The CyberWire Daily Briefing 05.22.13

Summary

By The CyberWire Staff

Pakistan and China appear to have been the ultimate targets of a long-running and sophisticated Indian cyber espionage campaign, interesting on many levels, not the least of which is its choice of third-party attack paths. Norman Shark, which has been on investigative point, cautions against reading too much into the presence of an Indian security company's name in the malicious code: the company might be implicated, but it could also be a victim of misdirection.

The Lady Boyle remote access Trojan has appeared on South Korean military sites in a reconnaissance effort directed against that country's defense posture.

Sino-American cyber tensions continue to rise as the People's Liberation Army resumes operations against US targets. Well-connected advisors tell the US Administration it's time to go on the offense against China, and Congress yanks the Pentagon's leash over purchases of Chinese sitcom services. (Watch for similar scrutiny of Foxconn-built Apple products' appearance in Defense networks.) Analysts continue to explore how Chinese espionage represents a supply chain problem. The 2010 Google Aurora hack looked at the time like a campaign against Chinese ethnic minority activists, but now seems to have been a counterespionage effort: the hackers were after US Government surveillance requests in Google databases.

A new version of the Citadel banking malware is circulating in Payza, a money transfer service popular in the developing world.

Connoisseurs of US Army procurement will follow the latest DCGS-Palantir smack-down with interest.

Journalists react with alarm to an apparently growing US Government tendency to regard them as accessories to espionage.

[Updated 08.01.2014 cwu000-003]

Notes.

Today's issue includes events affecting Azerbaijan, Belarus, Brazil, China, Cuba, Georgia, India, Italy, Japan, Kazakhstan, Republic of Korea, Democratic Peoples' Republic of Korea, Mexico, Pakistan, Russia, South Africa, Sweden, Syria, Tajikistan, Turkey, United Nations, United States and Uzbekistan.

Selected Reading

Cyber Trends

Cyberwar of words (SC Magazine) Flip through the cyberwar headlines over the last decade and you'll find that governments and members of the cybersecurity industrial complex have taken to using terms like 'active defense', 'maginot line', and 'preemptive warfare

Some US utilities say they're under constant cyber attack (Chicago Tribune) Several power utilities say they face a barrage of cyber attacks on their critical systems, a report by two Democratic lawmakers found echoing warnings from the Obama administration that foreign hackers were

Los Alamos Director Echoes Cyber Concerns (PRNewswire) Los Alamos National Laboratory Director Charlie McMillan told a gathering of energy executives today that securing the electrical grid is a major concern now and it's only becoming more serious. "If you look back at the last year, there were several hundred attacks on critical infrastructure," McMillan said, addressing attendees at the Deloitte Energy Conference near Washington, DC. "More than 40 percent of those attacks were on the energy sector"

Is Michigan prepared for a cyber attack? (Crain's Detroit Business) Imagine someone hacking into our waste management system, causing millions of gallons of raw sewage to spill into our rivers, lakes and parks. Marine life across our lakes and rivers dies, the stench is horrible and diseases spread fast

Small businesses beware! Point-of-sale malware is after you (Naked Security) Malware targeting point-of-sale (POS) systems has been a major trend for the last six months. With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems

Finding the time for cyber security (TechRadar) Possibly the most disturbing feature to emerge from the Federation of Small Businesses' (FSB) new cyber security report is that making computer systems secure can be a complex and time consuming process that a lot of small firms can't manage

The real cyber threat (GLobal Public Square) The announcement by prosecutors that charges had been filed against suspected cyber thieves believed responsible for stealing $45 million in a matter of hours from ATM's in two dozen countries should send a stark message to governments around the world - banks could be the most vulnerable front in cyber space

The true root causes of software security failures (Computer World) Developers being overly trusting is one of them. In the 10 years since I launched my consulting/training venture, I've worked with thousands of software developers around the world. As you might expect, I've seen many software security failures. Given that experience, I'm often asked what I think are the biggest, baddest mistakes made in software today

