The CyberWire Daily Briefing for 6.12.2013
US officials report sabotaging al-Qaeda's online English-language magazine "Inspire."
Analysts think stories about PRISM will induce terrorists and others to go dark in ways that mirror—in cyberspace—traditional intelligence tradecraft. (Several also offer DIY-flavored approaches to masking one's digital exhaust.) PRISM considered as a leak occasions discussion of how any enterprise might secure itself from easily disregarded insider threats—what the Washington Post calls "the low-profile, tech-savvy intelligence risk."
Cyberwarzone profiles PRISM, FinSpy, and BlueCoat as the top three lawful intercept tools.
Sophos reports the Guntior bootkit has an interesting dropper that exploits Windows Help Center. TrendMicro has traced GAMARUE malware to a SourceForge host. Rapid7 finds the KeyBoy Trojan active in Vietnam and India. CSO offers tips on how ATM users can recognize card skimming. RSA finds cybercriminals using hacktivist-published data in phishing attacks.
Arabian Gulf nations express new concerns over the energy sector's vulnerability to cyber attack. Russia shows signs of exploiting US discomfiture over PRISM.
PRISM dominates industry, policy, and legal news. Journalists boggle at Snowden's high compensation, seeing it as an instance of government contracting waste. Booz Allen works to deal with former employees' legacy. Google and Facebook continue to deny compromising their customers' privacy.
The US Congress is hearing a lot about PRISM this week, and expressing much support for NSA. Senator Wyden emerges as the program's leading critic. The ACLU challenges NSA surveillance in court. Google and other tech companies call for PRISM transparency.
New Zealand's Greens accuse their Government of Palantir snooping.
Today's issue includes events affecting Australia, Cambodia, China, Denmark, Estonia, India, Iran, Israel, Italy, Lithuania, Netherlands, New Zealand, Russia, Sweden, United Arab Emirates, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
U.S. Sabotages Al-Qaeda's Web Magazine (Washington Post) U.S. intelligence operatives covertly sabotaged a prominent al-Qaeda online magazine last month in an apparent attempt to sow confusion among the group's followers, according to officials
NSA revelations could push terrorists to other channels (CSO) With options including mobile apps, social media and virtual worlds, knowing the capabilities may push more bad guys to 'go dark'
The Low-Profile, Tech-Savvy Intelligence Risk (Washington Post) In the span of three years, the United States has developed two gaping holes in its national security hull, punctures caused by leakers who worked at the lowest levels of the nation's intelligence ranks but gained access to large caches of classified material
TOP 3 Government Spyware tools: PRISM, FinSpy and BlueCoat (Cyberwarzone) PRISM - the spyware tool that got it's attention that it deserved by the whistle blower Edward Snowden is one of the biggest topics in the world now
The NSA Has A Secret Group Called 'TAO' That's Been Hacking China For 15 Years (Business Insider) The primary complaint against China's outift of military hackers has been dual pronged: the U.S. private sector is losing expensive proprietary information, and the public sector is having its sensitive weapons systems compromised
Guntior bootkit up to new tricks (Naked Security) A technical analysis of the Guntior bootkit and its DLL load order abuse of the Windows Help Center
GAMARUE Uses Sourceforge to Host Files (TrendLabs Security Intelligence Blog) In our monitoring of the GAMARUE malware family, we found a variant that used the online code repository SourceForge to host malicious files. This finding is the latest development we've seen since the increase in infection counts observed last month
Tens of thousands of spamvertised emails lead to W32/Casonline (Webroot Threat Blog) Fraudsters are currently spamvertising tens of thousands of emails enticing users into installing rogue, potentially unwanted (PUAs) casino software. Most commonly known as W32/Casonline, this scam earns revenue through the rogue online gambling software's affiliate network
New targeted attack campaign leverages Microsoft Office vulnerabilities (SC Magazine) Users in Vietnam and India were targets of a recently discovered attack campaign that uses vulnerabilities in unpatched versions of Microsoft Office to install a trojan and steal information, experts say. According to a recent blog post by Rapid7 security researchers Claudio Guarnieri and Mark Schloesser, the malware, dubbed KeyBoy, makes its way onto users' computers via spear phishing emails. Once a carefully crafted Microsoft Word attachment found in the message is opened using a vulnerable version of the software, an "infection routine" takes place
