The CyberWire Daily Briefing for 6.10.2013
The US National Security Agency's PRISM program continues to dominate cyber news. See Director of National Intelligence Clapper's official statement (and the accompanying factsheet) for background. He maintains (as even legal observers with a strong libertarian bent generally concede) that the program is fully legal, properly disclosed, and fenced with privacy safeguards. Consult various op-eds for mixed reaction to the program as a matter of policy.
The leaker, who outed himself over the weekend, is currently in Hong Kong, whence the US is widely expected to extradite him.
Companies named in PRISM reports, especially Google, strongly deny that NSA has or had direct access to their servers. Industry analysts continue to debate the economic impact of the program's disclosure. Security observers point out the episode reteaches an old-lesson: low-level employees often pose the greatest security risks.
Officials in the UK face Parliamentary questions over the Government Communications Headquarters' (GCHQ) alleged involvement with PRISM. The Sino-American summit wrapped up as expected, with the US talking a hardline on cyber with China, and with China piously averring its commitment to being a good cyber neighbor.
Elsewhere in the world Israel's prime minister Netanyahu says that Iran has increased its operations against Israeli networks. The Syrian Electronic Army (in this respect viewed as an Iranian sock puppet) claims its attack on Haifa's water system was in fact successful, not thwarted as Israel claimed.
IPv6, not yet widely adopted, has already become a target for hackers.
Tomorrow's Patch Tuesday will include fixes for Macs.
Today's issue includes events affecting Algeria, Australia, China, India, Iran, Israel, Republic of Korea, Nigeria, Pakistan, Saudi Arabia, Syria, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Netanyahu: Iran ups cyber attacks on Israeli computers (Ynetnews) The comments came hours after a Syrian hackers' group paraded the secret information it had allegedly obtained by means of a cyber attack on Haifa's water system some two weeks ago
Syrian hackers say attack on Haifa facilities was successful (Ynetnews) Two weeks after Yitzhak Ben-Yisrael, chairman of the National Council for Research and Development, said Syrian Electronic Army's hackers attempted two weeks ago to launch a cyber attack against Haifa's water system, failing, the semi-official Iranian
Scammers impersonate the UN Refugee Agency (UNHCR), seek your credit card details (Webroot Threat Blog) Opportunistic scammers have just launched a targeted spam campaign impersonating the UN Refugee Agency (UNHCR) in an attempt to trick users into handing over their complete credit card details as they supposedly make a donation to support Syria's refugees
Saudi Arabian Ministry of Higher Education Websites Hacked by Algerian Hacker (Hack Read) An Algerian hacker going with the handle of DZ27 has hacked and defaced two sub-domains of Saudi Arabian Ministry of Higher Education (mohe.gov.sa) four days ago. Targeted domains belongs to the site's login management system were left defaced with Algerian flag along with a short note and contact email, yet the main reason for targeting the ministry sites was not mentioned anywhere. Hacked by DZ27
India loses 22GB data to cyber attack (Deccan Chronicle) India is estimated to have lost at least 22 giga bytes of data in the slew of cyber attacks it has seen of late targeted at various high-profile individuals and organisations. Reported to be operational since 2004, cyber attackers have till
IPv6 Under Attack? (eSecurity Planet) Although IPv6 is still not widely adopted, the Internet is seeing the first signs of IPv6-based attacks. A year ago the world celebrated World IPv6 Launch Day, which was supposed to be the day IPv6 was activated by major Web operators and service providers. At the time of the launch, there were concerns about
Android Trojan Looks, Acts Like Windows Malware (InformationWeek) Android Trojan "Odad.a" rivals Windows malware in the harm it can do to mobile device users, say experts
DNI Statement on the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (Office of the Director of National Intelligence) Over the last week we have seen reckless disclosures of intelligence community measures used to keep Americans safe. In a rush to publish, media outlets have not given the full context-including the extent to which these programs are overseen by all three branches of government-to these effective tools
Facts on the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (Office of the Director of National Intelligence) PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. Section 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008
US uses NSA-FBI PRISM program to snoop on everything and everybody (Naked Security) Here's a brief summary of what we know, what we don't know, and how you can at least try to protect yourself from surveillance
