The CyberWire Daily Briefing for 6.5.2013
The Southwest Asian cyber riots continue to accompany unrest in Turkey and civil war in Syria. The Syrian Electronic Army (agent of the Assad regime) supports Turkish dissidents by hacking Turkish government sites. Ottoman revanchists expand their North American campaign from Ohio to Michigan, hacking sites in Lansing.
More interesting than rioters nostalgic for the Sultanate, however, is evidence that a US citizen critical of Turkey's Gülen movement and its involvement in US charter schools was phished with RCS spyware. RCS is a Hacking Team lawful intercept tool; Gülen is widely influential within Turkish judicial and security agencies. Arsenal Consulting found email carrying the RCS payload launched from a Turkish server. While stopping short of attributing cyber attacks against US citizens to the Turkish government, Arsenal invites you to do the math.
Kaspersky reports discovery of a new Chinese cyber espionage campaign, "NetTraveler," targeting "high-profile victims," mostly in sensitive technology industries. This report complicates the coming Sino-American summit, which seems to be developing into a diplomatic showdown over cyber conflict. US grievances are independently echoed in the United Kingdom and New Zealand, both of whose governments fear that Chinese-manufactured hardware contains embedded espionage capabilities.
Another DNS amplification campaign is underway, this one with an Australian focus, as DNSimple, easyDNS, and TPP Wholesale report denial-of-service attacks.
Corporate counsel may reflect with profit on two emerging ambivalent trends: the degree to which businesses might know that their sites are infecting customers with malware, and growing business sentiment in favor of hacking back.
Notes.
Today's issue includes events affecting Afghanistan, Australia, China, France, Germany, Iraq, Italy, Japan, Myanmar, NATO, New Zealand, Palestine, Singapore, Syria, Turkey, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
#OpTurkey: Turkish Prime Minister and Government Websites Hacked by Hacktivists (Hack Read) Online hackavists from Syrian Electronic Army (SEA) and Anonymous hackers have conducted a massive cyber attack on high profile Turkish government websites against police brutality on peaceful protesters. It has been reported that Syrian Electronic Army (SEA) and a Turkish hacker going with the handle of @AnonsTurkey on Twitter has compromised sensitive data by breaching the server of official Turkish Prime
Lansing City Michigan Website Hacked, Financial Details Leaked by Turkish Ajan Hacking Group (Hack Read) The world renowned hackers from Turkish Ajan hacking group have hacked and defaced the official website of State of Michigan's City of Lansing, as a result financial details have been leaked online for #FredoomOperation and #usaOPERATION2. The hack was announced by the group few hours ago on their official Twitter account, according to which the site has been defaced and left with a deface message against Israel and in favor of free Palestine, Afghanistan, Iraq and Myanmar
Hacker St0rmyw0rm Hits Turkish Hospital (eSecurity Planet) 28 admin user names and encrypted passwords were published online. Hacker st0rmyw0rm recently breached the Web site for Turkey's Beypazari State Hospital and published user credentials online (h/t Cyber War News)
American Gets Targeted by Digital Spy Tool Sold to Foreign Governments (Wired) The email appeared to come from a trusted colleague at a renowned academic institution and referenced a subject that was a hot-button issue for the recipient, including a link to a website where she could obtain more information about it
'NetTraveler' cyber-spy network compromised over 350 high-profile victims (RT) Kaspersky Lab has discovered a years-long cyber-espionage operation that victimized hundreds of high-profile targets in 40 countries. The malware, known as NetTraveler, was used for covert computer surveillance and appears to have originated in China
Chinese Hacking Group Linked to NetTraveler Espionage Campaign (SecurityWeek) Kaspersky Lab researchers have uncovered yet another cyber-espionage campaign targeting unnamed "high profile" businesses and government agencies around the world, and are laying the blame at the door of a Chinese-based hacking crew. Led by a group researchers have codenamed Red Star, the campaign is focused on stealing information related to aerospace, nanotechnology, nuclear power cells, lasers, drilling, manufacturing in extreme conditions, and radio wave weapons
DDoS attacks, possibly related, cause DNS hosting outages (CSO) In at least one case a provider's authoritative DNS servers were used to amplify DDoS attacks using DNS reflection
FIC Breach a Broader Network Hack (Threatpost) A previously reported attack against Fidelity National Information Services (FIS) two years ago was actually much more widespread than initially reported according to a document released to banks from the FDIC late last month and recently uncovered
Compromised Japanese Sites Lead to Malware (TrendLabs Security Intelligence) When it comes to cybercriminal targets, it truly is a popularity contest. Multiple sites were found compromised, including those popular with Japanese users. There were 40 compromised domains identified using feedback provided by Trend Micro Deep Discovery; since yesterday almost 60,000 hits have been recorded on these sites