China Isn't The Only Source Of Cyberattacks (Wall Street Journal) On Friday, the Financial Times became the latest victim of the Syrian Electronic Army when the pro-Assad group hijacked the newspaper's technology blog and its Twitter account. Since the hacker group emerged in 2011, it has attacked the Associated Press, the BBC, Al Jazeera, Harvard University and even Oprah Winfrey's Facebook page and the satirists at the Onion

Cyber crime: Thinking fridges raise threat level (Financial Times) "Security will make or break this revolution," says Gerhard Eschelbeck, chief technology officer at Sophos, the IT security company

Weak Links in the Supply Chain (Volokh Conspiracy) Intrusions on our networks have reached new heights. They have moved from penetration of government and military systems to wholesale compromises of companies, trade associations, think tanks, and law firms. Most of these attacks have been carried out for espionage purposes - stealing commercial, diplomatic, and military secrets on a massive scale

Legislation, Policy and Regulation

House Panel Shoves Pentagon-China Satellite Deal Out of the Airlock (Wired) The Pentagon insists that its deal with a Chinese satellite firm to carry U.S. troops' communications isn't a security risk. But Congressmen with the ultra-influential House Armed Services Committee don't want to leave military data in Beijing's hands. They're moving to block any future contracts, like the one the Defense Department just signed

Congress Smashes Pentagon's New Den of Spies (Wired) If the Pentagon's not careful, it's going to find its new network of spies rolled up by Congress. The Defense Clandestine Service was supposed to be the Defense Department's new squad for conducting "human intelligence" -- classic, informant-based spying. The idea was to place up to 1,600 undercover operatives and military attachés around the world, collecting tips on emergent battlefields. The problem was that the U.S. already had a human intelligence crew: the CIA. Almost immediately after the Defense Clandestine Service was introduced, an array of outside observers began to loudly question its value

A backdoor into Skype for the Feds? You're joking… (The Register) Gov-enhanced hacking capability is bad, says PGP dude. Heavyweights of the cryptographic world have lined up behind a campaign against proposed US wiretapping laws that could require IT vendors to place new backdoors in digital communications services

Is government on the wrong road with cybersecurity? (FCW) And it's not just the technology that changes; it's the employment of that technology; the operations and practices," Chris Inglis, National Security Agency deputy director, said May 21 at the Center for Strategic and International Studies

US, India pledge to collaborate on combating terrorism (Daily News & Analysis) The two countries also agreed to combat the flow of illicit finances and currency counterfeiting, and to work closely to counter terrorism and promote cyber security, the Department of Homeland Security said in a statement. Both US and India plan

Cyber-attack defenses compiled (The Japan Times) A government panel on Tuesday compiled a final draft of cyber-attack countermeasures, including a proposal to boost the capabilities of the Self-Defense Forces to tackle high-level strikes possibly conducted by foreign governments. "We need to quickly

US policy and the market for zero-day exploits: blowback fears grow in Washington (Boing Boing) The booming market for hacking tools known as zero-day exploits has officials at the highest levels in Washington very worried, reports Joe Menn at Reuters, "even as U.S. agencies and defense contractors have become the biggest buyers of such products

As Chinese Leader's Visit Nears, U.S. Is Urged to Allow Counterattacks on Hackers (New York Times) With President Obama preparing for a first meeting with China's new president, a commission led by two former senior officials in his administration will recommend a series of steps that could significantly raise the cost to China of the theft of American industrial secrets. If milder measures failed, the commission said, the United States should consider giving companies the right to retaliate against cyberattackers with counterstrikes of their own

Products, Services, and Solutions

Google Adds Conversational Search In Latest Chrome Build, We Go Voice On (TechCrunch) Google has updated Chrome in build 27 to include conversational voice search, a feature it demoed on stage at Google I/O this year that allows you to search by voice, but also transcribes your queries in real time and lets you use natural language, asking Google straightforward questions and getting straightforward answers, both read back to you by dictation and in actual Google search results

Microsoft Curbs Click-Fraud in ZeroAccess Fight (Threatpost) Microsoft observed a precipitous drop-off in click-traffic on their "extended publishing network," which they claim reflects a similar drop-off in click-fraud, as a result of the actions they have taken to stymie ZeroAccess, according to Microsoft Malware Protection Center researchers Tommy Blizard and Nikola Livic