NSA leaker steps forward, cites 'massive surveillance machine' (CSO) The NSA contractor who gave the press documents related to government surveillance has fled to Hong Kong
NSA, the whistle-blower and the reaction: five things to know (AP via the National) Edward Snowden identified himself Sunday as a principal source behind revelations about the National Security Agency's sweeping phone and internet surveillance programs. Five things to know about the disclosures
No evidence of NSA's 'direct access' to tech companies (CNET) Update, June 8 at 2:45 p.m. PT: In response to outcry over PRISM, the U.S. Director of National Intelligence has released some details. Among other things, he says the government "does not unilaterally obtain information from the servers of U.S. electronic communication service providers" and that PRISM-related activities are conducted "under court supervision"
NSA Claims Know-How To Ensure No Illegal Spying (New York Times) The supersecret agency with the power and legal authority to gather electronic communications worldwide to hunt U.S. adversaries says it has the technical know-how to ensure it's not illegally spying on Americans
Technology Emboldened The NSA (Wall Street Journal) Key advances in computing and software in recent years opened the door for the National Security Agency to analyze far larger volumes of phone, Internet and financial data to search for terrorist attacks, paving the way for the programs now generating controversy
U.S. Collects Vast Data Trove (Wall Street Journal) The National Security Agency's monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency's activities
UK gathering secret intelligence via covert NSA operation (The Guardian) Exclusive: UK security agency GCHQ gaining information from world's biggest internet firms through US-run Prism programme
Security Patches, Mitigations, and Software Updates
Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac (Naked Security) Patch Tuesday is coming on 11 June 2013. Paul Ducklin gives you a quick preview of what we know so far, and who'll be affected by the updates… (Mac users, that might include you.
Google ups (some) bug bounties (Help Net Security) Google has once again decided to raise the sums that researchers can earn by offering information about bugs in the company's web services and properties (YouTube, Blogger, Orkut, Google Search
Study: Rogue Employees Are Top Concern For Security Pros (Dark Reading) Insider threat tops list of worries for security pros; malware, unauthorized software also cause concern
Backup and recovery problems exposed (Help net Security) A Veeam survey of 500 SMBs across the USA and Europe found that they are experiencing significant issues with the cost, complexity and lack of capabilities of their data protection for virtual environments
Cyber worries keep widening (Fleet Owner) Following the cyber attacks, 72% of those businesses were not able to fully restore their company's data. In a separate study on data breaches, the Ponemon
Privacy experts: Health data security efforts too reactive (FierceHealthIT) Privacy experts spoke about their data breach experiences Thursday at the Healthcare Privacy Summit in Washington, D.C., agreeing that what they've experienced likely is just the beginning for what's possible in security fissures at healthcare organizations
Swansea computers at risk of cyber attack, says Silicon Valley based company (This is South Wales) People in Swansea are among the most likely in Wales to be targeted by criminal software. Research by anti-malware software company Malwarebytes suggests the city ranks second for areas of Wales at risk from infection from latest criminal software
Pentagon's Cybersecurity Plan Calls for $23 Billion Through 2018 (Businessweek) Army General Keith Alexander, who leads the Cyber Command, told the House Armed Services Committee in March that his organization is working to change doctrine and training so that combat commanders "'can think, plan and integrate cyber" just as they
Leaker's Employer Became Wealthy By Maintaining Government Secrets (New York Times) Edward J. Snowden's employer, Booz Allen Hamilton, has become one of the largest and most profitable corporations in the United States almost exclusively by serving a single client: the government of the United States
Edward Snowden: employer Booz Allen decries 'grave violation' of company code (Telegraph) The company said its major clients included, "the Department of Defense, all branches of the US military, the US Intelligence Community, and civil agencies such as the Department of Homeland Security, the Department of Energy, the Department of Health
The Whistleblower's Company (Daily Beast) Booz Allen Hamilton's major clients include, according to the company, "the Department of Defense, all branches of the U.S. military, the U.S. Intelligence Community, and civil agencies such as the Department of Homeland Security, the Department of
