye®, Inc., the leader in stopping today's new breed of cyber attacks, has announced findings from a comprehensive survey of the state of Australia's cybersecurity as seen by executives and technical staff across a range of organisations
Will users outside the US disconnect their Google, Facebook, Yahoo, AOL, Microsoft and Apple accounts now?(Quartz) If the Guardian and Washington Post are correct, the US government has direct access to the servers of Google, Facebook, Yahoo, AOL, Skype and Apple, and is pulling data from them which is then filtered for "foreignness." It's a program allegedly designed to look for terrorists who are using these services, but because of the nature of the wide net being cast, it's very likely that it's turning up orders of magnitude more false positives than real terrorists
USAF adding more cyberexperts(UPI) At the end of April, Air Forces Cyber, a component of the U.S. Cyber Command, opened a 46,000-square-foot headquarters and operations center for plans and operations capabilities and coordination with integrated personnel from law enforcement, the
NSA Building $860 Million Data Center in Maryland(Data Center Knowledge) The construction at Fort Meade will see investment of $400 million in fiscal 2013 and $431 million in fiscal 2014. Up to 6,000 workers will be involved in the construction and development phase, the NSA said. Scheduled for completion in 2016, the
Google-like search comes to Hadoop(FierceBigData) Before one can analyze data, one has to find it. In the large, multisource database known as Hadoop, searching for data has never been as easy as it should be, given the contributions of developers who got their start with giant search engines such as Google's. And while some companies have used publicly available data on the basics of Google (NASDAQ:GOOG) search technology to develop similar engines, according to Wired this week, others are taking bigger steps
PC Advisor Awards 2013: Best Security Software(PC Advisor) Bitdefender Internet Security 2013 is an internet security suite that offers excellent protection and a user-friendly interface. Bitdefender does have some mild scanning-speed issues, but otherwise it's an easy-to-use suite that gives you several nice
EventTracker Partners with Namtek(SF Gate) EventTracker, a leading provider of comprehensive SIEM solutions, announced today that Namtek Corp. (Namtek) has joined the Solution Partner Program at the Premier level. Namtek will be a value-added reseller of EventTracker's comprehensive suite of SIEM and log management solutions, which offer security, operational, and regulatory compliance monitoring
Technologies, Techniques, and Standards
100% Compliant (for 65% of the systems)(Internet Storm Center) At a community college where I'm helping out whenever they panic on security issues, I recently was confronted with the odd reality of a lingering malware infection on their network, even though they had deployed a custom anti-virus (AV) pattern ("extra.dat") to eradicate the problem. Of course, these days, reliance on anti-virus is somewhat moot to begin with, our recent tally of fresh samples submitted to VirusTotal had AV lagging behind about 8 days or so. If you caught a keylogger spyware, 8 days is plenty to wreak havoc. I usually compare today's AV to the coroner in CSI, he can probably tell what killed you, but won't keep you alive
Are you resilient to the main causes of cloud outages?(TrendMicro Cloud Security Blog) The Cloud Security Alliance recently released a white paper on cloud computing vulnerability incidents spanning the last five years. They looked at more than 11 thousand news articles regarding cloud computing-related incidents to determine the top reasons behind outages. Did you know 64 percent of the outages can be attributed to one of three causes
How to secure your Facebook profile(TrendMicro Countermeasures Blog) Time passes and Facebook changes, this is a law as immutable as gravity. I have updated my Facebook privacy guide from the 2011 edition to give you a step-by-step walkthrough of every important configuration screen and an explanation of how each important function really works
Matching Protection Criteria to the Next Wave of Threats(Security Week) It seems that nearly every five years we're faced with a new cycle of threats - from viruses to worms to spyware and rootkits. Today we find ourselves combatting the latest wave - advanced malware, targeted attacks and advanced persistent threats (APTs). While these threats have demonstrated themselves to be more damaging than any in their wake, technologies are available to deal with them. We just need to select the right ones and apply them correctly
Design and Innovation