Bit9, FireEye, Palo Alto Networks team to hit zero-day malware (CSO) Bit9 has teamed with FireEye and Palo Alto Networks, which each have sandboxing technologies, in order to share information related to zero-day attack code

Find TrueCrypt and BitLocker encrypted containers and images (Help Net Security) Passware announced that Passware Kit Forensic 12.5 can now recognize hard disk images and containers, such as TrueCrypt, BitLocker, PGP, during a computer scan. For a computer forensic professional this means that no evidence is hidden inside a volume

Amazon Cloud Gets Federal Stamp Of Approval (InformationWeek) FedRAMP was created through a joint effort by the General Services Administration, National Institute of Standards and Technology, Department of Homeland Security, Department of Defense, National Security Agency, Office of Management and Budget and

Dell updates SonicWall security appliances (V3) Ranging from six to 24 core deployments, the network appliances will sport the Reassembly-Free Deep Packet Inspection security platform and will be able to analyse traffic in real time without adversely impacting network latency

Sourcefire updates malware detection, malware analysis capabilities (TechTarget) Sourcefire Inc. has announced new malware detection and forensics capabilities for its enterprise network and endpoint security portfolio, staking its claim

Compliance Manager launched to meet increasing demands (Retail Digital) A new service designed to help organisations deal with the increased pressure of governance, risk and compliance (GRC) processes was launched by leading global information assurance firm, NCC Group. Roger Rawlinson, Managing Director Assurance

Proficio Partners With Qualys to Provide Cloud-Based IT Security and Compliance for Medium-Sized Businesses (Wall Street Journal) Qualys, Inc. (NASDAQ: QLYS), a pioneer in cloud-based security and compliance solutions, and Proficio Inc., a leading provider of managed security services, today announced a partnership to provide the QualysGuard suite of IT security and compliance solutions along with Proficio's managed services -- providing customers with a cost-effective, comprehensive security and compliance solution that includes continuous monitoring, logging, analysis and remediation

Intel rolls out one development tool for all Android platforms (FierceCIO: TechWatch) Intel is rolling out a new development environment that it hopes will help developers build apps for Android devices on both ARM and Intel microprocessors. Called Beacon Mountain 0.5, the tool is said to facilitate and accelerate the design, coding, and debugging of applications

After Getting Booted From Apple's App Store, Mobile Privacy App Clueful Returns On Android (TechCrunch) Clueful, the mobile privacy app Apple booted from its App Store for being too revealing -- or possibly because of its own behavior - is staging a comeback. This time around, Clueful's maker Bitdefender is targeting Android users instead, with plans to reveal what the apps on your phone are doing, and how your privacy may be compromised in the process

Technologies, Techniques, and Standards

The Top 10 Internet Resources to Use After Suffering a Cyber Breach (Infosec Institute) Most cyber breaches into your online presence will be directed at your website server and its accompanying databases or accounts. And, if you've been the victim of a server hack, it probably occurred through one of two different means. The first would be an attack at some sort of weakness in third party web applications, or at addons/plugins that are attached to them and working from within your hosting server; the attack could even have taken place against your LAMP software bundle components. Secondly, your servers could have been breached because someone with password access accidentally or deliberately infected them with malware through FTP

How to protect PCs from dummies (FierceCIO: TechWatch) It pays to dummy proof PCs for your family and friends, according to Brad Chacos of PC World. Speaking from his experience doubling as the unofficial--and probably overworked--one-man tech support crew for family and friends, Chacos offers some advice on how to preempt common PC problems before they happen

Should CIOs Hire Cyber Pinkertons? (InformationWeek) If a full-on cyberwar breaks out, what will your company do? Avoid the Internet or hire a cyber Pinkerton

Marketplace

Army demonstrates disputed intelligence system (Army Times) Within DCGS-A, soldiers can access more than 40 applications to analyze the intelligence data, but the system Hunter supports, made by Palantir of Palo Alto