Guess Who's Looking To Fill An Information Security Engineer Vacancy In Sunny Honolulu? (Slate) As a slightly amusing coda to the story of Edward Snowden take a look at this Booz Allen job listing posted May 22 for an Information Security Engineer in Honolulu. You could literally be the next Snowden if you have the right stuff
The US government is secretly mining data. Now what? (FierceCIO: TechWatch) United States intelligence agencies have been secretly mining data from major Internet companies based in the U.S. This was reported by the Washington Post, who published the story after receiving top-secret documentation from an intelligence officer horrified by the broad capabilities of the "PRISM" program
Is Prism Going To Harm US High-Tech Exports? (Slate) The legal and policy arguments around the PRISM program through which the NSA snoops into the datastream of major American high-tech companies are primarily going to focus on the treatment of American residents and citizens. There doesn't really appear to be much in the way of a debate as to whether it's legal or appropriate to be spying on foreigners without warrants or probable cause
NSA Dragnet Debacle: What It Means To IT (InformationWeek) PRISM shows companies can't assume their data is safe in the hands of commercial providers
NSA Scandal: Is Palantir's Prism Powering PRISM? (International Business Times) This is the same Palantir that the Wall Street Journal wrote in 2009 had "designed what many intelligence analysts say is the most effective tool to date to investigate terrorist networks." The article describes how Palantir made a tool that can easily
Horrible timing: National Security Agency lists 'Digital Network Exploitation Analyst' internship opening as controversy swirls over digital snooping scandal (Daily Mail) It's either a cruel joke or the world's worst timing: An internship listing for a 'Digital Network Exploitation Analyst' appeared Thursday on the National Security Agency's job-opening Twitter feed, just as the cyber spy directorate was caught up in an international scandal involving snooping on millions of telephone, email and social networking accounts
Verizon security chief used to be high level official at FBI (Daily Caller) At Verizon, he oversees and coordinates "global security efforts throughout Verizon and all its business units, including enterprisewide security strategy and programs, physical security, cyber security and law-enforcement security matters." The
AhnLab Picks Exclusive UK Channel Strategy For Malware Defence (ChannelBiz) Korean security vendor AhnLab has announced it will launch into EMEA and sell its products completely through the channel. The firm, originally from South
SilverSky To Acquire StillSecure's Managed Security Services Business (Dark Reading) Acquisition is latest in a series of investments SilverSky has made in the past four years to develop cloud-based security software
Products, Services, and Solutions
Tabula takes another step toward the quasi-ASSP (EDN.com) Tabula's official rollout of a promised 100G Ethernet Packet Parser indicates the continuing role of FPGAs in applications more closely resembling ASSPs than fully programmable designs. Given the broad interest in deep packet inspection, it's no
Ask a hacker: Top four anti-surveillance apps (ZDNet) Did they or didn't they? That's the question at the end of this week's ground-shaking news that two highly classified programs reveal the U.S
Bitdefender Safepay Beta 188.8.131.52 (64-bit) (PC Advisor) Bitdefender Safepay is a secure browser which runs in its own sandbox, isolated from your system, and so greatly reducing the opportunities for malware to track or record your activities. Related Articles. Bitdefender Releases 2013 Line of Antivirus
Secure Windows desktops by removing administrator privileges (Help Net Security) BeyondTrust released PowerBroker for Windows 6.0, an identity management solution that allows customers to take a system's overall risk into context when deciding what level of privileges a user
Cisco widens lead over Aruba in enterprise Wi-Fi market (FierceMobileIT) Cisco (NASDAQ: CSCO) posted a strong growth of 23.4 percent year-over-year for its enterprise Wi-Fi revenue in the first quarter of 2013, pushing its market share up to 52.9 percent, its highest share since the fourth quarter of 2010
Apple's iOS reigns supreme in enterprise, says Good (FierceMobileIT) Apple's (NASDAQ: AAPL) iOS platform accounted for three quarters of enterprise mobile device activities in the first quarter of 2013, according to mobile device management firm Good Technology's latest Mobility Index report. One-quarter of activations were for Google's (NASDAQ: GOOG) Android platform, and other mobile platforms made up less than 1 percent, according to the index, which Good compiles from its enterprise customers
Technologies, Techniques, and Standards