Gallery: Telltale signs of ATM skimming (CSO) ATM skimming schemes involve installing fraudulent equipment that criminals use to steal credit and debit card numbers and PINs. Industry estimates calculate that ATM fraud costs banks and consumers billions of dollars annually. Here are a few things to look for the next time you need to hit the ATM
HACKTIVISTS OUT PHISHERMEN IN,RSA Report (Cyberwarzone) On Monday, RSA released a monthly report online scams. Apart from the data for the global phishing, the study also makes an interesting connection between phishers and hacktivists…According to experts, cyber criminals await for hacktivists to publish the data intercepted by large organizations
Security Patches, Mitigations, and Software Updates
VMware security advisory VMSA-2013-0008 (Internet Storm Center) VMware joined the Black Tuesday frenzy with a release of a security bulletin VMSA-2013-008. It covers CVE-2013-3520, a vulnerability in handling file uploads in the vCenter Chargeback Manager that allows remote code execution
Microsoft Patches IE Again; Ormandy Bug Waits (Threatpost) Microsoft took advantage today of its lightest batch of Patch Tuesday security updates this year to release an update to its certificate handling infrastructure. Meanwhile, administrators looking for a patch for a recently disclosed vulnerability by Google engineer Tavis Ormandy will have to wait at least another month for an update
Patch Tuesday June 2013 - Office, Windows and Flash (Naked Security) Right on time, Microsoft and Adobe released fixes today for Windows, Internet Explorer, Microsoft Office 2003 and 2011 and Adobe Flash Player. Time to dance that familiar dance and get those updates installed
EC-Council Warns of Cyber Plague at United States National Security Agency (PR Web) Jay Bavisi, president of EC-Council, warned thought-leaders from the Department of Homeland Security (DHS), the National Security Agency (NSA), and the finest academic minds of the NSA's centers of academic excellence of the worsening Cyber Plague at
Cyber wars would cripple economies: experts (Business Spectator) Cyber attackers have the power to shut down economies and a global cyber war could cause destruction on the scale of an atomic war, a cyber security expert says. United States cyber security expert Scott Borg told a conference in Canberra that cyber attackers could completely destroy power generators using malicious software code
Energy Sector Middle East Vulnerable to Cyber-attacks (Herald Online) More than elsewhere, the energy sector in the Middle East is vulnerable to cyber-attacks. Although governments and companies have raised concern, the awareness in the region for cyber threats is insufficient in relation to the technology developments and the level of impact a cyber-attack could have on an average Middle Eastern utility.What is needed is that national governments start to develop coherent cyber security strategies and plans, supported by standards and regulations across the major infrastructure sectors. "As cyber security threats are not restrictedto one single group but can come from different corners, it is time that we all open our eyes and take appropriate actions to protect our countries and guarantee a safe and sustainable energy provision," says Mohammed Atif, Managing Director of DNV KEMA
Why Russia Is Taking On The West Over Cyber Warfare (WorldCrunch) With the United States embroiled over the National Security Agency's alleged spying on American and foreign citizens, there are other battles taking shape over the Internet. Just a few months ago, NATO published the first-ever document meant to help establish international norms on cyber warfare. The document has already caught the attention of numerous Russian agencies - and not always in a good way
Opinion: Cyber-reconnaissance in the battle against Lithuania (Lithuania Tribune) Until the 20th century, wars used to take place over land or at sea. With the emergence of planes, the battles expanded to also include airspace. Later, outer space became yet another domain of war. In the 21st century, the US was the first to acknowledge that there now exists the fifth man-made domain of war: cyberspace
The 'O' Word: Offense vs. Defense in Cyber (Defense News) Offensive attack, attack back, active defense, defensive response. All of these phrases can refer to the same activity -- using cyber force to stop an attacker. But choosing a way to describe that response can be tricky, a linguistic complication created by advances in technology and a policy world still struggling to find a place for cyber
To hack back or not to hack back? (Help Net Security) Many centuries ago, explorers came to the vast land of North America. Shipload upon shipload of dreamers, explorers, businessmen and farmers entered the harbors and spread out throughout the country. They all dreamed of a better life - however they defined it
Mobile more secure than desktop, says Entrust CEO (FierceCIO: TechWatch) Contrary to popular belief, the desktop is less secure than mobile devices, says CEO Bill Conner of security vendor Entrust. According to Conner, this is because it is more difficult for malware to infiltrate all mobile applications due to the inherent lack of shared memory on mobile phones compared to that of traditional PCs