RSA Warns of New Beta Bot Trojan (eSecurity Planet) The malware has been repurposed to focus on financial fraud, according to RSA researchers
The rise of the Koobface social networking worm (Help Net Security) A new McAfee Labs report shows a significant spike in instances of the Koobface social networking worm and a dramatic increase in spam. McAfee Labs also saw continued increases in the number and compl
Hackers Exploiting Old Ruby on Rails Vulnerability to Compromise Web Servers and Create Botnet (Voice of Grey Hat) A critical vulnerability on Ruby on Rails spotted in January this year which was deemed "critical" at the same time yet again found in the wild. The vulnerability known as CVE-2013-0156 that affected versions 3.0.20 and 2.3.16 again rises it's hand. Though a security patch was released by the Rails developers. But as we all know that many server administrator used to be unaware of these events have not patched their systems. As a result hackers and cyber criminals are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a dangerous botnet
Web developer devises new phishing trick (Help Net Security) A British web developer has devised a proof-of-concept phishing attack that could be way more successful than the standard fake login page with the wrong URL. Jack Shepherd created a fake browser
RentPath Security Breach May Have Exposed 56,000 Social Security Numbers (eSecurity Planet) RentPath Security Breach May Have Exposed 56,000 Social Security Numbers
Champlain College Acknowledges Security Breach (eSecurity Planet) A storage device containing 14,127 Social Security numbers was left in a campus computer lab by mistake
Virginia Health System Admits Security Breach (eSecurity Planet) 5,000 patients' medical records may have been accessed between April 2012 and April 2013
Santa Fe Hotel Hacked (eSecurity Planet) The names and credit card numbers of guests who stayed at the Rosewood Inn of the Anasazi between June 2012 and March 2013 may have been accessed
Group Hp-Hack Hits the McGowan Institute (eSecurity Planet) More than 800 full names, e-mail addresses, user names and encrypted passwords were published online
E-voting system used in French election is flawed (Help Net Security) A recent electronic election in France has proved electronic some voting systems still cannot be trusted not to include fraudulent votes. The town hall primary election which ended on Monday saw
FBI warns car buyers against scammy online deals (Help Net Security) If you are looking to buy a car or other vehicle online, be careful not to fall for a scam that has lately had a resurgence and that will leave you without money and possibly with an infected computer
Trend Micro Study: Mobile Malware on the Rise (Fox Business) or the cyber crooks according to consumer reports nearly 40%. Of customers did not take even minimal steps to protect their devices cyber security firm Trend Micro tracking the growth of malware. At high risk apps showing 350000. For android alone by
Malware targeting Android devices (NEWS.com.au) Security companies, including Juniper Networks and Bitdefender, report an explosion in Android malware, with Trend Micro predicting Android malware cases will hit 1 million by the end of the year. But there are those, such as Google engineer
Nato suffered 2500 cyber attacks in 2012 (Telegraph) The disclosure came as defence ministers including Philip Hammond gathered at Nato headquarters in Brussels to discuss setting up "rapid reaction teams" to help alliance members under cyber attack. Anders Fogh Rasmussen said: "This is a serious
Security Patches, Mitigations, and Software Updates
Apple releases OS 10.8.4 (Internet Storm Center) Apple released the next update for OS X, 10.8.4. Eventually, we should learn more about the security content of the update, but at this point, the security page has not been updated yet
Google's certificate announcement contains a hidden surprise for Windows XP users (Naked Security) Are you an IT administrator still caring for Windows XP computers that are running Internet Explorer? Google's latest announcement brings another good reason to upgrade your systems or switch to an alternative browser
Changes to the Java security model (Help Net Security) The upcoming security changes in Oracle Java address three long-standing issues with the Java security model. The most significant change is how signed applets are handled. In the past Oracle has
Researchers find Java users woefully tardy on patching (CSO) Half of users running version two-years-old or older
Cyber Trends
Are Businesses Knowingly Infecting Their Web Visitors? (Dark Reading) Even after being informed of infrastructure serving up malware, some organizations still don't act to clean up their online messes. As cybercriminals have shifted their techniques to get the most efficiency out of their attack campaigns, some of their favorite methods involve two-pronged attacks to first compromise legitimate Web servers and then use them to, in turn, infect unsuspecting visitors to seemingly innocuous sites. While much of this illicit malicious activity occurs behind the backs of these organizations, there are increasing number of businesses that upon being informed that their IPs are engaging in bad behavior stall indefinitely or wait months to remediate the situation