Edward Snowden's lesson to both businesses and the NSA: Your IT people are your biggest risk (Quartz) Edward Snowden—the man behind what the Guardian is calling, with only a little hyperbole, "one of the most significant leaks in US political history"—was not what you would call a high-level agent. By his own account, Snowden was a mediocre student who joined the National Security Agency (NSA) as a security guard, learned to program, wound up managing network security for the CIA station in Geneva, and then spent four years working at the NSA for private contractors. What he saw apparently prompted him to take refuge in Hong Kong before leaking top-secret documents about the NSA's intelligence-gathering capabilities
Identity Proofing and Verification of an Individual (CESG) This document should be read by organisations that are responsible for identity proofing an individual where any HMG Department or service will be relying on that identity
When Google isn't Google (Internet Storm Center) Like many other exploit scripts, the recent "Plesk" exploit used a fake user agent of "Googlebot". Attackers assume that most web applications are happy to be indexed by Google and possibly ably no or less stringent filters. For example, some applications will show more content to Google that is not readily displayed to normal users unless these users sign up, solve a captcha or even pay
Share and Share Alike? Not Quite (Threatpost) Panelists at the NG Security Summit in Denver debate the challenges hindering the sharing of threat intelligence and attack data, especially between competitors in the same industry
What are users doing after log-in? (Help Net Security) Businesses today use up to 50 on-premises applications and 25 cloud-based applications on average, so identity and access management (IAM) technologies to secure data and deliver user convenience can
Changes to the standard for PIN Transaction Security (Help Net Security) Today the PCI Security Standards Council (PCI SSC) published version 4.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) requirements. These requirements, along with the Hardware Security
The Transition to the Cloud (SYS-CON Media) Enterprises can look to organizations such as the Cloud Security Alliance and traditional security associations like ISACA for guidance and perspective
LinkedIn: When To Say No To Connecting (InformationWeek) Should you accept LinkedIn connection requests from strangers? Before deciding, make sure you understand the security and reputation risks
Design and Innovation
Hackathon or Block Party? (IEEE Spectrum) The geeks were out on the streets last Saturday, in cities and towns in 35 states. They came out to participate in the National Day of Civic Hacking, the first of what will likely be an annual event, designed to bring together the tech savvy with the creative but not-so-tech savvy to brainstorm about ways to use technology to make their communities better. There were talks, and showcases, and conversations formal and informal—and even some actual coding going on
Waiting For Prometheus (TechCrunch) What is the real issue brought up by this whole PRISM debacle? It's not that the government is willing to overstep its role using national security as an excuse. That's been going on for thousands of years. It's not that companies in a position of power are willing to throw those that rely on them under the bus in order to get ahead. Again, that's nothing new
How The NSA Hunts For Startups Through A VC Firm Dedicated To Serving Intelligence Community (TechCrunch) In-Q-Tel (IQT) is a not-for-profit venture capital group that helps the NSA and other agencies hunt for startup and young companies that develop core technology for the U.S. intelligence community. These young companies are often outside the reach of the intelligence community — about 70 percent of them have never worked with the government before. IQT often co-invests with venture
Research and Development
The US government is surveilling Americans on the internet and building anti-surveillance technology for Iranians (Quartz) The latest revelations about the breadth of the US government's intelligence dragnet, an apparent effort to monitor a broad range of domestic internet and phone communication in search of foreign terrorists, is a reminder that when it comes to surveillance, the land of the free is more like Syria or Iran than we might think
Unhackable quantum cryptography can be hacked (iTech Post) Quantum cryptography has long been considered the holy grail of cryptographers, allowing them to send messages with a technique which, thanks to the laws of physics, is guaranteed to only be readable between two parties. If anyone tried to intercept a
How Silicon Valley Came To 'Wire The World' For Spy Agencies (Financial Times) The revelations about US surveillance of the internet highlight the close ties between the US military and Silicon Valley. A connection forged in the second world war has evolved to produce technologies ranging from the chips that power ballistic missiles to the data-mining software used to ferret out terrorists