Hoops And Hurdles: Standards, Requirements For Selling To The Government (CRN) (Cryptographic specifications for use in classified systems are maintained by the National Security Agency, which tends not to discuss them publicly.) Certification can be a competitive advantage if you happen to be in a niche in which most companies

Pentagon clearance for iOS could open even more doors for Apple in the private sector (CSO) Industries like finance and healthcare may take a closer look at iOS now that it has the Pentagon seal of approval

Air Force Casts a Wide Net for Cyber Warfare Tools (NextGov) The Air Force is scanning the market for "cyber warfare systems" tools, in an acknowledgment of the need to open up the opaque and inaccessible space to new players, documents show

Honeywell wins $26M contract for cyber-related support services (Washington Technology) These services will support the Fleet Cyber Command's Cyber Security Inspection Certification Program as well as verification, validation and reporting effort for oversight of Navy Marine Corps Intranet/Next Generation Enterprise Network, the Defense

BAE Systems to Provide Advanced Data Management Capabilities to the National Geospatial-Intelligence Agency (Fort Mill Times) The National Geospatial-Intelligence Agency (NGA) awarded BAE Systems the iSToRE XP contract to provide advanced data management capabilities in support of National System for Geospatial-Intelligence (NSG) sites and users. The software solution is built on BAE Systems' commercial product, GXP Xplorer, which enables analysts to easily access their local data and connect to remote geospatial data stores and libraries

Prolexic Gets Clickpoint! Media Back Online Quickly After Layer 4 SYN Flood DDoS Attack Campaign (Yahoo Business and Finance) Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, announced today that Clickpoint! Media has chosen Prolexic as its DDoS mitigation services provider for multiple websites across its media services network. Clickpoint! offers a network of media services designed to help marketing and advertising organizations optimize their campaigns for greater return on investment, increased web traffic and heightened brand awareness

Blue Coat Buys Intel-Backed Solera Networks To Beef Up In Big Data, Encrypted Data Security (TechCrunch) Web security provider Blue Coat Systems — itself acquired in a $1.3 billion deal by Thoma Bravo at the end of December 2011 — is making an acquisition today: it's buying Solera Networks, a specialist in big data security, for an undisclosed sum (although we have reached out to the company to ask). The deal is expected to close in the next thirty days

Research and Development

IBM's Watson Tries to Learn…Everything (IEEE Spectrum) What happens when Watson learns a million databases? RPI students and faculty hope to find out

Jon Matonis doesn't think mathematician Shinichi Mochizuki is behind Bitcoin (MarketWatch) Jon Matonis, a board member of the Bitcoin Foundation, said he doesn't believe Shinichi Mochizuki is behind Bitcoin because the Japanese mathematician doesn't focus on cryptography. "All I am saying is that the study of cryptography is not the main

Cyber Attacks, Threats, and Vulnerabilities

Indian 'attacks' Norwegian telco to get at Pakistan, China (The Register) Security researchers have uncovered what appears to be a sophisticated targeted attack launched from India and designed to steal information from a range of government and private enterprise victims in Pakistan, China and elsewhere

Cyber-Spying Campaign Traced Back to India: Researchers (eWeek) Security researchers link a cyber-attack on a Norwegian telecommunications carrier to India's IP space and to potential nation-state espionage. A widespread espionage network that targeted a Norwegian telecommunications provider and several groups in Pakistan appears to have links to India, Norway-based security firm Norman AS and the Shadowserver Foundation stated in an analysis released on May 20

APT Attacks Trace To India, Researcher Says (InformationWeek) Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany

India's Mega Cyber Attack Infrastructure Revealed - Destructive And Spooky! (CrazyEngineers) When the malware analysis firm Norman Shark found out who is behind this large, sophisticated cyber attack system, it had to point a finger at India. Researchers now claim that a group of attackers based in India have got a team of developers to work

IE 8 Zero Day Pops Up in Targeted Attacks Against Korean Military Sites (Threatpost) The Sunshop targeted espionage malware campaign re-uses the Lady Boyle malware and a number of recently patched exploits, including one for IE 8 used in the Department of Labor watering hole attack