Businesses Consider Going Offense Against Cyberattackers (CNBC) Companies may soon choose to hack cyberthieves to retrieve stolen data, Retired Gen. Michael Hayden, a former director of the Central Intelligence Agency, said at the Kaspersky Government Cybersecurity Forum in Washington
The enterprise security time bomb (Help Net Security) Companies are at serious risk of data security breaches as 38 percent of U.S. office workers admit to storing work documents on personal cloud tools and services, according to Huddle
Marketplace
DoD proposes anti-counterfeit IT measures (FierceGovernmentIT) The Defense Department has proposed updating its regulations to require that major contractors subject to cost accounting standards – and their large subcontractors – have anti-counterfeit avoidance and detection systems in place for electronic parts
New Orders On Army's Battlefield Processor (Washington Times) Congress is set to intervene for the first time in how the Army is developing its prized battlefield intelligence processor, which soldiers and the Pentagon's top operational tester have deemed ineffective
Singapore teams up with private sector to train cyber security workforce (FutureGov Magazine) Also, a new advanced cyber defense training curriculum will be offered in cooperation with the US Department of Homeland Security. Qualified candidates will return to Singapore and be eligible for placement in cyber security or anti-fraud analyst
Security software market grew 7.9% in 2012 (Help Net Security) Worldwide security software revenue totaled $19.2 billion in 2012, a 7.9 percent increase from 2011 revenue of $17.7 billion, according to Gartner, Inc. Gartner said that the evolution of new threats
Canadian firm trains international officials how to hack smartphones (Defense News) The National Security Agency's Troy Lange told this year's C4ISR Journal Conference that the agency is improving security on smartphones through specialized apps and encryption software. But it's men like Pierre Roberge who may offer the most
IBM is upping its game in cloud computing--and so is everyone else (Quartz) IBM today announced its biggest deal to date under its new CEO, Virginia Rometty, who took over last year. The company acquired cloud computing firm SoftLayer to help it compete with Amazon, the leader in public cloud services
Deloitte acquires Vigilant's cyber security services business (Help Net Security) Deloitte strengthened its cyber security capabilities today by acquiring substantially all of the assets of Vigilant, a specialist in security monitoring and cyber threat intelligence
Fortinet Inc (FTNT), Sourcefire, Inc. (FIRE): Protecting Ourselves From China's Hackers (Insider Monkey) China's government-backed hackers are reportedly back at it again after a brief period of keeping a low profile. Clearly, the cyber war is only just getting started. Three companies that look set for years of growth by protecting us from hackers are Radware Ltd. (NASDAQ:RDWR), Sourcefire, Inc. (NASDAQ:FIRE), and Fortinet Inc (NASDAQ:FTNT)
KEYW: Spinning A Broken Record For Fans Awaiting A Dubious Encore? (Seeking Alpha) As a fanatical "ParrotHead" with an encyclopedic knowledge of Jimmy Buffett songs, KEYW (KEYW) Chief Executive Officer Leonard Moodispaw often seems more inclined to share catchy lyrics penned by his idol than useful details about the actual business conducted by his glorified rollup company. While Moodispaw likes to present snippets from those upbeat tunes as metaphors for noteworthy developments at his tightlipped cyber-security firm, however, he has somehow managed to overlook the very title that perhaps delivers the most fitting message of all: "Math Suks"
Peter Colsted Named as CEO of Security Firm Secunia (Softpedia) IT security solutions provider Secunia has just announced the appointment of a new chief executive officer (CEO). The company's board has decided that
DOD Retirees: From 4-Star General to 7-Figure Income (Fiscal Times) Last week, retired four-star Army General David Petraeus announced he was joining the New York-based investment firm KKR & Co. to run the firm's new Global Institute, a group dedicated to studying how government policies impact investments
Products, Services, and Solutions
Exclusive: Pwnie Express Evolves The Role Of The Pen Tester (Dark Reading) Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life. Pwnie Express is well-known for its penetration testing drop box, the Pwn Plug. Since the creation of the Pwn Plug there have been many evolutions including the Pwn Phone, the Pwn Pad, and the Enterprise Pentesting Appliance (EPA). All of which are amazing products but all required a serious amount of expertise and manual effort to fully utilize
Windows RT 8.1 Update Will Bring Full Outlook 2013 Desktop App To RT Tablets (TechCrunch) This has long been rumored, but Microsoft just announced that Windows RT, its operating system for ARM-based tablets and other small touch-enabled devices, will get Outlook 2013 once the free Windows 8.1 update arrives. Until now, Windows RT featured the desktop versions of Word, Excel, OneNote and PowerPoint, but ever since it launched, business users have been complaining about the lack of