The End of the Rainbow: The Intelligence-Industrial Complex (TIME) It's something tangible that the nation's leaders can point to - "Look - we've created a Department of Homeland Security!" Perhaps some of it was even necessary. But that relies on a core belief: First of all, that al Qaeda and other terrorists pose
Private industry deep in intelligence pockets (New Zealand Herald) Stewart Baker, a former assistant secretary at the Department of Homeland Security, said the leak might lead to changes. "I have no doubt this is going to produce some soul-searching about how many contractors the intelligence community has and what
Edward Snowden: Exhibit A for How Washington Blows Money on Contractors (The Atlantic) What the leaker's $200,000 salary tells us about the absurd cost of privatizing government. No matter how you feel about Edward Snowden's decision to dish on the government's spying habits, there's at least one issue all of us can agree to be outraged over: his salary. Before hightailing it to Hong Kong, the 29-year-old had a plum $200,000-a-year job as a Honolulu-based government-contractor for Booz Allen Hamilton, helping the National Security Agency run its surveillance operation. This for a fairly low-level professional with a GED
Report: Amazon Web Services Helping More Than 300 Govt Agencies Move to the Cloud (ExecutiveBiz) Amazon Web Services is entering into more contracts aimed at helping federal agencies' shift to cloud computing services with more than 300 U.S. government customers now using its cloud-based offerings, GCN.com reported Monday
Charles Beard Appointed a PwC Principal (GovConWire) Charles Beard, formerly a senior vice president and general manager at Science Applications International Corp. (NYSE: SAI), has joined the advisory practice of PwC US as a principal
Northrop Grumman Appoints Ian Irving as Chief Executive for Australia (Wall Street Journal) In 2012, Northrop Grumman acquired M5 Network Security, a Canberra-based provider of cybersecurity and secure mobile communications to Australian military and intelligence organisations. Northrop Grumman is a leading global security company providing
Cyveillance promotes security exec to chief technical officer (Washington Business Journal) Reston-based Cyveillance, a wholly owned subsidiary of Qinetiq North America, has named Chris O'Ferrell chief technical officer
Kaspersky Lab to open its first office in Israel (Reuters) "It's very difficult to find these guys because they are like chess champions…and there are so many clever people in Israel," Kaspersky told journalists at Tel Aviv University's Yuval Neeman cyber security conference. The Moscow-based company makes
SRA International moving to smaller, less expensive space (Capital Business) Government services firm SRA International plans to relocate its headquarters from Fair Lakes to Chantilly in 2015 and will reduce its space requirements as the company continues seeking ways to cut costs
Cheaper than China: Samsung boosts investment in Vietnam manufacturing (Quartz) Samsung shares may be slumping on lower sales forecasts for its flagship Galaxy 4 smartphone, but the company is barrelling ahead with its investments in Vietnam, where it now makes most of its handsets and other electronics
Wal-Mart doubles down, acquires predictive intelligence tool maker Inkiru (FierceBigData) Retailers continue to be aggressive about data analytics. This week, Wal-Mart--actually its Silicon Valley-based "innovation lab" @WalmartLabs--announced that it is acquiring predictive analytics software vendor Inkiru, as reported on TechCrunch
Awkward Google Wisely Buys the Least Human Social Network (Wired) Why impersonal collaborative mapping network Waze is the perfect social acquisition for Google
Is PRISM Precipitating A Bitcoin Sell-Off? (TechCrunch) Bitcoin has experienced a fairly massive drop in value over the weekend and into this week, moving from a peak of $118 on June 7 to a low of $89 on June 9. While precipitous drops and dizzying highs aren't unusual for the cryptocurrency, BTC watchers are pointing to the PRISM and NSA leaks as a cause for this weekend's massive dip
At Facebook Shareholder Meeting, Zuckerberg Stands Behind His Initial PRISM Denial (TechCrunch) The PRISM story has progressed significantly since last week, when Mark Zuckerberg published Facebook's official response to the reports that it is among a group of tech companies that have been secretly cooperating with the United States government to provide user data. But at Facebook's annual shareholder meeting held today in Millbrae, California, Zuckerberg said the company continues to stand
Google's Real Secret Spy Program? Secure FTP (Wired) Google does not participate in any government program involving a lockbox or other equipment installed at its facilities to transfer data court-authorized data to the government, a company spokesman says. Instead the company transmits the data to the feds via