US claims Chinese military is on new cyber offensive against America (RT) Officials within the United States government say hackers from China have renewed their assault on US targets only three months after a highly-touted investigation linked the People's Liberation Army to a series of cyberattacks waged at American entities

Aurora attackers were looking for Google's surveillance database (Help Net Security) When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists. What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists

Operation Aurora hack was counterespionage, not China picking on Tibetan activists (Naked Security) Claims are made that the Aurora hackers weren't just Chinese-sponsored hackers bent on messing with Tibetan activists. Rather it was a Chinese counterintelligence operation that sought to discover if the US had uncovered the identity of clandestine agents operating within its borders

National Security Data on Private Networks Exposed as a Weak Point (Threatpost) The United States intelligence community and its counterparts in law enforcement are quite secretive about their surveillance methods and the targets of those operations. Few people are privy to information about ongoing surveillance, but now it turns out that the Chinese government may have a better handle on who some of those targets are than the average U.S. citizen or politician does

APT1 Three Months Later — Significantly Impacted, Though Active & Rebuilding (Mandiant M-unition) On 18 February 2013, Mandiant released a report exposing one of China's cyber espionage units. The group, which Mandiant calls APT1, is one of the most prolific we track in terms of the sheer quantity of information it has stolen. The scale and impact of APT1′s operations compelled us to write the report and release more than 3,000 Indicators to help organizations defend against APT1's tactics. The report linked APT1 to a unit within China's People's Liberation Army and received widespread attention from the media and from the U.S. government

APT1 is back, attacks many of the initial U.S. corporate targets (Help Net Security) The APT1 hacker group is back to its old tricks, targeting a big number of organizations and businesses and, among them, many of those that they have previously breached, Mandiant has confirmed

Operation Beebus and the Beginning of Era of Hacking Drones (Cyberoam) The dust has hardly settled on the cyber attacks on Iranian nuclear program that brought out the infamous Stuxnet worm into the open, and Cyber warfare seems to be already leaping into a new era- an era of hacking drones. Drones are nothing but unmanned aerial vehicles (UAVs) and are of strategic importance to military and intelligence arms of nation states. Hacking into aerospace, defense, and telecommunications organizations was so far not too common but security experts of late have observed a series of such attacks and termed it operation Beebus. Operation Beebus seems to have stolen data from several companies regarding all aspects of unmanned vehicles (drones) from research to design to manufacturing of the vehicles and their various subsystems

New Citadel Malware Strain Targeting Payza Service (Threatpost) A new variant of Citadel malware is making the rounds that are targeting Payza, a money transfer service popular all over the world, especially in developing nations that are under-serviced when it comes to online banking access

Lookitsme Breached, 4294 Accounts leaked From 300,000 (Cyberwarzone) A British based chat and social website has become victim to hackers after its security failed to keep them out. The site named Lookitsme (http://www.lookitsme.co.uk) which appears to be a adult social and chat site which allows users to have personal gallery's, get rated by others on "looks" and have chats with others has become a target after its system was found to be insecure and a hacker using the handle

Moore, Oklahoma tornado charitable organization scams, malware, and phishing (Internet Storm Center) I find it sad that in times when people are facing disaster, many have died, others missing, and the survivors facing having lost everything that there are scumbags who will try to take advantage. Be very wary of any charity that is raising funds for victims of any disaster, particularly one that has not been around for very long. There are many legit charities, I would recommend sticking to ones you are already familiar with. The American Red Cross for example has been around for a long time, does amazing work, and is always in need of funding. They are just one example of a well established charity that does good work and is already involved in helping out in Moore, Oklahoma

Hacker @1923Turkz breached Federal University of Bahia website (E Hacking News) A hacker known by his online name @1923Turkz has breached Federal University of Bahia website(ufba.br) - one of the Brazil University, located mainly in the city of Salvador, Bahia

Anonymous hackers shut down Rome court's website (Cyberwarzone) he official website of the Court of Rome was shut down Monday after members of the "hacktivist" network Anonymous said they broke into its computer system

Official United Nation Pacific Website Hacked by Pakistani Hacker (Hack Read) H4x0r HuSsY from Pakistan who was in news for his high profile hacks against India and Sri Lankan is back with another one, this time the official website of United Nation Pacific (http://pacific.one.un.org/) has been hacked and defaced few hours ago