Vantrix Expands Deployment Options for Intelligent Media Optimization Solution (EON) Its new bump-in-the-wire deployment option provides a transparent proxy that can be placed directly in the mobile data network without the need for an upstream Deep Packet Inspection (DPI), load balancing or HTTP browsing element. With bump-in-the-wire
Palo Alto Networks WF-500 Debuts Out-of-Band Malware Analysis (InternetNews.com) The WF-500 is the on-premises version of Palo Alto's WildFire cloud-based security service
Google won't allow facial recognition on Glass (Help Net Security) Whether Google Glass ships out to regular users later this year or the next, one things is sure: it won't make use of facial recognition software - for now. The speculation on whether or not Google
Managed services for web, cloud and mobile app security (Help Net Security) Cenzic has expanded its Cenzic Managed Services for Enterprise Application Security which now includes four levels of service including a special compliance-ready assessment available for all types of
Solution for Active Directory-based single sign-on (Help Net Security) Centrify announced Centrify for Office 365, a solution for Active Directory-based single sign-on, user provisioning and mobile management for Office 365. The Azure-based service, delivers full
Online password manager for business (Help Net Security) Zoho launched Zoho Vault, the secure online password manager for teams and businesses. It establishes a central repository that offers unmatched security and complete data privacy for companies that
Damballa now detects malicious P2P communications (Help Net Security) Damballa Failsafe can now discover malicious P2P communications. It uses behavioral detection techniques to identify malicious P2P communication attempts from malware trying to evade detection
Apple releases OS X 10.8.4 (Help Net Security) The OS X Mountain Lion 10.8.4 Update is recommended for all OS X Mountain Lion users and includes features and fixes that improve the stability, compatibility, and security of your Mac
Etisalat launches 'cloud' service (Emirates 24/7) First such service could reduce IT costs of SMBs by 60%. Etisalat on Tuesday announced the launch of 'Cloud Compute': the first "cloud" data storage service offering in the UAE for SMBs and enterprises, providing a pay-as-you-go model, reducing IT costs by up to 60 per cent and speeding up time-to-market by up to 90 per cent
Technologies, Techniques, and Standards
Can't Fix What You Hide (Dark Reading) Willful ignorance may be bliss, but rarely is it compliant. The CEO I was talking with didn't understand his own company's compliance requirements. And he didn't want to understand them. He had delegated this, as many in business do, to his IT director. "Technology will fix this problem" is a common approach
Building An Effective Security Architecture: No Piece Of Cake (Dark Reading) Enterprises need to put more thought, fewer products into their cyberdefense strategies. For years, IT security has been a "one problem, one solution" proposition. We needed a way to verify that users are who they say they are, so we invented authentication. We needed to stop viruses, so we invented antivirus technology. Intrusion prevention systems, Web application firewalls, data leak prevention -- almost all of our security technologies were created to protect the enterprise from one specific threat
Moving Safely From Detection To Automated Action (Dark Reading) Companies that fail to make the most use of automation put themselves at risk, yet doing it wrong can lead to business disruptions. Many companies remain cautious of automating their security systems, leery of the possible business interruptions that could happen when a mistake gets propagated across their systems
Is Security Professional Development Too Expensive? (Dark Reading) Paid trainings and certificates serve vital role, but open-source-style security education offerings could make the entire security education field more complete and affordable
One Year After World IPv6 Launch, Number Of IPv6-Connected Internet Users Doubles (Dark Reading) Major network providers and Web companies increasingly offer IPv6 as a standard service
How to Find and Track Mobile Devices (eSecurity Planet) Mobile devices are great for productivity. For security, not so much. Enterprises can minimize security concerns by using location features and handy apps
We are sharing info with competitors to combat cyber threats, says BSkyB (PC Advisor) Internet service provider and broadcasting firm BSkyB last week fell victim to a cyber attack from the Syrian Electronic Army, which compromised a number of Sky News apps on Google's Play store before the situation was resolved, while the hactivist
Design and Innovation
Berlin's Network Effect Will Make It A Global Startup Center (TechCrunch) Throw a dart at a map. There's a pretty good chance it'll hit near someplace hoping to become the "next Silicon Valley." I'd bet on Berlin. I believe Berlin has the best shot in the Western world outside of Silicon Valley at becoming a place with a true tech
How smart developers generate lousy code (IT World) Most experienced developers can think of a time when they worked on a team with other accomplished programmers. Yet the code quality was anywhere from "eh" to "oh god you didn't actually ship that did you?!" Here's how this can happen, and what to do to minimize the chances