Where the National Security Agency isn't so secret: Schools (Washington Post) The National Security Agency is the super-secret organization that has been in the news because of disclosures that it has, for years, been conducting U.S. surveillance programs. But in at least one area, the NSA hasn't tried to be so secret: schools
Legislation, Policy, and Regulation
Higgins on Surveillance: Balance Is Key (WGRZ) As a ranking member of the House Subcommittee on Counter-terrorism and Intelligence, Western New York Congressman Brian Higgins (D) helps oversee the Department of Homeland Security's Intelligence Divisions. On Sunday, Higgins told 2 On Your
NSA Whistle-Blower Hero Or Villain? Our View (USA Today) Here's one definition of a hero: It's someone who, given a choice between doing the right thing at great personal cost or the wrong thing for great personal benefit, chooses the former
'Big Brother' And Big Data (Wall Street Journal) What our self-styled civil libertarians should really fear is another successful terror attack like 9/11, or one with WMD. Then the political responses could include biometric national ID cards, curfews, surveillance drones over the homeland, and even mass roundups of ethnic or religious groups. Practices like data-mining save lives, and in doing so they protect against far greater intrusions on individual freedom
Creeping Surveillance State, Creepy Conclusions (USA Today) Obama explained these are just modest intrusions in the new concept of government-approved privacy. He insisted that so long as the government did not read your emails or listen to your calls, there is no danger to privacy
Leaking Secrets Empowers Terrorists (Wall Street Journal) The NSA's surveillance program doesn't do damage. Revealing it does
Post-9/11 Outsourcing Of U.S. Intelligence Raises Risks (Washington Post) The unprecedented leak of National Security Agency secrets by an intelligence contractor, including bombshells about top-secret programs to collect telephone records, e-mail and other personal data, was probably an inevitable consequence of the massive growth of the U.S. security-industrial complex
Checks, balances, and the National Security Agency (MSNBC) Over the course of three days, the usually invisible National Security Agency has become ostentatiously visible and many Americans do not like what they see. In an effort to address the widely shared feeling that our vaunted system of checks and
President Obama's Data Harvesting Program: NSA as Pollster, PRISM as MISO (Pravda) Indeed, the membership of President Obama's National Security Telecommunications Advisory Committee (NTSAC) reflects the close proximity of the President to critical cyber/telecom/ISP leaders who likely get advanced warning of the incoming nukes
The national security-tech complex (Muckety) The NSA described the center's mission as supporting "the intelligence community's efforts to further strengthen and protect the nation's cyber security." Its aim, officials said then, was to help other government agencies, including the Department of
NSA snooping bolsters opponents of U.S. Internet control (CSO) While the PRISM program appears to be legal, that does not make it good policy -- or good for international relations
Privacy groups, some lawmakers rip into NSA surveillance (CSO) Reports of massive information collection from phone and Internet companies may violate the Constitution, critics say
Obama defends surveillance programs (Firest Coast News) President Obama defended National Security Agency surveillance programs Friday, saying they are designed to promote public safety and protect civil liberties. "They help us prevent terrorist attacks," Obama said, despite what he calls "modest encroachments" on what some consider private activity
Breakfast with the cyberchief: He wants some RoE, and also pre-approved actions (Foreign Policy) Keith Alexander, who as director of the NSA and commander of U.S. Cyber Command is perhaps the most knowledgeable individual on defending America in cyberspace, offered an assessment of the cyber threat that was clear-eyed and yet understated
Top secret US order calls on officials to identify targets for cyber attacks (ABC Online) "If your defence is only to try to block attacks, you can never be successful," General Keith Alexander, director of the National Security Agency (NSA) and commander of the US Cyber Command, told a Washington symposium. "At times, the government has to
US spying scandal hampers cybersecurity efforts (Reuters India) The Obama administration's cybersecurity agenda, which includes expanding the military's Cyber Command and beefing up protection for critical infrastructure, faces more intense scrutiny after two vast domestic
June 6, 2013: The Day America Found Big Brother in Big Data (Forbes) It requested the secret orders but the production/collection of the data was directed to the NSA, a government agency funded in part by the Department of Defense and the Intelligence Community. A former NSA attorney