Secrecy Means Billions, Leaks Pose a Risk for Booz Allen (CNBC) For Booz Allen Hamilton, protecting government secrets is also a matter of protecting billions of dollars in business
Booz Allen Vice Chairman McConnell, Former Government Official, Nets $1.8 Million on Stock Sales (Daily Beast) Mike McConnell has moved seamlessly from senior positions in the U.S. national-security apparatus to senior positions at Booz Allen Hamilton, the consulting firm that employed leaker Edward Snowden. This year McConnell has been cashing in his stock in the company
NSA revelations put Booz Allen Hamilton, Carlyle Group in uncomfortable limelight (Washington Post) The Carlyle Group has spent years attempting to shed its image as a well-connected private equity firm leveraging Washington heavyweights in the defense sector. Instead, it nurtured a reputation as a financially sophisticated asset manager that buys and sells everything from railroads to oil refineries
What do National Intelligence Director Clapper and NSA Whistleblower Snowden Have in Common? Booz Allen Hamilton (AllGov) The ongoing controversy over national security leaks committed by Edward Snowden has drawn attention to his employer, Booz Allen Hamilton, a key government contractor that has employed high-level intelligence officials in Washington. Like James R. Clapper Jr., director of national intelligence under President Barack Obama. After a long career in the U.S. Air Force, Clapper [spent] the years 1995 to 1998 working for Booz Allen as executive director of military intelligence programs
Products, Services, and Solutions
Lunarline's School Of Cyber Security Now Offers Ethical Hacking (PR Newswire) Cyber security company, Lunarline, Inc., has launched a new course to provide Ethical Hacking and Penetration
Report: Haswell chips run hotter when overclocked (FierceCIO: TechWatch) Much has been written about Intel's new Haswell microprocessors, which were unveiled at Computex earlier this month. Aside from the usual, incremental improvement to computing performance, Intel's fourth generation Core processor also offers significantly improved battery life in laptops
New MacBook Air could bring 802.11ac Wi-Fi into the mainstream (FierceCIO: TechWatch) Apple yesterday refreshed its popular MacBook Air family with the new Intel (NASDAQ: INTC) Haswell processor, bolstering battery life to an enviable 9 hours for the 11-inch MBA, and 12 hours for the 13-inch MBA. The computer maker also announced the incorporation of 802.11ac Wi-Fi support in its MBA family, which it says should offer bandwidth of around 1.3Gbps--significantly faster than the fastest commercially available 802.11n gear at 450Mbps
Openet and Procera Collaborate on Policy Enforcement for Mobile Operators (Converge Network Digest) Procera Networks and Openet, which specializes in real-time transaction management software and services, introduced an end-to-end turnkey Policy Control and Charging (PCC) solution for mobile operators. The new Revenue Expres solution combines
8 Apple Changes That Matter (InformationWeek) Amid Apple's two operating system updates, new hardware and new services, these pieces of news from WWDC 2013 stand out
Technologies, Techniques, and Standards
Tech Insight: What You Need To Know To Be A Cyber Forensics Pro (Dark Reading) A look at the skills, experience, and personality traits that make a successful forensics expert. Cyber forensics has become a hot topic in security—and a critical skill that many enterprises would like to hire. But exactly what skills and experience does a security pro need to become a forensics expert
Bad SSH Key Management Leaves Databases At Risk (Dark Reading) A "gaping hole" in the way enterprises govern the use of one of IT's least sexy but most used access control and encryption protocols is leaving many sensitive database servers and other network devices at serious risk
NIST: Cybersecurity executive order calls for harmonization (FierceGovernmentIT) Language in President Obama's February cybersecurity executive order calling for federal agencies with regulatory power over the security of critical infrastructure to review a preliminary version of the framework and to make a determination on whether "current cybersecurity regulatory requirements are sufficient given current and projected risks" calls for a process of harmonization rather than emergence of a new regulatory model, said a National Institute of Standards and Technology official
What the NSA can do with "big data" (Ars Technica) The NSA can't capture everything that crosses the Internet—but doesn't need to. One organization's data centers hold the contents of much of the visible Internet—and much of it that isn't visible just by clicking your way around. It has satellite imagery of much of the world and ground-level photography of homes and businesses and government installations tied into a geospatial database that is cross-indexed to petabytes of information about individuals and organizations. And its analytics systems process the Web search requests, e-mail messages, and other electronic activities of hundreds of millions of people