A brief history of the US government's awful graphic design(Quartz) The revelation that major US technology companies are participating in a National Security Administration surveillance program was shocking enough. And that was before we saw the top-secret slides used by the government to describe the spying operation. They are, to put it mildly, heinously ugly
New schools competition launched by Cyber Security Challenge UK(InfoSecurity) With Brian Higgins, formerly of the Serious Organized Crime Agency (SOCA) as the first Schools Programme Manager, Cyber Security Challenge UK, the Cabinet Office and industry sponsors have joined forces to bring code breaking into schools
3 Keys To Gamification For Education(InformationWeek) Gamification is hot, but many attempts at educational games fall flat. Designers, parents and teachers should keep these three success factors in mind
What other countries can learn from Britain's experience with China's Huawei(Quartz) Britain finds itself in an uncomfortable position: It doesn't like the fact that Huawei, a large Chinese firm that manufactures telecoms equipment, is deeply embedded in what Britain calls its "critical national infrastructure," which includes energy supply pipelines, transportation infrastructure, water supplies, and telecommunications networks. But there is nothing it can do
EU net neutrality plan coming(FierceGovIT) European Union Digital Agenda Commissioner Neelie Kroes announced that she will soon introduce proposals to the EU College of Commissioners that will prevent Internet service providers in Europe from blocking customers' access to competitors' services
Sweep of digital wiretapping too broad, says human rights report(FierceGovIT) United Nations special rapporteur on free expression Frank La Rue in an unusual report says that governments must update their communications surveillance legal regimes in light of technology that enables states to conduct "simultaneous, invasive, targeted and broad-scale surveillance" to a degree greater than ever before
Task force calls for stronger U.S. international engagement on cyber issues(FierceGovIT) A task force sponsored by the Council on Foreign Relations calls on the United States to build an alliance for cybersecurity with like-minded actors. The task force - charged with making recommendations for the defense of an open global Internet and co-chaired by John Negroponte, a former diplomat and director of national intelligence, and Samuel Palmisano, the former chief executive officer of IBM - issued June 6 a final report
HASC approves anti-China equipment language in fiscal 2014 NDAA(FierceGovIT) The House Armed Services Committee approved June 6 a national defense authorization act for the coming fiscal year that includes language critics say would likely lead to the exclusion of Chinese-manufactured electronic parts from the defense industrial base, including in unclassified networks
NSA surveillance just gave China's president the perfect come-back line(Quartz) The timing for Barack Obama couldn't be worse. Just as he meets for the first time to forge a new diplomatic relationship with his Chinese counterpart, President Xi Jinping, a series of exposes on the secret surveillance programs of the US National Security Agency has presented a major distraction and eroded America's moral high ground
China Claims "Mountains of Data" Pointing to U.S. Hacking(Security Week) After months of accusations that China was backing extensive cyber-espionage operations against the United States, a top Internet security official in China said it had evidence of U.S. was attacking Chinese targets, too. "We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem," said Huang Chengqing, director of the National Computer Network Emergency Response Technical Team/Coordination Center of China, known as CNCERT, told the government-run China Daily newspaper on Wednesday
US prepares for cyber warfare against China and others(Firstpost) Most of Cyber Command's new troops will focus on defence, detecting and stopping computer penetrations of military and other critical networks by America's adversaries like China, Iran or North Korea. But there is an increasing focus on offense as
Opinion: Threat requires a creative response(Financial Times) And, last month, the US Department of Homeland Security issued an alert to US critical infrastructure companies warning of a heightened risk of a destructive cyber attack. Second, distributed denial of service (DDoS) attacks, have become increasingly
Secret Intelligence Fuels US Hacking Fight With China(Businessweek) That's when a set of key intelligence breakthroughs and devastating attacks, including a breach of Google Inc. (GOOG)'s computers, reshaped the White House view of China's cyber spying. Although public information about the breach at
US to freeze assets of hackers, throw them out of the country(ZDNet) Lawmakers in the U.S. have proposed legislation which will deny hackers entry to the United States and freeze the assets of foreign nationals. The Cyber Economic Espionage Accountability Act was revealed on Thursday, and allows U.S. authorities to "punish criminals backed by China, Russia or other foreign governments for cyberspying and theft"
