The US National Security Agency's PRISM program continues to dominate cyber news. See Director of National Intelligence Clapper's official statement (and the accompanying factsheet) for background. He maintains (as even legal observers with a strong libertarian bent generally concede) that the program is fully legal, properly disclosed, and fenced with privacy safeguards. Consult various op-eds for mixed reaction to the program as a matter of policy.
The leaker, who outed himself over the weekend, is currently in Hong Kong, whence the US is widely expected to extradite him.
Companies named in PRISM reports, especially Google, strongly deny that NSA has or had direct access to their servers. Industry analysts continue to debate the economic impact of the program's disclosure. Security observers point out the episode reteaches an old-lesson: low-level employees often pose the greatest security risks.
Officials in the UK face Parliamentary questions over the Government Communications Headquarters' (GCHQ) alleged involvement with PRISM. The Sino-American summit wrapped up as expected, with the US talking a hardline on cyber with China, and with China piously averring its commitment to being a good cyber neighbor.
Elsewhere in the world Israel's prime minister Netanyahu says that Iran has increased its operations against Israeli networks. The Syrian Electronic Army (in this respect viewed as an Iranian sock puppet) claims its attack on Haifa's water system was in fact successful, not thwarted as Israel claimed.
IPv6, not yet widely adopted, has already become a target for hackers.
Tomorrow's Patch Tuesday will include fixes for Macs.
Today's issue includes events affecting Algeria, Australia, China, India, Iran, Israel, Republic of Korea, Nigeria, Pakistan, Saudi Arabia, Syria, United Kingdom, United States..
Syrian hackers say attack on Haifa facilities was successful(Ynetnews) Two weeks after Yitzhak Ben-Yisrael, chairman of the National Council for Research and Development, said Syrian Electronic Army's hackers attempted two weeks ago to launch a cyber attack against Haifa's water system, failing, the semi-official Iranian
Saudi Arabian Ministry of Higher Education Websites Hacked by Algerian Hacker(Hack Read) An Algerian hacker going with the handle of DZ27 has hacked and defaced two sub-domains of Saudi Arabian Ministry of Higher Education (mohe.gov.sa) four days ago. Targeted domains belongs to the site's login management system were left defaced with Algerian flag along with a short note and contact email, yet the main reason for targeting the ministry sites was not mentioned anywhere. Hacked by DZ27
India loses 22GB data to cyber attack(Deccan Chronicle) India is estimated to have lost at least 22 giga bytes of data in the slew of cyber attacks it has seen of late targeted at various high-profile individuals and organisations. Reported to be operational since 2004, cyber attackers have till
IPv6 Under Attack?(eSecurity Planet) Although IPv6 is still not widely adopted, the Internet is seeing the first signs of IPv6-based attacks. A year ago the world celebrated World IPv6 Launch Day, which was supposed to be the day IPv6 was activated by major Web operators and service providers. At the time of the launch, there were concerns about
Facts on the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act(Office of the Director of National Intelligence) PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. Section 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008
No evidence of NSA's 'direct access' to tech companies(CNET) Update, June 8 at 2:45 p.m. PT: In response to outcry over PRISM, the U.S. Director of National Intelligence has released some details. Among other things, he says the government "does not unilaterally obtain information from the servers of U.S. electronic communication service providers" and that PRISM-related activities are conducted "under court supervision"
NSA Claims Know-How To Ensure No Illegal Spying(New York Times) The supersecret agency with the power and legal authority to gather electronic communications worldwide to hunt U.S. adversaries says it has the technical know-how to ensure it's not illegally spying on Americans
Technology Emboldened The NSA(Wall Street Journal) Key advances in computing and software in recent years opened the door for the National Security Agency to analyze far larger volumes of phone, Internet and financial data to search for terrorist attacks, paving the way for the programs now generating controversy
U.S. Collects Vast Data Trove(Wall Street Journal) The National Security Agency's monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency's activities