Getting Out Of PRISM (Dark Reading) What we can learn from national security monitoring. Call this the Bandwagon blog post. There's been more discussion around the U.S. government monitoring revelations than probably anybody wants to read about. Right wing, left wing, not even on a wing but already bailed out in a parachute - everyone's got an opinion on it
Worried about Mass Surveillance? How to Practice Safer Communication (Gant Daily) On computers and smartphones (which are just smaller computers with hard-to-use keyboards) your main tool for protecting your information, both message and metadata, is cryptography. Cryptography (often also called "crypto") is a way of using math to
Eight is enough! IT's biggest frenemies (IT World) You probably have a good idea about who your enemies are. But what about your frenemies? These are people you deal with on a regular basis, largely because you have no choice. But even when their intentions are good, they can still cause you all manner of grief. They range from BYOD Betty, who insists on using her iPhone at work (but wants you to support it) to Cloudy Claudette, who's running her own shadow IT organization with the help of public cloud providers
Store passwords the right way in your application (Internet Storm Center) I suspect most of our readers know this, but it can't hurt to repeat this every so often as there is a lot of confusion on the issue. One thing that gets to me is seeing reports of website compromises that claim "the passwords were hashed with SHA-256". Well at face value that means 90% of the passwords were decoded before the news hit
Cloud data security: Use a third party or do the job yourself? (TechTarget) "All brokers aren't alike, and there are different layers of capabilities that they have," said Jim Reavis, executive director of the Cloud Security Alliance, an organization that promotes best practices and training to improve cloud security. Cloud
Design and Innovation
SAP's Highly Logical Choice (IEEE Spectrum) The German software house says that by 2020, 1 percent of its workforce will be on the autistic spectrum
Why Innovation Fails: The Past Vs. Future Problem (InformationWeek) Sustainable innovation efforts call for integrating two competing ways of thinking about a business
Legislation, Policy, and Regulation
Oh my: DNI Chief James Clapper says he gave Congress "least untruthful" answer when testifying before Congress on domestic spying (Weasel Zippers) At least he's being honest about lying…wait, how does that work
Wyden warns Clapper: Americans need 'straight answers' on spying (Yahoo News) This may be as close as a sitting U.S. senator comes to publicly calling the director of national intelligence a liar
Al Franken Defends National Security Agency Over Spying Allegations (Huffington Post) Liberal Sen. Al Franken (D-Minn.) emerged as a vocal defender of the National Security Agency on Tuesday, telling Minneapolis-based CBS affiliate WCCO that he was convinced the agency's actions did not constitute spying. Last week, The Guardian
NSA Chief Is Key Administration Voice On Cyber Issues (USA Today) Army Gen. Keith Alexander, who heads the super-secret agency at the center of a political storm over electronic spying, has spent most of his nearly four decades of military service outside the spotlight. But behind the scenes Alexander has become a leading voice within the administration on cyber issues, raising alarms about cyber intrusions and pushing for new technologies to improve intelligence
Connecting the Dots on PRISM, Phone Surveillance, and the NSA's Massive Spy Center (Wired) Physically, the NSA has always been well protected by miles of high fences and electrified wire, thousands of cameras, and gun-toting guards. But that was to protect the agency from those on the outside trying to get in to steal
High-Tech Giants Urge Openness On Probes (Washington Post) Technology companies stung by the controversy over the National Security Agency's sweeping Internet surveillance program are calling on U.S. officials to ease the secrecy surrounding national security investigations and lift long-standing gag orders covering the nature and extent of information collected about Internet users
Why Google's Request To Release More Spying Data Would Be Uninformative (TechCrunch) [Update: Someone from Google has responded to us (by tweet!) We'll update this post as we get more questions answered] Google made headlines today for a letter to the federal government requesting the right to release more information on compliance with spy orders. The letter claims that if the public knew how many requests for data the National Security Agency demanded, they would dispel rumors