President Obama Visiting Silicon Valley Tonight, As Reports Of NSA's Tech Spying Come To Light(TechCrunch) President Obama's official schedule indicates that he is currently aboard Air Force One and en route to the San Francisco Bay Area for private events being held tonight with some of Silicon Valley's most elite players. The president's visit comes within hours of massive new revelations about the United States National Security Administration's reported collection of personal user data from
James Clapper Clarifies Remarks Over NSA Snooping(National Journal) Director of National Intelligence James Clapper said Thursday that he stood by what he told Sen. Ron Wyden, D-Ore., in March when he said that the National Security Agency does not "wittingly" collect data on millions of Americans
Lawmakers Defend, Criticize NSA Collection Of Phone Logs(Washington Post) Growing evidence of far-reaching federal surveillance of the phone records and Internet activity of millions of Americans reignited the debate Thursday about how aggressively the federal government uses its surveillance powers to protect against terrorist attacks
Agency Knows Much About Public, But We Know Little About It(Washington Post) Charged primarily with electronic spying around the globe, the NSA collects billions of pieces of intelligence from foreign phone calls, e-mail and other communications. But in the past two days, the focus has shifted to its role in compiling massive amounts of the same information on millions of ordinary Americans
On Spying, A Deficit Of Trust(TechCrunch) After it was revealed that the National Security Administration was collecting phone records of every single U.S. call on the Verizon network, even President Obama's most ardent supporters are losing faith that he would usher in a more transparent government. Loyal Democrat, former Vice President and Internet inventor, Al Gore called the NSA's massive spying program "obscenely
Lawmaker: ACA-mandated data hub a privacy nightmare(FierceHealthIT) A data services hub mandated by the Affordable Care Act that will be used to connect state health insurance exchanges with federal agencies poses a significant threat to privacy and security, one Republican lawmaker said this week
The Secret Law Behind NSA's Verizon Snooping(Bloomberg) How, exactly, could the government to order a Verizon division to provide records of all calls -- that's right, all -- to or from the U.S. on an ongoing basis? The answer is secrecy -- but not just in the way you think. It's not only that the highly classified request was made to and approved by a highly classified court. But the legal interpretation of the 2001 Patriot Act that the court appears to have used was itself classified. In other words, there was no way for the public to know what the courts believed the law to mean. And that reality runs counter to the most basic principles of democracy and the rule of law
Who should pay when big data incites panic?(FierceBigData) Falsely shouting "fire" in a crowded movie theater is not just a matter of the limits of free speech, it is a matter of public safety. In some states, Ohio for example, inducing panic is a second degree felony punishable by two to eight years in prison and a $20,000 fine
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Navigating the Affordable Care Act(Elkridge, Maryland, USA, June 12, 2013) A workshop for government contractors, the sessions are expected to have some relevance to health care information security and assurance.
Pen Test Berlin 2013(Berlin, Germany, June 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations...
CyCon 2013: 5th International Conference on Cyber Conflict(Tallinn, Estonia, June 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical,...
29th Annual INSA William Oliver Baker Award Dinner(Washington, DC, USA, June 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.
2013 Cybersecurity Innovation Expo(Baltimore, Maryland, USA, June 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and...
CISSE 17th Annual Colloquium(Mobile, Alabama, USA, June 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
3rd annual Cyber Security Summit(, January 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year,...
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
Suits and Spooks La Jolla 2013(LaJolla, California, USA, June 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris(Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...
2013 ICAM Information Day and Expo(Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now(Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium.
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.