Convenient Surveillance Is At The Expense of Constitution and Taxpayers (Forbes) Or the Transportation Security Administration's Computer Assisted Passenger Prescreening System (CAPPS II) program intended to use commercial and intelligence data to identify terrorists? Or the Department of Homeland Security's data mining project
Is it time to do away with Homeland Security? (RT) And, as a result, it's time that we broke up the failed national security experiment known as the Department of Homeland Security. Returning to dozens of independent agencies will return internal checks-and-balances to within the
Trusting Big Brother in the prolonged war on terror (Baltimore Sun) Every time I drive between Baltimore and Washington and come upon those big, spooky National Security Agency buildings in Fort Meade, I have cinematic thoughts about what goes on inside. I imagine the best and brightest of surveillance nerds spying on
People v. NSA (Slate) The National Security Agency is collecting metadata on the calls of all Verizon customers according to a report from the Guardian. Obama administration officials have defended their surveillance activities, without admitting to anything specific, noting that the Foreign Intelligence Surveillance Court approves such intelligence gathering. Who represents the privacy interests of ordinary Americans before the secret intelligence court
Lockheed to Boeing Add Onto Modern Complex Evoking Ike's Warning (Businessweek) While President Barack Obama discussed cybersecurity with Chinese President Xi Jinping in California last week, defense contractors led by Lockheed Martin Corp. (LMT) and computer security companies were working alongside the U.S. Cyber Command
This is, hands down, the scariest part of the NSA revelations (Foreign Policy) Forget PRISM, the National Security Agency's system to help extract data from Google, Facebook, and the like. The more frightening secret program unearthed by the NSA leaks is the gathering and storing of millions of phone records and phone-location information of U.S. citizens
'Informal' Summit Marked By Suspicion, Formalities (Washington Post) It was orchestrated as the shirt-sleeves summit, where President Obama, embarking on his second term with a strategic focus on Asia, and Chinese President Xi Jinping, starting his first year of a decade-long rule, might cool tensions between their rival nations and forge a comfortable friendship
China firmly supports cyber security: Xi (ecns) The Chinese president said China opposes hacker or cyber attack in all forms, and is itself a victim. China and the United States face common challenges when it comes to the issue of cyber security, which should be a new highlight of bilateral
Security Expert: Cyberwar with China Is the New Cold War (Money News) The United States should treat the growing cyberthreat from China as the new Cold War, recommends John Pescatore, director of emerging security trends at the SANS Institute. The United States should counter-attack Chinese cyberattacks in order to demonstrate to China its cybercapabilites, he told CNBC
Open Letter to Canberra: a cyber security policy briefing paper (CSO Magazine) I just heard that Australia's top cyber security tsar hadn't heard of Tor, the privacy protecting software used by human rights activists and the privacy
Expert Seeks Regulatory Framework To Combat Cyber Crime (The Guardian Nigeria) This is to protect the economy against cyber crime. At a workshop organised by Digital Jewels in partnership with SANS Institute Africa in Lagos last week
Cyber command mechanism to be set up to handle threats: Antony (Oman Tribune) Cyber command mechanism to be set up to handle threats: Antony. KA Antony KANNUR Defence Minister AK Antony said on Saturday that India would soon form a cyber command mechanism to handle the cyber threat situation in the country. He was talking
Pakistan May Ban Google Over Blasphemous Content (Hack Read) Newly formed government of Pakistan has issued a warning to world's largest search engine Google to remove blasphemous content from Youtube or else face ban to its Google.com domain all over the country. This warning was issued by newly elected Minister of Information Technology Anusha Rehman in a cabinet meeting
Litigation, Investigation, and Law Enforcement
Statement from the ODNI Spokesperson on the Latest Report from The Guardian (Office of the Director of National Intelligence) We have seen the latest report from The Guardian that identifies an individual claiming to have disclosed information about highly classified intelligence programs in recent days. Because the matter has been referred to the Department of Justice, we refer you to the Department of Justice for comment
Intelligence community reviewing 'damage' done by NSA whistleblower (The Hill) The intelligence community is reviewing the "damage" done by a series of leaks revealing the National Security Agency's secret phone and internet surveillance, the Office of the Director of National Intelligence (DNI) said Sunday