Advocacy groups, companies urge Congress to rein in NSA spying (The Hill) More than 80 civil liberties group and companies urged Congress on Tuesday to investigate and restrict the National Security Agency's electronic surveillance programs
NSA Prism: Snowden Is Wrong, Says British Government (InformationWeek) Foreign Secretary denies that British government used Prism program to access communications of private citizens, but questions remain. The British government has been forced to clarify the position of its own intelligence agencies in light of the unfolding Prism scandal. Foreign Secretary William Hague on Monday rejected suggestions that British spymasters at its GCHQ communications center had been taking advantage of Prism to gain back-door access to citizens' communications
Power, Secrecy, and Intelligence Oversight (Lawfare) Americans deeply distrust power and secrecy and are right to do so. Intelligence agencies are powerful and secret--but necessary. Reconciling these propositions is a fundamental task in a democracy. We accomplish it only when the rules under which the agencies operate are approved by the Congress after public debate, when the operational details are kept secret, and when we have a robust oversight apparatus to give us comfort that the rules are being followed. So how are we doing
Ex-NSA Chief Says Leaker's Acts Should Have Tripped Alarm (Bloomberg) The disclosure of National Security Agency secrets by 29-year-old computer systems technician Edward Snowden is drawing new scrutiny of security processes and U.S. intelligence agencies' reliance on contractors such as Snowden's employer, Booz Allen Hamilton Holding Corp
'Don't Tread on Me!' Unless You're the National Security Agency (Huffington Post) The National Security Agency's data mining and domestic spying program that the investigative journalist Glenn Greenwald has exposed should concern anyone who cares about our Fourth Amendment privacy rights. The revelations of government spying
Reactions from the security community to the NSA spying scandal (Help Net Security) Last week a whistleblower created quite the stir when he leaked documents about PRISM, a surveiilance program by the NSA. Below are comments on this scandal that Help Net Security received from a variety of security professionals and analysts
Most Don't Blink At Data Collecting (Washington Post) In the wake of revelations about vast amounts of personal data gathered by the National Security Agency in its anti-terrorism work, a recent Washington Post-Pew Research Center poll of 1,004 adults showed that as long as the government said it was investigating terrorism, about half didn't mind if that included tracking basic information on phone calls or monitoring "everyone's" e-mail and online activity
Leaks fallout: How bad could it be? (Politico) Director of National Intelligence James Clapper claims the recent wave of leaks has done "huge, grave damage" to our intelligence gathering capabilities. Nonsense, says Glenn Greenwald, the Guardian columnist who served as the primary conduit for the leaks: "There's not a single revelation that we've provided to the world that even remotely jeopardizes national security." Somewhere in between those two takes lies the truth
NSA surveillance: The US is behaving like China (The Guardian) Both governments think they are doing what is best for the state and people. But, as I know, such abuse of power can ruin lives
Blowing A Whistle (New York Times) Yes, I worry about potential government abuse of privacy from a program designed to prevent another 9/11 abuse that, so far, does not appear to have happened. But I worry even more about another 9/11. That is, I worry about something thats already happened once that was staggeringly costly and that terrorists aspire to repeat
The Price Of The Panopticon (New York Times) We privacy watchers and civil libertarians think this complacent response misses a deeply worrying political shift of vast consequence. While President Obama has conveniently described the costs of what appears to be pervasive surveillance of Americans telecommunications connections as modest encroachments on privacy, what we are actually witnessing is a sea change in the kinds of things that the government can monitor in the lives of ordinary citizens
Surveillance: A Threat To Democracy (New York Times) The issue is not whether the government should vigorously pursue terrorists. The question is whether the security goals can be achieved by less-intrusive or sweeping means, without trampling on democratic freedoms and basic rights. Far too little has been said on this question by the White House or Congress in their defense of the N.S.A.s dragnet
Where Was Snowden In 2006? (USA Today) My first reaction when I heard that the source who tipped news media about a National Security Agency secret phone records database had come forward was "Where were you when we needed you?