Research and Development
CIA Releases Analyst's Fascinating Tale of Cracking the Kryptos Sculpture (Wired) The CIA has released a fascinating first-person account by a CIA analyst describing how he cracked the famed cryptographic Kryptos sculpture in 1995
Academia
Northrop Grumman and USC Energy Institute collaborate to improve oil and gas industry security (Phys.org) Northrop Grumman and the USC Energy Institute (USCEI), located in the USC Viterbi School of Engineering, have agreed to work together in developing capabilities to support the application of integrated cyber and physical security systems to the critical infrastructure of the oil and gas industry. This collaboration expands the breadth and depth of the long-standing relationship between Northrop Grumman and USC. The program uniquely combines Northrop Grumman's world-class capabilities, experience, and linkages in defense, physical and cyber security, and information systems, with USC's leading strengths in petroleum engineering and operations, advanced information systems, and cyber security technology development. To enable the program's development and the engagement with the oil and gas industry, Northrop Grumman will provide a grant to USCEI
Legislation, Policy, and Regulation
Tom Donilon resigning as national security adviser; Susan Rice to replace him (Washington Post) National security adviser Thomas E. Donilon will resign his post, White House officials said Wednesday, and will be replaced by U.N. Ambassador Susan E. Rice, a close confidant of President Obama with deep foreign policy experience who is disliked by Republicans but had been widely expected to move into the job
Labour questions security fears over Huawei (TVNZ) There are claims tonight that fears of a cyber attack are behind a Chinese company missing out on a big broadband contract. To build the bulk of the country's ultra fast broadband network, local telco Chorus needs international partners, and Huawei was
Telecoms made in China put Britain 'at risk of cyber-attack' (The Times (subscription)) Telecoms equipment made by Chinese companies should be independently tested by the Government to guard against cyber-attacks, an intelligence report will say. The Commons Intelligence and Security Committee, which is chaired by Sir Malcolm Rifkind
Ahead of U.S.-China meeting, should Silicon Valley be leading the cyber-attack charge? (CTV News) Chinese President Xi Jinping and American counterpart Barack Obama will talk cyber-security this week in California, but experts say the state's Silicon Valley and its signature high-tech firms should provide the front lines in the increasingly aggressive fight against overseas hackers
Cybersecurity Looms Large For Summit (USA Today) President Obama has no time to lose as he tries to build a relationship with Xi Jinping, China's new president and the man who will lead the world's most significant rising power for the next decad
US Cyber Commander Offers Radical Changes (The Herald) Keith B. Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, wants to combine forces from the military communications and intelligence communities to combat a broad cyber threat that he describes as "only going
China hacking vs. Pentagon whacking: An arms race in cyber-space? (RT) The US Cyber Command is part of a worldwide offensive cyber warfare system that includes all branches of the US military, in addition to our friends in NATO - its chief, Anders Fogh Rasmussen, even went as far as saying that he wants to "extend the
NATO Boosts Cyber Defences But Members Differ On Its Role (Reuters) NATO ministers agreed on Tuesday to strengthen the organisation's cyber defences but differed about how much NATO should do to protect smaller allies from potentially devastating hacking attacks
NATO members agree on quick-response cyber attack teams (Deutsche Welle) Defense ministers present for the talks in Brussels on Tuesday agreed that NATO should continue to seek coordinated plans to protect against cyber attack. However, they failed to decide how to help individual member states whose computer systems come
White-hat hacker fights cyber intrusions on NATO systems (NATO) Cyber attacks around the world are becoming more frequent, alarming and complex. Our interconnected societies depend on new technologies, which are constantly being probed for vulnerabilities to exploit. NATO calls on the skills of cyber-security experts to assess its computer networks and takes measures to avert and defend against cyber attacks
Litigation, Investigation, and Law Enforcement
UK Police Launch Campaign to Shut Down Torrent Sites (TorrentFreak) City of London Police inform TorrentFreak that they have begun targeting sites that provide access to unauthorized content for "criminal gain." The initiative is part of a collaboration with Hollywood studios represented by FACT and the major recording labels of the BPI. In letters being sent out now, police accuse site operators of committing offenses under the Serious Crime Act. The National Fraud Intelligence Bureau further warns that the crimes carry a jail sentence of 10 years