South Africa Police Service Hacked (Cyberwarzone) South Africa Police Service (SAPS) website has reportedly been struck by hackers, a move that will not only embarrass the police but question how serious state treats information security for protecting citizens

Timesofmalta.com claims it was victim of 'possible cyber attack' (MaltaToday) The Times of Malta has claimed its website experienced a sudden increase in requests "in what could have been a cyber attack", the newspaper reported today. The site experienced a denial of service attack which the Times said was "usually associated

Hong Kong Olympic Committee Hacked (eSecurity Planet) The hackers leaked 2,800 users' personal data, along with admin user names and encrypted passwords

Dent Neurologic Institute Acknowledges Data Breach (eSecurity Planet) New York's Dent Neurologic Institute (DNI) recently announced that an employee mistakenly attached patient information to an e-mail sent to approximately 200 patients on May 13, 2013

TroubledTeenSolution.com Hacked (eSecurity Planet) Admin user names and encrypted passwords were leaked, along with parents' and children's full names

Facebook page of Mancera, Mayor of Mexico City hacked (E Hacking News) An unknown cybercriminals compromised the official facebook page of the Miguel Ángel Mancera, the Head of Government of the Mexican Federal District

New commercially available DIY invisible Bitcoin miner spotted in the wild (Webroot Threat Blog) Just as we anticipated in our previous analysis of a commercially available Bitcoin miner, cybercriminals continue "innovating" on this front by releasing more advanced and customizable invisible Bitcoin miners for fellow cybercriminals to take advantage of. In this post, we'll profile yet another invisible Bitcoin miner, once again available for purchase on the international cybercrime-friendly marketplace, emphasize on its key differentiation features, as well as provide MD5s of known miner variants

Chase Bank — Chase Alert: Online Banking Security Alert (FraudWatch International) Email Methods: Deceptive Subject Line, Forged Senders Address, Genuine Looking Content, Disguised Hyperlinks

Fake Newegg E-mails Deliver Malware (eSecurity Planet) Links in the e-mails redirect victims to Web sites hosting the Blackhole exploit kit

Zero-day vulnerabilities in first-person shooter game engines allow attackers to pwn your PC (ComputerWorl) Are you are gamer? If the answer is also "yes" to playing first-person shooters, then listen up. "Thousands of potential attack vectors" in game engines, open the way to "millions of potential targets" aka players, explained ReVuln Security researchers Luigi Auriemma and Donato Ferrante. At NoSuchCon, they presented "Exploiting Game Engines For Fun & Profit". The researchers found zero-day vulnerabilities to exploit game engines such as CryEngine 3, Unreal Engine 3, id Tech 4 and Hydrogen Engine

Myth-Busting SQL- And Other Injection Attacks (Dark Reading) Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks

Sharyl Attkisson's computers compromised (Politico) Sharyl Attkisson, the Emmy-award winning CBS News investigative reporter, says that her personal and work computers have been compromised and are under investigation. "I can confirm that an intrusion of my computers has been under some investigation on my end for some months but I'm not prepared to make an allegation against a specific entity today as I've been patient and methodical about this matter," Attkisson told POLITICO on Tuesday. "I need to check with my attorney and CBS to get their recommendations on info we make public"

Guantanamo Wi-Fi Access Shut Down Amidst Cyber Threats (PC Magazine) Officials at Guantanamo Bay prison shut down access to wireless Internet service as well as social networks over the weekend amidst concerns about a coordinated cyber attack. Service has since been restored, an Army spokesman confirmed

Wi-Fi client security weaknesses still prevalent (Help Net Security) Google Android, Apple iOS, BlackBerry, and Windows Mobile devices have an inherent security weakness in the method they use for connecting to Wi-Fi networks that has the potential for exploitation by skilled cyber-attackers says security expert Raul Siles

Three wireless security myths - busted! (Naked Security) Last year Sophos looked at Wi-Fi security in London and Sydney and the results weren't fantastic. So we thought it was time to make a short revision video, just in time for 2013 Cyber Security Awareness Week in New Zealand