Google ups (some) bug bounties(Help Net Security) Google has once again decided to raise the sums that researchers can earn by offering information about bugs in the company's web services and properties (YouTube, Blogger, Orkut, Google Search
Backup and recovery problems exposed(Help net Security) A Veeam survey of 500 SMBs across the USA and Europe found that they are experiencing significant issues with the cost, complexity and lack of capabilities of their data protection for virtual environments
Cyber worries keep widening(Fleet Owner) Following the cyber attacks, 72% of those businesses were not able to fully restore their company's data. In a separate study on data breaches, the Ponemon
Privacy experts: Health data security efforts too reactive(FierceHealthIT) Privacy experts spoke about their data breach experiences Thursday at the Healthcare Privacy Summit in Washington, D.C., agreeing that what they've experienced likely is just the beginning for what's possible in security fissures at healthcare organizations
Pentagon's Cybersecurity Plan Calls for $23 Billion Through 2018(Businessweek) Army General Keith Alexander, who leads the Cyber Command, told the House Armed Services Committee in March that his organization is working to change doctrine and training so that combat commanders "'can think, plan and integrate cyber" just as they
The Whistleblower's Company(Daily Beast) Booz Allen Hamilton's major clients include, according to the company, "the Department of Defense, all branches of the U.S. military, the U.S. Intelligence Community, and civil agencies such as the Department of Homeland Security, the Department of
The US government is secretly mining data. Now what?(FierceCIO: TechWatch) United States intelligence agencies have been secretly mining data from major Internet companies based in the U.S. This was reported by the Washington Post, who published the story after receiving top-secret documentation from an intelligence officer horrified by the broad capabilities of the "PRISM" program
Is Prism Going To Harm US High-Tech Exports?(Slate) The legal and policy arguments around the PRISM program through which the NSA snoops into the datastream of major American high-tech companies are primarily going to focus on the treatment of American residents and citizens. There doesn't really appear to be much in the way of a debate as to whether it's legal or appropriate to be spying on foreigners without warrants or probable cause
NSA Scandal: Is Palantir's Prism Powering PRISM?(International Business Times) This is the same Palantir that the Wall Street Journal wrote in 2009 had "designed what many intelligence analysts say is the most effective tool to date to investigate terrorist networks." The article describes how Palantir made a tool that can easily
Verizon security chief used to be high level official at FBI(Daily Caller) At Verizon, he oversees and coordinates "global security efforts throughout Verizon and all its business units, including enterprisewide security strategy and programs, physical security, cyber security and law-enforcement security matters." The
Tabula takes another step toward the quasi-ASSP(EDN.com) Tabula's official rollout of a promised 100G Ethernet Packet Parser indicates the continuing role of FPGAs in applications more closely resembling ASSPs than fully programmable designs. Given the broad interest in deep packet inspection, it's no
Bitdefender Safepay Beta 220.127.116.11 (64-bit)(PC Advisor) Bitdefender Safepay is a secure browser which runs in its own sandbox, isolated from your system, and so greatly reducing the opportunities for malware to track or record your activities. Related Articles. Bitdefender Releases 2013 Line of Antivirus
Cisco widens lead over Aruba in enterprise Wi-Fi market(FierceMobileIT) Cisco (NASDAQ: CSCO) posted a strong growth of 23.4 percent year-over-year for its enterprise Wi-Fi revenue in the first quarter of 2013, pushing its market share up to 52.9 percent, its highest share since the fourth quarter of 2010
Apple's iOS reigns supreme in enterprise, says Good(FierceMobileIT) Apple's (NASDAQ: AAPL) iOS platform accounted for three quarters of enterprise mobile device activities in the first quarter of 2013, according to mobile device management firm Good Technology's latest Mobility Index report. One-quarter of activations were for Google's (NASDAQ: GOOG) Android platform, and other mobile platforms made up less than 1 percent, according to the index, which Good compiles from its enterprise customers
Technologies, Techniques, and Standards
Edward Snowden's lesson to both businesses and the NSA: Your IT people are your biggest risk(Quartz) Edward Snowden—the man behind what the Guardian is calling, with only a little hyperbole, "one of the most significant leaks in US political history"—was not what you would call a high-level agent.