How Did Edward Snowden, a Contractor, Get Access to Classified Data? (Daily Beast) Snowden wasn't employed directly by the government but instead worked for private companies such as Dell and Booz Allen Hamilton, which supply personnel to federal intelligence agencies. So how did a contractor have access to top-secret documents in
From obscurity to notoriety, Snowden took an unusual path (Washington Post) Edward Snowden, the 29-year-old National Security Agency contractor who admitted that he was behind recent leaks of classified intelligence, has vaulted from obscurity to international notoriety, joining the ranks of high-profile leakers such as Daniel
Next move China--Will Hong Kong (or Beijing) refuse to extradite the NSA leaker? (Quartz) Since the Guardian reported that NSA whistleblower Edward Snowden had sought refuge from US authorities in Hong Kong, the reaction of netizens worldwide has been one of confusion. Why would a man responsible for revealing the extent of US digital surveillance on the grounds of privacy and freedom of expression go to a special administrative region of China, where such values are consistently suppressed
Icelandic Legislator: I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum (Forbes) When WikiLeaks burst onto the international stage in 2010, the small Nordic nation of Iceland offered it a safe haven. Now American whistleblower Edward Snowden may be seeking that country's protection, and at least one member of its parliament says she's ready to help
In Hong Kong, NSA whistleblower is not safe from extradition (Reuters via the National) Edward Snowden's decision to flee to Hong Kong as he prepared to expose the US government's secret surveillance programmes may not save him from prosecution due to an extradition treaty in force since 1998. A 29-year-old former CIA employee, Mr Snowden has identified himself as the person who gave the Guardian and the Washington Post classified documents about how the US National Security Agency (NSA) obtained data from US telecom and internet companies
Crowdfunding Campaign Aims To Reward NSA Whistleblower For His 'Courage' (TechCrunch) Edward Snowden is being hailed a hero by some, and now a Crowdtilt crowdfunding campaign is raising money to reward the whistleblower for his "courage" and pay his bills. Started by Facebook employee Dwight Crowe with $1,000 of his own money, the campaign doesn't say how the money will be delivered to Snowden, and is raising questions about if donations constitute aiding an enemy of the state
NSA PRISM Creates Stir, But Appears Legal (InformationWeek) Massive information-sharing program involves Google, Facebook and other technology heavyweights, top secret document details. But NSA looks to have acted inside the law
Ministers to reveal British link to US data spying scandal (The Guardian) MPs demand to know if UK spies bypassed law on intercepts, as Google denies allowing security agents access
Pirate Bay founder suspected of hacking police databases (Help Net Security) Pirate Bay co-founder Gottfrid Svartholm, who has been extradited from Cambodia to Sweden to answer for allegedly hacking of Swedish IT company Logica and the Nordea bank mainframe has been named as
Glasgow City Council Fined For Security Lapses (InformationWeek) Stolen laptops and repeated cases of unencrypted data top the list of the City of Glasgow's security failings
For a complete running list of events, please visit the Event Tracker.
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, Jun 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS). This four-day event will take place at the Baltimore Convention Center on Monday, June 10 - Thursday, June 13 with the exposition taking place June 11-12.
CISSE 17th Annual Colloquium (Mobile, Alabama, USA, Jun 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
Navigating the Affordable Care Act (Elkridge, Maryland, USA, Jun 12, 2013) A workshop for government contractors, the sessions are expected to have some relevance to health care information security and assurance.
3rd annual Cyber Security Summit (, Jan 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year, ADM Cyber Security aims at: reviewing solutions to the ever increasing level of attacks, whether real or potential, [and] equipping all stakeholders with a wide range of actionable strategies.
Suits and Spooks La Jolla 2013 (LaJolla, California, USA, Jun 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in common…it readily became apparent that two broad areas kept coming up: threat mitigation through intelligence and active defense (a.k.a. offense as defense). San Diego is a wonderful location for exploring this theme thanks to its military and high technology industries. The FBI, NCIS, DOD, academia and some cutting edge INFOSEC startups will be represented.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.