Akron: Attorneys assist concerned residents after cyber attack (WKYC-TV) "We are treating this cyber attack as we would any other attack on the city and its residents," Mayor Don Plusquellic says. "Although we already had extra people manning the 311 phone lines, we are significantly expanding our staffing in the hopes that

Former CIA Director Warns About Cyber Threats From North Korea (Wall Street Journal) Former CIA Director R. James Woolsey, Tuesday, said that the United States is at risk of a devastating cyber attack delivered by North Korea. Such an attack would use electromagnetic radiation to potentially wipe out 70% of the U.S. electric grid and

Swedish Telcom Giant Teliasonera Caught Helping Authoritarian Regimes Spy on Their Citizens (Electronic Frontier Foundation) According to a recent investigation by the Swedish news show Uppdrag Granskning, Sweden's telecommunications giant Teliasonera is the latest Western company revealed to be colluding with authoritarian regimes by selling them high-tech surveillance gear to spy on its citizens. Teliasonera has allegedly enabled the governments of Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan to spy on journalists, union leaders, and members of the political opposition. One Teliasonera whistle-blower told the reporters, "The Arab Spring prompted the regimes to tighten their surveillance…There's no limit to how much wiretapping is done, none at all"

Academia

Huntsville Schools Join Army Cyber Command To Ready Next Generation (WHNT) Huntsville City Schools today announced a new agreement between the school district and the U.S. Army Cyber Command to focus on the next generation of a cyber-security work force. Dr. Casey Wardynski was joined, via video

USC Viterbi Offers New Master's Program in Cyber Security (Sacramento Bee) "The USC Viterbi School of Engineering is in a strong position to offer this program, as USC is a National Security Agency (NSA) and Department of Homeland Security (DHS) Center of Academic Excellence in Research," said Schorr. "Through interaction

Litigation, Investigation, and Enforcement

U.S. DOJ accuses journalist of espionage (Help Net Security) Last week's revelation that the U.S. DOJ has successfully subpoenaed two months' worth of telephone toll records for phones of AP journalist has created quite an uproar in media circles

Why the Government Surveillance of Fox's James Rosen Is Troubling (Mother Jones) The case against National Security Agency whistleblower Thomas Drake--who revealed massive waste in the agency's deals with intelligence contractors--ultimately collapsed. The information he'd revealed was embarrassing to the government, not

Government Will Decide What We Can Know (New York Times) It tried to impose a lengthy prison term on Thomas Drake, a former National Security Agency official who exposed serious agency corruption and wrongdoing, only for its case to fall apart shortly before trial. A formal United Nations investigation found

Leakers, Recipients, and Conspirators (Volokh Conspiracy) Leaks to reporters -- and investigations of the leaks that included subpoenas of reporters' e-mail logs and searches of reporters' e-mail -- have been in the news; see this post by Orin about the AP story and this post by Conor Friedersdorf (The Atlantic) about the Fox News story. I thought I'd say a few things about the First Amendment issues involved in such matters, especially in response to the Friedersdorf post

DOJ censures former attorney for leak while State Dept. leak investigation continues (FierceGovernment) The former top federal prosecutor in Arizona violated Justice Department policy when he shared an internal memorandum with a Fox News reporter, the DOJ office of inspector general says in a new report, released amid new revelations about the prosecution of a State Department contractor who also allegedly leaked information to a reporter

Scripps Reporters Accused of Hacking In Lifeline Data Breach (Threatpost) Investigative reporters for the Scripps news service have been threatened with legal action after informing a telecommunications company that confidential data on tens of thousands of applicants was available on the Internet. The reporters were said to be looking into companies participating in Lifeline, a federal program that provides discounted phone service for qualified low-income

Edwin Vargas of Bronxville, NYPD detective, broke into officers' email, feds charge (New York Newsday) A New York City police detective from Bronxville allegedly took his sleuthing too far, paying hackers thousands of dollars to gain unauthorized access to dozens of personal email accounts -- including those belonging to 19 current NYPD officers, federal officials said

Eurovision Vote Theft, Russians investigating (Cyberwarzone) Russia's point man on Syria and on its relations with the U.S. is turning his attention toward a subject close to Russian hearts — alleged vote theft at the Eurovision Song Contest

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

U.S. Department of State Mobile Computing Forum (Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services and development, by providing access to information and technology solutions anytime and anywhere. The U.S. Department of State has over 69,000 users worldwide at 285 posts with approximately 40,000 remote access users! Small businesses and prime contractors with products and services in Mobile Computing are invited to share information about their companies.