By his own account, Snowden was a mediocre student who joined the National Security Agency (NSA) as a security guard, learned to program, wound up managing network security for the CIA station in Geneva, and then spent four years working at the NSA for private contractors. What he saw apparently prompted him to take refuge in Hong Kong before leaking top-secret documents about the NSA's intelligence-gathering capabilities
When Google isn't Google(Internet Storm Center) Like many other exploit scripts, the recent "Plesk" exploit used a fake user agent of "Googlebot". Attackers assume that most web applications are happy to be indexed by Google and possibly ably no or less stringent filters. For example, some applications will show more content to Google that is not readily displayed to normal users unless these users sign up, solve a captcha or even pay
Share and Share Alike? Not Quite(Threatpost) Panelists at the NG Security Summit in Denver debate the challenges hindering the sharing of threat intelligence and attack data, especially between competitors in the same industry
What are users doing after log-in?(Help Net Security) Businesses today use up to 50 on-premises applications and 25 cloud-based applications on average, so identity and access management (IAM) technologies to secure data and deliver user convenience can
Changes to the standard for PIN Transaction Security(Help Net Security) Today the PCI Security Standards Council (PCI SSC) published version 4.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) requirements. These requirements, along with the Hardware Security
The Transition to the Cloud(SYS-CON Media) Enterprises can look to organizations such as the Cloud Security Alliance and traditional security associations like ISACA for guidance and perspective
LinkedIn: When To Say No To Connecting(InformationWeek) Should you accept LinkedIn connection requests from strangers? Before deciding, make sure you understand the security and reputation risks
Design and Innovation
Hackathon or Block Party?(IEEE Spectrum) The geeks were out on the streets last Saturday, in cities and towns in 35 states. They came out to participate in the National Day of Civic Hacking, the first of what will likely be an annual event, designed to bring together the tech savvy with the creative but not-so-tech savvy to brainstorm about ways to use technology to make their communities better. There were talks, and showcases, and conversations formal and informal—and even some actual coding going on
Waiting For Prometheus(TechCrunch) What is the real issue brought up by this whole PRISM debacle? It's not that the government is willing to overstep its role using national security as an excuse. That's been going on for thousands of years. It's not that companies in a position of power are willing to throw those that rely on them under the bus in order to get ahead. Again, that's nothing new
How The NSA Hunts For Startups Through A VC Firm Dedicated To Serving Intelligence Community(TechCrunch) In-Q-Tel (IQT) is a not-for-profit venture capital group that helps the NSA and other agencies hunt for startup and young companies that develop core technology for the U.S. intelligence community. These young companies are often outside the reach of the intelligence community — about 70 percent of them have never worked with the government before. IQT often co-invests with venture
Unhackable quantum cryptography can be hacked(iTech Post) Quantum cryptography has long been considered the holy grail of cryptographers, allowing them to send messages with a technique which, thanks to the laws of physics, is guaranteed to only be readable between two parties. If anyone tried to intercept a
How Silicon Valley Came To 'Wire The World' For Spy Agencies(Financial Times) The revelations about US surveillance of the internet highlight the close ties between the US military and Silicon Valley. A connection forged in the second world war has evolved to produce technologies ranging from the chips that power ballistic missiles to the data-mining software used to ferret out terrorists
Where the National Security Agency isn't so secret: Schools(Washington Post) The National Security Agency is the super-secret organization that has been in the news because of disclosures that it has, for years, been conducting U.S. surveillance programs. But in at least one area, the NSA hasn't tried to be so secret: schools
Legislation, Policy, and Regulation
Higgins on Surveillance: Balance Is Key(WGRZ) As a ranking member of the House Subcommittee on Counter-terrorism and Intelligence, Western New York Congressman Brian Higgins (D) helps oversee the Department of Homeland Security's Intelligence Divisions. On Sunday, Higgins told 2 On Your