Cybercriminals Take Loss Of Liberty Reserve Poorly (TrendLabs Security Intelligence) Last week, the US government shut down Liberty Reserve, a digital currency service operating out of Costa Rica. Its founder, Arthur Budovsky, was arrested at the Madrid airport as he tried to return to Costa Rica. Other arrests were made in Spain, Costa Rica, and the United States. The company is accused of laundering over 6 billion dollars in illegal funds, with more than a million users globally - 200,000 of these being in the United States. The company's site now sports a notice that it has been seized by US law enforcement
Cyber Suraksha Cell to tackle cybercrime soon across Gujarat (Daily Bhaskar) A Cyber Suraksha Cell (CSC) will soon be in place to tackle cybercrimes across the state. Being started by the state home department, it will focus primarily on cases of online fraud
Hacker Testifies During Manning Court-Martial (Washington Post) The hacker who alerted federal authorities to the alleged leak of classified documents by Pfc. Bradley E. Manning testified Tuesday that the young Army analyst never indicated any desire to help U.S. adversaries by releasing the material
U.S. judge orders Google to share user info with the FBI (Help Net Security) Google has been ordered to comply with FBI requests for user information that came in the form of National Security Letters (NSLs) by U.S. District Court Judge Susan Illston
New York State DMV Acknowledges Data Breach (eSecurity Planet) A license clerk was recently charged with repeatedly accessing an individual's DMV records
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Pen Test Berlin 2013 (Berlin, Germany, Jun 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations and social events. The training offers the opportunity to participate in NetWars.
CyCon 2013: 5th International Conference on Cyber Conflict (Tallinn, Estonia, Jun 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical, strategic and legal implications of using automatic methods in cyber conflicts. The conference will be organized along two tracks: a Strategic Track and a Technical Track. Legal aspects will be incorporated in these two tracks.
NSA SIGINT Development Conference 2013 (Fort Meade, Maryland, USA, Jun 4 - 5, 2013) The National Security Agency is responsible for providing foreign Signals Intelligence (SIGINT) to our nation's policy-makers and military forces. SIGINT plays a vital role in our national security by providing America's leaders with critical information they need to defend our country, save lives, and advance U.S. goals and alliances globally. The exposition will be unclassified and will consist of a one-day event as an adjunct to the SIGINT Conference. The conference sessions will be conducted in a classified area in close proximity to the exhibits.
U.S. Census IT Security Conference and Exposition (Suitland, Maryland, USA, Jun 5, 2013) The Census Bureau's Information Technology Security Office (ITSO) and the Census Bureau's Data Stewardship Office is putting together a series of workshops on 'Information Security' and 'protecting your information' to lead up to their Annual IT Security Awareness Conference. This specific workshop will take place on June 5, 2013 with a focus on Security Issues..
Capital Connection 2013 (Washington, DC, USA, Jun 5 - 6, 2013) Capital Connection™, a MAVA premier event, is designed for seasoned executives, entrepreneurs, and investors at all stages to come together under one roof to expand their innovations, create industry connections, or grow their enterprise. It is one of the nation's most respected industry conferences with more than 800 attendees each year who share a common goal of enhancing our technological ecosystem.
RSA Conference Asia Pacific 2013 (Singapore, Jun 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will be able to attend keynote sessions presented by leading information security industry experts and guest speakers, and choose from approximately 50 sessions.
29th Annual INSA William Oliver Baker Award Dinner (Washington, DC, USA, Jun 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.
2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, Jun 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS). This four-day event will take place at the Baltimore Convention Center on Monday, June 10 - Thursday, June 13 with the exposition taking place June 11-12.
CISSE 17th Annual Colloquium (Mobile, Alabama, USA, Jun 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
3rd annual Cyber Security Summit (, Jan 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year, ADM Cyber Security aims at: reviewing solutions to the ever increasing level of attacks, whether real or potential, [and] equipping all stakeholders with a wide range of actionable strategies.
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
Suits and Spooks La Jolla 2013 (LaJolla, California, USA, Jun 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in common…it readily became apparent that two broad areas kept coming up: threat mitigation through intelligence and active defense (a.k.a. offense as defense). San Diego is a wonderful location for exploring this theme thanks to its military and high technology industries. The FBI, NCIS, DOD, academia and some cutting edge INFOSEC startups will be represented.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.