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.

Diversity Careers in Cybersecurity Symposium (Baltimore, Maryland, USA, May 30 - June 2, 2013) The 2013 Diversity Careers in Cybersecurity Symposium creates opportunities for networking and learning. We invite top executives to give presentations on topics ranging from leadership best practices to industry trends in technology. With 30,000 jobs in Cyber Security going unfilled in Maryland alone, the focus for 2013 is building the pipeline to fill the growing need.

Recent Advances in Reverse Engineering (RARE) (San Francisco, California, USA, June 1 - 2, 2013) The goal of the rare conference is to provide a venue where people interested in the analysis of binary programs can speak to one another directly, and to form a common language outside of their respective hyper-specialized, individual niches.

2013 St. Louis CISO Summit (, January 1, 1970) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind of change that is sweeping through the IS community motivating today's information guardians to develop a new way of thinking to ensure success in protecting their respective organizations.

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.

Pen Test Berlin 2013 (Berlin, Germany, June 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations and social events. The training offers the opportunity to participate in NetWars.

CyCon 2013: 5th International Conference on Cyber Conflict (Tallinn, Estonia, June 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical, strategic and legal implications of using automatic methods in cyber conflicts. The conference will be organized along two tracks: a Strategic Track and a Technical Track. Legal aspects will be incorporated in these two tracks.

NSA SIGINT Development Conference 2013 (Fort Meade, Maryland, USA, June 4 - 5, 2013) The National Security Agency is responsible for providing foreign Signals Intelligence (SIGINT) to our nation's policy-makers and military forces. SIGINT plays a vital role in our national security by providing America's leaders with critical information they need to defend our country, save lives, and advance U.S. goals and alliances globally. The exposition will be unclassified and will consist of a one-day event as an adjunct to the SIGINT Conference. The conference sessions will be conducted in a classified area in close proximity to the exhibits.

U.S. Census IT Security Conference and Exposition (Suitland, Maryland, USA, June 5, 2013) The Census Bureau's Information Technology Security Office (ITSO) and the Census Bureau's Data Stewardship Office is putting together a series of workshops on 'Information Security' and 'protecting your information' to lead up to their Annual IT Security Awareness Conference. This specific workshop will take place on June 5, 2013 with a focus on Security Issues..

RSA Conference Asia Pacific 2013 (Singapore, June 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will be able to attend keynote sessions presented by leading information security industry experts and guest speakers, and choose from approximately 50 sessions.

29th Annual INSA William Oliver Baker Award Dinner (Washington, DC, USA, June 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.

2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, June 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS). This four-day event will take place at the Baltimore Convention Center on Monday, June 10 - Thursday, June 13 with the exposition taking place June 11-12.

CISSE 17th Annual Colloquium (Mobile, Alabama, USA, June 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.

3rd annual Cyber Security Summit (, January 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year, ADM Cyber Security aims at: reviewing solutions to the ever increasing level of attacks, whether real or potential, [and] equipping all stakeholders with a wide range of actionable strategies.

NovaSec! (McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.

Suits and Spooks La Jolla 2013 (LaJolla, California, USA, June 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in common…it readily became apparent that two broad areas kept coming up: threat mitigation through intelligence and active defense (a.k.a. offense as defense). San Diego is a wonderful location for exploring this theme thanks to its military and high technology industries. The FBI, NCIS, DOD, academia and some cutting edge INFOSEC startups will be represented.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Hack in Paris (Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.

2013 ICAM Information Day and Expo (Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.

Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.

NASA National Capital Region Industry Days (Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.

AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.

ShakaCon (Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).

American Technology Awards Technology and Government Dinner (Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.