Why Should We Even Care If the Government Is Collecting Our Data? (The Atlantic) As people have tried to make sense of the recent revelations about the government's mass data-collection efforts, one classic text is experiencing a spike in popularity: George Orwell's 1984 has seen a 7,000 percent increase in sales over the last 24 hours. But wait! This is the wrong piece of literature for understanding the NSA's programs, argues legal scholar Daniel J. Solove. In his book, The Digital Person, Solove writes that the troubles with the collection of massive amounts of personal data in databases are distinct from those of government surveillance, the latter being the focus of 1984
U.S.-Chinese Summit: 4 Information Security Takeaways (InformationWeek) What did the summit accomplish with regard to cyber spying and cyber attacks -- and what's left undone
PRISM just gave Russia a great excuse to step up its war on social networks (Quartz) Governments love to use external enemies as a way to further their agendas. Alarmed by reports that American spies are gathering data from popular web services, Ilya Kostunov, a lawmaker from Vladimir Putin's United Russia party in the lower house of government, yesterday said he wants state officials to stop using US social networks and email services such as Facebook and Gmail for official purposes
Greens sure Palantir working for [New Zealand] Govt (3News) The Prime Minister has done his best to shut down questions about whether his spy agencies are outsourcing confidential data to American software company Palantir
Litigation, Investigation, and Law Enforcement
UK intelligence make thousands of requests for Microsoft data (The Guardian) UK makes most requests for Skype data, while it is in top three countries wanting data from email and storage services
ACLU Challenges NSA Program (Washington Post) The American Civil Liberties Union filed a lawsuit Tuesday challenging the constitutionality of the U.S. government surveillance program that collects the telephone records of millions of Americans from U.S. telecommunications companies
N.S.A. Disclosures Put Awkward Light On Previous Denials (New York Times) But since the disclosures last week showing that the agency does indeed routinely collect data on the phone calls of millions of Americans, Obama administration officials have struggled to explain what now appear to have been misleading past statements. Much of the attention has been focused on testimony by James R. Clapper Jr., the director of national intelligence, to the Senate in March that the N.S.A. was not gathering data on millions of Americans
Will NSA leaks put surveillance programs in legal jeopardy? Experts have doubts. (Washington Post) The disclosures of the sweeping government collection of telephone and Internet records have reinvigorated a debate over whether the programs can be challenged by those who see them as unconstitutional surveillance
NSA Programs Do Keep Letter Of Law (Politico) Americans should have a debate about this program, but not about its legality. The NSA program was well within legal bounds, with direct involvement from the president and oversight by Congress and the Foreign Intelligence Surveillance Court. Any claim to the contrary is false and misleading
Surveillance: Snowden Doesn't Rise To Traitor (New York Times) Whatever his crimes and he clearly committed some Mr. Snowden did not commit treason, though the people who have long kept the secrets he revealed are now fulminating with rage
The Solitary Leaker (New York Times) From what we know so far, Edward Snowden appears to be the ultimate unmediated man. Though obviously terrifically bright, he could not successfully work his way through the institution of high school. Then he failed to navigate his way through community college
The differences between whistleblowing Edward Snowden and Bradley Manning—and some similarities to Daniel Ellsberg (Foreign Policy) The case of Edward Snowden, who came out yesterday (Sunday) as the leaker supplying the info to the Washington Post and the Guardian about the NSA's data-harvesting program, on first impression reminds me more of Daniel Ellsberg than of Bradley Manning
Edward Snowden vs. Bradley Manning, By the Numbers (Popular Mechanics) While Edward Snowden reveals himself as the PRISM whistleblower, the U.S. government moves ahead with the trial of WikiLeaks leaker Bradley Manning