NSA Whistle-Blower Hero Or Villain? Our View(USA Today) Here's one definition of a hero: It's someone who, given a choice between doing the right thing at great personal cost or the wrong thing for great personal benefit, chooses the former
'Big Brother' And Big Data(Wall Street Journal) What our self-styled civil libertarians should really fear is another successful terror attack like 9/11, or one with WMD. Then the political responses could include biometric national ID cards, curfews, surveillance drones over the homeland, and even mass roundups of ethnic or religious groups. Practices like data-mining save lives, and in doing so they protect against far greater intrusions on individual freedom
Creeping Surveillance State, Creepy Conclusions(USA Today) Obama explained these are just modest intrusions in the new concept of government-approved privacy. He insisted that so long as the government did not read your emails or listen to your calls, there is no danger to privacy
Post-9/11 Outsourcing Of U.S. Intelligence Raises Risks(Washington Post) The unprecedented leak of National Security Agency secrets by an intelligence contractor, including bombshells about top-secret programs to collect telephone records, e-mail and other personal data, was probably an inevitable consequence of the massive growth of the U.S. security-industrial complex
Checks, balances, and the National Security Agency(MSNBC) Over the course of three days, the usually invisible National Security Agency has become ostentatiously visible and many Americans do not like what they see. In an effort to address the widely shared feeling that our vaunted system of checks and
The national security-tech complex(Muckety) The NSA described the center's mission as supporting "the intelligence community's efforts to further strengthen and protect the nation's cyber security." Its aim, officials said then, was to help other government agencies, including the Department of
Obama defends surveillance programs(Firest Coast News) President Obama defended National Security Agency surveillance programs Friday, saying they are designed to promote public safety and protect civil liberties. "They help us prevent terrorist attacks," Obama said, despite what he calls "modest encroachments" on what some consider private activity
US spying scandal hampers cybersecurity efforts(Reuters India) The Obama administration's cybersecurity agenda, which includes expanding the military's Cyber Command and beefing up protection for critical infrastructure, faces more intense scrutiny after two vast domestic
Is it time to do away with Homeland Security?(RT) And, as a result, it's time that we broke up the failed national security experiment known as the Department of Homeland Security. Returning to dozens of independent agencies will return internal checks-and-balances to within the
Trusting Big Brother in the prolonged war on terror(Baltimore Sun) Every time I drive between Baltimore and Washington and come upon those big, spooky National Security Agency buildings in Fort Meade, I have cinematic thoughts about what goes on inside. I imagine the best and brightest of surveillance nerds spying on
People v. NSA(Slate) The National Security Agency is collecting metadata on the calls of all Verizon customers according to a report from the Guardian. Obama administration officials have defended their surveillance activities, without admitting to anything specific, noting that the Foreign Intelligence Surveillance Court approves such intelligence gathering. Who represents the privacy interests of ordinary Americans before the secret intelligence court
Lockheed to Boeing Add Onto Modern Complex Evoking Ike's Warning(Businessweek) While President Barack Obama discussed cybersecurity with Chinese President Xi Jinping in California last week, defense contractors led by Lockheed Martin Corp. (LMT) and computer security companies were working alongside the U.S. Cyber Command
This is, hands down, the scariest part of the NSA revelations(Foreign Policy) Forget PRISM, the National Security Agency's system to help extract data from Google, Facebook, and the like. The more frightening secret program unearthed by the NSA leaks is the gathering and storing of millions of phone records and phone-location information of U.S. citizens
'Informal' Summit Marked By Suspicion, Formalities(Washington Post) It was orchestrated as the shirt-sleeves summit, where President Obama, embarking on his second term with a strategic focus on Asia, and Chinese President Xi Jinping, starting his first year of a decade-long rule, might cool tensions between their rival nations and forge a comfortable friendship