NSA Prism Relies Heavily On IT Contractors (InformationWeek) NSA whistleblower Snowden likely enjoyed access to Prism program details as a contracted NSA IT administrator
FISA Court Has Rejected .03 Percent Of All Government Surveillance Requests (Mother Jones) After last week's revelations extensive National Security Agency surveillance of phone and internet communications, President Barack Obama made it a point to assure Americans that, not to worry, there is plenty of oversight of his administration's snooping programs. "We've got congressional oversight and judicial oversight," he said Friday, referring in part to the Foreign Intelligence Surveillance Court (FISC), which was created in 1979 to oversee Department of Justice requests for surveillance warrants against foreign agents suspected of espionage or terrorism in the United States
Boehner calls Snowden a 'traitor,' defends NSA surveillance programs (The Hill) Speaker John Boehner (R-Ohio) on Tuesday called Edward Snowden, the contractor who leaked details of the National Security Agency's (NSA) surveillance programs, a "traitor." "He's a traitor," Boehner said on ABC's "Good Morning America." "The disclosure of this information puts Americans at risk. It shows our adversaries what our capabilities are, and it's a giant violation of the law"
Talk of asylum for US National Security Agency whistleblower Edward Snowden (Sydney Morning Herald) Russia said on Tuesday that it could grant asylum to the fugitive former spy Edward Snowden, as US President Barack Obama came under pressure from Europe over American spying on emails and telephone records. Mr Snowden, a former CIA
Evidence Suggests GI's Leaks Revealed Tactics (Yahoo.com) The mountain of classified material Army Pfc. Bradley Manning gave to the anti-secrecy organization WikiLeaks revealed sensitive information about military operations and tactics, including code words and the name of at least one enemy target, according to evidence the government presented Tuesday
Hacker who helped to expose Steubenville attack could face more prison time than rapists (Naked Security) A man claiming to be the leader of the Anonymous campaign that leaked information about the Steubenville, Ohio rape case has unmasked himself and told news outlets that an FBI SWAT team raided his home in April
Pirate Bay founder wanted for Danish hack (Infosecurity Magazine) Gottfrid Svartholm, one of the original founders of The Pirate Bay and currently awaiting a verdict for the hack of Logica in Sweden, is now wanted for another hack in Denmark: this time on CSC
How to recoup losses from a cyber attack (Baltimore Business Journal) Any and all of it can be stolen in a cyber attack. And when sensitive data is stolen from your network, liability for your customers' or clients' losses usually doesn't roll up to them. Most often, it rolls back on the small or mid-sized business owner
For a complete running list of events, please visit the Event Tracker.
2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, Jun 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS). This four-day event will take place at the Baltimore Convention Center on Monday, June 10 - Thursday, June 13 with the exposition taking place June 11-12.
CISSE 17th Annual Colloquium (Mobile, Alabama, USA, Jun 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
Navigating the Affordable Care Act (Elkridge, Maryland, USA, Jun 12, 2013) A workshop for government contractors, the sessions are expected to have some relevance to health care information security and assurance.
3rd annual Cyber Security Summit (, Jan 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year, ADM Cyber Security aims at: reviewing solutions to the ever increasing level of attacks, whether real or potential, [and] equipping all stakeholders with a wide range of actionable strategies.
Suits and Spooks La Jolla 2013 (LaJolla, California, USA, Jun 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in common…it readily became apparent that two broad areas kept coming up: threat mitigation through intelligence and active defense (a.k.a. offense as defense). San Diego is a wonderful location for exploring this theme thanks to its military and high technology industries. The FBI, NCIS, DOD, academia and some cutting edge INFOSEC startups will be represented.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.