China firmly supports cyber security: Xi(ecns) The Chinese president said China opposes hacker or cyber attack in all forms, and is itself a victim. China and the United States face common challenges when it comes to the issue of cyber security, which should be a new highlight of bilateral
Security Expert: Cyberwar with China Is the New Cold War(Money News) The United States should treat the growing cyberthreat from China as the new Cold War, recommends John Pescatore, director of emerging security trends at the SANS Institute. The United States should counter-attack Chinese cyberattacks in order to demonstrate to China its cybercapabilites, he told CNBC
Cyber command mechanism to be set up to handle threats: Antony(Oman Tribune) Cyber command mechanism to be set up to handle threats: Antony. KA Antony KANNUR Defence Minister AK Antony said on Saturday that India would soon form a cyber command mechanism to handle the cyber threat situation in the country. He was talking
Pakistan May Ban Google Over Blasphemous Content(Hack Read) Newly formed government of Pakistan has issued a warning to world's largest search engine Google to remove blasphemous content from Youtube or else face ban to its Google.com domain all over the country. This warning was issued by newly elected Minister of Information Technology Anusha Rehman in a cabinet meeting
Litigation, Investigation, and Law Enforcement
Statement from the ODNI Spokesperson on the Latest Report from The Guardian(Office of the Director of National Intelligence) We have seen the latest report from The Guardian that identifies an individual claiming to have disclosed information about highly classified intelligence programs in recent days. Because the matter has been referred to the Department of Justice, we refer you to the Department of Justice for comment
From obscurity to notoriety, Snowden took an unusual path(Washington Post) Edward Snowden, the 29-year-old National Security Agency contractor who admitted that he was behind recent leaks of classified intelligence, has vaulted from obscurity to international notoriety, joining the ranks of high-profile leakers such as Daniel
Next move China--Will Hong Kong (or Beijing) refuse to extradite the NSA leaker?(Quartz) Since the Guardian reported that NSA whistleblower Edward Snowden had sought refuge from US authorities in Hong Kong, the reaction of netizens worldwide has been one of confusion. Why would a man responsible for revealing the extent of US digital surveillance on the grounds of privacy and freedom of expression go to a special administrative region of China, where such values are consistently suppressed
In Hong Kong, NSA whistleblower is not safe from extradition(Reuters via the National) Edward Snowden's decision to flee to Hong Kong as he prepared to expose the US government's secret surveillance programmes may not save him from prosecution due to an extradition treaty in force since 1998. A 29-year-old former CIA employee, Mr Snowden has identified himself as the person who gave the Guardian and the Washington Post classified documents about how the US National Security Agency (NSA) obtained data from US telecom and internet companies
Crowdfunding Campaign Aims To Reward NSA Whistleblower For His 'Courage'(TechCrunch) Edward Snowden is being hailed a hero by some, and now a Crowdtilt crowdfunding campaign is raising money to reward the whistleblower for his "courage" and pay his bills. Started by Facebook employee Dwight Crowe with $1,000 of his own money, the campaign doesn't say how the money will be delivered to Snowden, and is raising questions about if donations constitute aiding an enemy of the state
NSA PRISM Creates Stir, But Appears Legal(InformationWeek) Massive information-sharing program involves Google, Facebook and other technology heavyweights, top secret document details. But NSA looks to have acted inside the law
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
2013 Cybersecurity Innovation Expo(Baltimore, Maryland, USA, June 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and...
CISSE 17th Annual Colloquium(Mobile, Alabama, USA, June 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
Navigating the Affordable Care Act(Elkridge, Maryland, USA, June 12, 2013) A workshop for government contractors, the sessions are expected to have some relevance to health care information security and assurance.
3rd annual Cyber Security Summit(, January 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year,...
Suits and Spooks La Jolla 2013(LaJolla, California, USA, June 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris(Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...
2013 ICAM Information Day and Expo(Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now(Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium.
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.